The Government Accountability Office has found that the Department of Homeland Security performs risk assessments for critical infrastructure across the three sectors – nuclear reactors, materials and waste; critical manufacturing; and transportation systems – that GAO evaluated.
GAO said in a report published Monday that DHS incorporates the three risk elements into its assessments and those include threats, vulnerabilities and consequences.
The report showed that risk assessments work to help critical infrastructure operators and owners carry out measures to mitigate risks and build up security posture.
Six representatives from the private sector cited threat data as the most useful risk information since it helps facilitate response to security risks among critical infrastructure owners.
The congressional watchdog also found that DHS uses assessment results to guide its strategic planning, Quadrennial Homeland Security Review and outreach efforts for infrastructure operators.
DHS officials noted that they use risk data following an incident to expedite the identification and prioritization of critical infrastructure operators and owners in order to guide their recovery assistance and response outreach initiatives.