"Without improvements in meeting private- and public-sector expectations, the partnerships will remain less than optimal, and there is a risk that owners of critical infrastructure will not have the appropriate information and mechanisms to thwart sophisticated cyber attacks that could have catastrophic effects on our nation’s cyber-reliant critical infrastructure," writes Dave Powner, director of information technology management issues at GAO.
The GAO recommends that the Department of Homeland Security (DHS) use the results of the report to improve its information-sharing efforts, including providing companies with access to sensitive or classified information on threats. It also urges the government to provide firms with a secure mechanism to share information on the threats they face. DHS generally concurred with the recommendations and is taking steps to implement them.
"This GAO report reveals that although coordination exists, there is more that can be done to ensure both partners are effectively talking with — not past — each other," said Rep. Yvette Clarke (D-N.Y.). "Public and private stakeholders must do away with unnecessary processes to adequately leverage and integrate their capabilities to protect our nation's critical infrastructure from potential cyber attacks. "