Review and Revision of the National Infrastructure Protection Plan, 34112-34115 [2013-13427]
Download as PDF
34112
Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices
93.393, Cancer Cause and Prevention
Research; 93.394, Cancer Detection and
Diagnosis Research; 93.395, Cancer
Treatment Research; 93.396, Cancer Biology
Research; 93.397, Cancer Centers Support;
93.398, Cancer Research Manpower; 93.399,
Cancer Control, National Institutes of Health,
HHS)
Dated: May 31, 2013.
Melanie J. Gray,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2013–13371 Filed 6–5–13; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HOMELAND
SECURITY
Agency Information Collection
Activities: Request for Expressions of
Interest (EOI) To Perform a Chemical
Defense Demonstration Project
Office of Health Affairs,
Chemical Defense Program, DHS.
ACTION: 30-Day Notice and request for
comments; New Collection, 1601—NEW
AGENCY:
The Department of Homeland
Security, Office of Health Affairs,
Chemical Defense Program will submit
the following information collection
request (ICR) to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995 (Pub. L. 104–13, 44 U.S.C. Chapter
35). DHS previously published this
information collection request (ICR) in
the Federal Register on February 8,
2013, at FR 9405 for a 60-day public
comment period. No comments were
received by DHS. The purpose of this
notice is to allow additional 30-days for
public comments.
DATES: Comments are encouraged and
will be accepted until July 8, 2013. This
process is conducted in accordance with
5 CFR 1320.10.
ADDRESSES: Interested persons are
invited to submit written comments on
the proposed information collection to
the Office of Information and Regulatory
Affairs, Office of Management and
Budget. Comments should be addressed
to OMB Desk Officer, Department of
Homeland Security and sent via
electronic mail to
oira_submission@omb.eop.gov or faxed
to (202) 395–5806.
The Office of Management and Budget
is particularly interested in comments
which:
1. Evaluate whether the proposed
collection of information is necessary
for the proper performance of the
functions of the agency, including
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
VerDate Mar<15>2010
17:35 Jun 05, 2013
Jkt 229001
whether the information will have
practical utility;
2. Evaluate the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the
methodology and assumptions used;
3. Enhance the quality, utility, and
clarity of the information to be
collected; and
4. Minimize the burden of the
collection of information on those who
are to respond, including through the
use of appropriate automated,
electronic, mechanical, or other
technological collection techniques or
other forms of information technology,
e.g., permitting electronic submissions
of responses.
FOR FURTHER INFORMATION CONTACT: If
additional information is required
contact: The Department of Homeland
Security (DHS), Office of Health Affairs,
Chemical Defense Program, Attn.: CAPT
Joselito Ignacio,
joselito.ignacio@hq.dhs.gov, 202–254–
5738.
The
Chemical Defense Program seeks to
obtain information from respondents
interested in hosting a demonstration
project aimed at developing a
comprehensive chemical defense
framework. The authority for the
Chemical Defense Program to collect
this information can be found in Public
Law 112–74, Consolidated
Appropriations Act, 2012 and
Conference Report 112–331.
The information requested on the
form includes: Name of state, local,
tribal, or territorial government agency;
address; submitter’s name, position and
contact information; identified venue
for demonstration project; interest in
developing a chemical defense
capability; specific reasons for the
communities interest and needs for a
chemical defense capability; community
chemical threat assessed risks if
applicable; any additional information
respondent requests for consideration.
As identified in Public Law 112–74 and
Conference Report 112–331, the
Chemical Defense Program must
competitively select the locations for
conducting the chemical defense
demonstration projects. The Chemical
Defense Program will use the provided
information for the selection process.
SUPPLEMENTARY INFORMATION:
Analysis
Agency: Office of Health Affairs
Chemical Defense Program, DHS.
Title: Request for Expressions of
Interest (EOI) To Perform a Chemical
Defense Demonstration Project.
OMB Number: 1601—NEW.
PO 00000
Frm 00082
Fmt 4703
Sfmt 4703
Frequency: Once.
Affected Public: State, Local, or Tribal
Government.
Number of Respondents: 25.
Estimated Time per Respondent: 20
hours.
Total Burden Hours: 500 Hours.
Dated: May 23, 2013.
