Critical Infrastructure Protection: Sector-Specific Plans' Coverage of Key Cyber Security Elements Varies [open pdf - 1013KB]
From the Highlights: "The nation's critical infrastructure sectors-such as public health, energy, water, and transportation-rely on computerized information and systems to provide services to the public. To fulfill the requirement for a comprehensive plan, including cyber aspects, the Department of Homeland Security (DHS) issued a national plan in June 2006 for the sectors to use as a road map to enhance the protection of critical infrastructure. Lead federal agencies, referred to as sector-specific agencies, are responsible for coordinating critical infrastructure protection efforts, such as the development of plans that are specific to each sector. In this context, GAO was asked to determine if these sector-specific plans address key aspects of cyber security, including cyber assets, key vulnerabilities, vulnerability reduction efforts, and recovery plans. To accomplish this, GAO analyzed each sector-specific plan against criteria that were developed on the basis of DHS guidance. To assist the sectors in securing their cyber infrastructure, GAO recommends that the Secretary of Homeland Security request that, by September 2008, the sector-specific agencies develop plans that address all of the cyber-related criteria. In written comments on a draft of this report, DHS concurred with GAO's recommendation and provided technical comments that have been addressed as appropriate."
Government Accountability Office: http://www.gao.gov/