New National Infrastructure Protection Plan Released

A new version of the National Infrastructure Protection Plan (NIPP) was released yesterday.

I’ve extracted and attached the full Table of Contents (4 pages) and the Executive Summary (6 pages) as separate documents.  Both are worth reading, if only to identify the parts of the full document you may want to read more closely.  For a super-compact summary, I’ve included a short excerpt from the Preface, and a list of the major sections of the document in this post.

[Update 02/25: DHS Released an “NIPP Consolidated Snapshot” (2 pages), which I’ve linked to here.]

The Preface to the 2009 NIPP, written by former DHS Secretary Michael Chertoff, states:

“The NIPP meets the requirements that [President Bush] set forth in Homeland Security Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and provides the overarching approach for integrating the Nation’s many CIKR (Critical Infrastructure and Key Resources) protection initiatives into a single national effort.  It sets forth a comprehensive risk management framework and clearly defined roles and responsibilities for the Department of Homeland Security; Federal Sector-Specific Agencies; and other Federal, State, regional, local, tribal, territorial, and private sector partners implementing the NIPP.”

The NIPP has an Executive Summary, 7 main sections, and 6 appendices:

  • Executive Summary
  • 1. Introduction
  • 2. Authorities, Roles, and Responsibilities
  • 3. The Strategy: Managing Risk
  • 4. Organizing and Partnering for CIKR Protection
  • 5. CIKR Protection as Part of the Homeland Security Mission
  • 6. Ensuring an Effective, Efficient Program Over the Long Term
  • 7. Providing Resources for the CIKR Protection Program
  • Appendix 1: Special Considerations (Cross-Sector Cybersecurity and International CIKR Protection)
  • Appendix 2: Summary of Relevant Statutes, Strategies, and Directives
  • Appendix 3: The Protection Program
  • Appendix 4: Existing Coordination Mechanisms
  • Appendix 5: Integrating CIKR Protection as Part of the Homeland Security Mission
  • Appendix 6: S&T Plans, Programs, and Research & Development
Advertisements

FEMA’s relationship to DHS drawing attention and debate

One of the most important decisions President-elect Obama will face when his administration takes over DHS is whether to leave FEMA as a part of DHS, or remove it from DHS and make it a cabinet-level agency, as it was before DHS was formed.  Members of Congress, stakeholders, and prominent organizations are taking sides on the issue, but it’s not clear yet what stance the Obama administration will take.

[UPDATE 05/15: CQ Politics reports that on Wednesday 5/13, Secretary Napolitano stated that the Obama administration supports keeping FEMA within DHS; but one day later, Rep. James Oberstar (D-MN) said that he will continue his push to remove FEMA from DHS, despite opposition from the administration.  Give some credit to the dedicated folks at FEMA who’ve had to endure the uncertainty of this long-running debate, because apparently it’s not over yet.]

House: Rep. James Oberstar (D-MN), chairman of the House Transportation and Infrastructure Committee wrote to President-elect Obama on Dec. 17 to demand the removal of FEMA from DHS, declaring that its placement in the larger agency impedes its ability to serve as a “quick response” agency.  In response, Rep. Bennie Thompson (D-MS) Rep. wrote to Obama Dec. 19 strongly disagreeing with Oberstar, saying that FEMA should remain in DHS, but that Obama should appoint someone to lead FEMA who has a strong relationship with Obama.

Senate: Senator Mary Landrieu (D-LA), chairwoman of the Senate Homeland Security Disaster Recovery Subcommittee, has stated that she doesn’t recommend removing FEMA from DHS at this point, but she’s open to the concept and wouldn’t resist it if the new administration made the decision to make the change.  Landrieu told Homeland Security Secretary-designate Janet Napolitano that “there were still some senators that felt strongly about it staying where it is, some that were kind of open to change and others that would really recommend that it be made independent”, and that “it should be open to discussion.”

Update 01/15/09: Senator Joe Lieberman (I-CT), the chair of the Senate Committee on Homeland Security and Governmental Affairs, and Senator Susan Collins (R-ME), the ranking Republican member, urged Janet Napolitano at her confirmation hearing not to remove FEMA from DHS.

Bush Administration: The Bush administration made the decision to include FEMA in DHS, and still supports that decision.  Michael Chertoff has publicly stated that he opposes removing FEMA from DHS, and has cautioned his successor from making any major changes to DHS.

Obama Administration: The Obama administration has not taken a public stance on either side of the issue.  Senator Landrieu said Napolitano is “testing the waters” with Congress to find out how members of Congress feel about the issue.  Landrieu emphasized that Napolitano didn’t say removing FEMA from DHS is something the Obama team is considering.

Update 01/15/09: At Janet Napolitano’s confirmation hearing, she didn’t take a stance on either side of the issue, instead promising to actively look into the issue.  But her other testimony about FEMA indicated strong support both for FEMA and for increasing FEMA’s cooperation with the rest of DHS, regardless of where FEMA ends up.