Margaret H. Graves,
Acting Chief Information Officer.
[FR Doc. 2013–13324 Filed 6–5–13; 8:45 am]
BILLING CODE 9110–9B–P
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. DHS–2013–0024]
Review and Revision of the National
Infrastructure Protection Plan
National Protection and
Programs Directorate, DHS.
ACTION: Notice and request for
comments.
AGENCY:
This notice informs the public
that the Department of Homeland
Security (DHS) National Protection and
Programs Directorate (NPPD) Office of
Infrastructure Protection (IP) is
currently reviewing the National
Infrastructure Protection Plan (NIPP) to
conform to the requirements of
Presidential Policy Directive 21, Critical
Infrastructure Security and Resilience,
and, as part of a comprehensive national
review process, solicits public comment
on issues or language in the NIPP that
need to be updated.
DATES: Written comments are
encouraged and will be accepted until
July 8, 2013.
ADDRESSES: Written comments and
questions about the NIPP should be
forwarded to Lisa Barr, DHS/NPPD/IP/
Office of Strategy and Policy, 245
Murray Lane SW., Mail Stop 8530,
Arlington, VA 20598–8530. Written
comments should reach the contact
person listed no later than July 8, 2013.
Comments must be identified by ‘‘DHS–
2013–0024’’ and may be submitted by
one of the following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov.
• Email: EO-PPDTaskForce@
hq.dhs.gov. Include the docket number
in the subject line of the message.
Instructions: All submissions received
must include the words ‘‘Department of
Homeland Security’’ and the docket
number for this action. All comments
received (via any of the identified
methods) will be posted without change
to https://www.regulations.gov, including
any personal information provided. You
may submit your comments and
SUMMARY:
E:\FR\FM\06JNN1.SGM
06JNN1
Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices
material by one of the methods specified
in the ADDRESSES section. Please submit
your comments and material by only
one means to avoid the adjudication of
duplicate submissions. If you submit
comments by mail, your submission
should be an unbound document and no
larger than 8.5 by 11 inches to enable
copying and electronic document
management. If you want DHS to
acknowledge receipt of comments by
mail, include with your comments a
self-addressed, stamped postcard that
includes the docket number for this
action. We will date your postcard and
return it to you via regular mail. For
purposes of review, the 2009 NIPP can
be found at https://www.dhs.gov/nipp.
Docket: Background documents and
comments can be viewed at https://
www.regulations.gov.
Lisa
Barr, DHS/NPPD/IP/Office of Strategy
and Policy; 245 Murray Lane SW., Mail
Stop 8530, Washington, DC 20528–8530
or 703–235–9542.
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION:
I. Public Participation
The Department of Homeland
Security (DHS) invites interested
persons to contribute suggestions and
comments for the rewrite of the National
Infrastructure Protection Plan (NIPP) by
submitting written data, views, or ideas.
Comments that will provide the most
assistance to DHS in updating the NIPP
will explain the reason for any
recommended changes to the NIPP and
include data, information, or authority
that supports such recommended
change. Linking changes to specific
sections of the NIPP would also be
helpful. There will be an opportunity to
review a revised document reflecting
the various changes sometime this
summer.
mstockstill on DSK4VPTVN1PROD with NOTICES
II. Background
On February 12, 2013, President
Obama signed Presidential Policy
Directive 21 1 (PPD–21), Critical
Infrastructure Security and Resilience,
which builds on the extensive work
done to date to protect and enhance the
resilience of the Nation’s critical
infrastructure. This directive aims to
clarify roles and responsibilities across
the Federal Government and establish a
more effective partnership with owners
and operators and state, local, tribal,
and territorial entities to enhance the
1 PPD–21 can be found at: https://
www.whitehouse.gov/the-press-office/2013/02/12/
presidential-policy-directive-critical-infrastructuresecurity-and-resil.
VerDate Mar<15>2010
17:35 Jun 05, 2013
Jkt 229001
security and resilience of critical
infrastructure.
President Obama also signed
Executive Order (EO) 13636 2 on
February 12, 2013, entitled Improving
Critical Infrastructure Cybersecurity. By
issuing the EO and PPD together, the
Administration is taking an integrated
approach to strengthening the security
and resilience of critical infrastructure
against all hazards, through an updated
and overarching national framework
that acknowledges the increased role of
cybersecurity in securing physical
assets.
