One Week Remains for Comments on Critical Infrastructure Information Rule

Only a single week remains to submit comments to the Department of Homeland Security (DHS) on the highly controversial Critical Infrastructure Information (CII) rule. DHS published an interim final rule in the Federal Register Feb. 20 with a 90-day public comment period that ends May 20. Even though the agency continues to accept comments on the CII program, the rule went into effect upon publication. DHS has reported to Congress that it has already received several submissions for the CII program. The stated objective of the CII program is to encourage corporations, which own a majority of the country's "critical infrastructure," to inform the government about any problems or vulnerabilities associated with the infrastructure. However, to encourage companies to participate in this voluntary reporting program the government promised to never publicly disclose the submitted information, nor use it for any regulatory actions including inspections, violations and fines. Additionally, the submitted information may not be used for any civil liability. In other words, the companies received liability immunity for any problems they reveal to the government under the CII program. Many have criticized these provisions as giving away both the public's and the government's ability to apply pressure and ensure that any vulnerabilities are eliminated. The CII program may become a bureaucratic dead-end into which companies can dump their documents to receive secrecy and immunity. Other complaints have been raised about the basic structure and implementation of the program. Currently the program is limited to direct submissions to DHS. However, DHS has expressed a desire to expand the rule to allow companies to submit information through any federal agency. Such a change could restrict agencies' ability to operate. Since CII information cannot be used for any regulatory action, allowing the information to flow through regulatory agencies would taint all of their actions. For instance, if a chemical facility submitted CII through the Environmental Protection Agency, when EPA next inspected the facility the company could claim that EPA unfairly targeted them because of their CII submission and thereby avoid responsibility for any problems discovered during the inspection. OMB Watch will soon complete its detailed comments on the interim final CII rule. Citizens can tell DHS to limit this program and not to provide a safe haven for companies dragging their feet on fixing infrastructure problems click here.
back to Blog