The Department of Homeland Security (DHS) issued an Advance Notice of Proposed Rulemaking (ANPRM) on April 21 to solicit input on potential changes to its Protected Critical Infrastructure Information (PCII) Program. Under this congressionally authorized program, an organization (public or private sector) may voluntarily provide certain government agencies with sensitive security information about its critical infrastructure, and the government will limit the public disclosure of that information. The government and many stakeholders believe the PCII program, now 10 years old, is integral to promoting information sharing between the government and critical infrastructure owners and operators for the purpose of analyzing and mitigating threats.
The ANPRM seeks input on any aspect of the program where stakeholders recommend improvement, and specifically on these topics:
- The transition from a paper-based submission program to an electronic environment;
- Marking particular parts of a submission as PCII rather than the entire submission (portion marking);
- Sharing of PCII by the U.S. government with foreign governments;
- Whether limitations on access to/use of PCII by regulatory agencies should be loosened; and
- Whether current safeguards to protect PCII from unauthorized disclosure are adequate.
AMWA member agencies that have submitted information under the PCII Program, or have attempted to, are asked to contact AMWA’s Michael Arceneaux ([email protected]). Understanding members’ experiences with the program will help the association prepare comments in response to the ANPRM. Utilities that participated in DHS cyber or physical security assessment programs through ICS-CERT or the Protective Security Advisors program may have shared information with DHS that was protected under the PCII Program. Comments are due on July 20, 2016.