PPD–21 sets forth several actions that
the Secretary of Homeland Security
shall take to implement the directive.
One of these is to develop a successor
to the NIPP to address the
implementation of PPD–21; the
requirements of Title II of the Homeland
Security Act of 2002, as amended; and
alignment with the National
Preparedness Goal and System required
by Presidential Policy Directive 8
(PPD–8).
The 2009 NIPP set forth a
comprehensive risk management
framework and defined roles and
responsibilities for DHS; the SectorSpecific Agencies (SSAs); other Federal
departments and agencies; state, local,
tribal, and territorial governments;
critical infrastructure owners and
operators; and other stakeholders in
industry, academia, and nongovernmental organizations. The NIPP
provides a coordinated approach for
establishing national priorities, goals,
and requirements so that resources can
be applied in the most effective manner.
The NIPP risk management framework
responds to an evolving risk landscape;
as such, there will always be changes to
the NIPP—from relatively minor to more
significant—to ensure it remains
relevant to the critical infrastructure
mission over time.
III. Initial List of Issues To Be Updated
in the NIPP
PPD–21 specifies the following
elements that shall be included in the
successor to the NIPP:
• Identification of a risk management
framework to be used to strengthen the
security and resilience of critical
infrastructure;
• Protocols to synchronize
communication and actions within the
Federal Government; and
• A metrics process to be used to
measure the Nation’s ability to manage
and reduce risks to critical
infrastructure.
2 EO 13636 can be found at: https://www.gpo.gov/
fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf.
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
34113
Some other actions required of the
Secretary for Homeland Security under
PPD–21 also must be addressed in the
successor to the NIPP, including a
description of functional relationships
within DHS and across the Federal
Government related to critical
infrastructure security and resilience;
and any changes to the sector
partnership resulting from the
evaluation of the existing public-private
partnership model. Finally, the plan
must consider sector dependencies on
energy and communications systems,
and identify pre-event and mitigation
measures or alternate capabilities during
disruptions to those systems.
The NIPP review will be coordinated
with a broad range of critical
infrastructure partners and other
stakeholders. This notice extends an
invitation to the public to provide
feedback on the 2009 NIPP and those
changes that should or should not be
made. To assist the reviewer, DHS has
conducted a review of expected changes
to the NIPP and an initial list of
potential changes is included in this
notice. The purpose of this notice is to
request public comment on additional
changes that would help fulfill the
mandate of PPD–21 to make the
successor to the NIPP more relevant and
useful in strengthening the security and
resilience of the Nation’s critical
physical and cyber infrastructure. Some
of the known changes that will be
addressed in the successor to the NIPP
are:
• Changes to the sectors and
designated SSAs;
• Changes in terminology based on
recent directives;
• Alignment with PPD–8 on National
Preparedness;
• Updates to information-sharing
tools and mechanisms;
• Critical infrastructure security and
resilience regulatory programs;
• Updates on measurement and
reporting and risk-informed resource
allocation;
• Review and update cycles for the
NIPP and Sector-Specific Plans (SSPs);
• Closer integration of physical and
cybersecurity, including increased
coordination of research and
development efforts;
• Review of the risk management
approach;
• Sector dependencies on energy and
communications systems;
• Increased regional emphasis of
critical infrastructure security and
resilience; and
• Other issues, such as aging
infrastructure and climate change
adaptation.
E:\FR\FM\06JNN1.SGM
06JNN1
34114
Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices
These changes are discussed further
below.
IV. Discussion of Issues To Be
Addressed in the Successor to the NIPP
Implementing PPD–21 will require
DHS to address a number of specific
issues in reviewing and updating the
NIPP. However, since the NIPP was last
issued in 2009, critical infrastructure
programs across the Nation have
matured and produced lessons learned
and best practices from day-to-day
operations, exercises, and actual
incidents that should be incorporated in
any successor to the plan. The new
document must incorporate
developments including new laws, EOs,
Presidential directives, and regulations,
and procedural changes to critical
infrastructure security and resilience
activities based on real-world events
and emerging risks.
