57 Matching Results

Search Results

Advanced search parameters have been applied.

Critical Infrastructure Protection: Summary of DHS Actions to Better Manage Its Chemical Security Program

Description: Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the former Director of the Department of Homeland Security's (DHS) Infrastructure Security Compliance Division (ISCD), a division of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the former Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership--factors that the Director believed place the CFATS program at risk. These challenges centered on three main areas: (1) human capital issues, including problems hiring, training, and managing ISCD staff; (2) mission issues, including problems reviewing facility plans to mitigate security vulnerabilities; and (3) administrative issues, including concerns about NPPD and IP not supporting ISCD's management and administrative functions."
Date: September 20, 2012
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Is Taking Action to Better Manage Its Chemical Security Program, but It Is Too Early to Assess Results

Description: Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the former Director of the Department of Homeland Security’s (DHS) Infrastructure Security Compliance Division (ISCD), a division of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the former Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership—factors that the Director believed place the CFATS program at risk. These challenges centered on three main areas: (1) human capital issues, including problems hiring, training, and managing ISCD staff; (2) mission issues, including problems reviewing facility plans to mitigate security vulnerabilities; and (3) administrative issues, including concerns about NPPD and IP not supporting ISCD’s management and administrative functions."
Date: September 11, 2012
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Observations on Key Factors in DHS's Implementation of Its Partnership Approach

Description: Testimony issued by the Government Accountability Office with an abstract that begins "GAO's prior work has identified several key factors that are important for the Department of Homeland Security (DHS) to implement its partnership approach with industry to protect critical infrastructure. DHS has made some progress in implementing its partnership approach, but has also experienced challenges coordinating with industry partners that own most of the critical infrastructure."
Date: March 26, 2014
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Preliminary Observations on DHS Efforts to Assess Chemical Security Risk and Gather Feedback on Facility Outreach

Description: Testimony issued by the Government Accountability Office with an abstract that begins "Since 2007, the Department of Homeland Security’s (DHS) Infrastructure Security Compliance Division (ISCD) has assigned about 3,500 high-risk chemical facilities to risk-based tiers under its Chemical Facilities Anti-Terrorism Standards (CFATS) program, but it has not fully assessed its approach for doing so. The approach ISCD used to assess risk and make decisions to place facilities in final tiers does not consider all of the elements of consequence, threat, and vulnerability associated with a terrorist attack involving certain chemicals. For example, the risk assessment approach is based primarily on consequences arising from human casualties, but does not consider economic consequences, as called for by the National Infrastructure Protection Plan (NIPP) and the CFATS regulation, nor does it include vulnerability, consistent with the NIPP. ISCD has begun to take some actions to examine how its risk assessment approach can be enhanced. Specifically, ISCD has, among other things, engaged Sandia National Laboratories to examine how economic consequences can be incorporated into ISCD's risk assessment approach and commissioned a panel of experts to assess the current approach, identify strengths and weaknesses, and recommend improvements. Given the critical nature of ISCD's risk assessment approach in laying the foundation for further regulatory steps in improving facility security, it is important that its approach for assigning facilities to tiers is complete within the NIPP risk management framework and the CFATS regulation."
Date: March 14, 2013
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Needs to Improve Its Risk Assessments and Outreach for Chemical Facilities

Description: Testimony issued by the Government Accountability Office with an abstract that begins "In April 2013, GAO reported that, since 2007, the Department of Homeland Security's (DHS) Infrastructure Security Compliance Division (ISCD) assigned about 3,500 high-risk chemical facilities to risk-based tiers under its Chemical Facility Anti-Terrorism Standards (CFATS) program, but it has not fully assessed its approach for doing so. The approach ISCD used to assess risk and make decisions to place facilities in final tiers does not consider all of the elements of consequence, threat, and vulnerability associated with a terrorist attack involving certain chemicals. For example, the risk assessment approach is based primarily on consequences arising from human casualties, but does not consider economic consequences, as called for by the National Infrastructure Protection Plan (NIPP) and the CFATS regulation, nor does it consider vulnerability, consistent with the NIPP. ISCD had taken some actions to examine how its risk assessment approach could be enhanced, including commissioning a panel of experts to assess the current approach and recommend improvements. In April 2013, GAO reported that ISCD needed to incorporate the results of these efforts to help ensure that the revised assessment approach includes all elements of risk. After ISCD has incorporated all elements of risk into its approach, an independent peer review would provide better assurance that ISCD can appropriately identify and tier chemical facilities, better inform CFATS planning and resource decisions, and provide the greatest return on investment consistent with the NIPP."
Date: August 1, 2013
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Observations on DHS Efforts to Identify, Prioritize, Assess, and Inspect Chemical Facilities

