Critical Infrastructure Protection:

Challenges to Building a Comprehensive Strategy for Information Sharing and Coordination

T-AIMD-00-268: Published: Jul 26, 2000. Publicly Released: Jul 26, 2000.

Additional Materials:


Jack L. Brock, Jr
(202) 512-4841


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO discussed the challenges of developing effective information sharing and coordination strategies needed to deal with computer security threats.

GAO noted that: (1) developing the information sharing and coordination capabilities needed to effectively deal with computer threats and actual incidents is complex and challenging but essential; (2) data on possible threats--ranging from viruses, to hoaxes, to random threats, to news events, and computer intrusions--must be continually collected and analyzed from a wide spectrum of globally distributed sources; (3) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among government agencies, the private sector, and, when appropriate, other nations; (4) it is important that this function be carried out as effectively, efficiently, and quickly as possible in order to ensure continuity of operations as well as minimize disruptions; (5) at the same time, it is not possible to build an overall, comprehensive picture of activity on the global infrastructure; (6) networks themselves are too big, they are growing too quickly, and they are continually being reconfigured and reengineered; (7) as a result, it is essential that strong partnerships be developed between a wide range of stakeholders in order to ensure that the right data are at the right place at the right time; (8) creating partnerships for information sharing and coordination is a formidable task; (9) trust needs to be established among a broad range of parties with varying interests and expectations, procedures for gathering and sharing information need to be developed, and technical issues need to be addressed; (10) if the federal government itself is going to be a credible player in response coordination, it needs to have its own systems and assets well protected; (11) this means overcoming significant and pervasive security weaknesses at each of the major federal agencies and instituting governmentwide controls and mechanisms needed to provide effective oversight, guidance, and leadership; and (12) perhaps most importantly, this activity needs to be guided by a comprehensive strategy to ensure that it is effective, to avoid unnecessary duplication of effort, and to maintain continuity.

Feb 27, 2015

Feb 23, 2015

Feb 19, 2015

Feb 11, 2015

  • government icon, source: Eyewire

    GAO'S 2015 High-Risk Series:

    An Update
    GAO-15-371T: Published: Feb 11, 2015. Publicly Released: Feb 11, 2015.
  • government icon, source: Eyewire

    GAO's 2015 High-Risk Series:

    An Update
    GAO-15-373T: Published: Feb 11, 2015. Publicly Released: Feb 11, 2015.
  • government icon, source: Eyewire

    High-Risk Series:

    An Update
    GAO-15-290: Published: Feb 11, 2015. Publicly Released: Feb 11, 2015.

Feb 10, 2015

Jan 29, 2015

Dec 22, 2014

Dec 18, 2014

Looking for more? Browse all our products here