Some of the known changes that will
be addressed in this review of the NIPP
are described below. DHS welcomes
comments and ideas on areas that
should be updated, expanded, changed,
added, or deleted as appropriate.
mstockstill on DSK4VPTVN1PROD with NOTICES
Changes to the Sectors and SSAs
PPD–21 reduces the number of sectors
from 18 to 16 by designating two
previously existing sectors as new
subsectors. National Monuments and
Icons is now a subsector of the
Government Facilities Sector and Postal
and Shipping is a subsector of the
Transportation Systems Sector. In
addition, the PPD changed the names of
two sectors to better reflect their scope:
• The Banking and Finance Sector is
now the Financial Services Sector; and
• The Water Sector is now the Water
and Wastewater Systems Sector.
Finally, PPD–21 designates new coSSAs for two sectors, as follows: The
General Services Administration joins
DHS as a co-SSA of the Government
Facilities Sector and the U.S.
Department of Transportation joins DHS
as a co-SSA for the Transportation
Systems Sector.
Changes in Terminology and Alignment
With Presidential Policy Directive 8,
National Preparedness
PPD–21 changes the lexicon by using
critical infrastructure security and
resilience in place of critical
infrastructure protection. The new
terminology is consistent with the
national preparedness construct
established by PPD–8. The five mission
areas under PPD–8—prevention,
protection, mitigation, response, and
recovery—link to the two major
outcomes that preparedness seeks to
achieve: Security, which closely aligns
VerDate Mar<15>2010
17:35 Jun 05, 2013
Jkt 229001
with prevention and protection; and
resilience, which more closely aligns
with mitigation, response, and recovery.
There is overlap among all of the PPD–
8 mission areas and between those
mission areas and the concepts of
security and resilience. The new
terminology supports the move toward
a more comprehensive approach to
overall national preparedness, of which
critical infrastructure security and
resilience are major components. The
use of the term ‘‘security’’ in this
context applies to all hazards and not
simply threats from terrorism.
Updates to Information-Sharing Tools
and Mechanisms
PPD–21 sets forth the following
strategic imperative: ‘‘A secure,
functioning, and resilient critical
infrastructure requires the efficient
exchange of information, including
intelligence, between all levels of
government and critical infrastructure
owners and operators.’’ To that end,
several of the actions required of DHS
in the PPD are designed to improve and
streamline information sharing between
the Federal Government and critical
infrastructure partners and stakeholders.
DHS requests comments and input on
ways that the current NIPP informationsharing approach and mechanisms
could be changed and improved.
Critical Infrastructure Security and
Resilience Regulatory Programs
Through existing regulations, the
Federal Government can mandate
security-related activities and protocols,
as appropriate and authorized by
Congress, to better ensure that a baseline
level of security is being maintained at
various types of critical infrastructure
facilities. An example of currently
existing regulatory regimes that enhance
critical infrastructure security and
resilience include regulations pursuant
to the U.S. Coast Guard’s Maritime
Transportation Security Act (MTSA), 33
CFR Parts 101–107, which requires
certain critical infrastructure located
adjacent to a U.S. port or waterway to
conduct facility security assessments
and develop and implement facility
security plans. DHS is not proposing
new regulatory authority through this
notice, but is requesting input on ways
to better integrate existing regulatory
programs into the NIPP framework.
Updates on Measurement and Reporting
Processes and Risk-Informed Resource
Allocation
DHS has been working to improve
metrics and reporting processes to
assess national critical infrastructure
security and resilience efforts and
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
identify opportunities for improvement.
Over the last year, DHS and the SSAs
have worked to streamline data
collection processes, and identify links
between the National Preparedness Goal
core capabilities and the national
critical infrastructure protection
outcomes. The successor to the NIPP
will reflect the maturation of metrics
processes, and efforts to use those
metrics to inform resource allocation
decisions.
Review and Update Cycles for the NIPP
and SSPs
The revision cycle for the SSPs
follows the NIPP revision cycle by one
year, to ensure that the concepts and
strategic direction provided in the NIPP
are captured in the next edition of the
SSPs. In 2010, government and private
sector partners agreed that a four-year
review cycle was sufficient to keep the
NIPP and SSPs current and would
provide better alignment with the
Quadrennial Homeland Security
Review. This change took effect in July
2011, placing the next review and
rewrite of the NIPP in 2013 and the next
reissue of the SSPs in 2014.
