OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] HSD seeks to secure data it gets from the private sector

From: InfoSec News (isnc4i.org)
Date: Fri Apr 18 2003 - 06:37:20 CDT

http://www.gcn.com/vol1_no1/daily-updates/21773-1.html

By Wilson P. Dizard III
GCN Staff
04/17/03

The Homeland Security Department has proposed rules under which it
would protect systems information it receives from the private sector.

The proposed rule explicitly applies to hardware and software that
makes up critical-infrastructure systems. The government relies on
many such systems, such as private voice and data networks, for its
daily operations.

Companies have been wary of submitting information to the department
for several reasons, including the possibility that their competitors
could access commercially important data. Some members of Congress and
privacy advocates criticized the enacted version of the Homeland
Security Act of 2002 as including excessively broad exemptions from
the Freedom of Information Act for such information.

The proposed rule-making notice, issued Tuesday, is aimed at
implementing the Critical Infrastructure Information Act of 2002,
which appears in Subtitle B of Title II of the Homeland Security Act.

That law calls for HSD to shield from the public the information that
the private sector submits.

The proposed rule would apply to all federal agencies that receive
such information, according to the notice published in the Federal
Register. Under the rule-making proposal, the procedures also would
apply to state, local and foreign governments as well as government
contractors.

The proposal calls for Homeland Security to safeguard the information
in secure systems or locations and to impose that requirement on any
other agencies or contractors to which it discloses the information.

Under the proposal, private-sector organizations could specify
information to be exempted from FOIA requests. The department could
deny organizations’ designation of information as
critical-infrastructure and return it.

The proposed rule calls for a program manager of critical-
infrastructure information. Among other duties, the official would
report any losses of critical-infrastructure data to the department’s
inspector general, its Information Analysis and Infrastructure
Protection Directorate and the organization that submitted the
information.

Comments on the proposal are due June 16. The department will accept
comments at cii.regcommentdhs.gov.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.