Published 15 December 2005

At the core of U.S. critical infrastructure there is what Thomas Kuhn called an “essential tension”: 85% of this infrastructure is privately owned and managed, and the owners do not want to share proprietary information with the government or competitors, but without such sharing no meaningful defense of the infrastructure can be mounted

Information sharing is essential to understanding what the risk is,” Andy Purdy, acting director of the DHS National Cyber Security Division and the U.S. Computer Emergency Readiness Team, or CERT, said Wednesday. “Businesses should be able to articulate the most serious threats. The government can’t make them do this; we have to work in partnership with the private sector.” Purdy is right (except that a large part of the blame falls on his own department). More than four years after 9/11, and three years after the formation of DHS, the United States still has not progressed past the problem of data sharing between the public and private sectors. Companies are anxious about their closely held information and fear that that information may become public if citizens or the press file for disclosure under the federal Freedom of Information Act (FOIA) or state Sunshine Laws. Even if we understand these fears, there are two inescapable facts to consider: First, more than 85 percent of the U.S. critical infrastructure, including energy utilities, manufacturing and transportation facilities, telecommunication and data networks, and financial services networks, are owned and operated by the private sector. Second, it is inconceivable for a nation with any modicum of a survival instinct to allow private concerns to hold the national interest hostage. It cannot be the case that concerns over commercial information, serious as they are, should be allowed to trump concerns for public safety.

-read more in Larry Greenemeier’s comments