New National Infrastructure Protection Plan Released

A new version of the National Infrastructure Protection Plan (NIPP) was released yesterday.

I’ve extracted and attached the full Table of Contents (4 pages) and the Executive Summary (6 pages) as separate documents.  Both are worth reading, if only to identify the parts of the full document you may want to read more closely.  For a super-compact summary, I’ve included a short excerpt from the Preface, and a list of the major sections of the document in this post.

[Update 02/25: DHS Released an “NIPP Consolidated Snapshot” (2 pages), which I’ve linked to here.]

The Preface to the 2009 NIPP, written by former DHS Secretary Michael Chertoff, states:

“The NIPP meets the requirements that [President Bush] set forth in Homeland Security Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and provides the overarching approach for integrating the Nation’s many CIKR (Critical Infrastructure and Key Resources) protection initiatives into a single national effort.  It sets forth a comprehensive risk management framework and clearly defined roles and responsibilities for the Department of Homeland Security; Federal Sector-Specific Agencies; and other Federal, State, regional, local, tribal, territorial, and private sector partners implementing the NIPP.”

The NIPP has an Executive Summary, 7 main sections, and 6 appendices:

  • Executive Summary
  • 1. Introduction
  • 2. Authorities, Roles, and Responsibilities
  • 3. The Strategy: Managing Risk
  • 4. Organizing and Partnering for CIKR Protection
  • 5. CIKR Protection as Part of the Homeland Security Mission
  • 6. Ensuring an Effective, Efficient Program Over the Long Term
  • 7. Providing Resources for the CIKR Protection Program
  • Appendix 1: Special Considerations (Cross-Sector Cybersecurity and International CIKR Protection)
  • Appendix 2: Summary of Relevant Statutes, Strategies, and Directives
  • Appendix 3: The Protection Program
  • Appendix 4: Existing Coordination Mechanisms
  • Appendix 5: Integrating CIKR Protection as Part of the Homeland Security Mission
  • Appendix 6: S&T Plans, Programs, and Research & Development

Obama pushes security upgrades for seaports & emergency communications

From Government Security News:

As President Obama put some meat on the bones of his promised infrastructure revitalization plan, it became clear yesterday that strengthening security at the nation’s seaports and improving first responder communications networks are two areas likely to receive federal funding in the short term.

In his Saturday radio and Internet address on Jan. 24, Obama provided more details than ever on his “American Reinvestment Plan,” aimed at creating or saving three to four million jobs.

In addition to repairing traditional roadways and mass transit systems, said Obama, infrastructure revitalization “means protecting America by securing 90 major ports and creating a better communications network for local law enforcement and public safety officials in the event of an emergency.”

HSPD 25 & NSPD 66: Arctic Region Policy

On Friday, President Bush issued a presidential directive, designated as both Homeland Security Presidential Directive (HSPD) 25 and a National Security Presidential Directive (NSPD) 66, which “establishes the policy of the United States with respect to the Arctic region and directs related implementation actions.”

Although the directive mentions national security and homeland security needs first in all areas, the majority of the implementation actions relate to international relations, the economy, and protection of the environment and natural resources.  And as such, the directive is likely to have a greater impact on the Department of State (designated in all 7 policy areas outlined – see below for details) than on DHS (designated in 3 of the 7) or DoD (designated in 2 of the 7).

Here’s a quick summary of the major sections, and a few highlights.

In the “Background” section, the directive states that it “takes into account several developments, including, among others:

  1. Altered national policies on homeland security and defense;
  2. The effects of climate change and increasing human activity in the Arctic region;
  3. The establishment and ongoing work of the Arctic Council; and
  4. A growing awareness that the Arctic region is both fragile and rich in resources.”

The “Policy” section is divided into 7 areas (with designated agencies) as follows:

  • National Security and Homeland Security Interests in the Arctic (Depts of State, Defense, and Homeland Security),
  • International Governance (State),
  • Extended Continental Shelf and Boundary Issues (State),
  • Promoting International Scientific Cooperation (State, Interior, Commerce, and NSF),
  • Maritime Transportation in the Arctic Region (State, DoD, Transportation, Commerce, and DHS),
  • Economic Issues, Including Energy (State, Interior, Commerce, and Energy), and
  • Environmental Protection and Conservation of Natural Resources (State, Interior, Commerce, DHS, and EPA).

Each of these 7 policy areas includes both statements about policy and specific implementation directives.  Although only a handful of the implementation directives directly address national security and homeland security, several of the other directives have some dual-use, with some application to homeland security and defense, even though that’s not the primary stated purpose.

There is a single paragraph at the end discussing the need for additional resources to achieve the implementation directives. However, it’s not specific about funding sources, instead simply stating that “The heads of executive departments and agencies with responsibilities relating to the Arctic region shall work to identify future budget, administrative, personnel, or legislative proposal requirements to implement the elements of this directive.”

