DHS issues infrastructure protection plan

Industry critics say the draft lacks specificity

The Homeland Security Department released the first specific details of how it intends to protect the country's critical infrastructure from terrorist attacks. DHS promises its National Infrastructure Protection Plan (NIPP) will greatly enhance security, but industry and security experts remain skeptical.

The 175-page draft document, which has not been posted online, establishes a framework for operational risk assessment, said Kirk Whitworth, a DHS spokesman. It sets measurable milestones of what government and industry need to do to protect major physical, human and cyber assets from terrorist attacks.

President Bush issued Homeland Security Presidential Directive 7 in December 2003 to guide NIPP's policy development and make it the authority on national critical infrastructure protection.

The plan provides procedures for establishing and coordinating priorities, and it will help in the annual budget processes for all federal agencies that are responsible for protecting critical infrastructure, Whitworth said. NIPP will enhance the protection of physical and cyber assets and improve information sharing among public- and private-sector partners.

Robert Stephan, DHS' assistant secretary for infrastructure protection, said he was not pleased with the lack of detail in the interim NIPP released in February and demanded more specifics in the new draft, Whitworth said.

DHS released the NIPP draft last month and was scheduled to accept comments on it until Dec. 5. DHS plans to approve a final version of NIPP in early 2006, Whitworth said. Specific requirements for each of the 17 critical infrastructure sectors, such as cybersecurity and telecommunications, will be due six months later.

The draft sets an aggressive timeline and is a positive step forward, said Barry Scanlon, a partner at James Lee Witt Associates, an emergency management consulting firm. But the private sector still has concerns about the plan, namely how long it took DHS to issue it and how much the department will cooperate with its partners.

DHS will have to reach out to the private sector for the plan to succeed because industry owns 85 percent to 90 percent of the critical infrastructure, Scanlon said. The private sector also has concerns about working with DHS, which has not always been willing to collaborate in the past, he added.

"The real question is, where are we in six months?" he said.

A draft plan would have been fine three years ago, but it should be more specific and aggressive now, given what officials have learned about improving security since the 2001 terrorist attacks , said Warren Suss, president of Suss Consulting.

The current version isn't a plan or even a plan for a plan, Suss said. It's a plan for a procedure to develop a plan or a list of guidelines that avoids dealing with tough issues, he said.

"This document completely glosses over any specific ways to avert direct threats to our nation's economy," Suss said. "It serves mostly to diffuse responsibility rather than come up with specific remedies" or ways to pay for the security improvements, he said.

Protecting critical infrastructure takes more than sharing lessons learned, Suss said. It takes making and enforcing laws that impose requirements to meet effective safety standards, he said, adding that he believes the government should follow the legislative model it used to improve highway safety by requiring motorists to wear seat belts.

A huge mandate

One goal of the National Infrastructure Protection Plan (NIPP) is to protect the country's critical infrastructure from terrorists. The plan states that such preparation "not only makes the nation more secure from terrorist attacks but also helps to reduce vulnerability to natural disasters, man-made accidents, organized crime and computer hackers. As a result, the NIPP provides a foundation for a broader set of protection and preparedness imperatives that address all hazards."

Because government and industry have focused on responses to Hurricane Katrina and other recent natural disasters, they have not yet discussed the plan's draft version in depth, said Barry Scanlon, a partner at James Lee Witt Associates, an emergency management consulting firm.

Katrina and the massive blackout that affected the Northeast and parts of the Midwest in 2003 proved that nonterrorist incidents can have a huge impact on critical infrastructure, Scanlon said. For example, the looming threat of a bird flu pandemic does not involve terrorism, but officials must plan for the severe consequences associated with a disease that could affect a significant portion of the population, he said.

As the Homeland Security Department creates the final version of NIPP, Scanlon said, it would err if it focused only on countering terrorism and not on effective preparedness for all hazards.

-- Michael Arnone


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected