Dive Brief:
- House Energy and Commerce Committee staff are being praised for sharing concern about a possible cyber vulnerability with the Food and Drug Administration, according to an FCW report.
- The committee had requested a cybersecurity audit of the FDA's IT systems from the GAO. The agency, in turn, recently brought a "potentially serious vulnerability" to the FDA's attention, according to a Sept. 29 statement from the Commerce Committee.
- Rather than waiting for the completion of the full audit, the committee informed the FDA of the security flaw. The FDA was then able to confirm and address the issue immediately.
Dive Insight:
The incident demonstrates that federal agencies are finally starting to share cyberthreat info as they’ve been asked to do for the last several years. President Barack Obama has urged federal agencies to share cyberthreat data more freely, but it’s been an uphill battle so far. Given that the government is asking businesses to share cyberthreat info with them, it seems right that the federal government agencies share it amongst themselves as well.
The Cybersecurity Information Sharing Act of 2015 (CISA) set up incentives for businesses to share threat information with each other and government agencies in hopes that it will eventually result in tools to better protect networks. Under CISA, any company or non-federal entity that shares this information with the government may obtain immunity from any public or private cause of action related to the sharing of cyberthreat indicators or defensive measures.
In April, security risk benchmarking startup SecurityScorecard said U.S. federal, state and local government agencies rank lowest in cybersecurity when compared to the private sector. And with big federal data breaches at the Office of Personnel Management and the IRS, which have resulted in huge data losses, federal agencies need to do whatever they can to ensure they are protecting the public’s data.
