Mutual distrust has stymied the creation of an effective cybersecurity partnership between the federal government and the private companies that own most of America’s critical infrastructure, according to a report released Monday.
The report from the Government Accountability Office found that private sector groups feel the federal government is not providing them with usable, timely information to protect sensitive data and keep networks safe from cyber-attacks.
Currently any information that agencies such as the U.S. Computer Emergency Readiness Team provide to the private sector has to undergo a stringent review and revision process, slowing it down, the GAO found. US-CERT is also restricted from providing private sector entities with individualized treatment, making it difficult to provide targeted alerts to companies or areas of industry directly affected by certain cyberthreats. The Department of Energy, which has established industry partnerships, has found information sharing easier than the Department of Homeland Security, the report said.
But the GAO also noted industry’s reluctance to be totally open with the federal government on cybersecurity issues for fear that sharing proprietary information could be bad for business.