Critical Infrastructure Protection:
Comprehensive Strategy Can Draw on Year 2000 Experiences
AIMD-00-1: Published: Oct 1, 1999. Publicly Released: Oct 5, 1999.
Additional Materials:
- Full Report:
Contact:
(202) 512-4841
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Pursuant to a congressional request, GAO provided information on efforts to protect the nation's critical infrastructures, focusing on: (1) GAO's recent findings on computer security and critical infrastructure protection; and (2) preliminary lessons learned from the year 2000 date conversion experience that can benefit critical infrastructure protection efforts.
GAO noted that: (1) the nation's computer-based critical infrastructures are at increasing risk of severe disruption; (2) interconnectivity increases the risk that problems affecting one system will also affect other interconnected systems; (3) massive computer networks provide pathways among systems that, if not properly secured, can be used to gain unauthorized access to data and operations from remote locations; (4) while the threats or sources of these problems can include natural disasters and system-induced problems, government officials are increasingly concerned about attacks from individuals and groups with malicious intentions, such as terrorists and nations engaging in information warfare; (5) the resultant damage can vary, depending on the threat; (6) critical system operations can be disrupted or otherwise sabotaged, sensitive data can be read and copied, and data or processes can be tampered with; (7) a significant concern is that terrorists or hostile foreign states could launch computer-based attacks on critical systems, such as those supporting energy distribution, telecommunications, and financial services, to severely damage or disrupt national defense or other operations, resulting in harm to the public welfare; (8) the need to strengthen the computer security in both government and the private sector has been recognized over the past few years by a number of entities, and several initial steps have been taken to address the problem; (9) since 1994, GAO has issued dozens of reports on individual agency computer security weaknesses and made scores of related recommendations; (10) during 1996 and 1997, federal information security was addressed by the President's Commission on Critical Infrastructure Protection, which had been established to investigate the nation's vulnerability to both cyber and physical threats; (11) in May 1998, Presidential Decision Directive (PDD) 63 recognized that addressing computer-based risks to the nation's critical infrastructures requires a new approach that involves coordination and cooperation across federal agencies and among public and private-sector entities and other nations; (12) PDD 63 created several new entities for developing and implementing a strategy for critical infrastructure protection; (13) the details of an approach for implementing PDD 63 are still being developed; and (14) a number of issues will need to be resolved, including those regarding the federal government's role in critical infrastructure protection and how best to balance potentially competing demands for security versus privacy.
Sep 24, 2020
Department of Homeland Security:
Assessment of Air and Marine Operating Locations Should Include Comparable Costs across All DHS Marine OperationsGAO-20-663: Published: Sep 24, 2020. Publicly Released: Sep 24, 2020.
Sep 10, 2020
-
Natural Disasters:
Economic Effects of Hurricanes Katrina, Sandy, Harvey, and IrmaGAO-20-633R: Published: Sep 10, 2020. Publicly Released: Sep 10, 2020.
Sep 2, 2020
-
Facial Recognition:
CBP and TSA are Taking Steps to Implement Programs, but CBP Should Address Privacy and System Performance IssuesGAO-20-568: Published: Sep 2, 2020. Publicly Released: Sep 2, 2020.
Aug 19, 2020
-
Immigration Detention:
ICE Should Enhance Its Use of Facility Oversight Data and Management of Detainee ComplaintsGAO-20-596: Published: Aug 19, 2020. Publicly Released: Aug 19, 2020.
Jul 15, 2020
-
Southwest Border:
CBP Should Improve Oversight of Funds, Medical Care, and Reporting of DeathsGAO-20-680T: Published: Jul 15, 2020. Publicly Released: Jul 15, 2020. -
Southwest Border:
CBP Needs to Increase Oversight of Funds, Medical Care, and Reporting of DeathsGAO-20-536: Published: Jul 14, 2020. Publicly Released: Jul 15, 2020.
Jul 14, 2020
-
COVID-19:
FEMA's Role in the Response and Related ChallengesGAO-20-685T: Published: Jul 14, 2020. Publicly Released: Jul 14, 2020.
Jul 8, 2020
-
2018 Pacific Disasters:
Preliminary Observations on FEMA’s Disaster Response and Recovery EffortsGAO-20-614T: Published: Jul 8, 2020. Publicly Released: Jul 8, 2020.
May 14, 2020
-
Critical Infrastructure Protection:
Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical FacilitiesGAO-20-453: Published: May 14, 2020. Publicly Released: May 14, 2020.
May 7, 2020
-
DHS Service Contracts:
Increased Oversight Needed to Reduce the Risk Associated with Contractors Performing Certain FunctionsGAO-20-417: Published: May 7, 2020. Publicly Released: May 7, 2020.
Looking for more? Browse all our products here
Explore our Key Issues on Homeland Security
- Border Security and Immigration
- Countering Overseas Threats
- Cybersecurity Challenges Facing the Nation – High Risk Issue
- DHS Management - High Risk Issue
- Disaster Assistance
- Drug Misuse
- Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests - High Risk Issue
- Federal Grants to State and Local Governments
- Leading Practices in Acquisition Management
- National Flood Insurance Program - High Risk Issue
- Trade Enforcement and Promotion
- U.S. Arctic Interests
- U.S. - China Economic and Military Relations
Explore our other Key Issues here
