Business & Finance
News
7/27/2004
04:14 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Report: Private Sector Too Wary Of Sharing Security Information

The Department of Homeland Security and private industry aren't doing enough to share information related to protecting critical infrastructure.

The Department of Homeland Security and private industry aren't doing enough to exchange information related to threats to critical infrastructure such as IT and telecom networks, the banking system, or the food supply, a report issued Tuesday finds.

A Government Accountability Office report offers recommendations to the Department of Homeland Security to improve the protection of national critical infrastructures in 13 sectors. GAO, the research arm of Congress formerly known as the General Accounting Office, suggests developing a plan for information sharing that more clearly describes the responsibilities of DHS and of private-sector information-sharing centers, which were created to pool data on the threats and vulnerabilities most relevant to each critical industry. The report also calls for establishing policies and procedures for agency interaction and the coordination of information sharing.

"Sharing information between the federal government and the private sector on incidents, threats, and vulnerabilities continues to be a challenge," the report says.

The report notes that the private sector's approach of collecting data through information-sharing and analysis centers, or ISACs, isn't working because companies fear the data will become public. "Much of the reluctance by ISACs to share information has focused on concerns over potential government release of that information under the Freedom of Information Act, antitrust issues resulting from information sharing within an industry, and liability for the entity that discloses the information," the report says.

To address such problems, DHS is developing a road map tracing information-sharing relationships among the agencies involved, a set of goals for improving those relationships, and metrics for measuring improvements. No timetable has been announced, but the plan is expected later this summer.

The report comes at the request of Congress, which sought these recommendations following an April 21 GAO report, and GAO testimony about on the status of private-sector ISACs and their efforts to help protect the nation's critical infrastructures.

Such problems aren't new. John Pescatore, VP and research fellow at Gartner Research, notes that shortly after DHS was formed in November 2002, he recommended that the agency take steps to improve information sharing, such as having secure E-mail for intraagency communication. Almost two years later, he says, it still doesn't have that. Pescatore says that while the report gives DHS some good marks, it has mostly dealt with the easiest problems. "They've attacked some low-hanging fruit," he says. "We really have not seen them develop from separate organizations into a coordinated agency."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.