Department Of Homeland Security Often Slow To Disseminate Cyber Threat Warnings, According To Government Accountability Office Report

Nicole Pereira
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On October 30, 2017, the United States Government Accountability Office (“GAO”) issued a report on the Department of Homeland Security’s (“DHS”) risk assessment practices for critical infrastructure. GAO reviewed DHS’s practices in three of sixteen critical infrastructure sectors and assessed private sector representatives’ views on the utility of DHS’s risk information. Notably, half of the private sector respondents reported that the lag time between DHS learning of threat information and passing it on to the industry caused the information to become stale and less effective in protecting against cyber and physical threats.

DHS’s Office of Intelligence and Analysis assesses natural or manmade threats, including terrorist attacks and cyberattacks, and disseminates this information to critical infrastructure owners and operators. For example, the Transportation Security Administration, a DHS agency,  provides threat intelligence to mass transit security directors and others through joint classified briefings. DHS officials also provide tools and resources to assess asset and facility vulnerabilities and consequences of occurrences, such as cyberattacks, that result in losses.

Three of the six industry representatives that GAO interviewed, all of whom sit on coordinating councils that establish information sharing processes between their industries and the government, criticized the speed at which DHS shares threat information as too slow. All six private sector representatives told GAO that threat information is the most useful type of risk information because it allows owners and operators to react immediately to improve their security posture. The representatives interviewed were from the manufacturing, nuclear, and transportation sectors.

Representatives from two of the three sectors said DHS’s cyber and physical vulnerability assessments for specific companies are useful. They were less confident, however, in endorsing sector-wide assessments DHS conducts because vulnerabilities vary so widely from one company to the next. The GAO report does not include any recommendations.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide