Control systems--computer-based systems that monitor and control sensitive processes and physical functions--perform vital functions in many of our nation's critical infrastructures, including electric power, oil and gas, water treatment, and chemical production. The disruption of control systems could have a significant impact on public health and safety, which makes securing them a national priority. GAO was asked to (1) determine cyber threats, vulnerabilities, and the potential impact of attacks on critical infrastructure control systems; (2) determine the challenges to securing these systems; (3) identify private sector initiatives to strengthen the cybersecurity of control systems; and (4) assess the adequacy of public sector initiatives to strengthen the cybersecurity of control systems. To address these objectives, we met with federal and private sector officials to identify risks, initiatives, and challenges. We also compared agency plans to best practices for securing critical infrastructures.
Recommendations for Executive Action
|Department of Homeland Security||To improve federal government efforts to secure control systems governing critical infrastructure, the Secretary of the Department of Homeland Security should develop a strategy to guide efforts for securing control systems, including agencies' responsibilities, as well as overall goals, milestones, and performance measures.|
|Department of Homeland Security||To improve federal government efforts to secure control systems governing critical infrastructure, the Secretary of the Department of Homeland Security should establish a rapid and secure process for sharing sensitive control system vulnerability information with critical infrastructure control system stakeholders, including vendors, owners, and operators.|