Information Sharing/Critical Infrastructure Protection Task Force Report

Citation
President's National Security Telecommunications Advisory Committee, Information Sharing/Critical Infrastructure Protection Task Force Report (May 2000) (full-text).

Overview
The IS/CIP Task Force examined information that would advance operational information sharing by focusing on the historical and Year 2000 (Y2K) experiences of the National Coordinating Center for Telecommunications (NCC), including the experiences of the U.S. Government and the NSTAC Network Security Information Exchanges (NSIEs). Additionally, operational and real-time data from industry was harvested from the 16 years of experience with joint industry/Government information sharing in the NCC. The NSIEs provided a rich source of data on industry's network security experiences and its willingness to share those experiences.

Among the lessons learned, the IS/CIP Task Force recognized that the increased level of information sharing that appears to be necessary for CIP will require overcoming operational and perceived impediments. Remedies such as information sharing agreements and exemptions from Freedom of Information Act (FOIA) need to be explored further.

The IS/CIP Task Force addressed PDD-63 goals embodied in the National Plan for Information Systems Protection and the Partnership for Critical Infrastructure Security through a detailed evaluation of the Plan, including the impact of the Plan on industry; an assessment of the value that industry could provide Government; and finally, through meetings with Government officials in which the IS/CIP Task Force provided a clear assessment of industry's added value.

The IS/CIP Task Force paid specific attention to efforts that further positioned the NCC as an ISAC for telecommunications. An analysis of the NCC considered what information is collected, how it is shared, and what the value added is for industry and for Government. The IS/CIP Task Force recognized that the telecommunications industry's long history of supporting national security and emergency preparedness efforts enabled the NCC to be positioned as the first joint industry/Government ISAC partnership. The NCC ISAC function was being developed through a phased approach in which participation, outreach, external relationships, and other issues are addressed.

Recommendations for several principles for inclusion in the National Plan were also provided to the Government. Information and lessons learned in securing the Public Network from cybercrime and disaster were shared at a variety of meetings that took place across industry sector infrastructures.