Critical Infrastructure Protection: Significant Challenges in Protecting Federal Systems and Developing Analysis and Warning Capabilities, Statement of Joel C. Willemssen, Managing Director, Information Technology Issues, Testimony before the Committee on Governmental Affairs, U.S. Senate [open pdf - 220KB]
Federal computer systems are riddled with weaknesses that continue to put critical operations and assets at risk. New information security provisions introduced by Congress will be a major catalyst for federal agencies to improve their security program management. To help maintain the momentum that the new information security reform provisions have generated, federal agencies must act quickly to implement strong security program management. A key element of the strategy outlined in Presidential Decision Directive (PDD) 63 was establishing the National Infrastructure Protection Center as "a national focal point" for gathering information on threats and facilitating the federal government's response to computer-based incidents. The center has begun critical infrastructure protection efforts to establish a foundation for future governmentwide efforts. However, the analytical and information-sharing capabilities that PDD 63 asserts are needed to protect the nation's critical infrastructures have not yet been achieved.
Government Accountability Office (GAO): http://www.gao.gov/