Update 02/25/09: The DHS Inspector General weighed in with a report titled “FEMA: In or Out?“, in which the ID recommends keeping FEMA in DHS.

Other Organizations and Stakeholders: A month ago the International Association of Emergency Managers officially endorsed removing FEMA from DHS (Representatives Oberstar and Thompson publicly disagreed on the issue at that time as well).  In addition, the Heritage Foundation, an influential conservative think tank, weighed in on December 4 with a memo supporting Thompson’s position to leave FEMA as part of DHS.  A number of other organizations and stakeholders have cautioned more generally against any major reorganizations at DHS, even though they may not have addressed FEMA specifically.

Update 01/08/2009: 3 fire service organizations – the IAFC (International Association of Fire Chiefs),  IAFF (International Association of Fire Fighters), and Congressional Fire Services Instituteweigh in against removing FEMA from DHS.

  • The IAFF is affiliated with the AFL-CIO (labor is expected to have some influence in the strongly Democratic Congress), and according to the IAFF web site, “The IAFF is one of the most active lobbying organizations in Washington; its Political Action Committee, FIREPAC, is among the top one percent of the more than 4,000 federal PACs in the country.”
  • So expect these 3 organizations to carry some weight, and for Congress to resist if the Obama administration pushes to separate FEMA from DHS.

Potential Conflicts: In Oberstar’s letter to Obama he declared that his committee has jurisdiction over FEMA and that making FEMA independent would have strong support in Congress.  However, the overlapping nature of Congressional oversight of DHS makes it likely that other Congressional Committees, including the House Committee on Homeland Security that Thompson chairs, will lay some claim to FEMA oversight as well.

Expectations (My Take): Expect continued public discussion and debate, but expect Obama to take some time before making a decision.  And regardless of what his final decision is, don’t expect a change to FEMA any time soon.  Obama tends to be a consensus builder, and feelings are strong enough on this issue that even if Obama decides to remove FEMA from DHS, he’ll probably go slow, taking time to build a broader base of support for the change before implementing it.

UPDATE 12/24/08: It’s important to note that one of the reasons there is resistance to making FEMA independent of DHS again is that some important entanglements between FEMA and DHS have already been established in terms of politics, funding, and already enacted legislation (which was written to apply to DHS as a whole).  It could get pretty messy to separate them at this point.  For example, allocation of funds for the DHS Homeland Security Grants Program (HSGP) is performed by the FEMA Grants Directorate, and moving that function to DHS could cause confusion and funding changes all the way down to the state and local level.  So if FEMA is ultimately pulled out of DHS, expect some ripples and unintended consequences in unexpected areas.

Update 02/25/09: At this point, I’d say the momentum is clearly on the side of keeping FEMA in DHS, and I’m going to stop updating this post.  If this changes and the momentum seems to swing the other way, I’ll publish a new post.

Expect changes in U.S. approach to cybersecurity

The U.S. approach to cybersecurity is likely to change significantly under the Obama administration.  Although it’s not clear yet exactly what priorities will be sacrificed to make room for the increased focus, or how the changes will all play out, here are some highlights of recent activities in this area:

  • Reports: A recent report highlighted weaknesses in U.S. cybersecurity efforts, and recommended changes to U.S. cybersecurity leadership and policy, including the White House taking over the lead for cybersecurity efforts from DHS.
  • Obama Administration: President-elect Obama’s statements during the campaign, and his relationships with the authors of the reports (several of whom are advisors to his campaign), suggest that he’ll probably appoint a “cybersecurity czar” at the White House to coordinate national cybersecurity efforts.  Speculation is rising about who he’ll appoint to the post.
  • Congress: Key members of Congress have stated concerns about our lack of preparedness and inability to protect from and respond to cyber attacks.
    • Rep. Dutch Ruppersberger (D-MD), chair of the House Intelligence subcommittee on Technical Intelligence, says billions of dollars need to be invested by both government and the private sector.  Rep. Ruppersberger also supports appointment of a “cybersecurity czar” at the White House.
    • Rep. James Langevin (D-RI), chair of the House Homeland Security subcommittee on Cybersecurity, said “We’re way behind where we need to be now.”  Rep. Langevin has also called for leadership of cybersecurity efforts to be removed from DHS, and for increases in our offensive cyber warfare capabilities to use as a deterrent (much as our offensive conventional and nuclear capabilities are used as a deterrents to conventional and WMD attacks).
  • DHS: Although DHS Secretary Michael Chertoff agrees we have significant vulnerabilities, he cautions against changing leadershipof cybersecurity efforts at this stage.  But incoming Secretary Janet Napolitano may have a different view, especially if changes are supported by President-elect Obama.
  • Front-Line Stakeholders: Many key participants in a recent cyberwar simulation exercise reported that we’re not prepared for a real cyberwar.
  • Recent Precedents: Cyber attacks aimed at Estonia earliet this year, and aimed at Georgia during the recent conflict between Russia and Georgia in South Ossetia underscored both the likelihood and effectiveness of cyber-attacks during a conflict of any kind.  These attacks were effective, even though they are widely believed to have come from non-state actors (Russian sympathizers).

