National Infrastructure Protection Plan (NIPP)

2 The NIPP Provides a Strategic Context for Infrastructure Protection/Resiliency Dynamic threat environment  Natural Disasters  Terrorists  Accidents  Cyber Attacks A complex problem, requiring a national plan and organizing framework  18 Sectors, all different, ranging from asset-focused to systems and networks  Outside regulatory space (very few security-focused regimes)  85% privately owned  100% in State and local jurisdictions

3 18 Sectors & Sector-Specific Agencies  DHS coordinates the overall national effort to enhance CIKR protection and resiliency through the implementation of the NIPP  Sector-specific agencies lead the activities in each of 18 sectors and develop and implement Sector-Specific Plans  DHS leads 11 of the sectors  IP leads six of these sectors

4 Sector Partnership Model  Critical infrastructure protection and resiliency are the shared responsibilities of Federal, State, local, tribal, and territorial governments, regional coalitions, and the owners and operators of the Nation’s CIKR  NIPP outlines their roles & responsibilities  Also describes the information-sharing environment & communications Council functions include comprehensive planning, methodology development, risk assessment, protective programs & resiliency strategies, incident management, training, exercises, identification of R&D requirements

5 Partnership Structures Regional Consortium Coordinating Coalitions Critical Infrastructure Partnership Advisory Council Sector Coordinating Councils Government Coordinating Councils CIKR Owners & Operators Government Counterparts CIKR Initiatives Integration Using Existing Regional Coalitions Overarching Framework

6 NRF CIKR Support Annex  Provides the bridge between the NIPP “steady-state” approach for CIKR protection and the NRF incident management doctrine  Addresses recommendations of the Hurricane Katrina after-action review Steady State Incident Management CIKR Support Annex

7 NIPP – NRF : The Full Spectrum of Incident Management Prevention Preparedness Response Recovery Mitigation Post-Incident Incident Pre-Incident

8 NRF Coordination Structure Joint Field Office Regional Response Coordination Center National Operations Center (NOC) Incident Advisory Council (IAC) State Emergency Operations Center Multiagency Coordination Entity  Strategic coordination Multiagency Coordination Centers/EOCs  Support and coordination Incident Command  Directing on-scene emergency management NIMS Role JFO Coordination Group Area Command Incident Command Post Field Level Regional Level National Level Local Emergency Operations Center The NRF includes slight variations of the base structure for terrorism response and Federal-to- Federal support An Area Command is established when needed due to the complexity or number of incidents. Role of regional components varies depending on scope and magnitude of the incident. Multiagency Coordination System

9 JFO Coordination Group Office of Inspector General Operations Section Logistics Section Planning Section Finance and Admin Senior Federal Law Enforcement Official State, Local and Tribal Representative(s) Other Senior Federal Officials Federal Coordinating Officer JFO Coordination Staff JFO Sections External Affairs Chief of Staff Liaison Officer Safety Coordinator Security Officer Infrastructure Liaison Others as needed Defense Coordinating Officer (DCO) Principal Federal Official Joint Field Office The JFO is the focal point for coordination of Federal support to on-scene incident management efforts

10 National Infrastructure Protection Plan

11 HSPD-5 HSPD-7 HSPD-8 The Homeland Security Act of 2002 established an Assistant Secretary for Infrastructure Protection, responsible for assessing vulnerabilities of key resources and critical infrastructures and developing a comprehensive national plan. In 2006, P.L , Section 550 directed the regulation of high risk chemical facilities. HSPD-9 Strategic Drivers National strategies for Homeland Security, Cyber Security, and Physical Protection of CIKR provided high level goals and priorities for the Office of Infrastructure Protection. HSPDs provide inter-related and focused policy guidance in the areas of incident management, critical infrastructure protection, and national preparedness. The 2005 / 08 hurricanes affirmed IP’s important mission and central role in preparedness. HSPD-19 Department of Homeland Security Appropriations Act of 2007 The DHS Appropriations Act of 2007 charged IP with creating a chemical security regulatory program. The Appropriations Act of 2008 also requires Ammonium Nitrate regulations. STAKEHOLDER INTERACTION

12 Critical Infrastructure & Key Resources (CIKR) Critical Infrastructure: Systems and assets, whether physical or virtual, so vital to the United States that the incapacitation or destruction of such systems and assets would have a debilitating impact on national security, national economic security, public health or safety, or any combination of those matters Key Resources: Publicly or privately controlled resources essential to the minimal operations of the economy or government Why is CIKR Protection Important?  Essential to the Nation’s security, public health and safety, economic vitality, and way of life

13 National Infrastructure Protection Plan Build a safer, more secure, and more resilient America by preventing, deterring, neutralizing, or mitigating the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit elements of our Nation’s CIKR and to strengthen national preparedness, timely response, and rapid recovery of CIKR in the event of an attack, natural disaster, or other emergency.

