I am currently a candidate for a Masters in Infrastructure Planning and Management (IPM) at the University of Washington. In my recent class on Transportation Infrastructure we prepared a response to a question regarding the Department of Homeland Security's (DHS) National Infrastructure Protection Plan (NIPP).
The question posed is in the box below....however, to answer the question a brief history of the NIPP and its development post 9/11 is summarized.
I think you will find this an interesting read and may make you wonder about the true value of the NIPP in today's environment.
Enjoy!
Ernie
######
Assigned
Question
Do you think that the infrastructure protection plan as
proposed by the Department of Homeland Security accounts for infrastructure
neglect? Should it? Could this lack of maintenance of transportation
infrastructure potentially be a much greater concern than terrorist attack or
climate change? Would our national resources be better spent on maintenance
activities as opposed to protection or adaption?
Introduction
The question posed above is one that requires some
background history and assimilation prior to finally offering a view. Therefore, this discussion first highlights
the history of the National Infrastructure Protection Plan (NIPP) – its genesis
and modification. Then at the end of the
discussion responses to the questions posed above for this assignment are
provided.
Genesis of National Infrastructure Protection Plan
On December 17, 2003, Homeland Security Presidential
Directive - 7 (HSPD -7)[1]
was issued by President George H. W. Bush.
The stated purpose of this Directive was:
1. This directive establishes a
national policy for Federal departments and agencies to identify and prioritize
United States critical infrastructure and key resources and to protect them
from terrorist attacks.
Similarly in the Policy portion of HSPD-7 the emphasis again
was on protecting critical assets from terrorist attack. Paragraph 7 notes:
Later in HSPD-7 regarding implementation of the HSPD,
Paragraph 27 notes that the Secretary of Homeland Security is to “…produce a comprehensive, integrated National
Plan for Critical Infrastructure and Key Resources Protection… The remaining implementation requirements
are shown below:
In summary, HSPD was originally focused on protecting
critical infrastructure from terrorist attacks with assigned responsibilities
to the Secretary of Homeland Security.
The implementation directive was not specific to terrorist threats;
however, it was inferred in the purpose of the HSPD and ultimate implementation
mandates.
In 2006 the first issue of the National Infrastructure Protection Plan (NIPP) was issued by
Department of Homeland Security (DHS) Chertoff.
The specific goal of the NIPP was noted below from Page 1 of the
document. As the reader can observe the
focus is intended to prevent, deter,
neutralize, or mitigate effects…by terrorists…That is the key emphasis of
this plan and in this writer’s opinion.
But, it is agreed that there is some parenthetical response to “…natural disasters and other emergency.”
The theme of Secretary Chertoff’s Preface in the first NIPP
was still primarily focused on terrorist threats although there was some
discussion about protection of CI/KR from natural disasters. Overall, however, the term “Attacks” was used
repeatedly throughout the document (I stopped counting at 20 instances) and not
once was there reference to climate or climate change – only “natural disasters.”
And upon a quick survey the term “natural disasters” was almost always used in
the same sentence with “terrorist.”
The conclusion of the 2006 NIPP is that it was issued in
response to the terrorist threat which was in keeping with HSPD-7 issued in
2003 following the terrorist events of 9/11.
2009 NIPP
A new version of the NIPP was promulgated in 2009. The goal of the NIPP remained the same as the
2003 edition except it showed the evolution of the programs and processes first
introduced in 2006 and was developed collaboratively with the CI/KR partners of
all levels of government and private sector.
Again the emphasis still appears to be focused on terrorist
attacks with minimal inclusion of references to natural disasters and no
references to climate change.
On a statistical note the term “Attack” is used 114 times;
“terrorist” is used 157 times; and “natural disaster” is used 37 times, and
“climate change” is not used at all in the 2009 NIPP.
NIPP 2013 Partnering for Critical
Infrastructure Security and Resilience
In February 2013, President Obama issued Presidential Policy
Directive 21 (PPD-21), Critical Infrastructure Security and Resilience[2], which
explicitly calls for an update to the NIPP. As noted by the 2013 NIPP, this
update is informed by significant evolution in the critical infrastructure
risk, policy, and operating environments, as well as experience gained and
lessons learned since the NIPP was last issued in 2009. The revised NIPP expands the view of the
threats to critical infrastructure as depicted in the graphic (Figure 2) from
page 8 of the NIPP.
As the reader can observe
the focus on terrorist attacks has been substantially reduced to a more
balanced perspective along with extreme weather, accidents, cyber-attacks, etc.
