Close to 90% of the nation’s critical infrastructures are owned and operated by the private sector.
Critical infrastructures represent the assets, systems and networks (physical or virtual), so vital to the United States that incapacitation or destruction would have debilitating and catastrophic sector and cross-sector cascading impacts. Protecting and ensuring the continuity and resilience of our national critical infrastructures are essential to the nation’s security, public health and safety, economic vitality and way of life.
Presidential Directives / National Infrastructure Protection Plan (NIPP)
To achieve these goals, Presidential Directives after 9/11 established the National Infrastructure Protection Plan (NIPP), providing the unifying public/private protection framework and assigning a Federal Sector-Specific Agency (SSA) to establish and implement their respective Sector-Protection-Plan (SPP) including:
Public/Private Coordinating Council – Government Coordinating Council (GCC)
representing federal, state, loca, tribal and territorial governments, and the Sector Coordinating Council (SCC) representing the private sector.
Information Sharing and Analysis Centers (ISACs)
are recognized by their respective sector critical infrastructure owners and operators, federal sector-specific agency (SSA), Sector Coordinating Council (SCC), Intelligence Agencies (DHS, NSA, FBI), the National Institute of Standards and Technology (NIST), and the National Council of ISACs (NCI Directorate).
As defined in the National Infrastructure Protection Plan and NIST security standards: “ISACs are privately led sector-specific organizations advancing physical and cyber security critical infrastructure protection by establishing and maintaining collaborative frameworks for operational interaction between and among members and external partners.
The National Council of ISACs
represents all national critical infrastructures providing the framework and forum supporting valuable interaction across all national critical infrastructures (between and among the ISACs, private sectors, and government) ensuring sector and cross-sector interaction, security intelligence information sharing, countermeasure solutions, incident response, leading practice and education.).
2011 Presidential Directive (PPD-8)
strengthened US security and resilience via 5 core national preparedness capabilities – Prevention, Protection, Mitigation, Response & Recovery.
February 2013 Presidential Directive PPD-21
– Critical Infrastructure Security and Resilience. PPD21 advances a national unity of effort to strengthen and maintain secure, functioning and resilient critical infrastructure.
February 2013 Presidential Executive Order 13636
improves critical infrastructure cybersecurity. NIST was given the responsibiilty to develop a cybersecurity framework to reduce cybersecurity risks for critical infrastructure.The Framework will consist of standards, guidelines, and best practices to promote the protection of information and information systems supporting critical infrastructure operations.
Now is the time for the nation’s critical infrastructure owners and operators to take a national leadership role, working through their respective ISAC and Sector Coordinating Council have a leading “defining voice” responsibility and opportunity to work in collaboration with government to define, implement and improve security protection strategies, standards, policies, legislation and trusted partnerships.