14 National Infrastructure Protection Plan  A comprehensive plan and unifying structure for the government and the private sector to improve protection and resiliency of critical infrastructure and key resources, including  Partnership model & information sharing  Roles & responsibilities  Risk management framework  Authorities  Integration with other plans  Building a long-term program  Providing resources & prioritizing investments  Contributes to both steady-state (non-incident) risk management and incident management  Drives IP’s programs/activities, guides those of  Other Federal agencies and departments  State, local, tribal, and territorial governments  CIKR owners and operators

15 Sector-Specific Plans (SSPs)  Tailor application of the NIPP risk management framework to each of the CIKR sectors  Address the unique characteristics and risk landscapes of each sector  Sector-Specific Agencies (SSAs) partnered with Sector Coordinating Councils (SCCs) and Government Coordinating Councils (GCCs) to develop the SSPs  SSPs were released in May 2007 and underwent annual review in 2008  SSPs will undergo a triennial review for reissue in 2010

16 Goal and Objectives Build a safer, more secure, and more resilient America by enhancing protection of the Nation’s CIKR Roles & Responsibilities Federal State Local Private Sector Managing Risk Goals Identify Assets, Systems, and Networks Assess Risk Prioritize Implement Protective Programs and Resiliency Strategies Measure Effectiveness Organizing & Partnering Sector Partnership Model  Government Coordinating Councils (GCCs)  Sector Coordinating Councils  Federal Senior Leadership Council  State, Local, Tribal, and Territorial GCC  Regional Consortium Coordinating Council Relationship to Other Plans & NIPP Outreach National Response Framework Building National Awareness Education and Training R&D Resources for CIKR Protection National CIKR Protection Annual Report Sector CIKR Protection Annual Reports Sector Security Goals (example) Rapidly reconstitute critical sector assets, systems, networks, and functions after national and regional emergencies. Plan for emergencies and crises by participating in exercises and updating response and continuity of operations plans. Educate stakeholders on infrastructure resiliency and risk management practices in the sector. Ensure timely, relevant, and accurate threat information sharing between the law enforcement and intelligence communities and key decision makers in the sector. Establish effective, cross-sector coordination mechanisms to address critical interdependencies, including incident situational awareness, and cross-sector incident management. CIKR Identification Assets Systems Networks Functions Risk Assessments Industry Self Assessments – Corporate process National Sector Risk Assessment – Government sponsored Cross Sector Dependency Analysis – Government sponsored Protective Programs Cultivate existing programs Address high risk areas identified by risk assessments Priority based, linked to goals and related risks Measuring Effectiveness Core NIPP Metrics Specific sector goals Protective programs NIPP Base Plan (2009)18 Sector-Specific Plans (2007) National Infrastructure Protection Plan

17 NIPP Risk Management Framework The NIPP describes processes to:  Set Goals and Objectives  Identify Assets, Systems, and Networks  Assess Risk (Consequences, Vulnerabilities, and Threats)  Prioritize  Implement Protective Programs & Resiliency Strategies  Measure Effectiveness

18 Overview of Key Changes NIPP  Improvements to 2006 NIPP do not change underlying policy  2009 NIPP integrates the concepts of resiliency and protection and broadens the focus of NIPP-related programs and activities to the all-hazards environment  Changes reflect suggestions and comments received from our partners as well as:  Release of SSPs in 2007  New HSPDs, national strategies, and legislation  Establishment of Critical Manufacturing as the 18th CIKR sector  Designation of Education as a subsector of Government Facilities  Formation of the Regional Consortium Coordinating Council (RCCC)  Release of the Chemical Facility Anti-Terrorism Standards (CFATS)

19 Infrastructure Liaison  Principal advisor to the JFO Coordination Group regarding all national and regional CIKR incident-related issues  Maintains operational control over all IP staff assigned to support the JFO  Principal functions include:  Act as the liaison between the national-and regional-level CIKR, the private sector, and the JFO  Coordinate CIKR and ESF issues between the JFO Coordination Group and IP representatives located at the NOC, IAC, and NRCC  Provide situational awareness on the affected CIKR and periodic updates to the JFO Coordination Group  Serve as the senior advocate within the JFO for CIKR issues within the JFO and to support the prioritization of response and restoration efforts  Leverage private sector relationships to support response and recovery efforts

20 Stafford Act General Framework for Assistance (Section 402/403) Section 403(a):  authorizes FEMA “to provide assistance essential to meeting immediate threats to life and property resulting from a major disaster.”  direct Federal assistance – either by using, lending, or donating to State and local governments Federal equipment, supplies, facilities, personnel, and other resources; or by distributing through States/locals medicine, food, and other consumable supplies, and other services and assistance to disaster victims. Section 403(a)(1), (2) Limiting Factors:  403(a)(1), (2) authorize assistance only to “State and local governments” or certain “private non-profit” entities  Aid not routinely available to for-profit entities; however, such entities may be indirect or incidental beneficiaries of Federal assistance in appropriate circumstances

21 CIKR RFA Determinations Issues to be considered in supporting an RFA Contribution of the requested assistance to meeting public safety & health goals  Contribution of the requested assistance to meeting response/restoration priorities established by the SCO/FCO  Requestor’s capability to resource the requested assistance from their own capabilities  Alternative means and timing of providing the requested assistance  Benefit of providing the requested assistance to the restoration of a local community critical resources/capability  Benefit of providing the requested assistance to meeting critical regional/national CIKR needs  Benefit/cost of redirecting the requested resource or capability from other priority requirements  Prioritization adjudication JFO(PFO/FCO/IL)  NRCC (IL/IP supported)  IAC  Potential for cost share by requestor

22 Major CIKR Concerns/Issues Access and Credentialing Evacuation and re-entry plans and routes Status of  Electricity  Water  Telecommunications  Roads Resource and supply confiscation

23 Networked Information Sharing

24 Cross-Sector Coordination Agriculture/Food Banking & Finance Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy Government Facilities Information Technology National Monuments & Icons Nuclear Postal & Shipping Healthcare and Public Health Transportation Systems Water Regional Consortium Coordinating Council Cross-Sector Cybersecurity Working Group State, Local, Tribal, and Territorial Government Coordinating Council CIKR Cross-Sector Council Federal Senior Leadership Council