Also, as a comparison, the term “terrorist” is only used six
times in the 2013 NIPP thus demonstrating a more balanced approach to
protection of critical infrastructure.
The 2013 NIPP also demonstrated a more balanced approach to
critical infrastructure protection when it included the seven core tenants
listed below:
- Risk should be identified and managed in a coordinated and comprehensive way across the critical infrastructure community to enable the effective allocation of security and resilience resources.
- Understanding and addressing risks from cross-sector dependencies and interdependencies is essential to enhancing critical infrastructure security and resilience.
- Gaining knowledge of infrastructure risk and interdependencies requires information sharing across the critical infrastructure community.
- The partnership approach to critical infrastructure security and resilience recognizes the unique perspectives and comparative advantages of the diverse critical infrastructure community
- Regional and State, Local Tribal and Territorial (SLTT) partnerships are crucial to developing shared perspectives on gaps and actions to improve critical infrastructure security and resilience.
- Infrastructure critical to the United States transcends national boundaries, requiring cross-border collaboration, mutual assistance, and other cooperative agreements
- Security and resilience should be considered during the design of assets, systems, and networks.
Overall, the NIPP from its inception in 2003 to the 2013
edition has evolved from one focused on terrorist attacks and defense to one of
a more balanced, all-hazard approach.
The 2013 NIPP has also provided an updated approach to not only critical
infrastructure security but also to resilience.
Responses to Discussion Questions
With the background history provided, my responses to the
questions posed include the following:
· Do you think
that the infrastructure protection plan as proposed by the Department of
Homeland Security accounts for infrastructure neglect?
o Sadly, the NIPP of 2003 and 2009 were both very
focused on terrorist attack and defense and as such infrastructure neglect was
not even considered. The 2013 NIPP does
allude to a more holistic approach, especially in Tenant #7 that discusses “Security and resilience … considered during
the design, of assets, systems and networks.”
o On page 18 of the 2013 NIPP there is a discussion
focused on risk management that takes into consideration the following
elements:
§ Identify,
Deter, Detect, Disrupt, and Prepare for Threats and Hazards
§ Reduce Vulnerabilities
§ Mitigate
Consequences
Of interest, the “Reduce Vulnerabilities”
element includes a statement “Employ siting considerations when locating new infrastructure,
such as avoiding floodplains, seismic zones, and other risk-prone
locations.” This appears to at least try
to address some elements of extreme weather (possibly due to climate change)
for new designs but again, I did not see any discussion specific to maintaining
and upgrading current infrastructure.
That said, the “siting considerations” can be – and should be – included
in current infrastructure maintenance and upgrades as well as for new critical
infrastructure such as roads, etc.
Under the discussion “Mitigate
Consequences” there is a bullet that also could be related to current infrastructure
– “Repair or replace damaged
infrastructure with cost-effective designs that are more secure and resilient.” Hence, there is a subtle element of support
to improving infrastructure with “…designs that are more secure and resilient…”
but only if they are damaged. Not if
they are currently usable but need upgrades for increased resilience.
·
Should it?
o Yes, it makes sense that emphasis on
infrastructure should be sustained as well as improved via such approaches as
corrective and preventive maintenance, design upgrades and improvements,
etc. As a suggestion to the future
editions of the NIPP there needs to be particular emphasis and focus on current
assets as well as future ones. Also, the
future NIPP editions should allow for some means of assessment and
prioritization of current assets for design upgrades and corrective/preventive
maintenance regardless of whether the infrastructure has failed (yet) or
not.
o As I prepared this discussion I was reminded of
Professor Jan Whittington’s research report Making
Room for the Future: Rebuilding California’s Infrastructure where her
research along with David Dowall observed that “California has a deferred maintenance crisis in its hands…extensive
deferred maintenance backlogs in…transportation facilities.” Here was an example where there was no
policy guidance in the state of California to perform maintenance on its key
assets. Hence, one could observe a parallel
issue with the US NIPP and its failure to really emphasize performance of
maintenance on critical assets such as roads and bridges.
