Federal and state officials have questioned the National Critical Infrastructure Prioritization Program’s relevance and usefulness, and believe it does not consider the most prevalent infrastructure threats, such as cyber attacks.
The program, run by the Cybersecurity and Infrastructure Security Agency (CISA), is intended to identify the critical infrastructure assets in most need of protection. The program’s list is then used to inform the awarding of preparedness grants to states. CISA is shifting its focus from simply protecting a set of critical assets to improving the resilience of critical functions, such as supplying water. But, the Government Accountability Office (GAO) says it could do more to communicate this shift.
Nine of 12 CISA officials and all 10 of the infrastructure stakeholders that the government watchdog interviewed questioned the relevance and usefulness of the program. Stakeholders said for instance that the program’s list was not reflective of the cyber threat.
The majority of the critical infrastructure stakeholders GAO met with said that cyber attacks from inside actors, foreign adversaries, and others were among the most prevalent threats…
