The Government Accountability Office has urged sector-specific agencies responsible for 12 critical infrastructure sectors to work with sector partners to craft performance metrics and measures to improve the way they report outcomes of their cyber threat mitigation efforts.
GAO said in a report published Thursday SSAs that have created metrics for their respective sectors include the departments of Health and Human Services, Energy and Defense.
According to the report, all SSAs considered cyber risk as a major concern for all 15 critical infrastructure areas and launched efforts to address network vulnerabilities based on the National Infrastructure Protection Plan.
NIPP details action plans on how federal agencies and the private sector can work together to manage cyber risks facing U.S. critical infrastructures.
GAO added that it found gaps in the development of cybersecurity-related incentives among SSAs responsible for 12 of the 15 sectors.
The report also noted that all SSAs moved to facilitate cybersecurity-related data sharing through the establishment of cross-sector and public-private partnerships.