Following development of the
successor to the NIPP in late 2013, DHS
will issue guidance to the SSAs for
revising the SSPs. This guidance will
cover the major updates and changes to
the NIPP to address implementation of
PPD–21 so the sectors can incorporate
these updates into the SSPs as
appropriate.
Closer Integration of Physical and Cyber
Security
DHS leads an Interagency Task Force
charged with accomplishing the
integrated implementation of PPD–21
and EO 13636. The task force includes
representatives from DHS, the SSAs,
and other Federal departments and
agencies with a role in critical
infrastructure security and resilience
and/or cybersecurity. The task force
established various working groups to
address the deliverables required for
implementation of the EO and PPD.
Many of these deliverables will
influence and be reflected in the
successor to the NIPP and the document
will address physical and cybersecurity
in a more integrated and holistic
manner.
A key part of this approach includes
greater integration and coordination of
research and development efforts for
physical and cybersecurity and strategic
planning to support the development
and use of incentives to facilitate this
integration. DHS requests comments on
the timeframe and requirements for
research, development, and incentives
E:\FR\FM\06JNN1.SGM
06JNN1
Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices
for increased cyber-physical integration
and how the successor to the NIPP can
integrate the concepts and
implementation of physical and
cybersecurity.
Review of the Risk Management
Approach
The NIPP’s risk management
framework establishes an approach for
setting goals; identifying infrastructure;
combining consequence, vulnerability,
and threat information to produce a
comprehensive, systematic, and rational
assessment of national or sector risk;
developing security measures and
resilience strategies; and measuring
effectiveness.
It is designed to respond to an everchanging risk environment and, as such,
it provides an adaptable framework to
address evolving and emerging risks to
critical infrastructure. DHS is not
seeking to make significant changes to
the basic structure and concept of the
risk management framework but rather
to review how PPD–21 and other recent
directives and events will influence the
context and application of the risk
management framework going forward.
Sector Dependencies on Energy and
Communications Systems
mstockstill on DSK4VPTVN1PROD with NOTICES
Increased Regional Emphasis
As DHS has sought to improve the
efficacy of the delivery of critical
infrastructure protection and resilience
support and assistance to state, local,
tribal, territorial, and private sector
partners, it has moved toward a more
decentralized regional model that
leverages field-based employees. The
regional model synchronizes with
DHS’s effort to provide more tailored
support to specific geographic regions to
more closely address their unique
challenges, such as region-specific
hazards (e.g., earthquakes, hurricanes),
and operating environments.
17:35 Jun 05, 2013
Jkt 229001
Dated: May 31, 2013.
Robert Kolasky,
Director for Strategy and Policy, Office of
Infrastructure Protection, National Protection
and Programs Directorate, Department of
Homeland Security.
[FR Doc. 2013–13427 Filed 6–5–13; 8:45 am]
BILLING CODE 9110–9P–P
DEPARTMENT OF HOMELAND
SECURITY
Coast Guard
[Docket No. USCG–2013–0461]
National Offshore Safety Advisory
Committee
AGENCY:
United States Coast Guard,
DHS.
Notice of teleconference
meeting.
ACTION:
The National Offshore Safety
Advisory Committee (NOSAC) will meet
via teleconference to receive a Final
Report from the Subcommittee on the
Implementation of Standards from the
International Labor Organization—
Maritime Labour Convention of 2006, a
task statement presented at the 17–18
April, 2013 NOSAC meeting. Upon
committee approval, the final report
will be presented to the Coast Guard for
acceptance. Additionally the committee
will reconvene the Subcommittee on
commercial diving safety to consider
recommendations for commercial diving
operational standards. This
teleconference meeting will be open to
the public.
DATES: The teleconference meeting will
take place on Tuesday June 25, 2013,
from 11 a.m. to 2 p.m. EST. This
teleconference meeting may end early if
all business is finished before 2 p.m. If
you wish to make oral comments at the
teleconference meeting, simply notify
Mr. Scott Hartley before the
teleconference, as specified in the
ADDRESSES section, or the designated
Coast Guard staff at the meeting. If you
wish to submit written comments or
make a presentation, submit your
comments or request to make a
presentation by June 7, 2013.
