Because of the Government’s and Nation’s reliance on interconnected computer systems to support critical operations and infrastructures, poor information security could have devastating implications for the country. It is important to maintain the integrity, confidentiality, and availability of important Federal computerized operations. Despite this, Federal computer systems have significant pervasive weaknesses that continue to put critical operations and assets at risk. Federal agencies continue to have deficiencies in their entitywide security programs that are critical to their success in ensuring that risks are understood and that effective controls are selected and implemented. Outreach efforts by numerous Federal entities to establish cooperative relationships with and among private and other nonfederal entities have raised awareness and prompted information sharing. However, efforts to perform substantive analyses of sector-wide and cross-sector interdependencies and related vulnerabilities have been limited. Federal agencies have taken initial steps to develop critical infrastructure protection plans; but significant weaknesses continue to be identified in their computer-based controls. A major impediment to implementing strategy is the lack of a national plan that clearly delineates the roles and responsibilities of Federal and nonfederal entities and defines interim objectives. It is recommended that the Assistant to the President for National Security Affairs endure that a more fully defined strategy to address computer-based threats be developed that addresses this impediment. It will be important that this strategy be coordinated with the counterterrorism efforts undertaken by the newly established Office of Homeland Security. 38 notes