The Bush Administrations proposal to create a Department of Homeland Security is drawing criticism this week from industry advocates and government watchdogs for transferring too much power over computer networks and information security to the federal bureaucracy and law enforcement.
The Administrations plan to move the Commerce Departments computer security division from the National Institute of Standards and Technology to the proposed Department of Homeland Security would put the future of computer security under the control of law enforcement rather than private enterprise, according to the Computer and Communications Industry Association in Washington, D.C. By moving the division, the Administration would exempt it from the Computer Security Act, which requires civilian control over computer security efforts targeted for the public, CCIA maintains.
In a letter to the House Science Committee chairman, CCIA recounted past threats to the integrity of computer security that the private sector battled when national security interests sought influence over security standards. “Clearly, law enforcement and national-security sectors have a checkered past with regard to NIST and computer security,” wrote CCIA president Ed Black. “Their interference in NISTs mission has repeatedly compromised the private sectors confidence in the Institute and seems certain to do so in the future if repeated.”
Also today, some of the countrys largest corporations responsible for critical information technology infrastructure encouraged lawmakers to create greater exemptions from public disclosure for information that they voluntarily share with government agencies.
At a hearing held by the House Commerce Committees oversight and investigations panel, lawmakers listened to both public and private sector officials discuss steps that should be taken to improve information-sharing regarding infrastructure threats and vulnerabilities.
Guy Copeland, vice president for Information Infrastructure Advisory Programs at Computer Sciences Corp. in Falls Church, Va., told the committee that the government needs to give CEOs the certainty that information turned over will be protected from public view. Current FOIA exemptions are too ambiguous, he argued, speaking on behalf of the Information Technology Association of America, which supports several pending bills that would enhance FOIA protections of corporate information.
Requesting that shared corporate information be given the protection of classified government data, Kenneth Watson, President of the Partnership for Critical Infrastructure Security at Cisco Systems, Inc. in Austin, Texas, said that the private sector only rarely shares its most critical data about cyber-threats.
Since Sept. 11, the government has dramatically increased the volume of information requests to corporations, according to William Smith, CTO, BellSouth Corp. The requests are troubling, Smith said, because the information sought could assist terrorists if it became public. “[Disclosed information] could provide terrorists with essentially a roadmap to our most sensitive locations,” Smith said.
However, government watchdogs and privacy advocates argued that existing FOIA exemptions provide adequate protection for sensitive corporate information shared with the government and that the additional carve-outs proposed for the Department of Homeland Security would limit public access to crucial data.
“Citizens are receiving inadequate information about vulnerabilities,” said David Sobel, general counsel of the Electronic Privacy Information Center in Washington, D.C. Sobel said that the contemplated FOIA exemptions would prevent the public from holding the department – which will have an unprecedented range of responsibility for public safety — accountable for failure to use information properly.
“It remains unclear what gov will do with information it receives,” Sobel told the committee. “[The exemption] would cast a shroud of secrecy over one of new departments critical functions.”
Jeremiah Baumann, environmental health advocate at the U.S. Public Interest Research Group in Washington, D.C., also implored lawmakers not to support the FOIA exemption proposed for the department.
Despite the caliber of the private-sector witnesses panel and the gravity of the subject at hand, only three committee members posed questions to panel.
After the witnesses from industry were excused, the committee closed the session to the public to conduct the remainder of the hearing on Homeland Security in secret.
Related Stories:
- National Security is an IT Concern
- Joining Forces for Homeland Security
- Zeroing In on Homeland Security Plan
- More Security Coverage