National Critical Infrastructure Resilience
Critical Infrastructure Preparedness
Systematic preparedness for threats posing the greatest national security risks against our nation’s critical infrastructures include acts of terrorism, cyber attacks, pandemics, and catastrophic natural disasters. Strengthening all-hazards (physical and cyber) security preparedness is a critical public and private shared responsibility requiring national critical infrastructure owners and operators and the government to work together as one
The Security Threat Landscape
The security threat landscape continues to expand globally at an incredible pace not only within the nation’s health sector, but across all national national critical infrastructures, representing an environment vulnerable to sector and cross-sector cascading impacts.
Cyber and physical security are no longer two separate environments. Security must be addressed from an “all-hazards” risk-based intelligence and information sharing approach, moving from a reactive to a proactive stance.
Cyber security response protocols and emergency operations protocols must be aligned on a local, state, regional and national level to ensure and enable critical infrastructure resilience.
Close to 90% of the nation’s critical infrastructures are owned and operated by the private sector.
Critical infrastructures represent the assets, systems and networks (physical or virtual), so vital to the United States that incapacitation or destruction would have debilitating and catastrophic sector and cross-sector cascading impacts. Protecting and ensuring the continuity and resilience of our national critical infrastructures are essential to the nation’s security, public health and safety, economic vitality and way of life.
Presidential Directives / National Infrastructure Protection Plan (NIPP)
To achieve these goals, Presidential Directives after 9/11 established the National Infrastructure Protection Plan (NIPP), providing the unifying public/private protection framework and assigning a Federal Sector-Specific Agency (SSA) to establish and implement their respective Sector-Protection-Plan (SPP) including:
Public/Private Coordinating Council – Government Coordinating Council (GCC)
representing federal, state, loca, tribal and territorial governments, and the Sector Coordinating Council (SCC) representing the private sector.
Information Sharing and Analysis Centers (ISACs)
are recognized by their respective sector critical infrastructure owners and operators, federal sector-specific agency (SSA), Sector Coordinating Council (SCC), Intelligence Agencies (DHS, NSA, FBI), the National Institute of Standards and Technology (NIST), and the National Council of ISACs (NCI Directorate).
As defined in the National Infrastructure Protection Plan and NIST security standards: “ISACs are privately led sector-specific organizations advancing physical and cyber security critical infrastructure protection by establishing and maintaining collaborative frameworks for operational interaction between and among members and external partners.
The National Council of ISACs
represents all national critical infrastructures providing the framework and forum supporting valuable interaction across all national critical infrastructures (between and among the ISACs, private sectors, and government) ensuring sector and cross-sector interaction, security intelligence information sharing, countermeasure solutions, incident response, leading practice and education.).
2011 Presidential Directive (PPD-8)
strengthened US security and resilience via 5 core national preparedness capabilities – Prevention, Protection, Mitigation, Response & Recovery.
February 2013 Presidential Directive PPD-21
– Critical Infrastructure Security and Resilience. PPD21 advances a national unity of effort to strengthen and maintain secure, functioning and resilient critical infrastructure.
February 2013 Presidential Executive Order 13636
improves critical infrastructure cybersecurity. NIST was given the responsibiilty to develop a cybersecurity framework to reduce cybersecurity risks for critical infrastructure.The Framework will consist of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations.
Now is the time for the nation’s critical infrastructure owners and operators to take a national leadership role, working through their respective ISAC and Sector Coordinating Council have a leading “defining voice” responsibility and opportunity to work in collaboration with government to define, implement and improve security protection strategies, standards, policies, legislation and trusted partnerships.