"To do this, the government needs to institutionalize better its private sector liaison across the board with the owners and operators of critical infrastructures, hardware and software developers, server [and] service providers, manufacturers [and] producers and applied technology developers," the report says.
The commission's report, "Road Map For National Security: Imperative For Change," is the third installment of a three-phase study of how the U.S. can best face new and emerging threats posed by the spread of technology and weapons of mass destruction. However, it comes at an important time for the CIP effort, which is struggling to define itself in the face of rising criticism about its inability to share information in a timely manner and calls for a more centrally managed program.
"I think the commission may have done a disservice to infrastructure protection by tying it to the unachievable goal of creating a new agency," said Steven Aftergood, an analyst at the Federation of American Scientists in Washington. "In the absence of an actual crisis, the existing national security bureaucracy is unlikely to permit the establishment of a major new competitor for authority and funds," he said.
Harris Miller, president of the Information Technology Association of America, which was instrumental in forming the IT sector's Information Sharing and Analysis Center (IT-ISAC), said organizations like the ISACs don't want to duplicate the efforts of other groups, and they try to work closely together to avoid the problem.
"The creation of the ISACs does not mean the end of the other organizations and the role they play," said Miller. "Rather, they are complementary."
However, with a Congress split down the middle and a profound lack of consensus about security policy, any attempt at a sweeping reorganization right now seems doomed, said Aftergood. "Infrastructure protection will have to proceed on its own track," he said.