New National Infrastructure Protection Plan Released

A new version of the National Infrastructure Protection Plan (NIPP) was released yesterday.

I’ve extracted and attached the full Table of Contents (4 pages) and the Executive Summary (6 pages) as separate documents.  Both are worth reading, if only to identify the parts of the full document you may want to read more closely.  For a super-compact summary, I’ve included a short excerpt from the Preface, and a list of the major sections of the document in this post.

[Update 02/25: DHS Released an "NIPP Consolidated Snapshot" (2 pages), which I've linked to here.]

The Preface to the 2009 NIPP, written by former DHS Secretary Michael Chertoff, states:

“The NIPP meets the requirements that [President Bush] set forth in Homeland Security Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and provides the overarching approach for integrating the Nation’s many CIKR (Critical Infrastructure and Key Resources) protection initiatives into a single national effort.  It sets forth a comprehensive risk management framework and clearly defined roles and responsibilities for the Department of Homeland Security; Federal Sector-Specific Agencies; and other Federal, State, regional, local, tribal, territorial, and private sector partners implementing the NIPP.”

The NIPP has an Executive Summary, 7 main sections, and 6 appendices:

• Executive Summary
• 1. Introduction
• 2. Authorities, Roles, and Responsibilities
• 3. The Strategy: Managing Risk
• 4. Organizing and Partnering for CIKR Protection
• 5. CIKR Protection as Part of the Homeland Security Mission
• 6. Ensuring an Effective, Efficient Program Over the Long Term
• 7. Providing Resources for the CIKR Protection Program
• Appendix 1: Special Considerations (Cross-Sector Cybersecurity and International CIKR Protection)
• Appendix 2: Summary of Relevant Statutes, Strategies, and Directives
• Appendix 3: The Protection Program
• Appendix 4: Existing Coordination Mechanisms
• Appendix 5: Integrating CIKR Protection as Part of the Homeland Security Mission
• Appendix 6: S&T Plans, Programs, and Research & Development

Overview of Napolitano’s Action Directives

In her first 10 days in office, new Homeland Security Secretary Janet Napolitano has issued 12 “action directives” focused on specific homeland security areas.  Here’s an overview of all the action directives, including their purpose and a brief look at what they may indicate for Homeland Security policy in the Obama administration.

What is an action directive?

According to the DHS press release, action directives “instruct specific offices and agencies to gather information, review existing strategies and programs, and to provide oral and written reports” by a specified date.  The dates are specified separately for each directive.

So essentially the action directives are reviews of existing programs.  Although the action directives do not direct any changes to the programs under review, the specific areas each directive specifies for review give an indication of programs that may begin seeing changes after the reviews are complete.

List of Action Directives

The list of action directives follows.  I’ve listed all the relevant dates for each directive as [Date issued / date oral presentations due / date written reports due].  I’ve linked each directive in this list to the DHS press release that includes it.

Note: Although the initial press release didn’t give both oral and written dates for the 5 action directives issued on that date, based on the press releases for the other action directives, this appears to be an error, and I’ve made the assumption that all 5 of those directives have the same oral and written response dates.  No date was specified for oral presentations for the last action directive (immigration and border security).

• [Jan 21 / Jan 28 / Feb 10]: Critical Infrastructure Protection
• [Jan 21 / Jan 28 / Feb 10]: Risk analysis
• [Jan 21 / Jan 28 / Feb 10]: State and local information sharing
• [Jan 21 / Jan 28 / Feb 10]: Transportation security
• [Jan 21 / Jan 28 / Feb 10]: State, local, and tribal integration
• [Jan 23 / Feb 03 / Feb 17]: Cyber security
• [Jan 23 / Feb 10 / Feb 17]: Northern border strategy
• [Jan 27 / Feb 09 / Feb 23]: FEMA state and local integration
• [Jan 27 / Feb 09 / Feb 23]: National planning
• [Jan 28 / Feb 10 / Feb 24]: First responder health surge capacity
• [Jan 28 / Feb 10 / Feb 24]: Hurricane Katrina
• [Jan 30 / None / Feb 20]: Immigration and border security

Brief Analysis:

Although immigration and border security was the last action directive issued, it is by far the longest and most specific directive, while at the same time allowing the shortest time between issuance of the directive and due date for the final report.  This may be a reflection of Secretary Napolitano’s experience with immigration, but in any case it indicates a likely increase in emphasis on immigration and border security compared to the previous administration.

