Critical Alliance

DHS joins forces with industry to protect key networks and resources.

Protecting the nation's critical infrastructure would be an overwhelming mission for any federal agency going it alone. To do it right, the Homeland Security Department not only must tackle its own internal obstacles, but also forge partnerships across government and the private sector.

Since 80 percent of the nation's key assets are privately owned, DHS' Office of Infrastructure Protection is coordinating a massive cross-industry effort to guard against threats ranging from weapons of mass destruction to flooding.

Eighteen sweeping categories of infrastructure and resources-which include agriculture and food, banking and finance, nuclear reactors, monuments and icons, information technology, and water-represent "the underpinnings of our American way of life," says retired Maj. Gen. James Snyder, who was deputy assistant secretary and acting assistant secretary for infrastructure protection at DHS before taking a position at the Defense Department in September.

DHS worked with stakeholders and relevant players in these sectors during development of the National Infrastructure Protection Plan. Mandated by the 2002 Homeland Security Act, the NIPP lays out a nationwide approach for identifying, prioritizing and protecting vital infrastructure. The 2009 version, which supersedes the one published in 2006, provides more comprehensive avenues for communication among the 700 public and private sector members of the NIPP Sector Partnership, 300 of which have joined since 2006. The partners are as diverse as the Fertilizer Institute, NBC Universal and Northrop Grumman. Snyder calls the NIPP a living document.

In addition to owners and operators of key assets, the partnership includes more than 200 trade associations representing more than 400 million members.

"As you can imagine, this is an enormous effort," Snyder says. "It requires not only coordination with owners and operators within each of the sectors, but also with a number of government departments and agencies at the federal, state and local levels that are responsible for working with each of the sectors."

The linchpin of this cooperation and communication is the Information Sharing Environment, a system designed to help the government and private sector share information and coordinate approaches. Participation in the network is voluntary, and each sector develops its own practices based on a DHS-developed framework. Snyder says the ISE is "adaptable to the operational practices of an individual sector and leverages the current practices and mechanisms the sectors have created for themselves."

Although it was developed in 2007, the Information Sharing Environment was fleshed out in the 2009 NIPP and now covers the entire range of security activities, from planning to risk reduction to alerts and incident coordination. "Our private sector partners are fully engaged both for day-to-day or steady-state infrastructure protection and resilience and during periods of incident response," Snyder says.

Homeland Security partnered with the private sector throughout the process of developing and revising the NIPP. According to Snyder, officials stressed the importance of giving private sector representatives a "seat at the table and a voice in the process." The partnership framework and Information Sharing Environment provide a foundation for this participation, he says.

A number of events, including the November 2008 Mumbai terrorist attack and the H1N1 flu outbreak, have tested the public-private partnership's strength during crisis. During the three-day series of coordinated attacks that rocked Mumbai, DHS posted more than 20 notices, including recommendations for protective action, to an online security information portal. The department also held conference calls with critical infrastructure partners to ensure they had timely and accurate information so they could take protective measures. More than 214 people dialed in for those calls.

DHS has seen more interest in conference calls about the H1N1 virus. The Office of Infrastructure Protection and DHS' Private Sector Office conducted a series of joint calls aimed at coordinating the public and private response to the flu, with participation peaking during the April 30 call with 1,149 participants.

"Protecting our nation's critical infrastructure and key resources is a shared responsibility," Snyder says. "Government alone cannot do it. The private sector alone cannot do it all. We must work together, and that is what we are doing using the roadmap for engaged partnership that is provided by the NIPP."

Private sector representatives are involved in more than 150 working groups to address a range of infrastructure protection issues. The most recent collaboration was between the Sector Coordinating Council and the Government Coordinating Council to initiate an Information Technology Sector Baseline Risk Assessment.

According to Snyder, the Office of Infrastructure Protection receives mostly positive feedback from private sector officials on how information sharing and coordination is going. "For the most part, they tell us they are satisfied with the level of engagement and the types of information that we are providing," he says. "Of course, there are always opportunities for improvement."