· Could this lack
of maintenance of transportation infrastructure potentially be a much greater
concern than terrorist attack or climate change?
o As you look at this issue across the entire
United States and across all transportation infrastructure one could make a
case that the concern should be greater than that of a terrorist attack or
climate change primarily due to the probability of occurrence is high for most
transportation infrastructure and the number of opportunities for failure are
high – especially when considering the number of vehicles traveling on the
roads and each vehicle can offer a potential “event” and harm to the
infrastructure. Compare this to the
number of hurricanes per season where the frequency of events is lower but the impact
his much, much higher.
o For instance when you do a risk analysis of risk
vs. consequence, the terrorist consequence can be very high but the probability
or likelihood of the event is low. Hence
we have the classic low probability – high consequence event. The same applies to climate change when you
look at such events as Katrina or Super Storm Sandy. However, when you look at the probability of
a transportation infrastructure failure anywhere across the US on a daily – or
even hourly basis – the probability is high but the consequences may be less
than (in most but not all cases) than a terrorist or major storm event. So, in all, the integral of the equation so
to speak may reveal that the transportation failures occur more frequently than
terrorist attacks/climate change effects which could lead to higher costs in
dollars and human life over a one year time period than the results of a year’s
worth of terrorist attacks and climate change events such as storms.
o The Federal Highway Administration includes an
“integrated risk assessment” approach as alluded to in the paragraph above
where they discuss climate change vulnerability assessment pilots.[3]
o Optimally it would useful to have a comparison of
the number of terrorist attacks for a specific geographic area versus the
number of transportation infrastructure failures (e.g., bridges) for the same
period of time to get a sense of probabilities.
As part of this thought experiment the following graphics were located
on the Internet to help give a sense of “direction” for this comparison. However, it is agreed that they are not a
true “apples to apples” comparison.
Here is a graphic showing bridge failures.
And here is a graphic showing
terrorist attacks:
Unfortunately I could not locate
any data for the same time period to do an honest comparison either by events
per year or costs per year.
· Would our
national resources be better spent on maintenance activities as opposed to
protection or adaption?
o This is a balancing act that requires policies to
help ensure the funds and resources are spent on the right things. Again, as shown in Dr. Whittington’s study,
the State of California is not tasked with anti-terrorism activities yet they
still did not spend money on infrastructure maintenance due to population rapid
growth and focus on new assets. Also,
with most infrastructure being covered by the states and local entities, you
again have a conflict between anti-terrorism dollars (Federal), dollars for
climate change remediation (unknown contributor – Federal or State), and
dollars for infrastructure maintenance State and local). However, it is important to note that with
the minimal amount of funds being used to pay for infrastructure maintenance
today, any increase in resources to improve current asset integrity and safety
would be better than the status quo. This
is especially true since replacing all the assets with new, safer and more
secure facilities is not financially reasonable or fiscally reasonable. And, the added taxes for such efforts would
not be accepted by the general population because they don’t have ready
visibility to how bad the current circumstances are in spite of the studies
from the American Society of Civil Engineers.
Bibliography
"Bridges 101 - What Causes a Bridge
Failure." Because I Can. January 31, 2012. http://becauseicantn.wordpress.com/2012/01/31/bridges-101-what-causes-a-bridge-failure/
(accessed May 10, 2014).
Department of Homeland Security Science and
Technology Center of Excellence, University of Maryland. "National
Consortium for the Study of Terrorism and Responses to Terrorism: Annex of
Statistical Information." US Department of State. April 2014.
http://www.state.gov/j/ct/rls/crt/2013/224831.htm (accessed May 10, 2014).
Dowell, David E., and Jan Whittington. Making
Room for the Future: Rebuilding California's Infrastructure. Research
Publication, San Francisco: Public Policy Institute of California, 2003.
US Department of Homeland Security. "Homeland
Security Presidential Directive - 7: Critical Infrastructure Identification,
Prioritization, and Protection." US Department of Homeland Security.
December 17, 2003.
https://www.dhs.gov/homeland-security-presidential-directive-7 (accessed May
10, 2014).
US Department of Homeland Security. National
Infrastructure Protection Plan (2006). Washington, D.C.: US Department of
Homeland Security, 2006.
US Department of Homeland Security. National
Infrastructure Protection Plan (2009). Washington, DC: US Department of
Homeland Security, 2009.
US Department of Homeland Security. National
Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure
Security and Resilience. Washington, D.C.: US Department of Homeland
Security, 2013.
US Department of Transportation Federal Highway
Administration. Climate Change Vulnerability Assessment Pilots. March
27, 2014. http://www.fhwa.dot.gov/environment/climate_change/adaptation/ongoing_and_current_research/vulnerability_assessment_pilots/conceptual_model62410.cfm
(accessed May 10, 2014).
