Infrastructure plans the Department of Homeland Security (DHS) so...

House Homeland Security Committee in a letter Tuesday. A June 2006 DHS National Infrastructure Protection Plan told its own units and other agencies involved in communications and 16 other sectors, such as emergency services and information technology, to describe how, working with regulated industries, they would identify infrastructure assets and threats to them. Reviewing nine such plans, which DHS released May 21, GAO found they varied in detail and utility. As written, the reports will not help DHS “plan future protective measures,” said Eileen R. Larence, GAO Homeland Security and Justice Issues director. “It is also unclear how far along each sector actually is in identifying assets, setting priorities and developing activities to protect key assets.” Eight of the nine plans do not offer incentives for private-sector infrastructure owners to assess risks voluntarily; only one, water treatment, wrote up its assets in a comprehensive manner, Larence said. Among sectors notable for inadequately defining assets was communications. The DHS cybersecurity office left out the human factor, a key element in sector security, she said. For these plans and reports to be of any use, DHS should “better define its critical infrastructure information needs,” and “better explain how this information will be used to build the private sector’s trust and attract more users,” Larence said.