Keeping National Infrastructure Safe

Public-private cooperation and coordination is required to keep our critical infrastructure safe, as 85% of critical infrastructure in the US is privately owned.

Presidential Policy Directive 21 (PPD-21) was issued in February 2013, and called for an update to the 2009 National Infrastructure Protection Plan (NIPP). So the Department of Homeland Security (DHS) has released its newest plan: "NIPP 2013: Partnering for Critical Infrastructure Security and Resilience." The Plan "outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes."

"The Plan was developed through a collaborative process involving stakeholders from all 16 critical infrastructure sectors, all 50 states, and from all levels of government and industry. It provides a clear call to action to leverage partnerships, innovate for risk management, and focus on outcomes."

Specifically, NIPP 2013 calls for collaboration between stakeholders to achieve the following goals:

  • Identify, deter, detect, disrupt, and prepare for threats and hazards to the Nation's critical infrastructure;
  • Reduce vulnerabilities of critical assets, systems, and networks; and
  • Mitigate the potential consequences to critical infrastructure of incidents or adverse events that do occur.
The Plan states that "the success of this integrated approach depends on leveraging the full spectrum of capabilities, expertise, and experience across the critical infrastructure community and associated stakeholders. This requires efficient sharing of actionable and relevant information among partners to build situational awareness and enable effective risk-informed decision making."


Critical Infrastructure Cybersecurity

Ambassador Susan Rice was tweeting in February 2014 about public-private cooperation to protect the nation's critical infrastructure, pointing to a National Institute of Standards and Technology (NIST) announcement on the first version of the Framework for Improving Critical Infrastructure Cybersecurity. The Framework – which consists of standards, guidelines, and practices – helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

Agencies are undertaking new and emerging information sharing initiatives beyond traditional terrorism and homeland security missions. One example is ISE best practices and solutions supporting the cybersecurity mission and the priorities of the White House National Security Staff Cyber Directorate. PM-ISE, with the National Fusion Center Association and the International Association of Chiefs of Police, convened stakeholders from law enforcement, homeland security, emergency management, information technology, and the private sector to clarify requirements for sharing both tactical and strategic cybersecurity information and to plan pilots for demonstrating these capabilities.

Agencies are undertaking new and emerging information sharing initiatives beyond traditional terrorism and homeland security missions. One example is ISE best practices and solutions supporting the cybersecurity mission and the priorities of the White House National Security Staff Cyber Directorate. PM-ISE, with the National Fusion Center Association and the International Association of Chiefs of Police, convened stakeholders from law enforcement, homeland security, emergency management, information technology, and the private sector to clarify requirements for sharing both tactical and strategic cybersecurity information and to plan pilots for demonstrating these capabilities.


Agencies, Centers, Programs and Organizations that Share Critical Infrastructure Information

Partnering with industry and the private sector to share information is essential to protecting critical infrastructure and key resources, building capacity to integrate information from all sources, and most important –dealing with cybersecurity issues that threaten our freedom to share the information our Nation needs to thrive. As the civilian department at the intersection of public-private information sharing, the Department of Homeland Security proactively collaborates with public and private sector partners every day to improve the security and resilience of critical infrastructure while responding to and mitigating the impacts of attempted disruptions to the Nation's critical cyber and communications networks. This critical infrastructure protection mission space, in which over 85 percent of the nation's infrastructure is owned and operated by the private sector, is a core focus of the ISE.

The structure of the existing critical infrastructure partnership is explained at length in the National Infrastructure Protection Plan (NIPP), which consists of government, private sector-specific and cross-sector councils that enable government and private sector partners to engage in joint discussions and participate in a broad spectrum of information sharing activities. The desired end-state of an effective partnership model is an environment in which public and private partners work in a networked manner to effectively and efficiently share timely and actionable information and allocate risk-reduction responsibilities.


All Hazards Consortium (AHC)

The All Hazards Consortium (AHC) is a 501(c)(3) non-profit organization founded in 2005 that includes representatives of all levels of government in the mid-Atlantic region, along with stakeholders from higher education, business and industry, non-profit and volunteer organizations, research firms, and trade associations. Focusing on homeland security, emergency management, and business continuity issues, the AHC's footprint represents more than 60 million citizens, a significant percentage of the nation's critical infrastructure, and more than 50% of all FEMA grant dollars issued to states, urban areas, and maritime ports in the United States. The AHC addresses issues related to managing natural and manmade hazards by regularly hosting regional meetings and conference calls that bring government and private-sector partners together to focus on specific issues. When participants identify a common need or priority, the AHC conducts a regional workshop in cooperation with the state sponsoring the issue. The needs, issues, best practices, lessons learned, and recommendations emerging from the workshop are memorialized in a "regional consensus" white paper that serves to create awareness and to attract funding and in-kind donations to help the states address the issues at hand. During emergencies the AHC activates its trusted relationships to assist in sharing critical recovery information between government and the private sector. For example, in the aftermath of Hurricane Sandy, the AHC realized the need to work with out-of-state entities to obtain assistance, and quickly turned to its private-sector partners to provide data, support, and services. The AHC organized this information into daily Private Sector Resource Reports, which showed potential "open and closed" locations for necessities such as fast food, fuel, hotels with available rooms, and pharmacies, and then emailed the information to tens of thousands of public and private stakeholders.


