DHS to tighten security of information included in national infrastructure plan
Infrastructure and IT companies are supposed to provide DHS with information to help fashion an effective infrastructure protection policy; these companies are worried about who would have access to that information
Addressing growing concerns by IT industry insiders, DHS said it will maintain the confidentiality of critical infrastructure information submitted to the National Asset Database, according to the newly revised draft National Infrastructure Protection Plan Base Plan version 2.0. DHS will examine all requests to view the database and will grant access only to select DHS employees and others on a “tightly controlled, need-to-know” basis. The new language is included in the 234-page national infrastructure protection plan distributed by DHS this week. The plan establishes a work and time schedule for assessing vulnerabilities and risks and coordinating protections for seventeen critical infrastructure sectors, including IT and telecommunications. Cybersecurity is treated as a cross-sector responsibility. The department will accept comments on the document until 6 February.
The worry was that information submit to the project would also highlight specific vulnerabilities within their sectors. For example, IT industry members said that disclosing weak spots in their own networks may result in leaks that can be exploited by competitors.
-read more in this report