Description: Testimony issued by the Government Accountability Office with an abstract that begins "In managing its Chemical Facility Anti-Terrorism Standards (CFATS) program, the Department of Homeland Security (DHS) has a number of efforts underway to identify facilities that are covered by the program, assess risk and prioritize facilities, review and approve facility security plans, and inspect facilities to ensure compliance with security regulations."
Date: February 27, 2014
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Is Taking Action to Better Manage Its Chemical Security Program, but It Is Too Early to Assess Results

Description: Testimony issued by the Government Accountability Office with an abstract that begins "The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the Director of the Department of Homeland Security’s (DHS) Infrastructure Compliance Security Division (ISCD), a component of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership—factors that the Director believed place the CFATS program at risk. These challenges centered on human capital issues, including problems hiring, training, and managing ISCD staff; mission issues, including overcoming problems reviewing facility plans to mitigate security vulnerabilities and performing compliance inspections; and administrative issues, including concerns about NPPD and IP not supporting ISCD’s management and administrative functions."
Date: July 26, 2012
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Leadership Needed to Enhance Cybersecurity

Description: Testimony issued by the Government Accountability Office with an abstract that begins "Increasing computer interconnectivity has revolutionized the way that our nation and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy establish DHS as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to summarize recent reports on (1) DHS's responsibilities for cybersecurity-related critical infrastructure protection and for recovering the Internet in case of a major disruption (2) challenges facing DHS in addressing its cybersecurity responsibilities, including leadership challenges, and (3) recommendations to improve the cybersecurity of national critical infrastructures, including the Internet."
Date: September 13, 2006
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Challenges in Addressing Cybersecurity

Description: Testimony issued by the Government Accountability Office with an abstract that begins "Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy established the Department of Homeland Security (DHS) as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to summarize previous work, focusing on (1) DHS's responsibilities for cybersecurity-related critical infrastructure protection (CIP), (2) the status of the department's efforts to fulfill these responsibilities, (3) the challenges it faces in fulfilling its cybersecurity responsibilities, and (4) recommendations GAO has made to improve cybersecurity of our nation's critical infrastructure."
Date: July 19, 2005
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities

Description: Testimony issued by the Government Accountability Office with an abstract that begins "Recent cyber attacks demonstrate the potentially devastating impact these pose to our nation's computer systems and to the federal operations and critical infrastructures that they support. They also highlight that we need to be vigilant against individuals and groups with malicious intent, such as criminals, terrorists, and nation-states perpetuating these attacks. Federal law and policy established the Department of Homeland Security (DHS) as the focal point for coordinating cybersecurity, including making it responsible for protecting systems that support critical infrastructures, a practice commonly referred to as cyber critical infrastructure protection. Since 2005, GAO has reported on the responsibilities and progress DHS has made in its cybersecurity efforts. GAO was asked to summarize its key reports and their associated recommendations aimed at securing our nation's cyber critical infrastructure. To do so, GAO relied on previous reports, as well as two reports being released today, and analyzed information about the status of recommendations."
Date: September 16, 2008
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Establishing Effective Information Sharing with Infrastructure Sectors