Critical Infrastructure Partnership Advisory Council (CIPAC)

The Department of Homeland Security has established the Critical Infrastructure Partnership Advisory Council (CIPAC) to facilitate effective coordination between federal infrastructure protection programs with the infrastructure protection activities of the private sector and of state, local, territorial and tribal governments. The CIPAC represents a partnership between government and critical infrastructure owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.


Domestic Security Alliance Council (DSAC)

The Domestic Security Alliance Council (DSAC), a strategic partnership among the FBI, the Department of Homeland Security (DHS), and the U.S. private sector, was established to promote the timely and effective exchange of information. The DSAC enhances the ability of the private sector to protect its employees, assets, and proprietary information. DSAC products and services include: Liaison Information Reports, member training events, FBI and DHS Intelligence reports, and various newsletters.

The DSAC also maintains a secure web portal for delivery of unclassified intelligence products, contact information, training material, and other information to DSAC members.

  • The portal is a collaborative platform that allows members to work jointly to solve common problems.
  • The portal also includes a discussion board so that members can share information trends and best practices.


FBI InfraGard

InfraGard is a two-way information sharing exchange between the FBI and the public and private sector. “It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S..” Activities are organized around 16 critical infrastructures and 60 chapters around the country.

  • InfraGard provides members access to law enforcement sensitive (LES) analytical threat products pertaining to their areas of expertise.
  • In turn, these members assist the FBI by initiating and/or enhancing FBI investigations and intelligence products.


Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)

The Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) focuses on understanding and analyzing strategic-level risks within and across sectors, as well as developing and enhancing modeling capabilities to address current, evolving, and future threats. In collaboration with other DHS components, the Center provides tailored risk-assessment products for critical infrastructure and key resource sectors. It fuses consequence and vulnerability information from infrastructure protection communities with threat information from the intelligence and law enforcement communities. HITRAC analytical products support DHS components in their engagement with stakeholders and audiences at the national, state, local, and international levels.


National Infrastructure Advisory Council (NIAC)

National Infrastructure Advisory Council (NIAC) is a Federal Advisory Committee that makes recommendations on improving the cooperation and partnership between the Federal Government and industry, for the purpose of securing the critical infrastructures. The advice from the NIAC is meant to assist the President and the Secretary of Homeland Security in the development of policies and strategies that range from risk assessment and management to information sharing, protective measures, and clarification on roles and responsibilities between public and private sectors.


National Security Business Alliance Council (NSBAC)

The National Security Business Alliance Council (NSBAC) is a partnership between the FBI and leading companies in the defense industrial base and IT/telecommunications sectors, whose members are the cleared Chief Security Officers from more than 30 of the top national security and IT/telecom business leaders. Together, the NSBAC and Strategic Partnership Coordinators from each of the FBI's 56 field offices collaborate on measures for effectively hardening the target around technologies deemed valuable to the U.S. government.

NSBAC is part of the FBI Counterintelligence Division's Counterintelligence Strategic Partnership Program and also includes two Councils.

  • The National Security Business Alliance Council—Aerospace and Defense (NSBAC-A&D) – “is a partnership with several leading companies in the defense industrial base who are the stakeholders of key technologies targeted by foreign adversaries.”
  • The National Security Business Alliance Council—Information Technology (NSBAC-IT) – “is a partnership with several leading telecommunications and information technology companies in an effort to confront cyber threats and protect US information systems.”

For more information, contact your local FBI office  and ask for the Strategic Partnership Coordinator.


Overseas Security Advisory Council (OSAC)

The Overseas Security Advisory Council (OSAC) was created by the Secretary of State to promote an open dialogue between the U.S. Government and the American private sector on security issues abroad. OSAC is directed by a council of 34 representatives from companies and government agencies concerned with overseas security. The Director of the Diplomatic Security Service is one of the co-chairs of OSAC, and a DS Special Agent serves as OSAC's Executive Director. With a constituency of 4,600 U.S. companies and other organizations with overseas interests, OSAC operates a web site, www.osac.gov, which is one of its principal means of information exchange with the private sector. The web site offers its visitors the latest in safety and security-related information, public announcements, warden messages, travel advisories, significant anniversary dates, terrorist group profiles, country crime and safety reports, special topic reports, foreign press reports, and much more.


Protected Critical Infrastructure Information (PCII)

The Protected Critical Infrastructure Information (PCII) Program is an information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. The Department of Homeland Security (DHS) and other Federal, State, tribal, and local analysts use PCII to:

  • Analyze and secure critical infrastructure and protected systems,
  • Identify vulnerabilities and develop risk assessments, and
  • Enhance recovery preparedness measures.


Source: The DHS Office for Civil Rights and Civil Liberties
Last date page updated: 9/23/14 (CRCL)

Back to Home