What is critical infrastructure?
Critical infrastructure is the assets,
systems, and networks, whether physical, or virtual, so vital to the United
States that their incapacitation or destruction would have a debilitating
effect on security, national economic security, public health or safety.
Federal, state, and local governments throughout the United States use critical
infrastructure on a daily basis. Key necessities to everyday life such as
power, water, transportation systems, and communication devices are controlled
by the internet. A significant portion of the United States critical
infrastructure is owned and managed by the private sector. If critical
infrastructure is ever disabled or disrupted in any significant way, would
result in catastrophic loss of life or catastrophic economic loss. The first National Strategy for Homeland
Security signed by George W. Bush on July 16, 2002 identifies 13 critical sectors.
The critical infrastructure sectors consist of Agriculture, Food, Water, Public
Health, Emergency Services, Government, Defense Industrial Base, Information
and Telecommunications, Energy, Transportation, Banking and Finance, Chemical
Industry and Hazardous Materials, and Postal and Shipping. Critical
infrastructure is essential to all Americans safety and way of life.
HSPD-7: Critical Infrastructure
Identification, Prioritization, and Protection (December 17,
2003)
This directive established a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks. It was the first to issue roles and responsibilities to Sector Specific Agencies based on their agency’s mission, including: (a) collaborating with all relevant federal agencies, state and local governments, and the private sector; (b) conducting or facilitating vulnerability assessments of sector infrastructures; and (c) developing risk management strategies to protect against and mitigate the effects of attacks against sector assets. The agencies charged with specific responsibilities included:
·
Department of
Agriculture-agriculture, food meat, poultry, egg product
·
Health and Human
Services-public health, healthcare, and food (other than meat, poultry, egg
products)
·
Environmental
Protection Agency-drinking water and water treatment systems
·
Department of
Energy-energy, including the production refining, storage, and distribution of
oil and gas, electric power except for commercial nuclear power facilities
·
Department of
Treasury-banking and finance
·
Department of the
Interior-national monuments and icons
·
Department of
Defense-defense industrial base
Note: Homeland Security Presidential Directives
(HSPDs) are executive orders issued by the President of the United States,
pursuant to advice and counsel received from the Executive Cabinet,
particularly the National Security Council.
The directives articulate national security policy and carry the
"full force and effect of law", particularly with regard to members
of the Executive Branch of government.
The National Infrastructure Protection Plan (NIPP)
NIPP, administered as a result of HSPD-7, provides a unifying framework for critical infrastructure and key asset protection activities. The plan is complemented with sector-specific annexes that detail sector-specific planning, response, and coordination bodies for effective disaster preparedness and incident response. It also provides the overarching framework for a structured partnership between government and the private sector for protection of critical infrastructure. “The NIPP was developed by critical infrastructure partners including federal departments and agencies, state and local government agencies, and private sector entities. First released in 2006, the revised NIPP integrates the concepts of resilience and protection, and broadens the focus of NIPP-related programs and activities to an all-hazards environment. The department oversees NIPP management and implementation.
(A) Prevent
(B) Deter
(C) Neutralize
(D) Enhance protection of critical infrastructure
Critical
Infrastructure Partnership Advisory Council (CIPAC)
The
CIPAC serves as a forum for government and private sector CIKR partners to
engage in a broad spectrum of activities including: planning, coordination,
implementation, and operational issues; implementation of security programs;
operational activities related to CIKR protection including incident response,
recovery, and reconstitution; and development and support of national plans,
including the NIPP and Sector-Specific Plans.
Fusion
Center’s role in Critical Infrastructure
Fusion Centers shall
identify and have access to CIKR-related data resources and repositories that
are needed to conduct analysis based on the mission of the center, the findings
of the Statewide/Regional Risk Assessment, and the center’s defined Information
Requirements. Fusion Centers shall support CIKR
related exercises conducted by Federal, State and regional officials or
organizations responsible for Critical Infrastructure Protection activities, in
order to validate the center’s operations, policies, and procedures and
training activities and shall develop action plans to mitigate any identified
gaps. Fusion Centers shall establish processes to utilize the information
collected from security partners and other sources to inform the assessment of
security risks and enhance the protection and resiliency of critical
infrastructure. To accomplish this, Fusion Centers shall provide the necessary
CIKR tools and resources for analysis of information and data. They should have
the ability to:
(A) Collect, store and share classified and unclassified CIKR
data;
(B) Collect data via secure means, either remotely at CIKR
sites, or locally at Fusion Centers;
(C) Allow limited access to
private sector entities, in accordance with established legal frameworks (such
as the Protected Critical Infrastructure Information (PCII) program), to
facilitate data collection directly from CIKR owners and operators;
(D) Access a comprehensive set of
tools and resources to develop and implement critical infrastructure programs;
(E) Allow the user to manage the collection and effective use of
CIKR-related data; and
(F) Focus on pre-incident
prevention and protection but also assist in post-incident response and
recovery operations.
The PCII program was created by Congress under the Critical Infrastructure Information (CII) Act of 2002. It offers protection to CII voluntarily shared with government entities for homeland security purposes. Typically, when information is shared with the Federal government it becomes a public record and may be accessed through public disclosure laws, unless additional protections are applied. The PCII Program works with various government partners to integrate PCII protections into their data-collection processes. This offers a way for government security analysts to access CII while owners/operators of critical infrastructure are assured that their information is protected from public disclosure. Program safeguards ensure that only trained and authorized individuals, with a need-to-know, access PCII and only use it for homeland security purposes.
Glen A. Watson Jr.
Homeland Security Graduate Assistant
University of the District of Columbia
Homeland Security Department
No comments:
Post a Comment