Memo
To:
From:
Date:
Subject: National Infrastructure Protection Plan
The economic wellbeing an indeed survival of any nation is dependent on a comprehensive and effective infrastructure network. This is no exception to the USA which has one of the most comprehensive and vast infrastructure system in the world. Like in any other liberal economy, the creation and management of the infrastructure is shared by government and the private sector (Labaka, Hernantes & Sarriegi, 2016; White et al, 2016). This crucial resource however, faces many risks both domestic and international with a capacity to cause intense economic damage as well as loss of life. These risks include the traditional physical threats and the contemporary cyber security threats, which are increasingly gaining preeminence (Homeland Security, 2013; Tatar, Karabacak & Gheorghe, 2016). The protection of the infrastructural network is therefore crucial. Due to the diverse players within the network both within and without government, there is a need to create a system of coordination that brings together all stakeholders and creates a unified system of reaction to infrastructural threats (Labaka, Hernantes & Sarriegi, 2016; White et al, 2016). Therefore, the government through the department of Homeland Security came up with the National Infrastructure Protection Plan (NIPP).
Authorities, Roles, and Responsibilities
NIPP seeks to unify the efforts of the government with those of the private sector and create a Critical Infrastructure and Key Resource (CIKR). NIPP is premised on the 1998 Presidential Decision Directive-63 and is geared towards the protection of critical infrastructure as well as key resources and ensure the resiliency thereof. The current version of NIPP is a 53 page document produced in 2013 as an advancement of its predecessor that had been released in 2009 (Homeland Security, 2013). Most contemporary commentators consider the NIPP as impracticable and of little use in the case of an actual major infrastructure threat. It however, creates an initial formula of response as well as acting as a preventative measure by its very existence. The parties to NIPP are in the form of councils bringing together the government and the relevant private sector stakeholders. The government side is known as the Government Coordinating Council (GCC) and comprises of 13 sector specific agencies of the federal government (Homeland Security, 2013). The private sector side is known as the Sector Coordinating Councils (SCC) and brings together private sector stakeholders of about 16 relevant sectors (Homeland Security, 2013).
Delegate your assignment to our experts and they will do the rest.
How to Manage Risk
With regard to risk management, NIPP provides several crucial formulae on the laid down processes and procedures. The fundamental one is that for effective risk management, coordination and oneness is necessary (White et al., 2016). This requires the working together in partnership for all stakeholders from the federal level, state governments, local authorities, tribal leaderships, and territorial governments as well as segments of the relevant private sectors (White et al., 2016). This coordination is geared towards five major goals. The first is to have a unified approach in the identification, deterring, detection, disruption of active and potential physical and cyber security hazards that affect the nation’s critical infrastructure (Tatar, Karabacak, & Gheorghe, 2016). This relates to an active process of gathering information, sharing it, processing it and staying ahead of any threats in order to deter them from taking place and stop them in the case they have already commenced. The second relates to the improvement of the infrastructural assets from a security perspective. This includes creation and continuous improvement of the best cyber security apparatus and elimination of any circumstances that create physical attack risks (Tatar, Karabacak, & Gheorghe, 2016). Finally, NIPP risk management involves seeking to mitigate the consequences of actual, but mostly potential incidents or advance events that may occur or have occurred. The fourth goal is the sharing of information across all stakeholders. This ensures that all stakeholders have a unified approach. The fifth approach entails seeking to learn from part threats and events in order to avoid recurrence and/or mitigate future losses in the case of a recurrence (Labaka, Hernantes, & Sarriegi, 2016).
