Critical Infrastructure Protection: Sector-Specific Plans/Coverage of Key Cyber Security Elements Varies

Citation
Government Accountability Office, Critical Infrastructure Protection: Sector-Specific Plans/Coverage of Key Cyber Security Elements Varies (GAO-08-113) (Oct. 31, 2007) (full-text).

Overview
The GAO examined various sector-specific plans to determine the extent to which they addressed cyber security and reported on the extent to which the sectors addressed aspects of cyber security in their plans. Specifically, the GAO reported that the results varied in that none of the plans fully addressed all 30 cyber security-related criteria. The GAO also reported that several plans &mdash; including the information technology and telecommunications sectors &mdash; fully addressed many of the criteria and others &mdash; such as agriculture and food and commercial facilities &mdash; were less comprehensive.

Further, the report recommended that DHS request that by September 2008 the sector-specific agencies’ plans address the cyber-related criteria that were only partially addressed or not addressed at all.