Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress
Abstract
U. S. critical infrastructures, such as financial institutions, commercial buildings, and energy production and transmission facilities, are systems and assets, whether physical or virtual, vital to the nations security, economy, and public health and safety. To secure these systems and assets, federal policy and the NIPP establish responsibilities for federal agencies designated as SSAs, including leading, facilitating, or supporting the security and resilience programs and associated activities of their designated critical infrastructure sectors. GAOs objectives were to determine the extent to which SSAs have (1) identified the significance of cyber risks to their respective sectors networks and industrial control systems, (2) taken actions to mitigate cyber risks within their respective sectors, (3) collaborated across sectors to improve cybersecurity, and (4) established performance metrics to monitor improvements in their respective sectors. To conduct the review, GAO analyzed policy, plans, and other documentation and interviewed public and private sector officials for 8 of 9 SSAs with responsibility for 15 of 16 sectors.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 19, 2015
- Accession Number
- AD1106042
Entities
People
- David Plocher
- Di'mond Spencer
- Gregory C. Wilshusen
- J. Woodward
- Jonathan Wall
- Kenneth A. Johnson
- Lee Mccracken
- Michael W. Gilmore
Organizations
- United States Government Accountability Office