The Government Accountability Office has offered six recommendations to help the Cybersecurity and Infrastructure Security Agency improve its prioritization activities and related efforts.
GAO said Tuesday CISA should enhance its process for identifying critical infrastructure priorities to reflect existing threats and solicit feedback from states that have not yet offered updates when it comes to determining critical infrastructure.
Under the National Critical Infrastructure Prioritization Program, CISA should come up with a list of assets and systems that would result in catastrophic effects on a national or regional level if disrupted or destroyed, according to the report.
The congressional watchdog interviewed CISA officials and infrastructure stakeholders and found that majority of them questioned the usefulness and relevance of NCIPP. They also said that the program’s list did not reflect the most prevalent threats, including cyberattacks.
Other recommendations for CISA in the GAO report are involving stakeholders in the development of the National Critical Functions framework; documenting strategies and goals for the framework; improving efforts to coordinate cybersecurity services; and sharing regionally specific threat information.