Critical Infrastructure Protection: Significant Challenges in Safeguarding Government and Privately Controlled Systems from Computer-Based Attacks

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 2001-09-26 monographic deposited born digital GA 1.13:GAO-01-1168T https://www.govinfo.gov/app/details/GAOREPORTS-GAO-01-1168T P0b002ee18039e85f f:d011168t DGPO 2010-08-12 2011-03-28 GAOREPORTS-GAO-01-1168T machine generated eng fdlp REPORT GAOREPORTS-GAO-01-1168T GAO-01-1168T Computer crimes Computer security Computer viruses Electronic government Hackers Information systems Internal controls Internet Code Red Computer Worm Code Red II Computer Worm DOD Department-wide Information Assurance Program Testimony A02048 Critical Infrastructure Protection: Significant Challenges in Safeguarding Government and Privately Controlled Systems from Computer-Based Attacks Federal agencies, and other public and private groups, rely extensively on computer systems and electronic data. The security of these systems and data is essential to avoiding disruptions in critical operations and preventing data tampering, fraud, and inappropriate disclosure of sensitive information. However, federal computer systems contain weaknesses that continue to put critical operations and assets at risk. In particular, deficiencies exist in entitywide security programs that are critical to agencies' success in ensuring that risks are understood and effective controls are implemented. Many efforts have been undertaken to implement the nationally critical infrastructure protection strategy outlined in Presidential Decision Directive (PDD) 63. However, progress in key areas has been limited. Although outreach efforts by many federal entities to establish cooperative relationships with and among private and other nonfederal entities have raised awareness and prompted information sharing, efforts to perform substantive analyses of sector-wide and cross-sector interdependencies and related vulnerabilities have been limited. A major impediment to implementing the strategy outlined in PDD 63 is the lack of a national plan that clearly spells out the roles and responsibilities of federal and nonfederal entities and defines interim objectives. https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-01-1168T/html/GAOREPORTS-GAO-01-1168T.htm GAO-01-1168T https://www.govinfo.gov/app/details/GAOREPORTS-GAO-01-1168T Testimony GAO-01-1168T; Critical Infrastructure Protection: Significant Challenges in Safeguarding Government and Privately Controlled Systems from Computer-Based Attacks; Computer crimes Computer security Computer viruses Electronic government Hackers Information systems Internal controls Internet Code Red Computer Worm Code Red II Computer Worm DOD Department-wide Information Assurance Program United States Public Law 106 (104th Congress) Public Law 104-106