Skip to main content

Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems

GAO-04-354 Published: Mar 15, 2004. Publicly Released: Mar 30, 2004.
Jump To:
Skip to Highlights

Highlights

Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. The House Committee on Government Reform and its Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census asked GAO to report on potential cyber vulnerabilities, focusing on (1) significant cybersecurity risks associated with control systems (2) potential and reported cyber attacks against these systems (3) key challenges to securing control systems and (4) efforts to strengthen the cybersecurity of control systems.

Recommendations

Recommendations for Executive Action

Agency Affected Sort descending Recommendation Status
Directorate of Information Analysis and Infrastructure Protection The Secretary of the Department of Homeland Security should develop and implement a strategy for coordinating with the private sector and other government agencies to improve control system security, including an approach for coordinating the various ongoing efforts to secure control systems. This strategy should also be addressed in the comprehensive national infrastructure plan that the department is tasked to complete by December 2004.
Closed – Implemented
Although the Department of Homeland Security did not include guidance to help other agencies and industry coordinate with each other, it developed and implemented a strategy for coordinating with the private sector and other government agencies to improve control systems security.

Full Report

Office of Public Affairs

Topics

Computer crimesComputer networksComputer securityCyber securityHomeland securityInformation technologyTrojan horsesCritical infrastructure protectionControl systemsWater systems