Methods for Organizing and Partnering for CIKR Protection
The processes and procedures provided for by NIPP relate to a continuous process of infrastructure protection as well as an augmented reaction in the case of an extreme threat. The main premise for this processes and procedures however is unity and partnership (White et al., 2016). Unity and partnership may be easy to achieve under normal circumstances but when critical moments arise, it may become a challenge. Yet it is for this critical moments that NIPP was established (Homeland Security, 2013). The key to unity and partnership during critical moments lies in unity and partnership at all times as it is impossible to tell what normal circumstances are a precursor to the critical moment (White et al., 2016). The catastrophic security lapses that led to the September 11 th , 2001 terror attacks was blamed on non-sharing of information among critical government agencies (Labaka, Hernantes, & Sarriegi, 2016). Non-sharing of information was customary and the critical nature of the information about 9/11 was not known until it was too late (White et al., 2016). To avoid this, all information, crucial or otherwise must be shared amongst all stakeholders under NIPP in the very least under a well-established need to know basis (Labaka, Hernantes, & Sarriegi, 2016). This need to know basis should be premised on a transparent system set and agreed upon by all parties. Secondly, the goals of the NIPP systems ought to be transparently formed and agreed upon by all parties with no party feeling left out. Based on the principle that the strength of a chain is determined by the weakest link, the non-inclusion of a relevant stakeholder at any time weakens the entire system (Labaka, Hernantes, & Sarriegi, 2016; White et al, 2016). Credit for success should also be fairly bequeathed to the party responsible for any event to avoid some of the parties from feeling less relevant than others. It is the custom of oneness at all times that will ensure oneness in critical times thus ensuring that the stakeholders work together at that critical time, which is the key to combat critical infrastructure threats (Labaka, Hernantes, & Sarriegi, 2016).
How Ensure an Effective, Efficient Program over the Long Term
Long term security is a vital element of NIPP as infrastructural systems are long term projects. It is, therefore, important for the systems put in place under NIPP to not only work today but have a high propensity for future success (Labaka, Hernantes, & Sarriegi, 2016). One of the basic prerequisites of the future is the assurance of change. As the nation moves into the future, the nature of infrastructure will continuously evolve so will the nature of the threats posed. The first key to long term success, therefore, lies in the ability to predict future changes in infrastructure as well as future changes in the threats posed (Homeland Security, 2013). Even the traditional forms of infrastructure are increasingly becoming susceptible to new forms of threats. A good example of this is cyber security threats. This threat was traditionally anticipated with regard to systems such as communication, air transport infrastructure, and power plants. Currently however, even analogue systems such as roads face cyber security threats due to the advent of computerized vehicles and computerized traffic control (Tatar, Karabacak, & Gheorghe, 2016). Therefore even as a new NIPP is periodically introduced, the systems and protocols in place need to be continually updated and upgraded to align with new infrastructural changes as well as the kindred new threats. Another important component of long term effectiveness of the ‘learn and adapt’ component of NIPP (Homeland Security, 2013). Even as the system prepares for new future threats, past adverse effects should not be ignored. The adverse effects themselves and the errors that led to their occurring should be analyzed, understood and factored. Finally, unity in all activities, both great and small with no stakeholder feeling marginalized is also key to long term success.
References
Homeland Security (2013). NIPP 2013 Partnering for Critical Infrastructure Security and Resilience. Retrieved from https://www.dhs.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and-resilience
Labaka, L., Hernantes, J., & Sarriegi, J. M. (2016). A holistic framework for building critical infrastructure resilience. Technological Forecasting and Social Change , 103 , 21-33.
Tatar, U., Karabacak, B., & Gheorghe, A. (2016, January). An Assessment Model to Improve National Cyber Security Governance. In 11th International Conference on Cyber Warfare and Security: ICCWS2016 (p. 312). Academic Conferences and publishing limited.
White, R., Burkhart, A., Boult, T., & Chow, E. (2016). Towards a Comparable Cross-Sector Risk Analysis: RAMCAP Revisited. In Critical Infrastructure Protection X: 10th IFIP WG 11.10 International Conference, ICCIP 2016, Arlington, VA, USA, March 14-16, 2016, Revised Selected Papers 10 (pp. 221-237). New York: Springer International Publishing.
