Critical Infrastructure Protection: Challenges in Addressing Cybersecurity.GAO-05-827T July 19, 2005 Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act of 2002 and federal policy established the Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States (DHS DHS Department of Homeland Security (USA) DHS Department of Human Services DHS Department of Health Services DHS Demographic and Health Surveys DHS Dirhams (Morocco national currency) ) as the focal point focal point n. See focus. for coordinating activities to protect the computer systems that support our nation's critical infrastructures. GAO was asked to summarize previous work, focusing on (1) DHS's responsibilities for cybersecurity-related critical infrastructure protection Department of Defense (DOD) program to identify and protect assets critical to the Defense Transportation System. Loss of a critical asset would result in failure to support the mission of a combatant commander. (CIP (1) (Common Isochronous Packet) The packet format used in time-based (real time) FireWire transmission. See FireWire, IEC 61883 and mLAN. (2) (Common Industrial P ), (2) the status of the department's efforts to fulfill these responsibilities, (3) the challenges it faces in fulfilling its cybersecurity responsibilities, and (4) recommendations GAO has made to improve cybersecurity of our nation's critical infrastructure. As the focal point for CIP, the Department of Homeland Security (DHS) has many cybersecurity-related roles and responsibilities that GAO identified in law and policy. DHS established the National Cyber Security Division to take the lead in addressing the cybersecurity of critical infrastructures. While DHS has initiated multiple efforts to fulfill its responsibilities, it has not fully addressed any of the 13 responsibilities, and much work remains ahead. For example, the department established the United States Computer Emergency Readiness Team The United States Computer Emergency Readiness Team (US-CERT) is part of the National Cyber Security Division of the United States's Department of Homeland Security. as a public/private partnership to make cybersecurity a coordinated national effort, and it established forums to build greater trust and information sharing among federal officials with information security responsibilities and law enforcement entities. However, DHS has not yet developed national cyber threat and vulnerability assessments or government/industry contingency recovery plans for cybersecurity, including a plan for recovering key Internet functions. DHS faces a number of challenges that have impeded its ability to fulfill its cybersecurity-related CIP responsibilities. These key challenges include achieving organizational stability, increasing awareness about cybersecurity roles and capabilities, establishing effective partnerships with stakeholders, and achieving two-way information sharing with these stakeholders. In its strategic plan for cybersecurity, DHS identifies steps that can begin to address the challenges. However, until it confronts and resolves these underlying challenges and implements its plans, DHS will have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures. In recent years, GAO has made a series of recommendations to enhance the cybersecurity of critical infrastructures that if effectively implemented could greatly improve our nation's cybersecurity posture. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion