The Department of Homeland Security (DHS) Office of Inspector General (OIG) says that the Cybersecurity and Infrastructure Security Agency (CISA) needs to update plans for protecting critical infrastructure. CISA Director Jen Easterly said that an updated plan will be in by Sept. 30, 2022.
In a new report, the OIG found that CISA isn’t able to demonstrate how its oversight has improved Dams Sector security and resilience due to inadequate management of Dams Sector activities. According to the report, CISA hasn’t:
- Coordinated or tracked Dam Sector activities;
- Updated overarching national critical infrastructure or Dams Sector plans; or
- Collected and evaluated performance information on Dams Sector activities.
Additionally, CISA doesn’t provide information to the Federal Emergency Management Agency (FEMA) to help FEMA address pressing needs of the Dams Sector and the two agencies haven’t coordinated their flood mapping information.
“Finally, CISA does not effectively use the Homeland Security Information Network Critical Infrastructure Dams Portal to provide external Dams Sector stakeholders with critical information,” the OIG said. “As a result, CISA could improve its oversight, coordination, and communication to better support the Dams Sector security and resilience.”
OIG made five recommendations for improving the Dams Sector security and resilience. DHS concurred with all five recommendations. Among those, include:
- Updating the Dams Sector-Specific Plan that aligns with the updated National Infrastructure Protection Plan under development;
- Formalize CISA’s organizational structure to clarify roles, responsibilities, coordination processes, and reporting procedures related to CISA’s role as a Sector-Specific Agency for the Dams Sector;
- Establish policies, procedures, and performance metrics to help ensure CISA consistently assess the impact of all programs and activities and that CISA assess their effectiveness in the role of Sector-Specific Agency for the Dams Sector;
- “Strengthen coordination with FEMA by establishing Memorandums of Understanding, Interagency Agreements, or other documented strategies to formally define CISA’s and FEMA’s roles and responsibilities for information sharing and analytical collaboration for grant decision-making related to safety, security, and resilience of dams, as well as the use and applicability of numerical simulation models, flood inundation tools, and supporting geospatial mapping capabilities to support emergency preparedness and incident response;” and
- Develop and implement a strategy for Dams Sector stakeholders to use the HSIN-CI Dams Portal to its fullest potential.
Easterly said the National Infrastructure Protection Plan will be updated by Sept. 30, 2022, and a clarification of roles and responsibilities by March 31, 2022.