Infrastructure deadline pushed back

Homeland Security Presidential Directive-7

A new presidential directive extends the time that agencies have to submit plans to protect their infrastructure resources and requires an annual report on their coordination with their respective sectors.

Homeland Security Presidential Directive-7, the latest update to the critical infrastructure protection directive first issued by President Clinton in 1998, gives agencies until July 2004 to develop an infrastructure plan for the Office of Management and Budget. The plans must identify all of an agency's critical infrastructure, and develop plans for prioritization, protection, recovery, and reconstitution of systems or resources.

The original deadline for these plans was October 2003, although agencies are far behind when it comes to identifying their critical information systems, according to a security report card issued last week by Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's on Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee. The Federal Information Security Management Act of 2002 also requires those inventories, but so far only five agencies have completed them, according to the subcommittee's analysis.

On top of those reports, the presidential directive restates sector liaison roles for various agencies, such as the Treasury Department working with the financial services industry and the Environmental Protection Agency being responsible for drinking water and water treatment systems.

Those agencies are required to report annually to the secretary of the Homeland Security Department on their efforts to work with the private sector to identify, prioritize and coordinate the protection of the critical infrastructure and resources not owned or operated by the federal government. More than 80 percent of the infrastructure in the United States is not under directly under the government's purview.

DHS officials held a summit at the beginning of December to kick off five public-private sector task forces that will look at specific areas of cyberprotection.

Members of Congress both praised and criticized the Bush administration for the directive.

"This directive is an admission by the administration that [DHS] is not getting the job done," Rep. Jim Turner (D-Texas), ranking member on the Select Committee on Homeland Security, said in a statement. "This directive gives the department another year to do a job we need completed today."

Others have recently expressed anxiety about the country's attention to critical infrastructure protection. The Gilmore Commission's fifth and final report to White House officials highlighted a slowdown in the momentum to secure the nation's critical resources as a major area of concern.

The directive also creates a Critical Infrastructure Protection Policy Coordinating Committee, which will advise the White House's Homeland Security Council on interagency cyber and physical policy. The committee will be chaired by a federal official designated by the assistant to the President for homeland security.