GAO Cites Critical Factors for Info Sharing

Trust, secure communications and consistent leadership are a few attributes agencies need to successfully share critical security information with the private sector, according to a General Accounting Office study released Oct. 15.

At the request of Sen. Robert Bennett, R-Utah, ranking minority member of the Joint Economic Committee, the GAO studied the practices of 11 organizations that successfully share sensitive or time-critical information.

The report, entitled "Information Sharing: Practices That Can Benefit Critical Infrastructure Protection," identified five factors that facilitate successful information sharing: fostering trust and respect, establishing secure communication channels, establishing top management support, ensuring leadership continuity, and generating clearly identifiable membership benefits

"Trust was critical to overcome members' reluctance to disclose their weaknesses, vulnerabilities and other confidential or proprietary business information," the report said. It noted that companies were often reluctant to share information with agencies for fear it would leak out and damage company reputations and provide an advantage to competitors.

The report also identified several hurdles agencies must overcome to implement information-sharing practices, including developing agreements on the use and protection of shared information, obtaining funding and finding skilled personnel.

In May 1998, President Clinton issued a directive that outlined a strategy for combating the threat of cyberattacks. It included establishing mechanisms for sharing information between agencies and private industry on system vulnerabilities, threats, intrusions and anomalies.

By sharing information, organizations can more quickly identify trends, understand the risks and determine what preventative measures are needed, according to the report.

"Computer-based incidents, such as the ILOVEYOU virus in May 2000 and the recent Code Red, SirCam and Nimda attacks, have caused significant disruptions and damage. In addition, the terrorist attacks of Sept. 11 illustrate the importance of having timely information from others on threats and possible precursors to an attack," the report said.

However, the GAO noted previous reports where it had found the government has been slow to adopt this strategy of information sharing, establishing only six information sharing and analysis centers as of March.

Last month, Bennett and Sen. Jon Kyl, R-Ariz., introduced the Critical Infrastructure Information Security Act of 2001, which would encourage corporations to share information with the public sector through limited exemption from the Freedom of Information Act and antitrust laws.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB