Government, industry fall short in sharing cyber threat data

Auditors say expectations not being met when it comes to sharing information about threats to U.S. critical infrastructure

The government isn’t giving industry officials the timely and actionable information on cyber threats that they expect, nor is industry always meeting government expectations for sharing cyber threat data, according to the Government Accountability Office.

Just 27 percent of 56 industry representatives surveyed by GAO said the government was, to a great or moderate extent, giving them timely and actionable cyber threat information and alerts. Industry officials also reported a lack of access to classified information, a secure way to share that data, security clearances and a single central government source for cyber information, GAO said in a report released Aug. 16.

“Private-sector stakeholders are not consistently receiving their expected services from their federal partners because, in part, federal partners are restricted in the type of information that can be shared with the private sector and lack an understanding about each sector’s specific information requirements,” auditors concluded.

Government officials reported to GAO that industry is mostly meeting their expectations in several areas, although they said some improvements could be made. The extent to which industry is fulfilling government’s expectations varies by critical-infrastructure sector, auditors said. Some industry officials don't want to share their proprietary information with the federal government because of worries about public disclosure.

Officials working with the information technology sector reported the private sector was giving it only one of the 10 services that were expected, GAO said.

GAO focused its reporting on the banking and finance, communications, defense industrial base, energy, and IT sectors because of their reliance on cyber assets. The auditors analyzed reports and interviewed officials involved in those sectors.


Related stories

Critical Infrastructure central to cyber threat

FBI's Mueller urges companies to share info on cyber crime


The government has identified a total of 18 critical infrastructure sectors. Each sector has a council comprised of industry officials and a council that includes local, state and federal government officials. The councils are supposed to work together to bolster critical infrastructure protection.

The Homeland Security Department has issued the National Infrastructure Protection Plan (NIPP) as the framework for dealing with threats – including those that are cyber-based – to that infrastructure.

“Without improvements in meeting private- and public-sector expectations, the partnerships will remain less than optimal and there is a risk that owners of critical infrastructure will not have the appropriate information and mechanisms to thwart sophisticated cyberattacks that could have catastrophic effects on our nation’s cyber-reliant critical infrastructure,” GAO said.

GAO recommended that the White House cybersecurity coordinator and DHS use its findings to focus on cybersecurity information-sharing efforts and to bolster DHS’ new National Cybersecurity and Communications Integration Center.

The cybersecurity coordinator didn’t provide it with comments on the findings, GAO said. DHS agreed with the recommendations and described efforts under way to deal with them. DHS said it is integrating public- and private-sector partners into that new center.

Three senior Democrats on the House Homeland Security Committee, including Chairman Rep. Bennie Thompson (D-Miss.), said in a statement that the report shows that public- and private-sector cybersecurity efforts aren’t always on the same page.

“Given the growing nature of the threat, DHS and the private sector must commit to cooperative efforts to ensure the safety of our nation’s cyber infrastructure and security of the critical functions it provides,” he said.

 

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.