This week the Government Accountability Office (GAO) published a report on “Critical
Infrastructure Protection: Time Frames to Complete CISA Efforts Would Help
Sector Risk Management Agencies Implement Statutory Responsibilities”. This report was presented as
the prepared testimony of Tina Won Sherman, GAO, before a
hearing of the Subcommittee on Cybersecurity and Infrastructure Protection
of the House Homeland Security Committee on March 23rd, 2023. This
is essentially a follow-up to a February GAO report on
the same topic.
Section 9002 of the William M. (Mac) Thornberry National
Defense Authorization Act for Fiscal Year 2021 (PL 116-238, 134 STAT.
4768) changed many of the duties of the Sector Risk Management Agencies (SRMAs)
when it added §2215 to the Homeland Security Act of 2002 (6
USC 665d). This report looks at actions that CISA could be (and is planning
on) taking to support those additional SRMA duties.