The U.S. Department of Homeland Security (DHS) is finalizing an updated version of its National Infrastructure Protection Plan (NIPP), which it plans to release in the coming weeks, according to a report by Federal News Radio (FNR). The NIPP was last updated in 2009 and includes a framework to integrate a range of DHS efforts designed to enhance the safety and security of the nation’s critical infrastructure.
The updated plan is part of Presidential Policy Directive-21, which President Barack Obama issued in February 2013 along with an executive order targeting national cybersecurity. Under the directive, the Secretary of Homeland Security is tasked with, among other things, evaluating national capabilities, opportunities, and challenges in protecting critical infrastructure; analyzing threats to, vulnerabilities of, and potential consequences from all hazards on critical infrastructure; and identifying security and resilience functions that are necessary for effective public-private engagement with all critical infrastructure sectors.
With the National Institute of Standards and Technology's cybersecurity framework in the final stages of development (it was released for public comment on Oct. 22), DHS has a responsibility to develop a program that will help make the framework user-friendly. A draft of the updated plan seeks to help critical-infrastructure providers determine cost-effective ways to secure critical infrastructure against human, physical, and cyber threats. The draft plan also addresses cyber information sharing across various sectors "to build awareness and enable risk-informed decision making."
DHS cites a huge increase in the number of security intrusions against critical infrastructure providers as a need that must be addressed in an updated NIPP. However, the draft plan is facing criticism from industry groups for failing to effectively address legal and other barriers to information sharing by the private sector. A copy of the draft plan obtained by FNR can be viewed by clicking HERE.