Critical Infrastructure Protection:

Comments on the National Plan for Information Systems Protection

T-AIMD-00-72: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.

Contact:

Jack L. Brock, Jr
(202) 512-4841
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Pursuant to a congressional request, GAO discussed the National Plan for Information Systems Protection, focusing on: (1) a detailed overview of the plan; (2) opportunities for sharpening the plan's proposals for improving the federal government's security programs; and (3) the challenges facing the government in building the public-private partnerships necessary for comprehensive infrastructure protections.

GAO noted that: (1) the National Plan for Information Systems Protection is intended as a first major element of a more comprehensive effort to protect the nation's information systems and critical assets from future attacks; (2) this preliminary version focuses largely on federal efforts being undertaken to protect the nation's critical cyber-based infrastructures; (3) subsequent versions are to address a broader range of concerns, including the specific role industry and state and local governments will play in protecting physical and cyber-based infrastructures from deliberate attack as well as international aspects of critical infrastructure protection; (4) the end goal of this process is to develop a comprehensive national strategy for infrastructure assurance as envisioned by Presidential Decision Directive 63; (5) making the federal government a model of good information security is essential to the plan's success; (6) recent audits conducted by GAO and agency inspectors general show that 22 of the largest federal agencies have significant computer security weaknesses, ranging from poor controls over access to sensitive systems and data, to poor control over software development and changes, and nonexistent or weak continuity of service plans; (7) agencies have not established security management programs to ensure that controls, once implemented properly, are effective on an ongoing basis; (8) GAO also observed that other crosscutting actions--ranging from clarifying the roles and responsibilities of the many entities involved in information security, to strengthening oversight, to securing adequate technical expertise and funding--were needed in seven key areas to provide greater assurance that critical infrastructure objectives can be met; (9) the second facet of the plan focuses on developing a public-private partnership to protect the nation's infrastructure; and (10) in doing so, the plan proposes developing mechanisms and improving incentives for the private sector to cooperate voluntarily with the federal government, as well as with state and local governments, to work together to provide for the common defense of the infrastructure.

Jul 17, 2014

Jun 25, 2014

May 30, 2014

Apr 17, 2014

Apr 2, 2014

Jan 28, 2014

Jan 8, 2014

Sep 26, 2013

Feb 20, 2013

Feb 1, 2013

Looking for more? Browse all our products here