WASHINGTON—The Department of Homeland Security released a plan to protect the nation’s critical infrastructure, including information technology and telecommunications networks.
“The National Infrastructure Protection Plan is the path forward on building and enhancing protective measures for the critical-infrastructure assets and cyber systems that sustain commerce and communities throughout the United States. The NIPP formalizes and strengthens existing critical-infrastructure partnerships and creates the baseline for how the public and private sectors will work together to build a safer, more secure and resilient America,” said George Foresman, DHS undersecretary for preparedness.
The NIPP builds on existing frameworks for critical-infrastructure protection.
DHS was told by Congress to develop the NIPP in 2002 when Congress passed the Homeland-Security Act.
A key component of the NIPP is a risk-management framework that is designed to be dynamic and constantly changing and improving.
“The risk-management framework establishes the processes for combining consequence, vulnerability and threat information to produce a comprehensive, systematic and rational assessment of national or sector risk,” reads the NIPP. “The risk-management framework is tailored and applied on an asset, system, network, or function basis, depending on the fundamental characteristic of the individual sectors.”
DHS suggests that because the assets in the information technology and telecommunications sectors are diverse a bottom-up approach to managing risk may be appropriate.
Each sector has been assigned to a specific federal department. The information technology and telecommunications sectors, of which wireless is a part, have been assigned to DHS’ Office of Cybersecurity & Telecommunications.
The NIPP acknowledges that, after Sept. 11, many industries including the telecommunications industry developed business-continuity plans.
“To be effective, the NIPP must complement other plans designed to help prevent, prepare for, protect against, respond to, and recover from terrorist attacks, natural disasters, and other emergencies,” according to the NIPP. “Private-sector owners and operators have responded to the post-9/11 environment by instituting a range of protection-related plans and programs, including business continuity and resilience measures. Implementation of the NIPP will be fully coordinated between security partners to ensure that it does not result in the creation of duplicative or costly security requirements that offer little enhancement of protection.”
Sector-specific plans will be developed with industry representatives and released within six months, said DHS.
For the plans to be effective, DHS says that information sharing is necessary and the NIPP says that protections and procedures have been put in place.
“NIPP implementation relies on critical-infrastructure information provided by the private sector. Much of this is sensitive business or security information that could cause serious damage to private firms, the economy, public safety, or security through unauthorized disclosure or access. The federal government has a statutory responsibility to safeguard protection-related information. DHS and other federal agencies use a number of programs and procedures to ensure that security-related information is properly safeguarded,” said DHS in the NIPP.