Description: Testimony issued by the General Accounting Office with an abstract that begins "Critical infrastructure protection (CIP) activities that are called for in federal policy and law are intended to enhance the security of the cyber and physical public and private infrastructures that are essential to our nation's security, economic security, and public health and safety. As our reliance on these infrastructures increases, so do the potential threats and attacks that could disrupt critical systems and operations. Effective information-sharing partnerships between industry sectors and government can contribute to CIP efforts. Federal policy has encouraged the voluntary creation of Information Sharing and Analysis Centers (ISACs) to facilitate the private sector's participation in CIP by serving as mechanisms for gathering and analyzing information and sharing it among the infrastructure sectors and between the private sector and government. This testimony discusses the management and operational structures used by ISACs, federal efforts to interact with and support the ISACs, and challenges to and successful practices for ISACs' establishment, operation, and partnerships with the federal government."
Date: April 21, 2004
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Significant Homeland Security Challenges Need to Be Addressed

Description: Testimony issued by the General Accounting Office with an abstract that begins "On June 18, the President transmitted draft legislation to Congress for the creation of a Department of Homeland Security to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and recovery from attacks that do occur. As proposed, functions of the Homeland Security Department's Information Analysis and Infrastructure Protection Division would include (1) receiving and analyzing law enforcement information, intelligence, and other information to detect and identify potential threats; (2) assessing the vulnerabilities of the key resources and critical infrastructures; (3) developing a comprehensive national plan for securing these resources and infrastructures; and (4) taking necessary measures to protect these resources and infrastructures, in coordination with other executive agencies, state and local governments, and the private sector. To create this division, six federal organizations that currently play a pivotal role in the protection of national critical infrastructures would be transferred to the new department. Potential benefits for this division include more efficient, effective, and coordinated programs; better control of funding through a single appropriation for the new department and through establishing budget priorities for transferred functions based on their homeland security mission; and the consolidation of points of contact for federal agencies, state and local government, and the private sector in coordinating activities to protect the homeland. Finally, the new department will also face challenges, such as developing a national critical infrastructure protection strategy, improving analytical and warning capabilities, improving information sharing on threats and vulnerabilities, and addressing pervasive weaknesses in federal information security."
Date: July 9, 2002
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

CIMS: A FRAMEWORK FOR INFRASTRUCTURE INTERDEPENDENCY MODELING AND ANALYSIS

Description: Today’s society relies greatly upon an array of complex national and international infrastructure networks such as transportation, utilities, telecommunication, and even financial networks. While modeling and simulation tools have provided insight into the behavior of individual infrastructure networks, a far less understood area is that of the interrelationships among multiple infrastructure networks including the potential cascading effects that may result due to these interdependencies. This paper first describes infrastructure interdependencies as well as presenting a formalization of interdependency types. Next the paper describes a modeling and simulation framework called CIMS© and the work that is being conducted at the Idaho National Laboratory (INL) to model and simulate infrastructure interdependencies and the complex behaviors that can result.
Date: December 1, 2006
Creator: Dudenhoeffer, Donald D.; Permann, May R. & Manic, Milos
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Could Better Manage Security Surveys and Vulnerability Assessments

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Homeland Security (DHS) has conducted about 2,800 security surveys and vulnerability assessments on critical infrastructure and key resources (CIKR). DHS directs its protective security advisors to contact owners and operators of high-priority CIKR to offer to conduct surveys and assessments. However, DHS is not positioned to track the extent to which these are performed at high-priority CIKR because of inconsistencies between the databases used to identify these assets and those used to identify surveys and assessments conducted. GAO compared the two databases and found that of the 2,195 security surveys and 655 vulnerability assessments conducted for fiscal years 2009 through 2011, 135 surveys and 44 assessments matched and another 106 surveys and 23 assessments were potential matches for high-priority facilities. GAO could not match additional high-priority facilities because of inconsistencies in the way data were recorded in the two databases, for example, assets with the same company name had different addresses or an asset at one address had different names. DHS officials acknowledged that the data did not match and have begun to take actions to improve the collection and organization of the data. However, DHS does not have milestones and timelines for completing these efforts consistent with standards for project management. By developing a plan with time frames and milestones consistent with these standards DHS would be better positioned to provide a more complete picture of its progress."
Date: May 31, 2012
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use

