Critical Infrastructure Protection: CISA Should Improve Priority Setting, Stakeholder Involvement, and Threat Information Sharing
The risk environment for critical infrastructure ranges from extreme weather events to physical and cybersecurity attacks. The majority of critical infrastructure is owned and operated by the private sector, making it vital that the federal government work with the private sector, along with state, local, tribal, and territorial partners. The Cybersecurity and Infrastructure Security Agency (CISA) is the lead federal agency responsible for overseeing domestic critical infrastructure protection efforts. The U.S. Government Accountability Office (GAO) was asked to review CISA’s critical infrastructure prioritization activities. This report examines (1) the extent to which the National Critical Infrastructure Prioritization Program currently identifies and prioritizes nationally significant critical infrastructure, (2) CISA’s development of the National Critical Functions framework, and (3) key services and information that CISA provides to mitigate critical infrastructure risks. GAO analyzed agency documentation and conducted interviews with critical infrastructure stakeholders representing the energy, water and wastewater systems, critical manufacturing, and information technology sectors; six of 10 CISA regions; and six states to understand the need for any improvements to CISA’s efforts, among other things. GAO selected these six states based on population size and the amounts of grant awards received from the Department of Homeland Security's (DHS’s) State Homeland Security Program.
- Record URL:
- Summary URL:
-
Corporate Authors:
U.S. Government Accountability Office
441 G Street, NW
Washington, DC United States 20548 - Publication Date: 2022-3-1
Language
- English
Media Info
- Media Type: Digital/other
- Features: Appendices; Figures; Maps; Photos; References; Tables;
- Pagination: 61p
Subject/Index Terms
- TRT Terms: Data sharing; Infrastructure; Risk management; Security
- Identifier Terms: National Critical Infrastructure Prioritization Program; U.S. Department of Homeland Security
- Subject Areas: Planning and Forecasting; Security and Emergencies; Transportation (General);
Filing Info
- Accession Number: 01838781
- Record Type: Publication
- Report/Paper Numbers: GAO-22-104279
- Files: TRIS
- Created Date: Mar 17 2022 9:04AM