Sharing Information with the Private Sector
Critical infrastructure often is a prime target for the transnational terrorist enemy we face today. The private sector owns and operates an estimated 85% of infrastructure and resources that are critical to our Nation’s physical and economic security. It is, therefore, vital to ensure we develop effective and efficient information sharing partnerships with private sector entities. Important sectors of private industry have made significant investments in mechanisms and methodologies to evaluate, assess, and exchange information across regional, market, and security-related communities of interest. We arebuilding on these efforts to adopt an effective framework that ensures a two-way flow of timely and actionable information between public and private partners.
Efforts to improve information sharing with the private sector have initially focused on sharing with the owners and operators of our Nation’s critical infrastructure and key resources. In accordance with the National Infrastructure Protection Plan, we are currently implementing a networked approach to information sharing that allows distribution and access to information both horizontally and vertically using secure networks and coordination mechanisms, allowing information sharing and collaboration within and among sectors. It also enables multi-directional information sharing between government and industry that focuses, streamlines, and reduces redundancy in reporting to the greatest extent possible.
These processes are enabling the integration of private sector security partners, as appropriate, into the intelligence cycle and National Common Operating Picture. Moreover, sector security partners are becoming more confident that the integrity and confidentiality of their sensitive information can and will be protected and that the information sharing process can produce actionable information regarding threats, incidents, vulnerabilities, and potential consequences to critical infrastructure and key resources. These efforts are being integrated into broader efforts to establish the ISE.
It is important to note that critical infrastructure and key resource owners and operators utilize a number of mechanisms that facilitate the flow of information, mitigate obstacles to voluntary information sharing, and provide feedback and continuous improvement regarding structure and process. These include the Sector Coordination Councils, Government Coordination Councils, National Infrastructure Coordinating Center, Sector-level Information Sharing and Analysis Centers (commonly referred to as ISACs), DHS Protective Security Advisors, the DHS Homeland Infrastructure Threat and Risk Analysis Center (HITRAC), and State and major urban area fusion centers. These mechanisms accommodate a broad range of sector cultures, operations, and risk management approaches and recognize the unique policy and legal challenges for full sharing of information between private sector owners and operators and government, as well as the important requirements for efficient operational processes.
Our efforts to improve information sharing with the private sector have been guided by a number of important factors:
- Current, reliable, accurate, and actionable information is critical to private sector decisions to protect their business;
- Private sector entities gather, process, analyze, and share information in order to protect their companies’ assets, employees, infrastructure, and ability to operate, so as to maintain a competitive advantage;
- In many cases, private sector entities have spent years establishing strong collaborative information sharing relationships with State and local authorities to facilitate the sharing of time-sensitive threat and vulnerability information. Often it is their preference to coordinate the sharing of this information with the government authorities responsible for regulating their activities.
- The private sector operates within multiple information sharing frameworks: industry executives often prefer to separately share threat-related information with federal and State as well as local government officials and other business executives as they assess the threat environment in which they operate, implement protective measures, and engage in emergency response planning activities;
- As we incorporate the information sharing needs and capabilities of the private sector into our efforts to enable information sharing, we need to recognize that at times the environment in which homeland security, law enforcement, and terrorism-related information is shared mirrors the regulatory environment in which the sharing entity operates; and
- The private sector relies on multiple information sources including professional and local organizations, private information providers, news outlets, colleagues, open intelligence sources on the web, and company management in both domestic and foreign locations, in addition to the government at all levels (Federal, State, and local).
Accordingly, as we improve efforts to share terrorism-related information with the private sector we must continue to:
- Build a trusted relationship between federal, state, local, and tribal officials and private sector representatives to facilitate information sharing;
- Improve the multi-directional sharing of terrorism-related information on incidents, threats, consequences, and vulnerabilities, including enhancing the quantity and quality of specific, timely, and actionable information provided by the Federal Government to critical infrastructure sectors and their State, local, and tribal partners;
- Ensure that federal, state, local, and tribal authorities have policies in place that ensure the protection of private sector information that is shared with government entities;
- Integrate private sector analytical efforts into federal, state, local, and tribal processes, as appropriate, for a more complete understanding of the terrorism risk; and
- Establish mechanisms and processes to ensure compliance with all relevant U.S. laws, including applicable information privacy laws.
Finally, the needs and capabilities of the private sector, particularly those entities considered to be critical infrastructure or key resources, will be incorporated into efforts to establish a national, integrated network of State and major urban area fusion centers and to produce “federally coordinated” terrorism-related information products at NCTC.
- DHS: Information Sharing: A Vital Resource for a Shared National Mission to Protect Critical Infrastructure
- Critical Infrastructure Sector Partnerships
- Office of Infrastructure Protection (IP)
- Homeland Security Presidential Directive 7
- National Infrastructure Protection Plan (NIPP)
- National Infrastructure Coordinating Center
- Protected Critical Infrastructure Information Program
- Automated Critical Asset Management System (ACAMS)
- The Critical Infrastructure Partnership Advisory Council (CIPAC)
- Overseas Security Advisory Council
- National Infrastructure Advisory Council