GAO: Protection center inadequate

GAO: Protection center inadequate


The National Infrastructure Protection Center has not yet developed analytical and information-sharing capabilities to adequately protect the nation's critical infrastructures, the General Accounting Office has asserted.

The center has issued analyses of single incidents, but it has limited ability to assess data on threat and vulnerability trends, according to a May GAO report, Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities.

A major problem is that the center, which works under the auspices of the FBI, does not have adequate staff or technical expertise, GAO noted.

Also, no one has fully defined NIPC's responsibilities nor laid out how the center should collaborate with agencies that protect the government's critical infrastructure, the congressional watchdog agency said.

Presidential Decision Directive 63, issued in 1998, ordered the center to develop analytical capabilities to provide up-to-date information on threat conditions, system vulnerabilities and attacks.

Support you can use

The center has provided technical support to the FBI on systems attacks, GAO said. But progress has been mixed in establishing information-sharing partnerships with private-sector and other government groups.

GAO calls for NIPC changes

' Develop a comprehensive data collection and analysis framework

' Establish a national program for issuing alerts about cyberattacks

' Define its role in relation to other government agencies and the private sector

In a written response to GAO, NIPC director Ronald Dick said it's important that the center have adequate staffing, particularly from defense and intelligence communities.

He also emphasized that the center has been in existence for three years and its performance should be measured accordingly.

GAO also suggested that the assistant to the president for national security affairs encourage agencies and private-sector groups to better identify information necessary to combat computer attacks. The White House adviser should also make sure there are no discrepancies in how agencies report computer incident reporting, GAO said.

It further recommended that the attorney general have the FBI director formalize information-sharing relationships between NIPC and other organizations.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected