Critical Infrastructure Protection:

Further Efforts Needed to Integrate Planning for and Response to Disruptions on Converged Voice and Data Networks

GAO-08-607: Published: Jun 26, 2008. Publicly Released: Jun 26, 2008.

Additional Materials:


David A. Powner
(202) 512-3000


Office of Public Affairs
(202) 512-4800

Technological advances have led to an increasing convergence of previously separate networks used to transmit voice and data communications. While the benefits of this convergence are enormous, such interconnectivity also poses significant challenges to our nation's ability to respond to major disruptions. Two operations centers--managed by the Department of Homeland Security's (DHS) National Communications System and National Cyber Security Division--plan for and monitor disruptions on voice and data networks. In September 2007, a DHS expert task force made three recommendations toward establishing an integrated operations center that the department agreed to adopt. To determine the status of efforts to establish an integrated center, GAO reviewed documentation, interviewed relevant DHS and private sector officials, and reviewed laws and policies to identify DHS's responsibilities in addressing convergence.

DHS has taken the first of three steps toward integrating its centers that are responsible for planning for, monitoring, and responding to disruptions to the communications infrastructure, including voice and data networks, and the security of data and applications that use these networks. Specifically, in November 2007, it moved the operations center for communications infrastructure (NCC Watch) to office space adjacent to the center for data and applications (US-CERT). This close proximity allows the approximately 41 coordination center and 95 readiness team analysts to, among other things, readily collaborate on planned and ongoing activities. In addition, the centers have jointly acquired common software tools to identify and share physical, telecommunications, and cyber information related to performing their missions. For example, the centers use one of the tools to develop a joint "morning report" specifying their respective network security issues and problems, which is used by the analysts in coordinating responses to any resulting disruptions. While DHS has completed the first integration step, it has yet to implement the remaining two steps. Specifically, although called for in the task force's recommendations, the department has not organizationally merged the two centers or invited key private sector critical infrastructure officials to participate in the planning, monitoring, and other activities of the proposed joint operations center. A key factor contributing to DHS's lack of progress in implementing the latter two steps is that completing the integration has not been a top DHS priority. Instead, DHS officials stated that their efforts have been focused on other initiatives, most notably the President's recently announced cyber initiative, which is a federal governmentwide effort to manage the risks associated with the Internet's nonsecure external connections. Nevertheless, DHS officials stated that they are in the process of drafting a strategic plan to provide overall direction for the activities of the National Communications System and the National Cyber Security Division. However, the plan is in draft and has been so since mid-2007. In addition, DHS officials could not provide a date for when it would be finalized. Consequently, the department does not have a strategic plan or related guidance that provides overall direction in this area and has not developed specific tasks and milestones for achieving the two remaining integration steps. Until DHS completes the integration of the two centers, it risks being unable to efficiently plan for and respond to disruptions to communications infrastructure and the data and applications that travel on this infrastructure, increasing the probability that communications will be unavailable or limited in times of need.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In lieu of completing and using the strategic plan to outline the department's overall direction for the activities of the National Communications System (NCS) and the National Cyber Security Division (NCSD), including plans to integrate these organizations' watch centers, DHS did so in the department's September 2010 National Cyber Incident Response Plan. Specifically, in the plan, DHS (1)provides the rationale and purpose for merging NCS's national coordination center and NCSD's readiness team to form the National Cybersecurity and Communications Integration Center (NCCIC) and (2) describes NCCIC's strategic approach, including specifying assigned organizational roles and responsibilities and actions planned and underway to prepare for, respond to, and coordinate recovery from a cyber incident.

    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary for Cyber Security and Communications to establish milestones for completing the development and implementation of the strategic plan for the National Cyber Security Division and the National Communications System.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: In response, DHS merged the national coordination center and readiness team to form an entity called the National Cybersecurity and Communications Integration Center (NCCIC). The new center, which DHS stood up in October 2009, functions as a coordinated watch and warning center that serves to improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure. In doing this, NCCIC is to integrate information from all partners (e.g. public and private, state and federal) in both the cyber and communications arenas to create and share common knowledge and coordinate response activities. To accomplish this latter task, DHS has key private sector officials from various critical infrastructure sectors participate in center operations.

    Recommendation: The Secretary of Homeland Security should direct the Assistant Secretary for Cyber Security and Communications to define specific tasks and associated milestones for establishing the integrated operations center through merging National Coordination Center Watch and U.S. Computer Emergency Readiness Team and inviting and engaging key private sector critical infrastructure officials from additional sectors to participate in the operations of the new integrated center.

    Agency Affected: Department of Homeland Security


Explore the full database of GAO's Open Recommendations »

Sep 23, 2020

Sep 10, 2020

Sep 8, 2020

Aug 31, 2020

Aug 27, 2020

Aug 19, 2020

Jul 9, 2020

Jul 1, 2020

Jun 25, 2020

Looking for more? Browse all our products here