In 1997, a Presidential Commission on Critical Infrastructure Protection concluded that the national critical infrastructures – energy, banking, transportation, vital human services, and telecommunications – were vulnerable to attack through the malicious use of commonly available tools. On May 22, 1998, as a result of the Commission's findings, the President issued
Presidential Decision Directive 63 (PDD 63), Critical Infrastructure Protection. PDD 63 required Federal agencies to take action to eliminate significant vulnerabilities, especially cyber-related, and to assure the continuity and viability of the nation's critical infrastructures. The objective of our audit was to determine whether the Department's implementation of PDD 63, Critical Infrastructure Protection, was achieving its intended purpose.