In terms of DHS, the Coast Guard is likely to be most impacted by this directive, so it’s likely that the Coast Guard will request more funds for operations in the Arctic region in coming years.  Whether they get them is far too early to tell.

Executive order on lab biosecurity

President Bush issued an executive order last week establishing a working group to review biosecurity at U.S. labs and issue a report to the President within 180 days with “recommendations for any new legislation, regulations, guidance, or practices for security and personnel assurance” and “options for establishing oversight mechanisms.”  The order covers “federal and nonfederal facilities that conduct research on, manage clinical or environmental laboratory operations involving, or handle, store, or transport biological select agents and toxins.”

Insufficient biosecurity at U.S. labs was highlighted in the report from the Commission on the Prevention of  WMD Proliferation and Terrorism released last month.  In response to that report, the Senate Committee on Homeland Security and Governmental Affairs indicated it may introduce legislation to strengthen lab security as well.

There is considerable overlap in purpose between the new working group and the Senate committee efforts, and the Commission has undoubtedly done some of the investigative work outlined in the executive order.  So the new working group may serve more as a platform to ensure executive branch agency cooperation and input into new legislation than as an actual investigative body.

Biological terrorism warnings gaining increased attention

Concerns about the risk of biological attack on the United States have led the list of potential threats in 3 important reports released in December, making it increasingly likely that both policy and technology to combat biological terrorism will be at the forefront of HS policy in the Obama administration.

  • WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism: The bi-partisan Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism released this long-awaited report on December 4th about the current state of the WMD threat against the U.S..  The report states that the odds are greater than ever that the world will see an attack using a biological or nuclear weapon in the next five years, with biological weapons considered the greatest threat.
  • Ready or Not? Protecting the Public’s Health from Diseases, Disasters, and Bioterrorism: Trust for America’s Health (TFAH) and the Robert Wood Johnson Foundation (RWJF) released the sixth annual Ready or Not? report, which finds that progress made to better protect the country from disease outbreaks, natural disasters, and bioterrorism is now at risk, due to budget cuts and the economic crisis.  In addition, the report concludes that major gaps remain in many critical areas of preparedness, including surge capacity, rapid disease detection, and food safety – all of which could increase the damage from a biological attack.
  • DHS Homeland Security Threat Assessment for the years 2008-2013: This intelligence assessment predicts that in the next five years, terrorists will try to carry out a catastrophic biological attack.
    • NOTE: This assessment was marked “for official use only,” but was leaked to the media the week of Dec. 22.  Since I don’t condone leaking details of reports not intended for public distribution, I won’t include any links to the report or to any details of it until/unless it’s officially released for public distribution.
  • Update 01/08/2009: The threat of biological terrorism was emphasized at at a Washington Institute Special Policy Forum Wednesday, with speakers including current Assistant to the President for Homeland Security and Counterterrorism Ken Wainstein and former CIA Counterterrorist Center department chief Charles “Sam” Faddis.

Public Exposure: Both the WMD Commission report and the DHS threat assessment received widespread coverage on mainstream media outlets, including Fox, CBS, MSNBC, and the Los Angeles Times.

Expectations: In my post on the WMD Commission report, I said to expect alot more focus on biological terrorism, including legislation and funding for both R&D and increasing capabilities.  In addition, as these reports gain more public exposure, and as voters become more numb to bad financial news, expect alot more political attention on homeland security and biological terrorism, especially from U.S. Senators who will be up for re-election in 2010.

FEMA’s relationship to DHS drawing attention and debate

One of the most important decisions President-elect Obama will face when his administration takes over DHS is whether to leave FEMA as a part of DHS, or remove it from DHS and make it a cabinet-level agency, as it was before DHS was formed.  Members of Congress, stakeholders, and prominent organizations are taking sides on the issue, but it’s not clear yet what stance the Obama administration will take.

[UPDATE 05/15: CQ Politics reports that on Wednesday 5/13, Secretary Napolitano stated that the Obama administration supports keeping FEMA within DHS; but one day later, Rep. James Oberstar (D-MN) said that he will continue his push to remove FEMA from DHS, despite opposition from the administration.  Give some credit to the dedicated folks at FEMA who’ve had to endure the uncertainty of this long-running debate, because apparently it’s not over yet.]

House: Rep. James Oberstar (D-MN), chairman of the House Transportation and Infrastructure Committee wrote to President-elect Obama on Dec. 17 to demand the removal of FEMA from DHS, declaring that its placement in the larger agency impedes its ability to serve as a “quick response” agency.  In response, Rep. Bennie Thompson (D-MS) Rep. wrote to Obama Dec. 19 strongly disagreeing with Oberstar, saying that FEMA should remain in DHS, but that Obama should appoint someone to lead FEMA who has a strong relationship with Obama.