The other theme clearly evident in many of the action directives is interoperability and integration, integration, integration.  Napolitano stated during her confirmation hearing that a primary focus under her watch would be integration of DHS agencies into a single cohesive agency, and the action directives reflect that.

• DHS Press Release Jan 21: First 5 action directives
• DHS Press Release Jan 23: Cyber security and Northern border strategy
• DHS Press Release Jan 27: FEMA  state and local integration and National planning
• DHS Press Release Jan 28: First responder health surge capacity and Hurricane Katrina
• DHS Press Release Jan 30: Immigration and border security

DHS IG Report: DHS’ role in fusion centers

The DHS Office of Inspector General issued a report last week on “DHS’ Role in
State and Local Fusion Centers”.  The report was issued in response to a request from U.S. Representative Bennie G. Thompson, Chairman of the House Committee on Homeland Security.

The report reviews successes and challenges in detail, and makes 7 recommendations.  The DHS Office of Intelligence and Analysis (DHS I&A) is the organization in DHS responsible for fusion centers, and the report states that I&A agreed with all 7 recommendations, and “has proposed plans and taken action that, once fully implemented, will reduce a number of the deficiencies…identified.”

Here’s a summary of the recommendations:

1. Improve responses to Requests for Information, and identify designated points-of-contact between I&A and fusion centers for information needs.
2. Expand training courses, including adding additional course locations (not just Washington D.C.), and exploring online training.
3. Integrate all relevant I&A division roles and responsibilities into the fusion center program.
4. Review and increase assignments of DHS staff to fusion centers.
5. Develop measurable performance standards for the fusion center program, and justify continued costs.
6. Improve interconnectivity among the multiple unclassified and classified information systems used to share and obtain information from fusion centers.
7. Explore funding options and identify sufficient resources for the fusion center program.  This includes providing staff to the State and Local Program Office to oversee and manage the program.

Regardless of intent, whether or not any of these recommendations are implemented will ultimately come down to funding.  To this end, recommendations #4 (increase DHS staff assigned to fusion centers), #6 (improve interconnectivity among systems), and the 2nd half of #7 (providing staff to oversee and manage the program) are probably the least likely to be implemented in the near future.  But expect funds for some or all of these to be requested in the DHS FY2010 budget.

• Full report
• DHS Office of Intelligence & Analysis (I&A)
• DHS Fusion Center Program

Executive order on lab biosecurity

President Bush issued an executive order last week establishing a working group to review biosecurity at U.S. labs and issue a report to the President within 180 days with “recommendations for any new legislation, regulations, guidance, or practices for security and personnel assurance” and “options for establishing oversight mechanisms.”  The order covers “federal and nonfederal facilities that conduct research on, manage clinical or environmental laboratory operations involving, or handle, store, or transport biological select agents and toxins.”

Insufficient biosecurity at U.S. labs was highlighted in the report from the Commission on the Prevention of  WMD Proliferation and Terrorism released last month.  In response to that report, the Senate Committee on Homeland Security and Governmental Affairs indicated it may introduce legislation to strengthen lab security as well.

There is considerable overlap in purpose between the new working group and the Senate committee efforts, and the Commission has undoubtedly done some of the investigative work outlined in the executive order.  So the new working group may serve more as a platform to ensure executive branch agency cooperation and input into new legislation than as an actual investigative body.

• White House press release – Executive Order: Strengthening Laboratory Biosecurity in the United States
• Report: Commission on the Prevention of  WMD Proliferation and Terrorism
• Senate Homeland Security and Governmental Affairs Committee press release

Biological terrorism warnings gaining increased attention

Concerns about the risk of biological attack on the United States have led the list of potential threats in 3 important reports released in December, making it increasingly likely that both policy and technology to combat biological terrorism will be at the forefront of HS policy in the Obama administration.

• WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism: The bi-partisan Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism released this long-awaited report on December 4th about the current state of the WMD threat against the U.S..  The report states that the odds are greater than ever that the world will see an attack using a biological or nuclear weapon in the next five years, with biological weapons considered the greatest threat.
• Ready or Not? Protecting the Public’s Health from Diseases, Disasters, and Bioterrorism: Trust for America’s Health (TFAH) and the Robert Wood Johnson Foundation (RWJF) released the sixth annual Ready or Not? report, which finds that progress made to better protect the country from disease outbreaks, natural disasters, and bioterrorism is now at risk, due to budget cuts and the economic crisis.  In addition, the report concludes that major gaps remain in many critical areas of preparedness, including surge capacity, rapid disease detection, and food safety – all of which could increase the damage from a biological attack.
• DHS Homeland Security Threat Assessment for the years 2008-2013: This intelligence assessment predicts that in the next five years, terrorists will try to carry out a catastrophic biological attack.
  • NOTE: This assessment was marked “for official use only,” but was leaked to the media the week of Dec. 22.  Since I don’t condone leaking details of reports not intended for public distribution, I won’t include any links to the report or to any details of it until/unless it’s officially released for public distribution.

