Program shields anonymous flaw sleuths
The Department of Homeland Security asks companies to send it security tips about the nation's tech infrastructure, assuring them the information will be protected from the public.
Called the Protected Critical Infrastructure Information (PCII) Program, the initiative allows companies to report security vulnerabilities in their products that may affect the nation's security without revealing the flaws to the wider public and opening the companies up to liability.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
The department on Wednesday announced that it will start accepting tips through the new program.
Technology industry groups previously have cited concerns about the potential negative consequences of giving proprietary or embarrassing information to the federal government, fearing it could be leaked to the press or obtained through requests filed under the Freedom of Information Act.
The creation of the PCII program follows the agency's establishment of a cyberalert system to send vulnerability notices, security tips and bulletins to information technology professionals and ordinary computer users. Both programs were discussed in the Bush administration's National Strategy to Secure Cyberspace, which was released in final form a year ago.
The Department of Homeland Security estimated that more than 85 percent of the nation's "critical infrastructure" is managed by the private sector.
To qualify for protected status, companies must follow submission guidelines. Any information given to the government under the program is protected until a final determination is made.