A recent report from the Government Accountability Office finds there's no shortage of guidance available to help protect the nation's critical infrastructure from cyber attacks. But getting the most relevant advice to the private-sector operators of such critical infrastructure is another matter.

The GAO study says many businesses are subject to federal regulations and are required by law to adhere to cybersecurity standards. But it found that so-called "non-covered" entities still face a barrage of cyber guidance.

Gregory Wilshusen, director of information security issues at GAO, joined In Depth with Francis Rose to discuss the various methods federal cybersecurity guidance can take: from regulation enforcement to businesses voluntarily responding to business incentives.

The watchdog agency recommended that the Homeland Security Department to collaborate with private-sector partners to determine the appropriate role and level of cybersecurity guidance.

The report studied seven different sectors:

• Banking and finance
• Communications
• Energy
• Healthcare and public health
• IT
• Nuclear reactors and waste
• Water

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.