GAO Offers Recommendations for Improving Critical Infrastructure Prioritization Program
Friday, March 04, 2022 | Comments

The Government Accountability Office (GAO) made several recommendations on ways in which the Cybersecurity and Infrastructure Security Agency (CISA) can improve the National Critical Infrastructure Prioritization Program.

That program is used to identify a list of systems and assets that, if destroyed or disrupted, would cause national or regional catastrophic effects. That list is updated annually and used to inform the award of preparedness grants to states.

However, GAO said nine of 12 CISA officials and all 10 critical infrastructure stakeholders it interviewed questioned the relevance and usefulness of the program.

For example, some stakeholders said that the most prevalent threat they face is cyberattacks and the program’s list is not reflective of that threat. Additionally, GAO found that since 2017, no more than 14 states had provided updates to the program in any year.

“Ensuring that its process for determining priorities reflects current threats, such as cyberattacks and incorporates input from additional states would give CISA greater assurance that it and stakeholders are focused on the highest priorities,” the GAO said.

GAO recommended that CISA take six actions to improve the program:
• The CISA director should ensure that the agency’s process for developing a prioritized list of critical infrastructure that would cause regional or national catastrophic effects if destroyed or disrupted reflects current threats.
• The CISA director should ensure that they agency’s process for developing a prioritized list of that infrastructure includes input from additional states that have not provided recent nominations or updates.
• The CISA director should document goals and strategies for the National Critical Functions framework.
• The CISA director should ensure that stakeholders are fully engage in the National Critical Functions Framework.
• The CISA director should implement processes to improve communication and coordination between critical infrastructure organizations and CISA headquarters and regional staff.
• The CISA director should coordinate with relevant regionally based, federal and nonfederal partners to regularly develop and distribute regionally specific threat information to each of CISA’s 10 regions.

Find the full GAO report here.

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

May 2023

23 - 25
Critical Communications World (CCW)
Helsinki, Finland

More Events >
White Papers
More White Papers >

Site Navigation