Critical Infrastructure Protection:

Challenges to Building a Comprehensive Strategy for Information Sharing and Coordination

T-AIMD-00-268: Published: Jul 26, 2000. Publicly Released: Jul 26, 2000.

Additional Materials:


Jack L. Brock, Jr
(202) 512-4841


Office of Public Affairs
(202) 512-4800

Pursuant to a congressional request, GAO discussed the challenges of developing effective information sharing and coordination strategies needed to deal with computer security threats.

GAO noted that: (1) developing the information sharing and coordination capabilities needed to effectively deal with computer threats and actual incidents is complex and challenging but essential; (2) data on possible threats--ranging from viruses, to hoaxes, to random threats, to news events, and computer intrusions--must be continually collected and analyzed from a wide spectrum of globally distributed sources; (3) once an imminent threat is identified, appropriate warnings and response actions must be effectively coordinated among government agencies, the private sector, and, when appropriate, other nations; (4) it is important that this function be carried out as effectively, efficiently, and quickly as possible in order to ensure continuity of operations as well as minimize disruptions; (5) at the same time, it is not possible to build an overall, comprehensive picture of activity on the global infrastructure; (6) networks themselves are too big, they are growing too quickly, and they are continually being reconfigured and reengineered; (7) as a result, it is essential that strong partnerships be developed between a wide range of stakeholders in order to ensure that the right data are at the right place at the right time; (8) creating partnerships for information sharing and coordination is a formidable task; (9) trust needs to be established among a broad range of parties with varying interests and expectations, procedures for gathering and sharing information need to be developed, and technical issues need to be addressed; (10) if the federal government itself is going to be a credible player in response coordination, it needs to have its own systems and assets well protected; (11) this means overcoming significant and pervasive security weaknesses at each of the major federal agencies and instituting governmentwide controls and mechanisms needed to provide effective oversight, guidance, and leadership; and (12) perhaps most importantly, this activity needs to be guided by a comprehensive strategy to ensure that it is effective, to avoid unnecessary duplication of effort, and to maintain continuity.

Oct 8, 2020

Jul 16, 2020

Mar 30, 2020

Mar 16, 2020

Dec 16, 2019

Oct 17, 2019

Aug 10, 2018

Jun 25, 2018

Mar 13, 2018

Looking for more? Browse all our products here