DHS release critical infrastructure protection plan
DHS has releases its much anticipated critical infrastructure and IT protection plan
DHS has completed a new plan for critical infrastructure. Following the lead, and building on the President’s National Strategy for Homeland Security, DHS’s National Infrastructure Protection Plan (NIPP) aims to provide clearly defined critical infrastructure protection roles and responsibilities for all levels of government, private industry, and nongovernmental agencies. NIPP also fulfills several requirements of the Homeland Security Presidential Directive (HSPD) 7 and the Homeland Security Act of 2002.
According to DHS, NIPP “represents an unprecedented initiative at all levels of government and among private industry, tribal partners and nongovernmental agencies, to build an overarching structure that integrates critical infrastructure security efforts, sets protection goals and supporting objectives, and focuses resources according to risk.” During two weeks of review DHS received nearly 10,000 comments from the public. While completing revisions of the NIPP, DHS worked closely with federal, state, local and tribal factions. “The NIPP is the path forward on building and enhancing protective measures for the critical infrastructure assets and cyber systems that sustain commerce and communities throughout the United States,” said Under Secretary for Preparedness George Foresman for DHS.
In the HSPD 7, seventeen critical infrastructures are identified as needing better protective actions to combat possible terrorism and disaster. Those sectors include:
—agriculture and food
—energy
—public health and healthcare
—banking and finance
—drinking waters and water treatment systems
—information technology
—telecommunications
—postal and shipping
—transportation systems including mass transit, aviation, maritime, ground or surface, and rail and pipeline systems
—chemical;
—commercial facilities
—government facilities
—emergency services
—dams
—nuclear reactors, materials and waste
—the defense industrial base
—national monuments and icons
A key component of the NIPP is a risk-management framework designed to be dynamic and constantly changing and improving. “The risk-management framework establishes the processes for combining consequence, vulnerability and threat information to produce a comprehensive, systematic and rational assessment of national or sector risk,” reads the NIPP. “The risk-management framework is tailored and applied on an asset, system, network, or function basis, depending on the fundamental characteristic of the individual sectors.”
DHS suggests that because the assets in the information technology and telecommunications sectors are diverse, a bottom-up approach to managing risk may be appropriate. Each sector has been assigned to a specific federal department. The information technology and telecommunications sectors, of which wireless is a part, have been assigned to DHS’ Office of Cybersecurity & Telecommunications. Individual plans for each infrastructure, termed as “Sector-Specific” will be devised in collaboration with respective agencies and released within the next 180 days.