DHS sets up critical infrastructure databases
- By Wilson P. Dizard III
- Feb 19, 2004
The Homeland Security Department is building secure databases to hold critical infrastructure information submitted voluntarily by the private sector.
The department announced yesterday that it eventually will make the information available on the Pentagon's Secret IP Router Network, but for the time being, the Information Assurance and Infrastructure Protection Directorate will store it on standalone computers.
Robert Liscouski, the department's assistant secretary for infrastructure protection, said regulations designed to protect data submitted by private companies will go into effect tomorrow. The new rules, implementing the Critical Infrastructure Information Protection Act of 2002, describe ways for companies to submit information that the department will shield from disclosure under the Freedom of Information Act and civil suits.
'We are going to be building an IT system to extract the data and become more sophisticated about how we use it,' Liscouski said.
The department's Protected Critical Infrastructure Information program is operating with a fiscal 2004 budget of $3.9 million. It employs 12 federal staff and about 20 contractors, program manager Fred Herr said.
The amassed information would form the basis for advisories to industry and state and local governments about protecting critical infrastructure assets. Advisories will be general and not divulge specific vulnerabilities of individual infrastructure sites, officials said yesterday.
Companies sought the new regulations to ensure that information they voluntarily submit will not be disclosed under FOIA or civil lawsuits. DHS initially will accept the information in any physical form that companies choose to offer it, Herr said. Later, a Web site and possibly an e-mail system will accept submissions, he said.
In the meantime, DHS analysts will work with lists of information that companies voluntarily submit, Herr said.
The interim rule that takes effect tomorrow is subject to an additional comment period, Liscouski said. The department delayed implementing the 2002 law so it could accept comments and allow time to draft rules. Liscouski said he was not aware of the legal reasons why the department did not immediately issue an emergency regulation.
The 2002 law does not require companies to submit any information, nor does it let them avoid supplying any other information to agencies as required by other laws, officials said. The critical infrastructure information covered by the program covers both the cyber and physical sectors. Companies face penalties for submitting information they know is false.
The department already has gathered a great deal of critical infrastructure information submitted to the National Infrastructure Protection Center, a former FBI office. That information will not become part of the new database or be subject to the certification processes of the new regulations, officials said.
To support the project, DHS has hired contractors Booz Allen Hamilton Inc. and Mitre Corp. of McLean, Va., and Sytex Inc. of Ellicott City, Md. Sytex is building the IT systems.