A recent report from the Government Accountability Office finds there’s no shortage of guidance available to help protect the nation’s critical infrastructure from cyber attacks. But getting the most relevant advice to the private-sector operators of such critical infrastructure is another matter.
The GAO study says many businesses are subject to federal regulations and are required by law to adhere to cybersecurity standards. But it found that so-called “non-covered” entities still face a barrage of cyber guidance.
Gregory Wilshusen, director of information security issues at GAO, joined In Depth with Francis Rose to discuss the various methods federal cybersecurity guidance can take: from regulation enforcement to businesses voluntarily responding to business incentives.
The watchdog agency recommended that the Homeland Security Department to collaborate with private-sector partners to determine the appropriate role and level of cybersecurity guidance.
The report studied seven different sectors:
Banking and finance
Healthcare and public health
Nuclear reactors and waste
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.
Tom Temin is the host of The Federal Drive, which airs from 6-8 a.m. on 1500 AM in the Washington, D.C. region and online everywhere. Tom has 30 years experience in journalism, mostly in technology markets. Before coming to Federal News Radio, he was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines.