The Clinton administration's plan to protect critical networks from cyberattacks may get the bipartisan congressional support it needs this week in the form of legislation that shields companies' data when it is shared with federal security officials.
The Clinton administration's plan to protect critical networks from cyberattacks
may get the bipartisan congressional support it needs this week in the
form of legislation that shields companies' data when it is shared with
federal security officials.
Reps. Tom Davis (R-Va.) and Jim Moran (D-Va.), both outspoken proponents
of enhancing critical infrastructure protection efforts, are sponsoring
the bill, which would protect companies' proprietary information from inadvertent
disclosure under the Freedom of Information Act.
Private companies, which own most of the nation's critical infrastructure,
have been reluctant to share proprietary data with the government, fearing
that it would end up in the hands of competitors. Companies also often refuse
to report hacker attacks on their enterprises to the government out of fear
that the news will create public distrust in their services and lead to
falling stock prices.
Dave Morin, a spokesman for Davis, said the bill will cover not only
real-time and after-the-fact hacker attacks but also "preventative" security
efforts by companies who own key nodes and systems. "At this point, we think
neither type of information is being shared," Morin said. "We want to make
sure information is shared at every level."
Bill Poulos, director of electronic commerce policy for Electronic Data
Systems Corp.'s Government Affairs Division, said FOIA protection is one
of the main issues he and other industry leaders mentioned to President
Clinton at the White House cybersecurity summit in February. "Reporting
information to the government is in effect making it public information,"
Poulos said. "The safest thing to do is say nothing, but we don't want to
do that."
Steven Aftergood, director of the Proj-ect on Government Secrecy at
the Federation of American Scientists, said a new law may be unnecessary.
The case has yet to be made that critical infrastructure information held
by industry is subject to disclosure under FOIA if it is provided to the
government, he said. "Most or all of it would probably be exempt as proprietary
information or law enforcement information," Aftergood said.
Some privacy advocates are not convinced that the new bill comes with
pure intentions. "This will potentially allow companies to keep secret things
like environmental hazard information [and the] safety of water supplies,"
said Wayne Madsen, senior fellow with the Electronic Privacy Information
Center.
NEXT STORY: Pennsylvania microwave project cookin'