While there is guidance available for both the public and private sector for cybersecurity, the Government Accountability Office has decided that more could be done to promote the appropriate use of the current guidelines in place.
The GAO issued a report outlining a study of private sector cybersecurity guidelines in seven areas including banking and finance, communications, energy, healthcare and public health, IT, nuclear reactors, and waste and water management.
GAO says that in a regulated environment, such as government agencies, mandatory requirements and standards are in place for entities to adhere to. However, outside the regulated landscape, entities “voluntarily adopt standards and guidance.”
In reviewing differences between agency-specific guidance and private sector-specific guidance, the GAO decided that the Department of Homeland Security, in collaboration with the public and private sector, should determine practices which best fit each industry.