Slack US government leaves firms open to cyberattack


The increasing vulnerability of companies to cyberattacks can be largely blamed on sluggish or nonexistent action on part of the U.S. government, say some security pros.

Washington has failed largely by not creating the proper system for sharing critical information, security experts said on Tuesday at First Data's Cyber Security Summit in New York.

Zmeel Photography | E+ | Getty Images

(Read more: Cyberattacks get bigger, smarter, more damaging)

"I'm monumentally frustrated with our government," said Art Coviello, executive chairman of RSA, the security division of EMC.

"There absolutely needs to be government leadership to share information timely to take some of the liability concerns and antitrust concerns away from us that would like to share information," Coviello said. "We are not getting leadership from our government."

(Read more: ATMs face hacking threat as Microsoft halts updates)

As cyberthreats against businesses grow there is an urgent need for companies to be able to share intelligence about quickly evolving threats with the government and with other companies to manage risk.

"We need better cooperation around information sharing ... that data is really the mothers milk of being able to protect ourselves," Coviello said.

Mary Margaret Graham, a former deputy director of National Intelligence, likened the lack of sharing critical cyberthreat data to how government agencies acted before 9/11.

(

"My biggest concern when we talk about these kind of problems today and all of the solutions that are already in the works is that I'd hate to see us—having gone through 9/11—go through 9/11 again to get this kind of change that we are talking about on the political side," Graham said.

FireEye CEO targets cybersecurity

"That sharing was pushed by the political side, and that sharing just isn't pushed right now, so that's the challenge."

The government has also failed to implement cybersecurity requirements for companies that are the backbone of critical infrastructure, Coviello said.

Last month, the Obama administration established a voluntary Cybersecurity Framework for critical infrastructure providers, which was a step in the right direction, but Congress is still "monumentally inactive," Coviello said.

Example: The Senate's failure to pass the Cyber Intelligence Sharing and Protection Act, which was introduced almost three years ago but has stalled because of privacy concerns.

"I'm all for privacy, but we've got to have some balance here. The administration has to lead and Congress has to act," Coviello said. "And we, all of us, have to push Congress to get these things passed."

But businesses shouldn't hold their breath for the government to do anything anytime soon, said John Watters, chairman and CEO of iSight Partners, a cyberthreat intelligence firm.

"Through a customer lens, they (the government) are not going to be leading the charge of the change. It will have to come from the commercial sector at a commercial pace," Watters said.

"Commercial companies are going to have to lead the way."

By CNBC's Cadie Thompson. Follow her on Twitter @CadieThompson.