Critical Infrastructure Protection: Significant Challenges in Developing Analysis, Warning, and Response Capabilities

The National Infrastructure Protection Center (NIPC) is an important element of the U.S.' strategy to protect the nation's infrastructures from hostile attacks, especially computer-based attacks. This testimony discusses the key findings of a GAO report on NIPC's progress in developing national capabilities for analyzing cyber threats and vulnerability data and issuing warnings, enhancing its capabilities for responding to cyber attacks, and establishing information-sharing relationships with governments and private-sector entities. GAO found that progress in developing the analysis, warning, and information-sharing capabilities has been mixed. NIPC began various critical infrastructure protection efforts that have laid the foundation for future governmentwide efforts. NIPC has also provided valuable support and coordination related to investigating and otherwise responding to attacks on computers. However, the analytical and information-sharing capabilities that are needed to protect the nation's critical infrastructures have not yet been achieved, and NIPC has developed only limited warning capabilities. An underlying contributor to the slow progress is that the NIPC's roles and responsibilities have not been fully defined and are not consistently interpreted by other entities involved in the government's broader critical infrastructure protection strategy. This report summarized an April report (GAO-01-323).