Protecting critical infrastructure such as water supplies, electricity grids, and food production is a national priority. Events like natural disasters or cyber attacks can disrupt services that Americans need for daily life. Many federal agencies are tasked with protecting the nation’s critical infrastructure and look to the Cybersecurity and Infrastructure Security Agency (CISA) for leadership on how to do it.
A 2021 law, the William M. (Mac) Thornberry National Defense Authorization Act (FY21 NDAA), expanded these agencies’ responsibilities and added some new ones. CISA is working on guidance and more to help agencies implement these responsibilities and a new report from the Government Accountability Office (GAO) urges CISA to set timelines for completing this work.
During GAO’s research, some officials from various critical infrastructure agencies described new activities to address the responsibilities set forth in the act, and many reported having already conducted related activities. For example, the act added risk assessment and emergency preparedness as responsibilities not previously included in a key directive for sector risk management agencies. New…