• Update 01/08/2009: The threat of biological terrorism was emphasized at at a Washington Institute Special Policy Forum Wednesday, with speakers including current Assistant to the President for Homeland Security and Counterterrorism Ken Wainstein and former CIA Counterterrorist Center department chief Charles “Sam” Faddis.

Public Exposure: Both the WMD Commission report and the DHS threat assessment received widespread coverage on mainstream media outlets, including Fox, CBS, MSNBC, and the Los Angeles Times.

Expectations: In my post on the WMD Commission report, I said to expect alot more focus on biological terrorism, including legislation and funding for both R&D and increasing capabilities.  In addition, as these reports gain more public exposure, and as voters become more numb to bad financial news, expect alot more political attention on homeland security and biological terrorism, especially from U.S. Senators who will be up for re-election in 2010.

GAO faults agencies for lack of coordination on interoperability

According to a report from the Government Accountability Office (GAO) released on December 12, DHS, DOJ, and the Treasury Department are no longer coordinating with each other to develop a nationwide federal wireless communications service for use by first responders.  The report, requested by Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-CT)  and Ranking Member Susan Collins (R-ME), found the different departments are now working on individual interoperability projects rather than implementing the Integrated Wireless Network (IWN) program.

• Press release
• Full report
• IWN program overview

Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

• Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
• Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
• Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
  • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
  • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
• DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
• Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
• Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information:

• Commission on Cybersecurity for the 44th Presidency
• Report: Securing Cyberspace for the 44th Presidency
• Report offers warnings and recommendations for cybersecurity
• Chertoff urges caution on potential of new cybersecurity laws
• U.S. not ready for cyber attack
• U.S. urged to go on offensive in cyber war
• DHS Rebuttal: Getting the facts straight on cybersecurity

Report offers warning and recommendations on cybersecurity

From The Providence Journal:

The Center for Strategic and International Studies (CSIS), a Washington-based think tank that specializes in national security issues, on December 8th released a year-long study of how the Obama administration can fight threats to the security of the nation’s computer systems — private as well as public.

The report, titled Securing Cyberspace for the 44th Presidency, is intended to draw attention to computer hacking, the theft of electronic information and related dangers of the Internet Age. It may also spark controversy with such suggestions as making the White House the center of a national “cyber security” effort.

“This is not some hypothetical catastrophe,” James A. Lewis, the chief of the study commission, said in a preview of the report on cyber security in September. “We are under attack and taking damage,” said Lewis.

CSIS assembled the 55-member commission that produced the report after more than a dozen secret meetings and several public ones that took testimony from scores of experts on computer technology, the Internet, information security and related fields.

• Full story
• Full report

DHS IG report recommends greater HSIN responsiveness

From Homeland Security Today:

The information-sharing network of the Department of Homeland Security (DHS) must do a better job of meeting its customers needs, concluded a report from the department’s inspector general (IG) released December 5th.

The IG report, titled “DHS’ Efforts to Improve the Homeland Security Information Network” (HSIN), found widespread dissatisfaction with the capabilities of the data network from state and local officials searching it for information. The department is upgrading the HSIN to its next generation version, which it argues will resolve many of the concerns about the existing network.

The report recommends that DHS provide resources to improve relationships with its HSIN users and provide them with adequate opportunities to provide feedback on the network. The department also should develop scenario-based training for stakeholders, include performance metrics in any future HSIN developments, and make clear how it uses the information in HSIN.

• Full story
• Full report
• History of the HSIN (GCN)

Report: Commission on the Prevention of WMD Proliferation and Terrorism

The bi-partisan Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism released a long-awaited report on December 4th about the current state of the WMD threat against the U.S..  The report received fairly wide coverage in both the main-stream press and on the Internet.  I’ve summarized information from a number of sources here; I haven’t read the full report yet myself, but I’ll update this post again after I’m finished reading it.

