Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems
Highlights
Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. The House Committee on Government Reform and its Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census asked GAO to report on potential cyber vulnerabilities, focusing on (1) significant cybersecurity risks associated with control systems (2) potential and reported cyber attacks against these systems (3) key challenges to securing control systems and (4) efforts to strengthen the cybersecurity of control systems.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Directorate of Information Analysis and Infrastructure Protection | The Secretary of the Department of Homeland Security should develop and implement a strategy for coordinating with the private sector and other government agencies to improve control system security, including an approach for coordinating the various ongoing efforts to secure control systems. This strategy should also be addressed in the comprehensive national infrastructure plan that the department is tasked to complete by December 2004. |
Although the Department of Homeland Security did not include guidance to help other agencies and industry coordinate with each other, it developed and implemented a strategy for coordinating with the private sector and other government agencies to improve control systems security.
|