Executive Summary The National Infrastructure Advisory Council (NIAC) set out to determine whether the right people are receiving the right intelligence information at the right time to support robust protection and resilience of the Nation’s critical infrastructure. More than 200 interviews and extensive open-source research uncovered a wealth of insights on this complex problem. First, there have been marked improvements in the sharing of intelligence information within the Federal Intelligence Community, and between the Federal Government and regions, States, and municipalities. However, this level of improvement has not been matched in the sharing of intelligence information between the Federal Government and private sector owners and operators of critical infrastructure. Despite some notable successes, this bi-directional sharing is still relatively immature, leaving a large gap between current practices and an optimal system of effective public-private intelligence information sharing. We observe that trust is the essential glue to make this public-private system work. Trust results when partner capabilities are understood and valued, processes are tailored to leverage these capabilities, and these processes are tested and proven valuable to all partners. When breakdowns in information sharing occur, it erodes trust and is counterproductive to risk management. Information sharing is perhaps the most important factor in the protection and resilience of critical infrastructure. Information on threats to infrastructure and their likely impact underlies nearly every security decision made by owners and operators, including which assets to protect, how to make operations more resilient, how to plan for potential disasters, when to ramp up to higher levels of security, and how to respond in the immediate aftermath of a disaster. We looked at intelligence information flowing from the Federal Government to critical infrastructure owners and operators as well as risk information flowing from critical infrastructure owners and operators to the government. Our study reveals the complex ways information is gathered, analyzed, packaged, and shared among government and the owners and operators of critical infrastructures. In tackling this complex subject, we examined the different stages of the intelligence cycle, including requirements generation, information collection, analysis, and dissemination. To gather a variety of perspectives, we conducted extensive interviews with security directors, chief executives, subject matter experts, and government executives and managers. Recognizing that distinct sector characteristics shape information sharing needs, we conducted case studies of five sectors: Commercial Facilities, Healthcare and Public Health, Energy (Oil and Natural Gas), Banking and Finance, and Chemical. While we found some information sharing approaches to be effective, others were not. As a result, we adopted a “capability maturity approach,” which acknowledges that different Federal agencies have different abilities to share information effectively, and we sought to build on what is working.

Alon Peled offers a groundbreaking approach for enabling information sharing among public sector agencies: using selective incentives to 'nudge' agencies to exchange information assets.

The attacks on 9/11 underscored the fed. government¿s need to facilitate terrorism-related info. sharing among gov¿t., private sector, and foreign stakeholders. In response, the Intelligence Reform and Terrorism Prevention Act mandated the creation of the Info. Sharing Environment (ISE), which is an approach for the sharing of terrorism-related info. A Program Manager oversees ISE development with assistance from the Info. Sharing Council, a forum for 16 info. sharing officials from fed. agencies and dep¿ts. This is a report on: (1) what actions have been taken to guide the design and implementation of the ISE; and (2) what efforts have been made to report on progress in implementing the ISE. Includes recommendations. Illustrations.

The fed. gov¿t. is the world's largest and most complex entity, with about $3 trillion in outlays in FY 2008. Reports on high-risk areas bring focus to areas needing attention due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. These reports also identify areas needing transformation to address major economy, efficiency, or effectiveness challenges. This 2009 update presents the status of high-risk areas listed in 2007 and identifies new high-risk areas. Solutions to high-risk problems offer the potential to save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the U.S. gov¿t., and ensure the ability of gov¿t. to deliver on its promises. Illus.