ADDRESSES: The Committee will meet
via teleconference. To participate by
SUMMARY:
PPD–21 acknowledges the
dependency of all critical infrastructure
sectors on energy and communications
systems and functions and requires that
these dependencies be specifically
considered in reviewing the NIPP. The
updated document will consider preevent and mitigation measures or
alternate capabilities that communities
and critical infrastructure owners and
operators may bring to bear during
disruptions to those systems and
functions. This aligns with
implementation of the National
Preparedness Goal under PPD–8.
VerDate Mar<15>2010
Other Issues—Aging Infrastructure and
Climate Change Adaptation
The areas of aging infrastructure and
climate change are appreciated as risks
of concern to critical infrastructure
security and resilience. As a result,
these issues will be considered as part
of the all-hazards approach in reviewing
and rewriting the NIPP.
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
34115
phone, contact the Alternate Designated
Federal Officer (ADFO) listed below in
the FOR FURTHER INFORMATION CONTACT
section to obtain teleconference
information. Note the number of
teleconference lines is limited and will
be available on a first-come, first-served
basis. To join those participating in this
teleconference from U.S. Coast Guard
Headquarters, come to Room 5–1222,
U.S. Coast Guard Headquarters
Building, 2100 Second Street SW.,
Washington, DC 20593. You must
present a valid, government-issued
photo identification to gain entrance to
the Coast Guard Headquarters building.
If you want to make a presentation,
send your request by June 7, 2013, to
Mr. Scott Hartley, NOSAC ADFO,
telephone 202–372–1437, Commandant
(CG–OES–2), 2100 Second Street SW.,
Stop 7126, Washington, DC 20593–7126
or by fax to 202–372–1926. To facilitate
public participation we are inviting
public comment on the issues to be
considered by the committee as listed in
the ‘‘AGENDA’’ section below. You may
submit a written comment on or before
June 7, 2013 or make an oral comment
during the public comment portion of
the teleconference.
To submit a comment in writing, use
one of the following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Email: Scott.E.Hartley@uscg.mil.
Include the docket number (USCG–
2013–0461) on the subject line of the
message.
• Fax: (202) 372–1925. Include the
docket number (USCG–2010–0164) on
the subject line of the fax.
• Mail: Docket Management Facility
(M–30), U.S. Department of
Transportation, West Building Ground
Floor, Room W12–140, 1200 New Jersey
Avenue SE., Washington, DC 20590–
0001. We encourage use of electronic
submissions because security screening
may delay the delivery of mail.
• Hand Delivery: Same as mail
address above, between 9 a.m. and 5
p.m., Monday through Friday, except
Federal holidays. The telephone number
is 202–366–9329.
• To avoid duplication, please use
only one of the above methods.
Instructions: All submissions received
must include the words ‘‘Department of
Homeland Security’’ and the docket
number for this action. Comments
received will be posted without
alteration at https://www.regulations.gov,
including any personal information
provided. You may review a Privacy Act
notice regarding our public dockets in
the January 17, 2008, issue of the
Federal Register (73 FR 3316).
E:\FR\FM\06JNN1.SGM
06JNN1
Agencies
[Federal Register Volume 78, Number 109 (Thursday, June 6, 2013)]
[Notices]
[Pages 34112-34115]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-13427]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
[Docket No. DHS-2013-0024]
Review and Revision of the National Infrastructure Protection
Plan
AGENCY: National Protection and Programs Directorate, DHS.
ACTION: Notice and request for comments.
-----------------------------------------------------------------------
SUMMARY: This notice informs the public that the Department of Homeland
Security (DHS) National Protection and Programs Directorate (NPPD)
Office of Infrastructure Protection (IP) is currently reviewing the
National Infrastructure Protection Plan (NIPP) to conform to the
requirements of Presidential Policy Directive 21, Critical
Infrastructure Security and Resilience, and, as part of a comprehensive
national review process, solicits public comment on issues or language
in the NIPP that need to be updated.
DATES: Written comments are encouraged and will be accepted until July
8, 2013.
