There is already a law on the books called Protected Critical Infrastructure Information (PCII). It has stiff penalties for leaking the information. The reporting critical infrastructure company has to request the information or report be protected under PCII. In most cases the companies also use their own NDA as well for added recourse if the info gets leaked. Also the fusion center or DHS could of offered this option up since most companies do not know this option/law is on the books. For a State Fusion center to leverage this law they have to get a delegation from DHS or at a minimum bring the executive agent in to declare the info PCII since it's a federal law.
The PCII designator works and has been used in past incidents. Sensitive but unclassified does not work and has widely varying meanings from agency to agency. If it's that sensitive use PCII or classify as SECRET. Regarding this incident, I was skeptical from the get go. The fog of war around any incident is usually pretty thick at the initial stage. This has been shown even in national level cyber exercises time and time again. FBI/USSS/US-CERT are routinely engaged and investigating cyber incidents and nothing new here. People acted as if that was outside the norm when it was not. Jerry je...@jdixon.com On Nov 26, 2011, at 3:14 PM, Jared Mauch <ja...@puck.nether.net> wrote: > +1 > > This isn't the pentagon papers. > > Those found leaking should face the legal consequences for sbu information > leakage. > > One can't have every email/memo leaked as it makes it unfeasible to perform > ones job. > > Jared Mauch > > On Nov 26, 2011, at 7:51 AM, "andrew.wallace" <andrew.wall...@rocketmail.com> > wrote: > >> My comment about a certain person leaking public-private sector >> correspondence to the media still applies then. >> >> https://plus.google.com/114359738470992181937/posts/DSnJfKqrJK1 >> >> >> Andrew >> >> >> >> ________________________________ >> From: Jay Ashworth <j...@baylink.com> >> To: NANOG <nanog@nanog.org> >> Sent: Saturday, November 26, 2011 3:14 AM >> Subject: Water Utility SCADA 'Attack': The, um, washout >> >> Not an attack: an already failing pump, and an employee of a contractor to >> the >> utility who was ... wait for it ... >> >> traveling in Russia on personal business. >> >> WaPo via Lauren @ Privacy: http://j.mp/rrvMXR >> >> Cheers, >> -- jra >> -- >> Jay R. Ashworth Baylink >> j...@baylink.com >> Designer The Things I Think RFC >> 2100 >> Ashworth & Associates http://baylink.pitas.com 2000 Land Rover >> DII >> St Petersburg FL USA http://photo.imageinc.us +1 727 647 >> 1274 >
