Thursday, January 2, 2014

National Infrastructure Protection Plan (NIPP) - Released Dec 2013

On December 20, 2013, the newly revised National Infrastructure Protection Plan (NIPP) was issued by the US Department of Homeland Security.  NIPP 2013: Partnering for Critical Infrastructure Security and Resilience is available on the DHS Web site along with a Fact Sheet.    

President Obama's February 2013 Presidential Policy Directive 21 (PPD-21) regarding needed improvements in critical infrastructure security and resilience called for an update to the NIPP which was originally issued in 2006 and revised in 2009.  PPD-21, Critical Infrastructure Security and Resilience, explicitly calls for the development of an updated national plan. The directive builds on the work done to date to protect critical infrastructure, and describes a national policy to 1) share threat information, 2) reduce vulnerabilities, 3) minimize consequences, and 4) hasten response and recovery efforts related to critical infrastructure. It also identifies 16 critical infrastructure sectors, listed in the box below: 

The document is 57 pages long and includes some history on the evolution of the NIPP.  There are a few useful graphics regarding the new threats to critical infrastructure (page 8) and how the NIPP 2013 elements help sustain improved security of the critical assets (page 6).

A useful table showing the different critical infrastructure sectors and the assigned Federal agency responsibilities is shown below (Table 1, Page 11).  This table gives you a good sense of the different sectors and how cross-coordination is intended to operate.

Finally the document includes a Call to Action that highlights 12 separate actions aimed at enhancing national critical infrastructure security and resilience.  A summary list of the actions are:

Build Upon Partnership Efforts
1)  Set National Focus through Jointly Developed Priorities
2)  Determine Collective Actions through Joint Planning Efforts
3)  Empower Local and Regional Partnerships to Build Capacity Nationally
4)  Leverage Incentives to Advance Security and Resilience

Innovate in Managing Risk
5)  Enable Risk-Informed Decision Making through Enhanced Situational Awareness
6)  Analyze Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects
7)  Identify, Assess, and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents
8)  Promote Infrastructure, Community, and Regional Recovery Following Incidents
9)  Strengthen Coordinated Development and Delivery of Technical Assistance, Training, and Education
10)  Improve Critical Infrastructure Security and Resilience by Advancing Research and Development Solutions

Focus on Outcomes
11)  Evaluate Progress toward the Achievement of Goals
12)  Learn and Adapt During and After Exercises and Incidents

Key Take-Aways

This document is a reference on understanding the background of the National Infrastructure Protection Plan and gives the reader a high-level sense of the policy and objectives for protecting our national critical infrastructure.  It is probably useful to know that this document exists but more specific details on how infrastructure is protected will be in sector-specific plans and plans developed by the infrastructure owners and operators.