The sharing of information between the government and critical infrastructure companies has been a thorny issue. Patrick Miller, CEO of the nonprofit Energy Sector Security Consortium (EnergySec), explains that much of the sharing that goes on today is one-way — with that one-way heading in the direction of the government.
“I think that if we can get more actionable information … the stuff that’s typically classified, if we can declassify and take down some of the sensitivities and allow a little bit more information out there — truly actionable information –then it would, I think, get these folks to move,” he says. “In most cases, the CEOs hear there are all kinds of threats out there, but there [have been] rare briefings that they’ve actually been able to go to and get maybe even a temporary clearance to hear what the real issues are and see some real examples of what’s actually going on out there.”
Security is both science and art, Miller says, and skilled attackers will always be able to gain an advantage through innovation.
“I’m just not sure they can actually craft legislation that solves the problem,” he says. “What they can do in a lot of ways is craft legislation that increases incentives to be secure, for example.”