December 2011

Critical Infrastructure Protection: Cybersecurity Guidance is Available, but More can be Done to Promote its Use

This paper discusses the use of cybersecurity guidance to protect US critical infrastructures. Critical infrastructures can be defined as systems and assets critical to the nation’s security, economy, and public health and safety. Most critical infrastructures are owned by the private sector. These assets rely on networked computers and systems, thus making them susceptible to cyber-based risks. Managing such risk involves the use of cybersecurity guidance that promotes or requires actions to enhance the confidentiality, integrity, and availability of computer systems.

This is a work of the US government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO.

Download: