Protected Critical Infrastructure Information (PCII) is a measure put into place to provide assurances to owners/operators when sharing critical information with government agencies. Sometimes, incident briefings that include sensitive information may require attendees to have a PCII certification, and/or security clearances. If the information being discussed/shared involves PCII information, all attendees must be PCII certified. Everyone involved in the creation or viewing of intelligence briefing documents, or alerts about sensitive critical infrastructure information must be PCII certified. Some of the complaints voiced by critical infrastructure owners/operators is that they provide information into a secure system, but they never receive information back out even when it is related to their core mission and operations.
Based on the required readings and videos this week, select two of the following prompts/questions and post your responses in 2-3 paragraphs. Conduct additional research as needed. You must include at least three credible sources to substantiate your claims. You only need to answer two of the five prompts below.
Examine and discuss the role of critical infrastructure owner/operators. What are their priorities? What knowledge do they possess? How might their insights assist with incident management or security and protection objectives?
Describe the barriers that exist to achieve information sharing among critical infrastructure owner/operators and government officials. What approaches should be done to mitigate the barriers?
Identify the infrastructure sectors most commonly involved in sharing sensitive PCII information. Why should they share the information? How should the information requesters engage with the owners/operators? What steps can analysts and government officials take to improve trust and partnerships with owners/operators?
Explain the circumstances and criteria for when information is Critical Infrastructure Information (CII). How does the Freedom of Information Act (FOIA) relate to CII? Describe a situation when CII could be excluded via an exemption from a FOIA request.
Summarize the differences between sensitive information, CII, PCII, need-to-know, and need-to-share information.