Senate: Senator Mary Landrieu (D-LA), chairwoman of the Senate Homeland Security Disaster Recovery Subcommittee, has stated that she doesn’t recommend removing FEMA from DHS at this point, but she’s open to the concept and wouldn’t resist it if the new administration made the decision to make the change.  Landrieu told Homeland Security Secretary-designate Janet Napolitano that “there were still some senators that felt strongly about it staying where it is, some that were kind of open to change and others that would really recommend that it be made independent”, and that “it should be open to discussion.”

Update 01/15/09: Senator Joe Lieberman (I-CT), the chair of the Senate Committee on Homeland Security and Governmental Affairs, and Senator Susan Collins (R-ME), the ranking Republican member, urged Janet Napolitano at her confirmation hearing not to remove FEMA from DHS.

Bush Administration: The Bush administration made the decision to include FEMA in DHS, and still supports that decision.  Michael Chertoff has publicly stated that he opposes removing FEMA from DHS, and has cautioned his successor from making any major changes to DHS.

Obama Administration: The Obama administration has not taken a public stance on either side of the issue.  Senator Landrieu said Napolitano is “testing the waters” with Congress to find out how members of Congress feel about the issue.  Landrieu emphasized that Napolitano didn’t say removing FEMA from DHS is something the Obama team is considering.

Update 01/15/09: At Janet Napolitano’s confirmation hearing, she didn’t take a stance on either side of the issue, instead promising to actively look into the issue.  But her other testimony about FEMA indicated strong support both for FEMA and for increasing FEMA’s cooperation with the rest of DHS, regardless of where FEMA ends up.

Update 02/25/09: The DHS Inspector General weighed in with a report titled “FEMA: In or Out?“, in which the ID recommends keeping FEMA in DHS.

Other Organizations and Stakeholders: A month ago the International Association of Emergency Managers officially endorsed removing FEMA from DHS (Representatives Oberstar and Thompson publicly disagreed on the issue at that time as well).  In addition, the Heritage Foundation, an influential conservative think tank, weighed in on December 4 with a memo supporting Thompson’s position to leave FEMA as part of DHS.  A number of other organizations and stakeholders have cautioned more generally against any major reorganizations at DHS, even though they may not have addressed FEMA specifically.

Update 01/08/2009: 3 fire service organizations – the IAFC (International Association of Fire Chiefs),  IAFF (International Association of Fire Fighters), and Congressional Fire Services Instituteweigh in against removing FEMA from DHS.

  • The IAFF is affiliated with the AFL-CIO (labor is expected to have some influence in the strongly Democratic Congress), and according to the IAFF web site, “The IAFF is one of the most active lobbying organizations in Washington; its Political Action Committee, FIREPAC, is among the top one percent of the more than 4,000 federal PACs in the country.”
  • So expect these 3 organizations to carry some weight, and for Congress to resist if the Obama administration pushes to separate FEMA from DHS.

Potential Conflicts: In Oberstar’s letter to Obama he declared that his committee has jurisdiction over FEMA and that making FEMA independent would have strong support in Congress.  However, the overlapping nature of Congressional oversight of DHS makes it likely that other Congressional Committees, including the House Committee on Homeland Security that Thompson chairs, will lay some claim to FEMA oversight as well.

Expectations (My Take): Expect continued public discussion and debate, but expect Obama to take some time before making a decision.  And regardless of what his final decision is, don’t expect a change to FEMA any time soon.  Obama tends to be a consensus builder, and feelings are strong enough on this issue that even if Obama decides to remove FEMA from DHS, he’ll probably go slow, taking time to build a broader base of support for the change before implementing it.

UPDATE 12/24/08: It’s important to note that one of the reasons there is resistance to making FEMA independent of DHS again is that some important entanglements between FEMA and DHS have already been established in terms of politics, funding, and already enacted legislation (which was written to apply to DHS as a whole).  It could get pretty messy to separate them at this point.  For example, allocation of funds for the DHS Homeland Security Grants Program (HSGP) is performed by the FEMA Grants Directorate, and moving that function to DHS could cause confusion and funding changes all the way down to the state and local level.  So if FEMA is ultimately pulled out of DHS, expect some ripples and unintended consequences in unexpected areas.

Update 02/25/09: At this point, I’d say the momentum is clearly on the side of keeping FEMA in DHS, and I’m going to stop updating this post.  If this changes and the momentum seems to swing the other way, I’ll publish a new post.

Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

  • Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
  • Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
  • Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
    • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
    • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
  • DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
  • Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
  • Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information: