Critical Infrastructure Protection: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts [Reissued on September 17, 2014]. Some excerpts from the report:

Damage from natural disasters like Hurricane Sandy in 2012 highlights the vulnerability of the nation’s CI. CI includes assets and systems whose destruction would have a debilitating effect on security, national economic security, or national public health or safety. The private sector owns the majority of the nation’s CI, and multiple federal entities, including DHS, are involved in assessing its vulnerabilities. These assessments can identify factors that render an asset or facility susceptible to threats and hazards. GAO was asked to review how federal entities assess vulnerabilities.

This report examines the extent to which DHS is positioned to (1) integrate DHS vulnerability assessments to identify priorities, (2) identify duplication and gaps within its coverage, and (3) manage an integrated and coordinated government-wide assessment approach. GAO reviewed CI laws, regulations, data from fiscal years 2011-13, and other related documentation, as well as interviewed officials at DHS, other agencies, and a private CI association.

What GAO Recommends: GAO recommends that DHS identify the areas assessed for vulnerability most important for integrating and comparing results, establish guidance for DHS offices and components to incorporate these areas into their assessments, ensure that assessment data are consistently collected, and work with other federal entities to develop guidance for what areas to include in vulnerability assessments, among other things. DHS concurred with these recommendations.