Public-private information sharing over cybersecurity leaves much to be desired, say both public- and private- sector executives.

The Government Accountability Office surveyed 56 private sector representatives who participate in federal public-private cybersecurity information sharing efforts and found near unanimity over an expectation that the government should share "timely and actionable cyber threat information." But, less than a third--27 percent--of the surveyed respondents said they were receiving such information to a great or moderate extent.

Homeland Security Department officials told the GAO that restrictions placed on the United States Computer Emergency Readiness Team don't allow US CERT to allow individualized treatment of one private sector entity over another, "making it difficult to formally share specific information with entities that are being directly impacted by a cyber threat," the report states.

Similarly, 87 percent of surveyed private-sector representatives greatly or moderately expected access to classified or sensitive information, but only 16 percent they received it. And 78 percent said they expect a secure information-sharing mechanism to exist, while only 21 percent says it does.

Some federal officials said they're hesitant to share sensitive information with the private sector due to fears that information would be transmitted openly and globally.

In the DHS official response to the GAO report, Jerald Levine, director of the GAO/OIG liaison office said sharing classified information poses a risk to national security. "As such, classified information is generally non-actionable, and instead provides contextual threat information--focusing on the who," he wrote.

Federal officials interviewed by the GAO, for their part, also identified areas of concern with their counterparts. Although the private sector generally does meet federal expectations, they said, some of the cyber threat information from the private sector has lacked specificity and depth.

The report was requested by majority members of the House Homeland Security Committee. Chairman Bennie Thompson (D-Miss.) released a statement August 16 urging greater public-private cooperation. "Information sharing is a crucial tool in combating the cyber threat and must be enhanced," he said.

For more:
- download the report, GAO-10-628 (.pdf)
- read reactions to the report by majority members of the House Homeland Security Committee

Related Articles:
OPM, NICE work to define cybersecurity workforce problems
DHS IG wants US CERT enforcement power, doesn't say how
AFCEA panel: Government, private sector dissatisfied with collaboration efforts