Description: A letter report issued by the Government Accountability Office with an abstract that begins "A wide variety of cybersecurity guidance is available from national and international organizations for entities within the seven critical infrastructure sectors GAO reviewed--banking and finance; communications; energy; health care and public health; information technology; nuclear reactors, material, and waste; and water. Much of this guidance is tailored to business needs of entities or provides methods to address unique risks or operations. In addition, entities operating in regulated environments are subject to mandatory standards to meet their regulatory requirements; entities operating outside of a regulatory environment may voluntarily adopt standards and guidance. While private sector coordinating council representatives confirmed lists of cybersecurity guidance that they stated were used within their respective sectors, the representatives emphasized that the lists were not comprehensive and that additional standards and guidance are likely used."
Date: December 9, 2011
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Has Taken Action Designed to Identify and Address Overlaps and Gaps in Critical Infrastructure Security Activities

Description: Correspondence issued by the Government Accountability Office with an abstract that begins "This letter formally discusses a congressional request to review the Department of Homeland Security's framework for securing critical infrastructure and key resources (CIKR), and subsequent agency comments. As such, this correspondence provides information on: (1) how DHS coordinates with CIKR stakeholders to identify overlaps and gaps in CIKR security activities across all sectors, (2) how DHS addresses these potential overlaps in CIKR security activities, and (3) how DHS addresses CIKR security gaps. To conduct this work, among other things, we selected a non-random sample of nine sectors with a mix of regulations related to security to obtain stakeholders views on working with DHS to identify and address overlaps and gaps in CIKR activities; reviewed applicable laws and regulations, DHS documents such as the National Infrastructure Protection Plan, and pertinent GAO reports; and interviewed DHS officials in the Office of Infrastructure Protection (IP) in the National Protection and Programs Directorate and officials representing the sectors we selected. While the results of these efforts are not generalizable to all CIKR sectors, stakeholders, and activities, they provided valuable insights into CIKR partner perspectives across a range of CIKR."
Date: May 19, 2011
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems

Description: A letter report issued by the General Accounting Office with an abstract that begins "Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. The House Committee on Government Reform and its Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census asked GAO to report on potential cyber vulnerabilities, focusing on (1) significant cybersecurity risks associated with control systems (2) potential and reported cyber attacks against these systems (3) key challenges to securing control systems and (4) efforts to strengthen the cybersecurity of control systems."
Date: March 15, 2004
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: National Plan for Information Systems Protection

Description: Correspondence issued by the General Accounting Office with an abstract that begins "Pursuant to a congressional request, GAO assessed national security legal authorities related to infrastructure protection, focusing on the administration's National Plan for Information Systems Protection."
Date: February 11, 2000
Creator: United States. General Accounting Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy established DHS as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to determine (1) DHS's roles and responsibilities for cyber critical infrastructure protection, (2) the status and adequacy of DHS's efforts to fulfill these responsibilities, and (3) the challenges DHS faces in fulfilling its cybersecurity responsibilities."
Date: May 26, 2005
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Sector-Specific Plans' Coverage of Key Cyber Security Elements Varies

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The nation's critical infrastructure sectors--such as public health, energy, water, and transportation--rely on computerized information and systems to provide services to the public. To fulfill the requirement for a comprehensive plan, including cyber aspects, the Department of Homeland Security (DHS) issued a national plan in June 2006 for the sectors to use as a road map to enhance the protection of critical infrastructure. Lead federal agencies, referred to as sector-specific agencies, are responsible for coordinating critical infrastructure protection efforts, such as the development of plans that are specific to each sector. In this context, GAO was asked to determine if these sector-specific plans address key aspects of cyber security, including cyber assets, key vulnerabilities, vulnerability reduction efforts, and recovery plans. To accomplish this, GAO analyzed each sector-specific plan against criteria that were developed on the basis of DHS guidance."
Date: October 31, 2007
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Pervasive and sustained computer-based attacks pose a potentially devastating impact to systems and operations and the critical infrastructures they support. Addressing these threats depends on effective partnerships between the government and private sector owners and operators of critical infrastructure. Federal policy, including the Department of Homeland Security's (DHS) National Infrastructure Protection Plan, calls for a partnership model that includes public and private councils to coordinate policy and information sharing and analysis centers to gather and disseminate information on threats to physical and cyber-related infrastructure. GAO was asked to determine (1) private sector stakeholders' expectations for cyber-related, public-private partnerships and to what extent these expectations are being met and (2) public sector stakeholders' expectations for cyber-related, public-private partnerships and to what extent these expectations are being met. To do this, GAO conducted surveys and interviews of public and private sector officials and analyzed relevant policies and other documents."
Date: July 15, 2010
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Efforts to Assess Chemical Security Risk and Gather Feedback on Facility Outreach Can Be Strengthened

