Cybersecurity: DHS's National Integration Center Generally Performs Required Functions but Needs to Evaluate Its Activities More Completely, Report to Congressional Committees [open pdf - 4MB]
From the Highlights: "Cyber-based intrusions and attacks on federal systems and systems supporting our nation's critical infrastructure, such as communications and financial services, have become more numerous, damaging, and disruptive. GAO [Government Accountability Office] first designated information security as a governmentwide high-risk area in 1997. This was expanded to include the protection of critical cyber infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. The National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015 require NCCIC [National Cybersecurity and Communications Integration Center] to perform 11 cybersecurity-related functions, including sharing information and enabling real-time actions to address cybersecurity risks and incidents at federal and non-federal entities. The two acts also contained provisions for GAO to report on NCCIC's implementation of its cybersecurity mission."
Government Accountability Office: https://www.gao.gov/