State workgroup seeks information from businesses to protect infrastructure

The GBC Public Safety and Legal Affairs Committee is participating in a state workgroup charged with gathering key private-sector infrastructure information for use by the government agencies in formulating homeland security plans. The partnership will try to help bridge the gap between what government wants businesses to produce and what information businesses feel comfortable giving, according to GBC Vice President Devon Dodson.

The state created the Government’s Critical Infrastructure and Key Resource Protection Program Workgroup in December 2005 to address the issue of how the business community could assist in protecting state’s key infrastructure, Dodson reported to the GBC Public Safety and Legal Affairs Committee on June 15.

Eighty-five percent of critical infrastructure in Maryland is in the hands of private companies, Dodson reported. The workgroup is designed to facilitate the transfer of critical infrastructure information from the private sector to the government with allowances for confidentiality of proprietary information.

The large concern among private companies about giving confidential proprietary information to the government is that it could be subject to the Freedom of Information Act. However, the State Homeland Security asserts that none of the information will be subject to the act.

Nuclear power plants were identified as being subject to the highest threat. The second most likely threats are attacks on chemical plants or releases of toxins. Other critical infrastructure sectors identified include: agriculture, banking, defense/industrial, EMS, energy, IT/telecom, shipping/postal, health care, transportation, and water systems.

Additional assets that need protection include: monuments and icons, commercial facilities, dams, government facilities, and nuclear reactors.

The state workgroup is composed of law enforcement, state and local governmental agencies related to homeland security, financial institutions, chemical plants, power facilities, medical institutions, defense contractors, and business organizations.

In the event of any terror activity, private sector infrastructure owners, police, fire, and other key sectors are the first line of defense. Therefore, risk management must be at the forefront of the private sector’s security policies.

Another issue is emergency information sharing with business. Homeland security must establish better communication efforts as early as possible when there is a terror threat, said Dodson. For example, many businesses were left in the dark regarding the closure of the Harbor and Ft. McHenry tunnels. Businesses need to know how their commerce will be affected.

Homeland security has established a limited access website to provide the private sector with up-to-date critical security information. The website is called “Automated Trusted Information Exchange” (ATIX). The Federal government has given some people access to this list of information. There are large hoops to jump through to get on the list and it is uncertain what the criteria are for access. The security of the web is assured, but what the person with access does with the information is not protected. The solution is to overcome the natural reluctance to broaden the information pool, said Dodson.

“There has to be an agent somewhere you can trust to help with the threat,” said Dodson. “Banks are a good example where security measures would be put in place if there was a threat known. Hospitals need to be notified of a chemical threat as well.”

For more information on this issue, contact Devon Dodson at 410-727-2820, x40.