The Government Accountability Office’s (“GAO”) February 2018 report, entitled “Critical Infrastructure Protection: Additional Actions Are Essential for Assessing Cybersecurity Framework Adoption,” outlined the progress the federal government, industry and their affiliates have made in protecting critical infrastructure. Perhaps, more importantly however, the report revealed that many of the nation’s foundational public and private systems continue to face challenges in implementing coordinated efforts to secure those systems from cyber threats, save for notable progress in a few sectors. As regulators and legislators continue to explore the best methodologies of protection and dispatch resources to address the country’s cyber threats, critical infrastructure entities must remain vigilant to stay current on the latest industry standards, best practices and procedures, technological advances and legal obligations. This alert summarizes the latest audit conducted by the GAO and the responses of the federal agencies to those recommendations.
Background
In February 2013, President Obama issued Executive Order (EO) 13636, entitled “Improving Critical…