Critical Infrastructure Protection:

Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems

GAO-02-474: Published: Jul 15, 2002. Publicly Released: Jul 15, 2002.

Additional Materials:

Contact:

David A. Powner
(202) 512-3317
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Critical infrastructure protection (CIP) involves activities that enhance the security of the nation's cyber and physical public and private infrastructures that are essential to national security, economic activity, and public health and safety. At least 50 federal organizations within 13 major departments and agencies mentioned in Presidential Decision Directive 63 are involved in CIP activities that include setting policy, analyzing vulnerabilities and intelligence information, disseminating alerts and warnings on potential and actual infrastructure attacks, developing remediation plans, responding to incidents, and performing research and development. Although most organizations could identify their relationships with other key CIP entities, relationships among all organizations performing similar activities were not consistently established. Most of the organizations in GAO's review do not receive appropriations specifically designated for cyber CIP and, therefore, do not track these funds. A complicating factor in tracking funds spent on cyber CIP activities is that organizational totals often include funds spent on physical, cyber, and agency-specific CIP spending.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for Cyberspace Security

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors.

    Agency Affected: Executive Office of the President: Office of Homeland Security

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for Cyberspace Security

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy includes all relevant sectors and defines the key federal agencies' roles and responsibilities associated with each of these sectors.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7. These policies expanded the number of sectors to 17 and identified roles and responsibilities for federal agencies responsible for each sector identified, referred to as sector specific agencies, as well as other relevant federal agencies. HSPD7 also required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP) issued in June 2006 fulfills the requirement for a plan. The NIPP continues to focus on 17 critical infrastructure sectors. In addition, the NIPP more specifically identifies the roles and responsibilities of the Department of Homeland Security, sector-specific agencies, other federal departments, agencies, and offices, and state, local, and tribal governments.

    Recommendation: When developing the strategy to guide federal CIP efforts, the Assistant to the President for National Security Affairs, the Assistant to the President for Homeland Security, and the Special Advisor to the President for Cyberspace Security should ensure that, among other things, the strategy defines the relationships among the key CIP organizations.

    Agency Affected: Executive Office of the President: Office of the Assistant to the President for National Security Affairs

    Status: Closed - Implemented

    Comments: Subsequent to this report, the President issued homeland security related strategies and directives, including the National Strategy for Homeland Security and the Homeland Security Presidential Directive 7, which required the development of a National Plan for Critical Infrastructure and Key Resources Protection. The National Infrastructure Protection Plan (NIPP), issued in June 2006, fulfills the requirement for a plan. The NIPP establishes coordination mechanisms, including a Private Sector Cross-Sector Council and a Government Cross Sector Council. It also establishes sector and government coordinating councils for each sector. Under this framework each sector develops its respective councils based on the existing relationships and the needs of the sector.

    Jul 31, 2014

    Jul 29, 2014

    Jul 24, 2014

    Jul 16, 2014

    Jun 27, 2014

    Jun 24, 2014

    Jun 23, 2014

    Jun 18, 2014

    Looking for more? Browse all our products here