US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

DHS and the Information Technology Sector Coordinating Council Release Information Technology Sector Baseline Risk Assessment

Release Date: 
August 25, 2009

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010

IT Sector Baseline Risk Assessment (PDF, 114 pages - 3.37 MB)

The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) today released the IT Sector Baseline Risk Assessment (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security.

“The IT Sector Baseline Risk Assessment is an example of what can happen when public and private sector partners work together and represents a major step forward in mitigating risks to critical infrastructure functions that are essential to both homeland and economic security,” said DHS Assistant Secretary for Cybersecurity and Communications Gregory Schaffer. “While elements of the assessment have already been adopted, the establishment of this iterative platform for assessing IT sector risk will also enable us to address ever more sophisticated threats.”

The IT sector provides products and services that support the efficient operation of today’s global information-based society. The critical IT sector functions addressed in the assessment include:

  • IT products and services;
  • Incident management capabilities;
  • Domain name resolution services;
  • Identity management and associated trust services;
  • Internet-based content, information and communications services; and
  • Internet routing, access and connection services.

“Private sector owners and operators of this nation’s critical infrastructure manage risk on behalf of their customers and their internal operations every day, and the risk assessment validates the overall resiliency of that infrastructure.  Industry and government, however, need to understand the risk across the entire IT Sector,” said IT SCC Chairman Bob Dix. “This dynamic process and its tangible results provide an opportunity to collectively manage risk at the national level, and we are already working on applying the findings of the IT Sector Baseline Risk Assessment to better mitigate risk, making the IT sector and the nation more resilient and secure.”

The ITSRA validates the resiliency of key elements of IT sector infrastructure while providing a process by which public and private sector owners and operators can continually update their risk management programs. The assessment links security measures to concrete data to provide a basis for meaningful infrastructure protection metrics.

In addition, the ITSRA identified overarching areas for additional study that will further enhance the sector’s resiliency, including further evaluation of the risks to the identity management function; analysis of the risks of manmade unintentional threats; and evaluation of the feasibility of establishing a national-level testing and simulation risk assessment capability.

For more information or to read the IT Sector Baseline Risk Assessment, please visit http://www.dhs.gov/xlibrary/assets/nipp_it_baseline_risk_assessment.pdf (PDF, 114 pages - 3.37 MB) and www.it-scc.org.

###

Back to Top