Summary: To better protect the nation's critical computer-dependent infrastructures from computer-based attacks and disruption, the President issued Presidential Decision Directive (PDD) 63 in 1998. The directive established the National Infrastructure Protection Center as a national focal point for gathering information on threats and facilitating the federal government's response to computer-based incidents. This report evaluates the center's progress in (1) developing national capabilities for analyzing cyber threat and vulnerability data and issuing warnings, (2) enhancing its capabilities for responding to cyber attacks, and (3) developing outreach and information-sharing initiatives with government and private-sector entities. GAO found that although the center has taken some steps to develop analysis and warning capabilities, the strategic capabilities described in PDD 63 have not been achieved. The center has provided important support to the Federal Bureau of Investigation's investigations of computer crimes by coordinating investigations and providing technical assistance. The center has also developed crisis management procedures and drafted an emergency law enforcement sector plan, which is now being reviewed by sector members. The center's information-sharing relationships are still evolving and will probably have limited effectiveness until reporting procedures and thresholds are defined and trust relationships are established.
