Critical Infrastructure Protection:

Comments on the Proposed Cyber Security Information Act of 2000

T-AIMD-00-229: Published: Jun 22, 2000. Publicly Released: Jun 22, 2000.

Additional Materials:

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO discussed the proposed Cyber Security Information Act of 2000 (H.R. 4246), focusing on how it can enhance critical infrastructure protection and the formidable challenges involved with achieving the goals of the bill.

GAO noted that: (1) by removing key barriers that are precluding private industry from sharing information about infrastructure threats and vulnerabilities, H.R. 4246 can help build the meaningful private-public partnerships that are integral to protecting critical infrastructure assets; (2) however, to successfully engage the private sector, the federal government itself must be a model of good information security; (3) currently, it is not; (4) significant computer security weaknesses--ranging from poor controls over access to sensitive systems and data, to poor control over software development and changes, to nonexistent or weak continuity of service plans--pervade virtually every major agency; (5) and, as illustrated by the recent ILOVEYOU computer virus, mechanisms already in place to facilitate information sharing among federal agencies about impeding threats and vulnerabilities have not been working effectively; and (6) moreover, the federal government may not yet have the right tools for identifying, analyzing, coordinating, and disseminating the type of information that H.R. 4246 envisions collecting from the private sector.

Nov 18, 2014

Nov 17, 2014

Sep 18, 2014

Sep 16, 2014

Sep 8, 2014

Jul 17, 2014

Jun 25, 2014

May 30, 2014

Apr 17, 2014

Apr 2, 2014

Looking for more? Browse all our products here