Critical Infrastructure Protection:

Challenges to Building a Comprehensive Strategy for Information Sharing and Coordination

T-AIMD-00-268: Published: Jul 26, 2000. Publicly Released: Jul 26, 2000.

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO discussed the challenges of developing effective information sharing and coordination strategies needed to deal with computer security threats.

GAO noted that: (1) developing the information sharing and coordination capabilities needed to effectively deal with computer threats and actual incidents is complex and challenging but essential; (2) data on possible threats--ranging from viruses, to hoaxes, to random threats, to news events, and computer intrusions--must be continually collected and analyzed from a wide spectrum of globally distributed sources; (3) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among government agencies, the private sector, and, when appropriate, other nations; (4) it is important that this function be carried out as effectively, efficiently, and quickly as possible in order to ensure continuity of operations as well as minimize disruptions; (5) at the same time, it is not possible to build an overall, comprehensive picture of activity on the global infrastructure; (6) networks themselves are too big, they are growing too quickly, and they are continually being reconfigured and reengineered; (7) as a result, it is essential that strong partnerships be developed between a wide range of stakeholders in order to ensure that the right data are at the right place at the right time; (8) creating partnerships for information sharing and coordination is a formidable task; (9) trust needs to be established among a broad range of parties with varying interests and expectations, procedures for gathering and sharing information need to be developed, and technical issues need to be addressed; (10) if the federal government itself is going to be a credible player in response coordination, it needs to have its own systems and assets well protected; (11) this means overcoming significant and pervasive security weaknesses at each of the major federal agencies and instituting governmentwide controls and mechanisms needed to provide effective oversight, guidance, and leadership; and (12) perhaps most importantly, this activity needs to be guided by a comprehensive strategy to ensure that it is effective, to avoid unnecessary duplication of effort, and to maintain continuity.

Aug 25, 2014

Aug 7, 2014

Jul 30, 2014

Jul 29, 2014

Jul 22, 2014

Jun 17, 2014

Jun 11, 2014

Jun 10, 2014

May 28, 2014

Looking for more? Browse all our products here