DHS is Too Slow to Share Cyber Threat Info, Companies Say

The Homeland Security Department should speed up how quickly it shares information about cyber and physical threats facing critical infrastructure sectors, according to half the respondents in a Government Accountability Office review.

During the lag time between when Homeland Security learns of threat information and when it passes that information along to industry, that information grows less valuable, those industry representatives said, and sometimes, by the time it arrives, it’s already old news.

Those criticisms came from three out of six industry representatives GAO interviewed, all of whom sit on coordinating councils that establish information sharing processes between their industries and the government.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The other three representatives “reported that DHS generally provides threat information in a timely manner,” GAO said.

One of the industry representatives who said Homeland Security is too slow at information sharing also noted that information from the department is “very credible and a major resource often used by security managers proposing security upgrades to their respective chief executive officers.”

Three of the six representatives also noted that cyber threat information shared by the government has become increasingly important.

The representatives were from the manufacturing, nuclear and transportation sectors.

Representatives from two of those three sectors said Homeland Security’s cyber and physical vulnerability assessments for specific companies are useful. They were less bullish, however, on sector-wide assessments the department conducts because vulnerabilities vary widely from one company to another.

The 55-page report does not include any recommendations.