Critical Infrastructure Protection:
Challenges in Addressing Cybersecurity
GAO-05-827T: Published: Jul 19, 2005. Publicly Released: Jul 19, 2005.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-3000
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy established the Department of Homeland Security (DHS) as the focal point for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to summarize previous work, focusing on (1) DHS's responsibilities for cybersecurity-related critical infrastructure protection (CIP), (2) the status of the department's efforts to fulfill these responsibilities, (3) the challenges it faces in fulfilling its cybersecurity responsibilities, and (4) recommendations GAO has made to improve cybersecurity of our nation's critical infrastructure.
As the focal point for CIP, the Department of Homeland Security (DHS) has many cybersecurity-related roles and responsibilities that GAO identified in law and policy. DHS established the National Cyber Security Division to take the lead in addressing the cybersecurity of critical infrastructures. While DHS has initiated multiple efforts to fulfill its responsibilities, it has not fully addressed any of the 13 responsibilities, and much work remains ahead. For example, the department established the United States Computer Emergency Readiness Team as a public/private partnership to make cybersecurity a coordinated national effort, and it established forums to build greater trust and information sharing among federal officials with information security responsibilities and law enforcement entities. However, DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity, including a plan for recovering key Internet functions. DHS faces a number of challenges that have impeded its ability to fulfill its cybersecurity-related CIP responsibilities. These key challenges include achieving organizational stability, increasing awareness about cybersecurity roles and capabilities, establishing effective partnerships with stakeholders, and achieving two-way information sharing with these stakeholders. In its strategic plan for cybersecurity, DHS identifies steps that can begin to address the challenges. However, until it confronts and resolves these underlying challenges and implements its plans, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures. In recent years, GAO has made a series of recommendations to enhance the cybersecurity of critical infrastructures that if effectively implemented could greatly improve our nation's cybersecurity posture.
Jan 25, 2021
-
Southwest Border:
DHS and DOJ Have Implemented Expedited Credible Fear Screening Pilot Programs, but Should Ensure Timely Data EntryGAO-21-144: Published: Jan 25, 2021. Publicly Released: Jan 25, 2021.
Jan 21, 2021
-
Chemical Security:
Overlapping Programs Could Better Collaborate to Share Information and Identify Potential Security GapsGAO-21-12: Published: Jan 21, 2021. Publicly Released: Jan 21, 2021.
Jan 19, 2021
-
DHS Annual Assessment:
Most Acquisition Programs Are Meeting Goals but Data Provided to Congress Lacks Context Needed For Effective OversightGAO-21-175: Published: Jan 19, 2021. Publicly Released: Jan 19, 2021.
Dec 16, 2020
-
Coast Guard:
Actions Needed to Improve National Vessel Documentation Center OperationsGAO-21-100: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Nov 23, 2020
-
Southwest Border:
Information on Federal Agencies' Process for Acquiring Private Land for BarriersGAO-21-114: Published: Nov 17, 2020. Publicly Released: Nov 23, 2020.
Nov 12, 2020
-
Coast Guard Acquisitions:
Opportunities Exist to Reduce Risk for the Offshore Patrol Cutter ProgramGAO-21-9: Published: Oct 28, 2020. Publicly Released: Nov 12, 2020.
Oct 29, 2020
-
TSA Acquisitions:
TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening TechnologiesGAO-21-50: Published: Oct 29, 2020. Publicly Released: Oct 29, 2020.
Oct 20, 2020
-
Homeland Security Acquisitions:
DHS Has Opportunities to Improve Its Component Acquisition OversightGAO-21-77: Published: Oct 20, 2020. Publicly Released: Oct 20, 2020.
Sep 30, 2020
-
Disaster Assistance:
Additional Actions Needed to Strengthen FEMA's Individuals and Households ProgramGAO-20-503: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020. -
Supplemental Material for GAO-20-503:
FEMA Individuals and Households Program Applicant Data 2016 – 2018GAO-20-675SP: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Looking for more? Browse all our products here