Presidential Decision Directive 63 and 2002's Homeland Security Act, which created the U.S. Department of Homeland Security (DHS). Both put in the groundwork for coordinating councils that facilitate information sharing between sectors. But sometimes there's still confusion with so many government departments at different levels, even though both the DHS and U.S. Department of Defense have started pilot programs to facilitate sharing. This complexity continues to confuse the private sector, which wants an authoritative go-to entity for IT security within the government, Powner said.
The DHS created the National Cybersecurity and Communications Integration Center in October 2009, comprising the National Coordinating Center for Telecommunications and U.S. Computer Emergency Readiness Team. Its purpose is to be a central location for disparate government and corporate entities to coordinate sharing efforts to respond to cyber-attacks. It's a fairly recent creation, and more work could be done.
"To get to a single organization is tough because this is complicated, and there are some agencies that have unique knowledge, but there is a desire to build some credibility and authority where you have a single source," Powner said. "The private sector would say, 'That's the go-to organization that I can go to and get answers when there's an incident.'"