[Congressional Record (Bound Edition), Volume 148 (2002), Part 17]
[Senate]
[Pages 23157-23158]
[From the U.S. Government Publishing Office, www.gpo.gov]




              CRITICAL INFRASTRUCTURE INFORMATION SHARING

  Mr. BENNETT. Mr. President, for several years, I have been actively 
working to protect our Nation's critical infrastructure and promote 
information sharing between the government and the private sector. From 
my experience with Y2K, I recognized that our Nation's critical 
infrastructure was vulnerable and that the private sector and the 
government needed to cooperate. Last year I introduced S. 1456, the 
Critical Infrastructure Information Security Act of 2001, which sought 
to bolster critical infrastructure security by fostering and 
encouraging critical infrastructure information sharing. Both the 
Senate Government Affairs Committee and the Senate Energy and Natural 
Resource Committee held hearings on this issue. Once legislation 
creating the Department of Homeland Security was introduced in the 
Senate, I worked to ensure that some of the protections found in S. 
1456, specifically protection from public disclosure pursuant to the 
Freedom of Information Act (FOIA), were addressed and considered in the 
proposed legislation.
  The need for congressional attention on this issue stems from the 
growth of new technology and the increased reliance on computer 
networks created new vulnerabilities. For the past two decades, once 
physically distinct operations, controls and procedures have been 
tightly integrated with information technology. Pipelines can be 
controlled remotely. A vulnerability in a telecommunication systems can 
impact the functioning of the Department of Defense and the financial 
services sector. Sectors are more interconnected and more 
interdependent.
  Eighty-five percent of the United States' critical infrastructures, 
the essential services that if disrupted or destroyed would impact our 
economic or national security such as financial services, 
telecommunications, transportation, energy, and emergency services, are 
still owned and operated by the private sector. Osama bin Laden has 
called on his supporters to attack the pillars of the U.S. economy the 
private sector.
  If the private sector and the Federal Government are increasingly 
interconnected and are targets for those who wish us ill, it makes 
sense for both targets to share information with each other. We have to 
think differently

[[Page 23158]]

about national security, as well as who is responsible for it. In the 
past, the defense of the Nation was about geography and an effective 
military command-and-control structure. Now prevention and protection 
must shift to partnerships that span private and government interests.
  Yet the private sector has no access to government information about 
possible threats, much of which is often classified. The Federal 
Government, with its unique information and analytical capabilities, 
lacks specific information from the private sector on attacks. Both 
parties have a blind spot and only see parts of the problem. Government 
and industry would benefit from cooperating in response to threats, 
vulnerabilities, and actual attacks by sharing information and 
analysis. If the Department of Homeland Security is tasked to match 
threats with vulnerabilities, the private sector must be a willing 
partner.
  Although the Senate bipartisan FOIA agreement that I negotiated is 
not included in the current homeland security bill, I am pleased that 
the final version includes a number of provisions that will foster 
critical infrastructure information sharing. As the government and the 
private sector cooperate and begin to exchange information, we will be 
in a better position to prevent, respond to and recover from future 
attacks to our country.

                          ____________________