HomeBusinessHardwareSoftwareTelecomsPersonal TechnologyComment


Click here for another great offer!

ZDNet UK > News > Story

Click here for another great offer!

Previous Story: Nokia wireless camera enables mobile spying Next Story: Microsoft drops .Net name from server brand
US government wants firms' security secrets
08:58 Thursday 17th April 2003
Declan McCullagh, CNET News.com 

With the publication of proposed rules, the US department devoted to national security hopes to convince tech companies that they are safe sharing information about infrastructure vulnerabilities

The US Department of Homeland Security is hoping to convince technology and telecommunications firms that it's safe to share information about infrastructure vulnerabilities with the federal government.

This week, the new department published a set of proposed regulations designed to convince corporate America to hand over infrastructure information to the government, promising that it will be kept in the strictest confidence.

The proposal sweeps broadly, covering any data submitted to the government about any real or possible attack on "critical infrastructure or protected systems by physical or computer-based attack" or any programming errors, glitches or bugs that could endanger important services like the Internet, utilities or telephone networks.

Industry groups had worried for years about the potential negative consequences of handing over proprietary or embarrassing information to the federal government, fearing it could be leaked to the press or obtained through requests filed under the Freedom of Information Act (FOIA).

Their worries led to an amendment being added to the legislation enacted last year that created the department. It says that critical infrastructure information voluntarily submitted to federal agencies "shall be exempt from disclosure" through FOIA.

Advocates of open government protested the amendment, saying it was unnecessary since FOIA already said that sensitive information could not be disclosed.

David Sobel, general counsel of the Electronic Privacy Information Center, said at a congressional hearing last July that the department should not be completely immune to FOIA requests. "Any claimed private sector reluctance to share important data with the government grows out of, at best, a misperception of current law," Sobel said. "Exemption proponents have not cited a single instance in which a federal agency has disclosed voluntarily submitted data against the express wishes of an industry submitter."

The proposed rules published on Tuesday are the result of the legislation. Comments may be sent to cii.regcomments@DHS.gov on or before 16 June.

In charge of running the department's vulnerability collection and storage programme will be an undersecretary of the information analysis infrastructure protection directorate, who will be chosen by Secretary Tom Ridge. That person will oversee a vulnerability database to be called the Critical Infrastructure Information Management System.

The directorate is allowed to disclose some information in the database to the public when publishing a general alert. "In issuing a warning, the (directorate) shall protect from disclosure the source of any voluntarily submitted (information) that forms the basis for the warning; and any information that is proprietary, business-sensitive, relates specifically to the submitting person or entity, or is otherwise not appropriately in the public domain," the proposal says.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Related Links
Sendmail flaw tests new security body
Homeland security waiting for Wi-Fi
Previous Story: Nokia wireless camera enables mobile spying Next Story: Microsoft drops .Net name from server brand
Search Email Printer friendly
Sponsored by Epson

Latest News

Job of the day

Comment and Analysis

Peter Judge
Why it's cool to make codes
Rupert Goodwins
Rupert Goodwins' Diary
Rupert Goodwins
Laws and sausages

ZDNet UK Video

Latest videos
Exclusive interviews, the coolest gadgets and our pick of the keynotes - catch them now

Talk to us

Send us your comments
News forum
Join the discussions

 CNET Networks: CNET | GameSpot | mySimon | TechRepublic | ZDNet
Copyright © 2003 CNET Networks, Inc. All Rights Reserved.
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET NETWORKS, Inc.