The Department of Homeland Security (DHS) can not currently integrate findings from vulnerability assessments of critical infrastructure conducted from 2011 to 2013, or to identify priorities, according to a report released by the Government Accountability Office (GAO) on Monday.
Although the Homeland Security Act of 2002 and the National Infrastructure Protection Plan (NIPP) call for integration of the assessments to identify priorities, the variations in the areas assessed by the DHS and its components, and the tools and methods used, are preventing DHS from proceeding with identifying priorities.
The GAO analysis of 10 assessment tools and methods found that the DHS consistently included certain areas, such as perimeter security, while other areas, including cybersecurity, were overlooked in some cases. Another finding was that DHS assessments vary in their length and detail of information collected.
While the DHS' Office of Infrastructure Protection is trying to salvage the data gathered from the 2011-2013 assessments, the GAO is recommending that in the future DHS identify the most important areas for assessment, and establish guidance for DHS offices and components to consistently gather data and work with other federal entitites to develop guidance on vulnerability assessments.