Overview of NIPP 2013: Partnering for Critical
Infrastructure Security and Resilience
October 2013
DRAFT
PPD-21: CI Security and Resilience
 On February 12, 2013, President Obama signed Presidential Policy
Directive 21 (PPD-21), Critical Infrastructure Security and Resilience
 Builds on the extensive work done to date to protect and enhance the
resilience of the Nation’s critical infrastructure (CI)
 Aims to clarify roles and responsibilities across the Federal Government
 Intends to institutionalize ways to work more effectively with CI partners to
enhance the security and resilience of CI
 Directs the “Secretary of Homeland Security to provide to the
President…a successor to the National Infrastructure Protection Plan to
address the implementation of this directive [PPD-21], the requirements
of Title II of the Homeland Security Act of 2002 as amended, and
alignment with the National Preparedness Goal and System required by
PPD-8.”
 Is informed by the expertise, experience, capabilities, and responsibilities
of government and industry
DRAFT
Presenter’s Name
June 17, 2003
2
EO 13636: Improving CI Cybersecurity
 At the same time, President Obama signed Executive Order (EO)
13636 - Improving Critical Infrastructure Cybersecurity
 Joint issuance of the EO and PPD reinforced the need and desire for
an integrated approach to strengthening the security and resilience of
CI against all hazards through an overarching national framework
that acknowledges the increased role of cybersecurity in protecting
physical assets. This approach is reflected in the new NIPP 2013.
 DHS established an Integrated Task Force to lead DHS
implementation and coordinate interagency, intergovernmental, and
private sector efforts to ensure integrated and synchronized
implementation across the homeland security enterprise.
DRAFT
Presenter’s Name
June 17, 2003
3
NIPP 2013 - Outline
 Section 1 – Introduction – Introduces document’s structure and changes since 2009.
 Section 2 – Vision, Mission, and Goals – Outlines the vision, mission, and goals for the CI
community.
 Section 3 – CI Environment – Describes key concepts influencing security and resilience
efforts with a focus on the policy, risk, and operating environments and the partnership
structure.
 Section 4 – Core Tenets – Describes the principles and that inform the development of the
Plan.
 Section 5 – Collaborating to Manage Risk – Builds on the risk management framework
described in previous NIPPs, conceptualizing risk management activities conducted by the
CI community in the context of national preparedness.
 Section 6 – Call to Action – Calls on the Federal Government in partnership with the CI
community (respective of authorities, responsibilities, and business environments) to take
cross-cutting actions that support collective efforts in CI security and resilience in the coming
years.
DRAFT
Presenter’s Name
June 17, 2003
4
NIPP 2013 Overview
 Scope: guide national efforts and drive progress, while seeking to engage the broader
community about the importance of CI security and resilience
 Audience: a broad CI community comprised of public and private owners and
operators; Federal departments and agencies; SLTT governments; regional entities;
and other organizations from the private and non-profit sectors with a role to play in
securing and strengthening the resilience of the Nation’s CI
 Integrated approach to:
 Detect, deter, disrupt, and prepare for threats to the Nation’s critical infrastructure, including
natural hazards;
 Reduce vulnerabilities of critical assets, systems, and networks; and,
 Mitigate the potential consequences to critical infrastructure of incidents or adverse events that
do occur
 Requires: flexible, proactive, and inclusive partnerships to advance CI security and
resilience.
 Recognizes: varying risk management perspectives of the public and private sectors,
where government and private industry have aligned, but not identical, interests in
securing CI
DRAFT
Presenter’s Name
June 17, 2003
5
Evolution from 2009 NIPP
 More strategic and flexible document
 Focus on actions and implementation
 Retains a focus on risk management as the foundation of national CI
security and resilience; makes enhancements to framework
 Continues to promote voluntary partnerships as the principal
mechanism for managing risks to CI
DRAFT
Presenter’s Name
June 17, 2003
6
Significant Changes and Evolution
 Elevates security and resilience as the primary aim of CI
planning efforts
 Draws alignment between critical infrastructure risk
management efforts and the National Preparedness
System (across five mission areas)
 Focuses on national priorities jointly determined by public
and private sectors, while limiting discussion of Federal
programs
 Integrates cyber and physical security and resilience
efforts into an enterprise approach to risk management
 Continues progress to support execution of the National
Plan at both the national and community levels
DRAFT
Presenter’s Name
June 17, 2003
7
Significant Changes and Evolution
 Affirms the reality that critical infrastructure security and
resilience efforts require international collaboration;
 Incorporates practical lessons learned from national
program and feedback from partners
 Is mindful of the perspectives and capabilities of different
partners – including Federal roles outlined in PPD 21 -and how this affects collective efforts
 Includes a detailed Call to Action, with steps that the
Federal Government will undertake – working with CI
partners – to make progress toward security and resilience
DRAFT
Presenter’s Name
June 17, 2003
8
Supplements
 Several standalone supplements are also offered to provide guidance
and assistance to the CI community for implementation
 Implementing the CI Risk Management Framework
 Connecting to the National Cybersecurity and Communications
Integration Center and the National Infrastructure Coordinating Center
 DHS Resources for Vulnerability Assessments
 Incorporating Security and Resilience into CI Projects
 Additional supplements will be developed after the NIPP 2013 has
been issued
DRAFT
Presenter’s Name
June 17, 2003
9
Call to Action
 The Call to Action section guides the Federal
Government and informs private sector, SLTT, and
regional efforts in implementing the National Plan.
 The actions are multi-year priorities to be reviewed
annually with input from partners.
 The actions are organized into 3 broad categories:
 Building upon partnership efforts
 Innovating in managing risk
 Focusing on outcomes
DRAFT
Presenter’s Name
June 17, 2003
10
Call to Action
 Build upon Partnership Efforts
1. Set National Focus through Joint Priority Setting
2. Determine Collective Actions through Joint Planning Efforts
3. Empower Local and Regional Partnerships to Build Capacity Nationally
4. Leverage Incentives to Advance Security and Resilience
 Innovate in Managing Risk
5. Enable Risk-Informed Decision-Making through Enhanced Situational Awareness
6. Analyze Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects
7. Rapidly Identify, Assess, and Respond to Unanticipated Infrastructure Cascading Effects During and
Following Incidents
8. Promote Infrastructure, Community, and Regional Recovery Following Incidents
9. Strengthen Coordinated Development and Delivery of Technical Assistance, Training, and Education
10.Improve Critical Infrastructure Security and Resilience by advancing Research and Development
Solutions
 Focus on Outcomes
11. Evaluate Achievement of Goals
12. Learn and Adapt During and After Exercises and Incidents
DRAFT
Presenter’s Name
June 17, 2003
11