Government, industry fall short in sharing cyber threat data

Auditors say expectations not being met when it comes to sharing information about threats to U.S. critical infrastructure

The government isn’t giving industry officials the timely and actionable information on cyber threats that they expect, nor is industry always meeting government expectations for sharing cyber threat data, according to the Government Accountability Office.

Just 27 percent of 56 industry representatives surveyed by GAO said the government was, to a great or moderate extent, giving them timely and actionable cyber threat information and alerts. Industry officials also reported a lack of access to classified information, a secure way to share that data, security clearances and a single central government source for cyber information, GAO said in a report released Aug. 16.

“Private-sector stakeholders are not consistently receiving their expected services from their federal partners because, in part, federal partners are restricted in the type of information that can be shared with the private sector and lack an understanding about each sector’s specific information requirements,” auditors concluded.

Government officials reported to GAO that industry is mostly meeting their expectations in several areas, although they said some improvements could be made. The extent to which industry is fulfilling government’s expectations varies by critical-infrastructure sector, auditors said. Some industry officials don't want to share their proprietary information with the federal government because of worries about public disclosure.

Officials working with the information technology sector reported the private sector was giving it only one of the 10 services that were expected, GAO said.

GAO focused its reporting on the banking and finance, communications, defense industrial base, energy, and IT sectors because of their reliance on cyber assets. The auditors analyzed reports and interviewed officials involved in those sectors.


Related stories

Critical Infrastructure central to cyber threat

FBI's Mueller urges companies to share info on cyber crime


The government has identified a total of 18 critical infrastructure sectors. Each sector has a council comprised of industry officials and a council that includes local, state and federal government officials. The councils are supposed to work together to bolster critical infrastructure protection.

The Homeland Security Department has issued the National Infrastructure Protection Plan (NIPP) as the framework for dealing with threats – including those that are cyber-based – to that infrastructure.

“Without improvements in meeting private- and public-sector expectations, the partnerships will remain less than optimal and there is a risk that owners of critical infrastructure will not have the appropriate information and mechanisms to thwart sophisticated cyberattacks that could have catastrophic effects on our nation’s cyber-reliant critical infrastructure,” GAO said.

GAO recommended that the White House cybersecurity coordinator and DHS use its findings to focus on cybersecurity information-sharing efforts and to bolster DHS’ new National Cybersecurity and Communications Integration Center.

The cybersecurity coordinator didn’t provide it with comments on the findings, GAO said. DHS agreed with the recommendations and described efforts under way to deal with them. DHS said it is integrating public- and private-sector partners into that new center.

Three senior Democrats on the House Homeland Security Committee, including Chairman Rep. Bennie Thompson (D-Miss.), said in a statement that the report shows that public- and private-sector cybersecurity efforts aren’t always on the same page.

“Given the growing nature of the threat, DHS and the private sector must commit to cooperative efforts to ensure the safety of our nation’s cyber infrastructure and security of the critical functions it provides,” he said.

 

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.