Critical Infrastructure Protection: Challenges to Building a Comprehensive Strategy for Information Sharing and Coordination, Statement of Jack L. Brock, Jr., Director, Governmentwide and Defense Information Systems, Accounting and Information Management Division, Testimony before the Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, House of Representatives [open pdf - 171KB]
The unprecedented growth in use of the Internet has revolutionized the way much of the world communicates and conducts business. Without proper safeguards, this widespread interconnectivity poses enormous risks to America's computer systems and to the critical operations and infrastructures they support. For example, hostile nations or terrorists could use cyber-based tools and techniques to disrupt military operations and communications networks. According to the National Security Agency, potential adversaries are developing a body of knowledge about U.S. systems and about methods to attack these systems. Information sharing and coordination among organizations are central to producing comprehensive and practical approaches and solutions to these threats. The "ILOVEYOU" virus is a case in point Because information sharing mechanisms were unable to provide timely warnings, many entities were caught off guard and forced to take their networks off-line for hours. Data on possible threats--viruses, hoaxes, random threats, news events, and computer intrusions--must be continually collected and analyzed. Appropriate warnings and response actions must be effectively coordinated by strong partnerships to ensure that the right data are in the right place at the right time. Jointly designed, built, and staffed mechanisms among involved parties is most likely to obtain critical buy-in and acceptance. After determining what information to collect and report, guidelines and procedures must be established. At present, there is a shortage of persons with the knowledge, skills, and abilities to undertake these efforts.
Government Accountability Office (GAO): http://www.gao.gov/