Government and the private sector still don't share enough information about cyber threats because each doubts the other's ability to protect it, according to a recent survey by the U.S. Government Accountability Office.
Government and the private sector still don't share enough information about cyber threats because each doubts the other's ability to protect it, according to a recent survey by the U.S. Government Accountability Office (GAO).
The GAO's survey of 56 leading private sector stakeholders and their government counterparts showed that old concerns persist: companies worry the government will share data with their competitors, while the government worries information shared with the private sector will end up in the hands of foreign governments.
GAO offered two recommendations: that the Obama administration consider the findings in its ongoing effort to beef up cybersecurity, and that the White House and the Department of Homeland Security (DHS) ensure the success of the new National Cybersecurity and Communications Integration Center. The center is a collaboration between DHS's U.S. Computer Emergency Readiness Team and its National Coordinating Center for Telecommunications.
(For more on the ongoing struggle to stop cyber threats, see Yet Another Cyber Wake-Up Call from April's Homeland Security department, and New Cybersecurity Push, Old Problem , from the September 2009 issue.)
Only 27 percent of private sector respondents said they get timely and accurate cyber threat information from the federal government, while only nine percent said their federal partners are providing the technical expertise to face the problem.
Meanwhile federal officials told GAO that while the private sector is doing a good job of following recommendations to shore up vulnerabilities, it does not provide the personnel necessary to maintain a robust partnership, according to the report.
"Without improvements in meeting private and public sector expectations, the partnerships will remain less than optimal, and there is a risk that owners of critical infrastructure will not have the appropriate information and mechanisms to thwart sophisticated cyber attacks that could have catastrophic effects on our nation’s cyber-reliant critical infrastructure," the GAO wrote.