Advertisement

The Nation

Some Businesses Balk at Giving Secrets for U.S. Terrorism Fight

Security: Utilities and high-tech firms are reluctant to turn over information about their operations for fear that it could be compromised.

July 06, 2002|NICK ANDERSON | TIMES STAFF WRITER

WASHINGTON — Prominent business groups, usually allied with the Bush administration, are showing unexpected resistance to government efforts to gauge the nation's vulnerability to terrorism.

While the White House says private-public cooperation has blossomed since the Sept. 11 attacks, representatives of banking, information technology, utilities and other industries in recent months have declined to share crucial details of how their systems work and where they might be compromised. They say that sensitive data shared with Washington could quickly become public, undercutting corporate trade secrets, scaring off customers or providing would-be terrorists with valuable clues about targets.

The motives for withholding data vary from sector to sector and business to business. Without exception, industry leaders say they want to help the government. But Shannon L. Kellogg, a vice president for security at the Information Technology Assn. of America trade group, said, ''The bottom line is, the information is not flowing.''

In response, the Bush administration has proposed exempting from the federal public disclosure law much of the information it wants private industry to voluntarily supply to the new Department of Homeland Security. Critics attack this proposal as an unwarranted break for big business. And they charge that, because some of its records would not be subject to public review, the department would be effectively ''above the law.''

But advocates say the government can't fend off terrorists without winning cooperation from private industry. ''The best scenario is for the government and all the [business] players to be connected with full information but for the terrorists to still be in the dark,'' said Sen. Robert F. Bennett (R-Utah).

The dispute shows anew how the challenge of securing America from terrorist attack in a post-Sept. 11 world raises fundamental questions about how much information can and should be shared with the government.

At issue is how the government can help protect what has come to be known as ''critical infrastructure'': telecommunication networks, information systems, financial service links, utility grids, power plants, chemical depots, transportation hubs and so on.

Many of those assets are in private hands.

And the government, with some exceptions, cannot compel the owners to disclose systemic weaknesses or even to report threats and attacks.

Bennett recounts one incident to prove the point. After Sept. 11, he said, a financial institution called him for advice on how to handle a serious terrorist threat it had received against its internal systems. But the company's officers did not want to relay the threat to government agencies for fear that it would become public and spark employee or customer panic.

The threat turned out to be a hoax, but Bennett called it ''a classic example of something that the Homeland Security Department would want to know.''

In April, an FBI survey of businesses and other institutions found that 90% of respondents had experienced significant computer security breaches within a one-year period, most of them causing financial loss, but that only 34% had reported the incidents to law enforcement.

At a hearing in May before the Senate Governmental Affairs Committee, Ronald L. Dick, director of the FBI's National Infrastructure Protection Center, explained why.

''The two primary reasons for not making a report were negative publicity and the recognition that competitors would use the information against them,'' Dick said.

The Office of Homeland Security, a White House unit formed after Sept. 11, also has found resistance.

Laurence W. Brown, legal affairs director for the Edison Electric Institute, which represents investor-owned utilities, said he attended a conference in April in which homeland security officials asked industry representatives for security information.

Brown said the officials were told: ''We'd love to tell you where our critical facilities are, but we're not going to because you can't keep a secret.''

Tom Ridge, the White House homeland security director, acknowledged in testimony before Congress last week that getting information from private industry is ''a problem that's been experienced by a lot of the Cabinet secretaries and even during the work of the Office of Homeland Security.''

But solving that problem is especially tricky for a Republican administration that aims simultaneously to expand government's anti-terrorism powers and curb government's regulation of private enterprise.

Rather than passing new laws or issuing executive orders requiring business to hand over critical information, the White House has concluded that a voluntary approach will work best.

Advertisement
Los Angeles Times Articles
|
|
|