Communications Litigation Today was a service of Warren Communications News.

RIDGE SAYS POTENTIAL NETWORK ATTACKS THREATEN COMMUNITIES

August 1, 2002 by Steve Peacock|Miscellaneous

Attacks on communications networks and other critical infrastructure can be equated with attacks on individual communities, in light of reliance on such systems by consumers and businesses, Homeland Security Dir. Tom Ridge told U.S. Chamber of Commerce Wed. That connection between national and economic security should serve as an incentive for private sector to continue pursuing critical infrastructure protection and cybersecurity partnerships with federal govt., he said: “When the hometown is secure, the homeland is secure.”

Ridge said such joint efforts not only were necessary to guard against terrorist and cyberattacks, but also to balance needs of security and commercial interests: “By engaging industry, the government can provide security without impairing commerce.” Since most critical infrastructure is owned by private sector, “obviously we need strategic partners,” he said. Network operators therefore should carry out cyber and structural vulnerability assessments on their own, while remaining open to communicating their needs with homeland security officials, he said.

In addition to carrying out internal security reviews of their assets, critical infrastructure owners and operators would benefit by subsequently sharing information with govt., he said. That information flow would be critical to success of proposed Dept. of Homeland Security (DHS), he said. Legislation (HR-5005) passed by House and soon to be considered by Senate would integrate numerous defense, telecom and cybersecurity functions of several agencies into 4-unit department that would include an Information Analysis & Infrastructure Protection Div. Ridge said that if signed into law, bill would create first govt. entity that could “compile and maintain a complete assessment of the nation’s critical infrastructure.” Only with cooperation of industry could DHS “match threat information with vulnerabilities,” thereby enabling department to take appropriate action, he said.

Limited exemption from Freedom of Information Act (FOIA) disclosures of threat data voluntarily provided by industry, as proposed in HR-5005, would balance public access to information while addressing heightened data security requirements, he said: “We understand the need for transparency… But there are pieces of information -- critical information -- that should not necessarily be shared with the public at large.” Chamber and various industry associations support FOIA exemption, which they say is necessary to prevent terrorists from accessing network details and vulnerabilities. Electronic Privacy Information Center unsuccessfully sought to have Congress drop proposed FOIA exemption (CD July 10 p8), pointing out that industry was seeking additional avenues of secrecy at time when it was under increased scrutiny for falsifying and hiding data from investors.