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Since 2007, the Department of Homeland Security's (DHS) Infrastructure Security Compliance Division (ISCD) has assigned about 3,500 high-risk chemical facilities to risk-based tiers under its Chemical Facility Anti-Terrorism Standards (CFATS) program, but it has not fully assessed its approach for doing so. The approach ISCD used to assess risk and make decisions to place facilities in final tiers does not consider all of the elements of consequence, threat, and vulnerability associated with a terrorist attack involving certain chemicals. For example, the risk assessment approach is based primarily on consequences arising from human casualties, but does not consider economic consequences, as called for by the National Infrastructure Protection Plan (NIPP) and the CFATS regulation, nor does it consider vulnerability, consistent with the NIPP. ISCD has begun to take some actions to examine how its risk assessment approach can be enhanced, including commissioning a panel of experts to assess the current approach, identify strengths and weaknesses, and recommend improvements. ISCD will need to incorporate the various results of these efforts to help them ensure that the revised risk assessment approach includes all elements of risk. After ISCD has incorporated all elements of risk into its assessment approach, an independent peer review would provide better assurance that ISCD can appropriately identify and tier chemical facilities, better inform CFATS planning and resource decisions, and provide the greatest return on investment consistent with the NIPP."
Date: April 5, 2013
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise

Description: A letter report issued by the Government Accountability Office with an abstract that begins "Federal policies establish the Department of Homeland Security (DHS) as the focal point for the security of cyberspace. As part of its responsibilities, DHS is required to coordinate cyber attack exercises to strengthen public and private incident response capabilities. One major exercise program, called Cyber Storm, is a large-scale simulation of multiple concurrent cyber attacks involving the federal government, states, foreign governments, and private industry. To date, DHS has conducted Cyber Storm exercises in 2006 and 2008. GAO agreed to (1) identify the lessons that DHS learned from the first Cyber Storm exercise, (2) assess DHS's efforts to address the lessons learned from this exercise, and (3) identify key participants' views of their experiences during the second Cyber Storm exercise. To do so, GAO evaluated documentation of corrective activities and interviewed federal, state, and private sector officials."
Date: September 9, 2008
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department

Critical Infrastructure Protection: Current Cyber Sector-Specific Planning Approach Needs Reassessment

Description: A letter report issued by the Government Accountability Office with an abstract that begins "The nation's critical infrastructure sectors (e.g., energy, banking) rely extensively on information technology systems. The Department of Homeland Security (DHS) issued guidance in 2006 that instructed lead federal agencies, referred to as sector-specific agencies, to develop plans for protecting the sector's critical cyber and other (physical) infrastructure. These agencies issued plans in 2007, but GAO found that none fully addressed all 30 cyber security-related criteria identified in DHS's guidance and recommended that the plans be updated to address it by September 2008. GAO was asked to determine the extent to which sector plans have been updated to fully address DHS's cyber security requirements and assess whether these plans and related reports provide for effective implementation. To do this, GAO analyzed documentation, interviewed officials, and compared sector plans and reports with DHS cyber criteria."
Date: September 24, 2009
Creator: United States. Government Accountability Office.
Partner: UNT Libraries Government Documents Department