Critical Infrastructure Protection: OMB Leadership Needed to Strengthen Agency Planning Efforts to Protect Federal Cyber Assets, Report to Congressional Requesters [open pdf - 549KB]
Alternate Title: Critical Infrastructure Protection: Office of Management and Budget Leadership Needed to Strengthen Agency Planning Efforts to Protect Federal Cyber Assets, Report to Congressional Requesters
"Because the nation's critical infrastructure relies on information technology systems and data, the security of those assets is critical to ensuring national security and public safety. In 2003, the President directed federal agencies to (1) develop plans for the protection of their computer-related (cyber) critical infrastructure assets and (2) submit them for approval to the Office of Management and Budget (OMB) by July 31, 2004. To help agencies do this, OMB issued guidance with 19 criteria deemed essential for effective cyber critical infrastructure protection planning that were required to be included in the plans. GAO was asked to determine (1) the extent to which agencies developed their plans and whether they submitted them to OMB by the deadline and (2) whether the plans met criteria in OMB's guidance. To do this, GAO reviewed plans from 24 agencies, many of which own and operate key government cyber and other critical infrastructure; reviewed OMB documentation; interviewed officials; and compared submitted plans to relevant criteria […]. GAO is recommending that OMB (1) direct agencies to update cyber plans to fully address OMB requirements and (2) follow up to see that agencies make sure plans meet requirements and are being implemented. In commenting on a draft of this report, OMB agreed with the first recommendation; it agreed with the second after GAO revised it to better clarify OMB and agency follow up responsibilities."
Government Accountability Office: http://www.gao.gov/