Critical Infrastructure Protection: DHS Has Made Progress in Enhancing Critical Infrastructure Assessments but Additional Improvements are Needed

Citation
Government Accountability Office, '''Critical Infrastructure Protection: DHS Has Made Progress in Enhancing Critical Infrastructure Assessments but Additional Improvements are Needed]] (GAO-16-791T) (July 12, 2016) (full-text).

Overview
Protecting the security of critical infrastructure (CI) is a top priority for the nation. CI includes assets and systems, whether physical or cyber, that are so vital to the United States that their destruction would have a debilitating impact on, among other things, national security or the economy. Multiple federal entities, including the Department of Homeland Security (DHS), are involved in assessing CI vulnerabilities, and assessment fatigue could impede DHS's ability to garner the participation of CI owners and operators in its voluntary assessment activities.

This testimony summarizes past GAO findings on progress made and improvements needed in DHS's vulnerability assessments, such as addressing potential duplication and gaps in these efforts.

This statement is based on products GAO issued from May 2012 through October 2015 and recommendation follow-up conducted through March 2016. The GAO reviewed applicable laws, regulations, directives, and policies from selected programs. The GAO interviewed officials responsible for administering these programs and assessed related data. The GAO interviewed and surveyed a range of [[stakeholders, including federal officials, and CI owners and operators.

The GAO made recommendations to DHS in prior reports to strengthen its assessment efforts.