Critical Infrastructure Protection: DHS Risk Assessments Inform Owner and Operator Protection Efforts and Departmental Strategic Planning, Report to Congressional Requesters [open pdf - 3MB]
"The nation's critical infrastructure includes cyber and physical assets and systems across 16 different sectors whose security and resilience are vital to the nation. The majority of critical infrastructure is owned and operated by the private sector. Multiple federal entities, including DHS, work with infrastructure owners and operators to assess their risks. GAO [Government Accountability Office] was asked to review DHS's risk assessment practices for critical infrastructure. This report describes:(1) DHS's risk assessment practices in 3 of 16 critical infrastructure sectors and private sector representatives' views on the utility of this risk information, and (2) how this risk information influences DHS's strategic planning and private sector outreach. GAO selected 3 of 16 sectors-Critical Manufacturing; Nuclear Reactors, Materials, and Waste; and Transportation Systems-to examine based on their varied regulatory structures and industries. GAO reviewed DHS guidance related to infrastructure protection, the QHSR [Quadrennial Homeland Security Review] and DHS Strategic Plan, and plans for the selected critical infrastructure sectors. GAO interviewed DHS officials responsible for critical infrastructure risk assessments, and the owner and operator representatives who serve as chairs and vice-chairs of coordinating councils for the 3 selected sectors. Information from the 3 sectors is not generalizable to all 16 sectors but provides insight into DHS's risk management practices. GAO provided a draft of this report to DHS and relevant excerpts to the council representatives interviewed during this review. Technical comments provided were incorporated as appropriate."
Government Accountability Office: http://www.gao.gov/