Skip to main content

The Department of Homeland Security's (DHS) Critical Infrastructure Protection Cost-Benefit Report

GAO-09-654R Published: Jun 26, 2009. Publicly Released: Jun 26, 2009.
Jump To:
Skip to Highlights


In 2005, Hurricane Katrina devastated the Gulf Coast, damaging critical infrastructure, such as oil platforms, pipelines, and refineries; water mains; electric power lines; and cellular phone towers. The infrastructure damage and resulting chaos disrupted government and business functions alike, producing cascading effects far beyond the physical location of the storm. Threats against critical infrastructure are not limited to natural disasters. For example, in 2005, suicide bombers struck London's public transportation system, disrupting the city's transportation and mobile telecommunications infrastructure. In March 2007, we reported that our nation's critical infrastructures and key resources (CIKR)--systems and assets, whether physical or virtual, so vital to the United States that their incapacity or destruction would have a debilitating impact on national security, national economic security, national public health or safety, or any combination of those matters--continue to be vulnerable to a wide variety of threats. According to DHS, because the private sector owns approximately 85 percent of the nation's CIKR--banking and financial institutions, telecommunications networks, and energy production and transmission facilities, among others--it is vital that the public and private sectors work together to protect these assets. The Homeland Security Act of 2002 created DHS and gave the department wide-ranging responsibilities for, among other things, leading and coordinating the overall national critical infrastructure protection effort. For example, the act required DHS to (1) develop a comprehensive national plan for securing the nation's CIKR and (2) recommend measures to protect CIKR in coordination with other agencies of the federal government and in cooperation with state and local government agencies and authorities, the private sector, and other entities. Homeland Security Presidential Directive 7 (HSPD-7) further defined critical infrastructure protection responsibilities for DHS and those federal agencies--known as sector-specific agencies (SSA)--responsible for particular industry sectors, such as transportation, energy, and communications. HSPD-7 directed DHS to establish uniform policies, approaches, guidelines, and methodologies for integrating federal infrastructure protection and risk management activities within and across CIKR sectors. The Conference Report accompanying the Department of Homeland Security Appropriations Act, 2005, directed DHS to complete an analysis on whether the department should require private sector entities to provide DHS with existing information about their security measures and vulnerabilities in order to improve the department's ability to evaluate critical infrastructure protection nationwide. This direction was consistent with concerns raised by the House Appropriations Committee about DHS's progress conducting vulnerability assessments for critical infrastructure facilities generally, and security measures at chemical facilities in particular.

Full Report

Office of Public Affairs


ContractorsCost analysisCost effectiveness analysisCritical infrastructureCritical infrastructure protectionData collectionFacility securityFederal agenciesFederal regulationsstate relationsGovernment information disseminationHomeland securityNeeds assessmentPrivate sectorPublic key infrastructureReporting requirementsRisk assessmentRisk managementSecurity assessmentsStrategic planningInformation sharingPolicies and procedures