Summary:

The report:

• States that the odds are greater than ever that the world will see an attack using a biological or nuclear weapon in the next five years.
• Criticizes Bush administration domestic and foreign policy.
• Offers wide-ranging recommendations on controlling biological agents and containing nuclear proliferation.
• Offers recommendations for Congress to solve problems with oversight and funding.
• Singles out Pakistan as the top security priority for the United States.

Recommendations:

Here are many of the key recommendations in the report:

• Overall Terrorist Threat:
  • Work with Pakistan and other countries in the region to eliminate terrorist safe havens through military, economic and diplomatic means.
  • Secure nuclear and biological materials in Pakistan.
  • Counter and defeat extremist ideology.
• Biological Terrorism:
  • Call an international conference of countries with major biotechnology industries to promote biosecurity.
  • Strengthen global disease surveillance networks.
  • Press for universal adherence to the Biological Weapons Convention.
• Nuclear Terrorism
  • Constrain a nascent nuclear arms race in Asia.
  • Take steps to prevent Iran and North Korea from possessing uranium enrichment or plutonium reprocessing capabilities.
  • Set strong penalties for violators who withdraw from the Nuclear Non-Proliferation Treaty.
  • Strengthen the International Atomic Energy Agency.
  • Employ further counter-proliferation efforts.
  • Work with Russia to secure its nuclear materials.
• Presidential Oversight:
  • Create a new post in the White House to oversee government efforts to prevent a WMD attack.
• Congressional Oversight:
  
  • Empower the Homeland Security panels in the House and Senate as the sole oversight committees for these issues (as opposed to the 16 House committees and 15 Senate committees that share jurisdiction on these issues now).
  • Create a new Intelligence Appropriations Subcommittee to fund both national and military intelligence.
    • From CQ Politics: Congress ignored similar recommendations from the original 9-11 commission, which issued its report in mid-2004.

Criticisms:

There has been some skepticism and criticism of the report, and a down-playing of the report conclusions, both by homeland security veterans and members of Congress.  Much of the criticism stems from the reports’ tone of urgency and lack of emphasis on explosives and other low-tech threats.  As mentioned in Homeland Security Watch, “There’s a noticeable demotion of chemical and high explosives in the WMD threat embraced by the report.”

Official Reactions:

Senate: In a hearing Thursday, the Senate Homeland Security and Governmental Affairs Committee indicated a willingness to consider legislation to strengthen safety and security at private and federal laboratories that work with deadly biological pathogens.  Read here for more details on the committee hearing.

UPDATE 12/22: Chairman of the Senate Committee on Homeland Security and Government Affairs, Joseph Lieberman (ID-CN) and Ranking Member Susan Collins (R-ME) announced plans to introduce legislation to tighten oversight of high containment laboratories around the country that could handle deadly biological pathogens.  Click here to view the press release.

Bush Administration: Despite the report’s criticisms of US policies, the White House welcomed what it said was proof of Bush’s strong security record.  “Under President Bush’s leadership, extensive progress has been made on securing the world’s weapons of mass destruction and protecting our citizens from a WMD attack,” White House spokesman Scott Stanzel said.

Obama Administration: There is some expectation that many of the reports’ recommendations will be accepted and implemented by the Obama administration.  As reported by CQ Politics: “Several of the commissioners have advised the Obama campaign or transition, and several recommendations square with Obama’s policy views. Among the panel members, Wendy Sherman is a national security “team leader” in Obama’s transition, and Richard Verma serves on his defense transition team.” The Boston Globe reported that President-elect Obama will probably implement the recommendation for creating a position of WMD anti-proliferation chief at the White House, citing three unnamed Obama advisers.

Overall Summary:

The report will probably influence homeland security policy and funding for the next 4 years.  Diplomatically and militarily, expect an increased focus on Pakistan.  In the U.S., expect greater focus and spending on defense against biological attacks, including new legislation and rules to prevent pathogens from falling into terrorist hands through labs.  Consider preparing plans and grant requests to improve detection of and response to biological attacks.  Expect an increase in R&D funding for technology to detect and identify biological threats and verify adherence to nuclear and biological non-proliferation agreements.

Links:

• Report press release
• Commission web site
• Full report (PDF)
• Commission chair Senator Bob Graham’s official statement to the Senate Homeland Security and Governmental Affairs Committee
• UPDATE 10/22: Q&A with Commission chair Senator Bob Graham

Additional articles and posts about the report:

• Washington Post
• Voice of America News
• CQ Politics
• HSToday
• Space War
• Homeland Security Watch
• Armchair Generalist