Wednesday, May 2, 2007
Dealing with Sensitive Security Information
One of the most difficult challenges to providing security for critical infrastructure is the management of information about it that could fall into the wrong hands. Since the 9/11 attacks, maps and other "Sensitive Security Information" or "SSI" documents related to dams, electric power grids, nuclear power plants, transportation networks, etc. have been removed voluntarily from publicly-available websites by public agencies other owners of infrastructure. But what about documents describing the design and operation of these critical infrastructures for use by legitimate contractors and agency staff members--who should be allowed to see them, and who shouldn't? What systems can be put in place to ensure that information flows directly between those who have the information and those who seek it for the "right" reasons--and kept from those who want it for the "wrong" reasons?
Labels:
sensitive security information,
SSI
Subscribe to:
Posts (Atom)