DHS Publishes Private Sector Clearance Program 60-day ICR Renewal Notice

Today the DHS Office of Infrastructure Protection (IP) published a 60-day information collection request renewal notice in the Federal Register (83 FR 4670-4671) for the Private Sector Clearance Program (PSCP), Cooperative Research and Development Agreement, and Classified Critical Infrastructure Protection Program Request. This collection is for the initial information submitted to DHS to start the security clearance review process for private sector individuals in the following programs:

• Sector Coordinating Councils (SCCs);

• Cooperative Research and Development Agreements (CRADA) with NCCIC;

• Classified Critical Infrastructure Protection Program (CCIPP); and

• Cyber Information Sharing and Collaboration Program (CISCP)

This renewal expands the PSCP information collection to include the new CISCP. The revised estimate for the annual burden of this collection includes an expected 600 responses at 10 minutes per response. This burden only covers the initial information collected by DHS not the much more extensive (and very time consuming) background information collected by the OMB’s secure portal for investigation processing.

OIP is soliciting public feedback on this ICR renewal. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # DHS-2017-0061). Comments should be submitted by April 2^nd, 2018.

Commentary

The limits on this classified information sharing program outlined in this ICR demonstrate how little sharing of classified intelligence information does with the private sector critical infrastructure. Beyond the normal reluctance of the government to share classified information, there are a number of other factors which help to limit this information sharing process. First and foremost are the expensive requirements for appropriate technology to receive and store classified information.

In the ‘old-days’ when most classified information was stored as paper files, a GSA-approved safe secured in a locked room in a protected building provided ‘sufficient’ protection for all but the most sensitive classified information. That was an expense that could be afforded by most corporations. Today, with classified documents being transmitted and stored in electronic format, the security requirements have dramatically increased and the costs skyrocketed. Even when large corporations can afford such installations in their corporate headquarters, they cannot share the information with their scattered subordinate locations where the intelligence would most likely be used.

As I have said on numerous occasions, to share intelligence information with the increasing number of potentially affected private sector organizations, DHS and the rest of the intelligence community must be more proactive (and maybe more importantly) and timely in abstracting actionable information from intelligence reports (separate from the means and methods information which leads to most classification labels) so that the information may be shared in less-than classified formats.