Critical Infrastructure Protection: CISA Should Improve Priority Setting, Stakeholder Involvement, and Threat Information Sharing, Report to Congressional Requesters [open pdf - 7MB]
From the Highlights: "The risk environment for critical infrastructure ranges from extreme weather events to physical and cybersecurity attacks. The majority of critical infrastructure is owned and operated by the private sector, making it vital that the federal government work with the private sector, along with state, local, tribal, and territorial partners. CISA [Cybersecurity and Infrastructure Security Agency] is the lead federal agency responsible for overseeing domestic critical infrastructure protection efforts. GAO [Government Accountability Office] was asked to review CISA's critical infrastructure prioritization activities. This report examines (1) the extent to which the National Critical Infrastructure Prioritization Program currently identifies and prioritizes nationally significant critical infrastructure, (2) CISA's development of the National Critical Functions framework, and (3) key services and information that CISA provides to mitigate critical infrastructure risks."
Government Accountability Office: https://www.gao.gov/