Summary:

With agreement about our vulnerability all the way from the front line to Congress and the White House, expect some major changes in both leadership and policy.  Increases in funding should also be expected, though whether funding comes as new expenditures or shifting of funding from other areas remains to be seen.

For more information:

Reports of potential Bush administration “Burrowing” at DHS

There have been a number of articles and posts drawing attention to possible attempts at “burrowing” by the Bush administration, with DHS getting repeated special mentions.

“Burrowing” is a time-honored political tradition where the positions of political appointees are converted to career public service positions before the end of an administration, enabling those political appointees to keep their jobs and continue the influence of the previous administration after the new administration takes over.  Civil servants in career positions are afforded a number of job protections that makes them hard to remove, making it difficult for appointees of the new administration to remove burrowers.

Here’s a few articles on the subject:

But it’s not like this was entirely unexpected:

It’s also not unique to the Bush administration, as Mother Jones notes:

  • Mother Jones: The Clinton administration left behind its own crop of ideological holdovers, and near the close of George H.W. Bush’s presidency scores of political appointees attempted to burrow, some going so far as to disguise their allegiance by taking photos of Bush off their walls. Beleaguered civil servants, meanwhile, have been known to compile “lizard” lists identifying burrowers that have a way of turning up in the hands of the incoming administration. “There’s a lot of this internal politicking that just wastes time, creates suspicion, and lowers morale,” says Vanderbilt University political scientist David E. Lewis, author of a recent book on how presidents politicize the executive branch.

But recent reports suggest that the Bush administration may be setting new records.  A few highlights from the mix:

  • ThinkProgress: As late as last year, ABC News noted that DHS was still “a political dumping ground,” with 350 White House-appointed staffers (compared to just 64 at the Department of Veteran Affairs).  For the past five years, the Bush administration has refused to fire these cronies. Yet last week, the Wall Street Journal reported that all of a sudden, DHS Secretary Michael Chertoff had decided to replace many political appointees with career staffers.
  • According to an as-yet-unpublished paper by the University of Hawaii’s David Nixon, reports of burrowing increased during President Bush’s first four years compared to the Clinton administration, and “more than doubled” after January 2006. But the data was gathered prior to April 2008, Nixon points out. “The administration’s not even over yet, so there could be a huge uptick in burrowing.”
  • Republican administrations, explains Vanderbilt University political scientist David E. Lewis, “have been more aggressive at the top about encouraging or coordinating” burrowing. “The evidence that we have from the ’70s and ’80s was that the Reagan and Bush administrations were very successful in changing the ideology and composition of the federal civil service.” The current White House has even managed a variation on burrowing that bypasses the political appointment process—directly seeding the civil service with ideologues whose influence may be felt for decades to come.

GAO report on NAO disputes Chertoff claims of compliance

The Government Accountability Office (GAO) has released its full public report on the status of the Department of Homeland Security (DHS) National Applications Office (NAO) compliance with current legal, privacy and civil liberties standards.

On April 9, 2008, in a letter to Members of Congress, DHS secretary Michael Chertoff certified that the NAO complies with all existing laws, including all applicable privacy and civil liberties standards. The Secretary also provided a charter for the office, privacy and civil liberties impact assessments, and NAO standard operating procedures.

The GAO report disputes that claim of full compliance.

Bush administration disregards reporting law

From the New York Times:

The Bush administration has informed Congress that it is bypassing a law intended to forbid political interference with reports to lawmakers by DHS. The August 2007 law requires the DHS chief privacy officer to report each year about Homeland Security activities that affect privacy, and requires that the reports be submitted directly to Congress “without any prior comment or amendment” by superiors at DHS or the White House.

But newly disclosed documents show that the Justice Department issued a legal opinion last January questioning the basis for that restriction, and that DHS Secretary Michael Chertoff later advised Congress that the administration would not “apply this provision strictly” because it infringed on the President’s powers.

Several members of Congress reacted with outrage to the administration’s claim, which was detailed in a memorandum posted this week on the Web site of the Office of Legal Counsel at the Justice Department.

DHS cybersecurity proposals more modest than DNI comments suggested

From HS Daily Wire:

Earlier this year Director of U.S. National Intelligence Mike McConnell said the government would require broad powers to monitor all Internet traffic in order to secure the U.S. critical information infrastructure; DHS Secretary Michael Chertoff outlines a more modest approach.

Earlier this year, Director of National Intelligence Mike McConnell told the New Yorker that the government would require broad powers to monitor all Internet traffic in order to secure the U.S. critical information infrastructure. Chertoff outlined a more modest agenda, saying that his agency’s primary goal would be to “get control of the dot-gov domain,” and insisting that government involvement in securing private networks would be strictly by invitation.