July 24th, 2002
Associated Press
WASHINGTON (AP) _ The top Democrat on a House government reform panel
accused the Bush administration on Wednesday of supporting a proposal she
said would let corporations keep embarrassing secrets from the public by
claiming they involve the security of important computer networks and other
systems. An unexpectedly tense exchange between Rep. Janice D. Schakowsky,
D-Ill., and officials from the FBI and Commerce Department came during
a routine hearing on cyber security before the Government Reform subcommittee
on government efficiency. Saying she was outraged, Schakowsky condemned
a plan to exempt from the U.S. Freedom of Information Act any details that
companies might disclose to the new Department of Homeland Security about
vulnerabilities in their operations. The measure is included within the
House bill establishing the new agency. Schakowsky said the proposal changing
the Freedom of Information Act, supported by the Bush administration, was
``a loophole big enough to drive any corporation and its secrets through.
... It could be something that communities need to know about pollution
of a chemical plant.'' Industry computer experts at the hearing said they
feared disclosure about information that companies might tell the government
about Internet attacks. They also asked lawmakers for protections from
liability lawsuits and antitrust restrictions as business rivals increasingly
share details about threats. ``The sharing of information may lead to liability
lawsuits against the company or its officers and directors,'' said Stanley
``Stash'' Jarocki, who heads a threat-warning network for some of the country's
largest financial institutions. ``The chilling effect of potential liability
lawsuits on voluntary speech cannot be underestimated.'' A similar disclosure
measure, by Sen. Robert Bennett, R-Utah, was approved Wednesday by the
Governmental Affairs Committee after it struck a deal with Patrick Leahy,
D-Vt. That proposal still must be approved by the full Senate. Under the
Senate compromise, the government promised to keep secret any details a
company disclosed to the Department of Homeland Security about vulnerabilities
to important U.S. infrastructures. But any information other agencies collect
would not be protected, even if companies provide the same information
to the new department. The head of the FBI's National Infrastructure Protection
Center, Ronald L. Dick, testified Wednesday that business leaders are so
fearful that few companies are willing to tell government experts about
weaknesses in vital systems, from banking networks to electrical grids.
``I can't really tell you we're getting a lot of information,'' Dick said.
``Their concern is that government could not adequately protect it.'' Schakowsky
challenged another administration official, John Tritak of the Commerce
Department's Critical Infrastructure Assurance Office, over whether the
proposal supported by the Bush administration was overly broad. ``You can
hardly call this a narrow exemption,'' she charged. ``All I'm saying is,
fix it if you have a problem with it,'' Tritak answered. ``Right now, things
aren't as clear as they need to be, and this is the time to work with them.''
Both the FBI's NIPC and the Commerce Department office would become part
of the new Department of Homeland Security under the Bush administration's
reorganization. At Wednesday's hearing, some computer experts described
the risks that foreign hackers one day soon may attack the computerized
systems controlling the nation's electrical or water networks. They said
that even as new vulnerabilities are discovered in modern technology, companies
increasingly are connecting vital systems via the Internet because of cost-savings
and efficiency. ``Fifteen field offices can be managed from one central
location,'' said Marc Maiffret, the co-founder of eEye Digital Security
Inc., which sells security software. Maiffret said this newfound convenience
presents unprecedented risks. ``The attack would be able to take advantage
of the functionality ... to seize control of a power plant, a water treatment
plant, a dam or even an amusement park,'' he said. Maiffret recommended
all employees within companies that operate important systems undergo background
checks _ in some cases as rigorous as ones needed for government clearances.
|