Critical Infrastructure Protections Include Employee Information
By Claudette Roulo
American Forces Press Service
WASHINGTON, April 22, 2013 President Barack Obama’s February executive order requiring federal agencies to improve cybersecurity protections for critical infrastructure means the Defense Department will be sharing more information with the defense industrial base, Michael E. Reheuser, the director of DOD’s Privacy and Civil Liberties Office, said April 19.
“The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront,” the president wrote in his order. “The national and economic security of the United States depends on the reliable functioning of the nation's critical infrastructure in the face of such threats.”
The information sharing is intended to safeguard vital defense information shared with or held by the defense industrial base, Reheuser said in an interview with American Forces Press Service and the Pentagon Channel.
“The way we do that is provide them information that they can use ... to prevent persistent attacks that have been levied on almost every business in the United States,” he said.
In the past, that information wasn’t always freely shared, Reheuser said. “So, the president's executive order is encouraging DOD and other agencies to share that information with the companies so that they can better protect their information,” he explained, “so the nation as a whole won't be subject to as many attacks and the scope of the attacks won't be as significant.”
According to the executive order, critical infrastructure includes systems and assets so vital to the United States that their failure or destruction would have a debilitating impact on security, national economic security, national public health or safety.
The Defense Privacy and Civil Liberties Office is responsible for making sure that these information-sharing programs take into account the privacy and civil liberties of DOD employees and defense contractors, Reheuser said.
“So, for example, we want to make sure that we're not having any government monitoring of emails of personnel that don't work for the Department of Defense,” he explained. Not only do DOD employees sign user agreements when they receive an email account, Reheuser noted, but each time they sign on, a banner explains their rights as a user of a defense information system.
"We [DOD employees] understand that our emails and other information on the computer -- because it's a government system -- can be monitored, and that monitoring consists of ensuring, for example, that classified information does not leave the network," Reheuser said.
While those rules apply to DOD employees, he said, the government does not monitor the systems of defense contractors.
“And under no program is that going on,” he added.
The DPCLO will assess the DOD’s information-sharing programs to ensure that privacy and civil liberties protections exist and are fair, Reheuser said. That assessment will be delivered to the president next year as part of a joint report with the Department of Homeland Security, he added.