Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive 21 (PPD-21), Critical Infrastructure Security and Resilience Builds on the extensive work done to date to protect and enhance the resilience of the Nation’s critical infrastructure (CI) Aims to clarify roles and responsibilities across the Federal Government Intends to institutionalize ways to work more effectively with CI partners to enhance the security and resilience of CI Directs the “Secretary of Homeland Security to provide to the President…a successor to the National Infrastructure Protection Plan to address the implementation of this directive [PPD-21], the requirements of Title II of the Homeland Security Act of 2002 as amended, and alignment with the National Preparedness Goal and System required by PPD-8.” Is informed by the expertise, experience, capabilities, and responsibilities of government and industry DRAFT Presenter’s Name June 17, 2003 2 EO 13636: Improving CI Cybersecurity At the same time, President Obama signed Executive Order (EO) 13636 - Improving Critical Infrastructure Cybersecurity Joint issuance of the EO and PPD reinforced the need and desire for an integrated approach to strengthening the security and resilience of CI against all hazards through an overarching national framework that acknowledges the increased role of cybersecurity in protecting physical assets. This approach is reflected in the new NIPP 2013. DHS established an Integrated Task Force to lead DHS implementation and coordinate interagency, intergovernmental, and private sector efforts to ensure integrated and synchronized implementation across the homeland security enterprise. DRAFT Presenter’s Name June 17, 2003 3 NIPP 2013 - Outline Section 1 – Introduction – Introduces document’s structure and changes since 2009. Section 2 – Vision, Mission, and Goals – Outlines the vision, mission, and goals for the CI community. Section 3 – CI Environment – Describes key concepts influencing security and resilience efforts with a focus on the policy, risk, and operating environments and the partnership structure. Section 4 – Core Tenets – Describes the principles and that inform the development of the Plan. Section 5 – Collaborating to Manage Risk – Builds on the risk management framework described in previous NIPPs, conceptualizing risk management activities conducted by the CI community in the context of national preparedness. Section 6 – Call to Action – Calls on the Federal Government in partnership with the CI community (respective of authorities, responsibilities, and business environments) to take cross-cutting actions that support collective efforts in CI security and resilience in the coming years. DRAFT Presenter’s Name June 17, 2003 4 NIPP 2013 Overview Scope: guide national efforts and drive progress, while seeking to engage the broader community about the importance of CI security and resilience Audience: a broad CI community comprised of public and private owners and operators; Federal departments and agencies; SLTT governments; regional entities; and other organizations from the private and non-profit sectors with a role to play in securing and strengthening the resilience of the Nation’s CI Integrated approach to: Detect, deter, disrupt, and prepare for threats to the Nation’s critical infrastructure, including natural hazards; Reduce vulnerabilities of critical assets, systems, and networks; and, Mitigate the potential consequences to critical infrastructure of incidents or adverse events that do occur Requires: flexible, proactive, and inclusive partnerships to advance CI security and resilience. Recognizes: varying risk management perspectives of the public and private sectors, where government and private industry have aligned, but not identical, interests in securing CI DRAFT Presenter’s Name June 17, 2003 5 Evolution from 2009 NIPP More strategic and flexible document Focus on actions and implementation Retains a focus on risk management as the foundation of national CI security and resilience; makes enhancements to framework Continues to promote voluntary partnerships as the principal mechanism for managing risks to CI DRAFT Presenter’s Name June 17, 2003 6 Significant Changes and Evolution Elevates security and resilience as the primary aim of CI planning efforts Draws alignment between critical infrastructure risk management efforts and the National Preparedness System (across five mission areas) Focuses on national priorities jointly determined by public and private sectors, while limiting discussion of Federal programs Integrates cyber and physical security and resilience efforts into an enterprise approach to risk management Continues progress to support execution of the National Plan at both the national and community levels DRAFT Presenter’s Name June 17, 2003 7 Significant Changes and Evolution Affirms the reality that critical infrastructure security and resilience efforts require international collaboration; Incorporates practical lessons learned from national program and feedback from partners Is mindful of the perspectives and capabilities of different partners – including Federal roles outlined in PPD 21 -and how this affects collective efforts Includes a detailed Call to Action, with steps that the Federal Government will undertake – working with CI partners – to make progress toward security and resilience DRAFT Presenter’s Name June 17, 2003 8 Supplements Several standalone supplements are also offered to provide guidance and assistance to the CI community for implementation Implementing the CI Risk Management Framework Connecting to the National Cybersecurity and Communications Integration Center and the National Infrastructure Coordinating Center DHS Resources for Vulnerability Assessments Incorporating Security and Resilience into CI Projects Additional supplements will be developed after the NIPP 2013 has been issued DRAFT Presenter’s Name June 17, 2003 9 Call to Action The Call to Action section guides the Federal Government and informs private sector, SLTT, and regional efforts in implementing the National Plan. The actions are multi-year priorities to be reviewed annually with input from partners. The actions are organized into 3 broad categories: Building upon partnership efforts Innovating in managing risk Focusing on outcomes DRAFT Presenter’s Name June 17, 2003 10 Call to Action Build upon Partnership Efforts 1. Set National Focus through Joint Priority Setting 2. Determine Collective Actions through Joint Planning Efforts 3. Empower Local and Regional Partnerships to Build Capacity Nationally 4. Leverage Incentives to Advance Security and Resilience Innovate in Managing Risk 5. Enable Risk-Informed Decision-Making through Enhanced Situational Awareness 6. Analyze Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects 7. Rapidly Identify, Assess, and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents 8. Promote Infrastructure, Community, and Regional Recovery Following Incidents 9. Strengthen Coordinated Development and Delivery of Technical Assistance, Training, and Education 10.Improve Critical Infrastructure Security and Resilience by advancing Research and Development Solutions Focus on Outcomes 11. Evaluate Achievement of Goals 12. Learn and Adapt During and After Exercises and Incidents DRAFT Presenter’s Name June 17, 2003 11