Updating the National Infrastructure Protection Plan

Over the past few months, The Infrastructure Security Partnership (TISP) has been participating in a public-private collaborative effort, led by Robert Kolasky of the U.S. Department of Homeland Security’s (DHS) Office of Infrastructure Protection, for the purpose of updating the National Infrastructure Protection Plan (NIPP). Public-private sector collaboration and partnerships are now frequently mentioned in case studies, reports, policy directives, and articles addressing topics related to regional and infrastructure security and resilience. There are many reasons for companies and agencies of all sizes to work together for the common goal of building resilience.

Reports such as the Hurricane Sandy Rebuilding Strategy – released in August 2013 by the Hurricane Sandy Rebuilding Task Force, which is chaired by Secretary of U.S. Department of Housing and Urban Development Shaun Donovan – show that there is a positive relationship growing between collaboration and regional resilience achievements. TISP was established 13 years ago and has focused on the skills related to building public and private sector collaboration for the primary purpose of advancing regional and infrastructure security and resilience.

Partnering to Discuss Resilience

To support NIPP collaboration, TISP has helped develop a partnership between the National Resilience Coalition (NRC), which was co-founded by TISP, and the Homeland Security Policy Institute (HSPI) of The George Washington University. As a result of this partnership, senior leaders from the public and private sectors met to discuss the application of risk-based approaches to improve the security and protection of critical infrastructures and systems on which the resilience of the nation and its major metropolitan regions so greatly depends. Conducted on behalf of DHS and sponsored by ICF International, the full-day forum was held on 25 July 2013 at the Elliott School of International Affairs at George Washington University. Attendees explored the role that the NIPP has served as both a guide and catalyst for: (a) advancing the resilience of the nation’s infrastructure; and (b) determining what industry and government leaders have learned along the way that will help DHS to update the NIPP.

As mandated by the Homeland Security Act of 2002 and the 2013 Presidential Policy Directive on Critical Infrastructure Security and Resilience (PPD-21), DHS is responsible for developing and updating a national plan that takes a risk-based approach to address significant threats and hazards to the nation’s critical infrastructure. To do so, it must capitalize on the collective experience of: infrastructure owners and operators; federal, state, and local governmental agencies; and major users of infrastructure services, all of whom bear both the burden and the cost of ensuring the resilience of their individual operations. The effort by TISP, NRC, and HSPI has helped to support DHS’s efforts by facilitating a dialogue among senior executives with firsthand experience with the NIPP, the NIPP’s risk management framework, and/or the executives’ own infrastructure resilience programs.

To help advance efforts toward national resilience, the purpose of the forum was to: (a) establish a common understanding among participants on the intent and evolution of critical infrastructure protection policy and programs; and (b) outline initial questions concerning the NIPP update and implementation of PPD-21. TISP tracked the dialogue of the forum and later presented DHS with information from the proceedings. Many of the stakeholders offered unique perspectives on leading threats and hazards, the challenges faced in managing associated risks and achieving a higher level of resilience, and the implications for future policies and programs.

Seven Key Takeaways

By the end of the forum, seven key suggestions had emerged, which have been principally embraced in recent drafts of an updated NIPP as a national strategy for critical infrastructure security and resilience. The updated NIPP will also serve as a potential model and educational tool for regional, state, and local organizations to follow. Each of the suggestions is described below.

1. The original national policy framework, which was built on a risk-based architecture, is still relevant. However, the framework should be enhanced to emphasize the importance of protecting and preparing lifeline infrastructures and economic stability/development systems at the state and local levels in order to maintain infrastructure and regional resilience. There should also be a link to regional, state, and local critical infrastructure/key resources networks.

2. Regional public-private partnerships are necessary for: (a) addressing the integration of cross-sector dependencies and operations; (b) collaborating and setting priorities for withstanding the consequences of manmade and natural hazards; and (c) rapidly bouncing back from failures, disruptions, and destruction.

3. The NIPP should be concise and brief, yet still explain the national strategy for critical infrastructure security and resilience as well as transfer knowledge to state and community leaders for establishing their critical infrastructure security and resilience programs.

4. The NIPP should include and fully explain the reasons that government agencies and businesses would want to participate in a national unity of effort that mitigates risks, builds resilience, and sustains resources.

5. The NIPP should include a list of actions that can be implemented at various levels – for buildings, systems, communities, states, regions, and federal agencies, for example. The NIPP also should motivate these stakeholders to develop plans for: infrastructure protection, continuity of operations, emergency preparedness, and disaster recovery.

6. The DHS Office of Infrastructure Protection should develop educational, training, and certification programs to drive the increased human resource capabilities with competencies in engineering, design, construction, and security operations.

7. The NIPP should support networking and relationship development by: (a) sharing lessons learned from exercises and disasters; and (b) building relationships before a disaster strikes to reduce response times, save lives, and reduce costs.

After the conclusion of the forum, various experts – from ICF International, the Great Lakes Hazards Coalition, the National Association of Counties, ABS Consulting, the Bay Area Center for Regional Disaster Resilience, the University of Southern California, DRS International, and the Brashear Group – joined a TISP comment-drafting team to work with DHS and their public and private sector collaborators. TISP has since been convening this group twice a week to discuss and draft language revisions for various sections of the NIPP.

Today, 18 September 2013, TISP committee and board members, along with NRC partners, will be holding a conference call to specifically discuss “Section 6, Taking Action: Specific Steps to Advance the National Effort” in the NIPP. The actions addressed in that section will be implemented over the next several years to reduce risk to the nation’s critical infrastructure and will be based on different priorities and perspectives – within sectors, at the state and local levels, in multi-national corporations, as well as among small business owners and operators. Specific roles and responsibilities for taking these actions will be articulated within subsequent planning efforts in collaboration with each community. The deadline for submitting the next round of comments/suggestions to DHS about the NIPP is 20 September 2013. President Barack Obama is expected to have the final draft by mid-October.

Moving Forward – Implementing Critical Infrastructure Security & Resilience Programs

As a next step to advancing regional and infrastructure security and resilience, TISP is forming five leadership roundtables:

• Resilience Standards and Measures Roundtable, facilitated by Kevin Morley of the American Water Works Association and Michelle Deane of the American National Standards Institute;
• Mission Assurance and Resilience Roundtable, facilitator to be determined;
• Legal Issues Around Resilient Communities and Buildings Roundtable, facilitated by Ernest Edgar of ATKINS Global and Denise Krepp of Penn State University;
• Pre-Logistics Planning for Preparedness Roundtable, facilitated by Charlotte Franklin of the Arlington County, Virginia, Office of Emergency Management; and
• Climate Change Adaptation, Sustainability and Resilience Roundtable, facilitated by Paula Scalingi of the Center for Regional Disaster Resilience and Jerry Brashear of the Brashear Group.

Each roundtable will develop an understanding of the subject,identify benefits and challenges, and recommend actions for TISP to take in the future. The roundtable discussions can be followed on the TISP website (www.tisp.org) and the TISP LinkedIn subgroups. Resilience begins with each person and such discussions bring those key people together.