Critical Infrastructure Protection: Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems
Highlights
Critical infrastructure protection (CIP) involves activities that enhance the security of the nation's cyber and physical public and private infrastructures that are essential to national security, economic activity, and public health and safety. At least 50 federal organizations within 13 major departments and agencies mentioned in Presidential Decision Directive 63 are involved in CIP activities that include setting policy, analyzing vulnerabilities and intelligence information, disseminating alerts and warnings on potential and actual infrastructure attacks, developing remediation plans, responding to incidents, and performing research and development. Although most organizations could identify their relationships with other key CIP entities, relationships among all organizations performing similar activities were not consistently established. Most of the organizations in GAO's review do not receive appropriations specifically designated for cyber CIP and, therefore, do not track these funds. A complicating factor in tracking funds spent on cyber CIP activities is that organizational totals often include funds spent on physical, cyber, and agency-specific CIP spending.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Office of the Assistant to the President for National Security Affairs | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.
|
Office of Homeland Security | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.
|
Office of the Assistant to the President for Cyberspace Security | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.
|
Office of the Assistant to the President for National Security Affairs | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.
|
Office of Homeland Security | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.
|
Office of the Assistant to the President for Cyberspace Security | When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations. |
Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.
|