Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance
The nation’s 16 critical infrastructure sectors provide essential services such as banking, electricity, and gas and oil distribution. However, increasing cyber threats—like the May 2021 ransomware cyberattack on an American oil pipeline system that led to regional gas shortages—represent a significant national security challenge. To better protect against cyber threats, National Institute of Standards and Technology (NIST) facilitated, as required by federal law, the development of a voluntary framework of cybersecurity standards and procedures for sectors to use. The Cybersecurity Enhancement Act of 2014 included provisions for the U.S. Government Accountability Office (GAO) to review aspects of the framework. GAO’s report addresses the extent to which sector risk management agencies (SRMAs) have (1) determined framework adoption by entities within their respective sectors and (2) identified improvements resulting from sector-wide use. GAO analyzed documentation, such as requests for information, polls, and survey instruments. It also conducted interviews with agency officials from each SRMA and NIST. In prior reports, GAO recommended that the nine SRMAs (1) develop methods for determining the level and type of framework adoption by entities across their respective sectors and (2) collect and report sector-wide improvements. Most agencies have not yet implemented these recommendations.
- Record URL:
- Summary URL:
-
Corporate Authors:
U.S. Government Accountability Office
441 G Street, NW
Washington, DC United States 20548 - Publication Date: 2022-2-9
Language
- English
Media Info
- Media Type: Digital/other
- Features: Appendices; Figures; References; Tables;
- Pagination: 49p
Subject/Index Terms
- TRT Terms: Computer security; Infrastructure; National security; Risk management; Standards
- Identifier Terms: National institute of Standards and Technology
- Geographic Terms: United States
- Subject Areas: Data and Information Technology; Security and Emergencies; Transportation (General);
Filing Info
- Accession Number: 01838021
- Record Type: Publication
- Report/Paper Numbers: GAO-22-105103
- Files: TRIS
- Created Date: Feb 28 2022 5:05PM