Neither the public nor the private sectors are doing everything they can to share information to thwart cyberattacks that could have catastrophic effects on the nation’s critical infrastructure, according to a recently released report by the U.S. General Accountability Office (GAO).
In the report the GAO, the investigative arm of Congress, said that because the private sector owns most of the nation’s critical infrastructure – such as banking and financial institutions, telecommunications networks, and energy production and transmission facilities – it’s vital that the public and private sectors form effective partnerships to successfully protect the infrastructure from a number of threats including terrorists, criminals, and hostile nations.
According to the GAO, the public sector doesn’t always provide its private sector partners with timely cyberthreat information and alerts or access to sensitive or classified information; a secure way for sharing information; security clearances.
Furthermore, there is no single government cybersecurity organization to coordinate government efforts. The GAO also found that the private sector doesn’t always share pertinent information with its public sector partners because it’s afraid of revealing proprietary information.
The GAO said that while public sector partners are taking steps to address the key expectations of the private sector, including developing new information-sharing arrangements, more work needs to be done to fully implement improved information sharing.
According to the report, “Without improvements in meeting private and public sector expectations, the partnerships will remain less than optimal, and there is a risk that owners of critical infrastructure will not have the appropriate information and mechanisms to thwart sophisticated cyber attacks that could have catastrophic effects on our nation's cyber-reliant critical infrastructure.”
The GAO recommended that the national Cybersecurity Coordinator and the Department of Homeland Security (DHS) work with their federal and private sector partners to improve information-sharing efforts. While the national Cybersecurity Coordinator didn’t offer any comments on the report, DHS agreed with GAO’s recommendations.
U.S. Rep. Bennie Thompson, a Mississippi Democrat and Chairman of the Committee on Homeland Security, said the report indicates that the public and private sectors aren’t always on the same page when it comes to the nation’s cybersecurity efforts, and information sharing is not at its best.
“Information sharing is a crucial tool in combating the cyber threat and must be enhanced,” Thompson said in a statement. “Given the growing nature of the threat, DHS and the private sector must commit to cooperative efforts to ensure the safety of our nation’s cyber infrastructure and security of the critical functions it provides.”
Rep. Yvette Clarke, a New York Democrat and Chairwoman of the Committee’s Emerging Threats, Cybersecurity, and Science & Technology Subcommittee said the GAO report reveals that although coordination exists, more can be done to ensure both partners are effectively talking with – not past – each other.
“Public and private stakeholders must do away with unnecessary processes to adequately leverage and integrate their capabilities to protect our nation’s critical infrastructure from potential cyberattacks,” Clarke said.