ADDRESSES: Written comments and questions about the NIPP should be
forwarded to Lisa Barr, DHS/NPPD/IP/Office of Strategy and Policy, 245
Murray Lane SW., Mail Stop 8530, Arlington, VA 20598-8530. Written
comments should reach the contact person listed no later than July 8,
2013. Comments must be identified by ``DHS-2013-0024'' and may be
submitted by one of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Email: EO-PPDTaskForce@ hq.dhs.gov. Include the docket
number in the subject line of the message.
Instructions: All submissions received must include the words
``Department of Homeland Security'' and the docket number for this
action. All comments received (via any of the identified methods) will
be posted without change to https://www.regulations.gov, including any
personal information provided. You may submit your comments and
[[Page 34113]]
material by one of the methods specified in the ADDRESSES section.
Please submit your comments and material by only one means to avoid the
adjudication of duplicate submissions. If you submit comments by mail,
your submission should be an unbound document and no larger than 8.5 by
11 inches to enable copying and electronic document management. If you
want DHS to acknowledge receipt of comments by mail, include with your
comments a self-addressed, stamped postcard that includes the docket
number for this action. We will date your postcard and return it to you
via regular mail. For purposes of review, the 2009 NIPP can be found at
https://www.dhs.gov/nipp.
Docket: Background documents and comments can be viewed at https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Lisa Barr, DHS/NPPD/IP/Office of
Strategy and Policy; 245 Murray Lane SW., Mail Stop 8530, Washington,
DC 20528-8530 or 703-235-9542.
SUPPLEMENTARY INFORMATION:
I. Public Participation
The Department of Homeland Security (DHS) invites interested
persons to contribute suggestions and comments for the rewrite of the
National Infrastructure Protection Plan (NIPP) by submitting written
data, views, or ideas. Comments that will provide the most assistance
to DHS in updating the NIPP will explain the reason for any recommended
changes to the NIPP and include data, information, or authority that
supports such recommended change. Linking changes to specific sections
of the NIPP would also be helpful. There will be an opportunity to
review a revised document reflecting the various changes sometime this
summer.
II. Background
On February 12, 2013, President Obama signed Presidential Policy
Directive 21 \1\ (PPD-21), Critical Infrastructure Security and
Resilience, which builds on the extensive work done to date to protect
and enhance the resilience of the Nation's critical infrastructure.
This directive aims to clarify roles and responsibilities across the
Federal Government and establish a more effective partnership with
owners and operators and state, local, tribal, and territorial entities
to enhance the security and resilience of critical infrastructure.
---------------------------------------------------------------------------
\1\ PPD-21 can be found at: https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil.
---------------------------------------------------------------------------
President Obama also signed Executive Order (EO) 13636 \2\ on
February 12, 2013, entitled Improving Critical Infrastructure
Cybersecurity. By issuing the EO and PPD together, the Administration
is taking an integrated approach to strengthening the security and
resilience of critical infrastructure against all hazards, through an
updated and overarching national framework that acknowledges the
increased role of cybersecurity in securing physical assets.
---------------------------------------------------------------------------
\2\ EO 13636 can be found at: https://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf.
---------------------------------------------------------------------------
PPD-21 sets forth several actions that the Secretary of Homeland
Security shall take to implement the directive. One of these is to
develop a successor to the NIPP to address the implementation of PPD-
21; the requirements of Title II of the Homeland Security Act of 2002,
as amended; and alignment with the National Preparedness Goal and
System required by Presidential Policy Directive 8 (PPD-8).
The 2009 NIPP set forth a comprehensive risk management framework
and defined roles and responsibilities for DHS; the Sector-Specific
Agencies (SSAs); other Federal departments and agencies; state, local,
tribal, and territorial governments; critical infrastructure owners and
operators; and other stakeholders in industry, academia, and non-
governmental organizations. The NIPP provides a coordinated approach
for establishing national priorities, goals, and requirements so that
resources can be applied in the most effective manner. The NIPP risk
management framework responds to an evolving risk landscape; as such,
there will always be changes to the NIPP--from relatively minor to more
significant--to ensure it remains relevant to the critical
infrastructure mission over time.
III. Initial List of Issues To Be Updated in the NIPP
PPD-21 specifies the following elements that shall be included in
the successor to the NIPP:
Identification of a risk management framework to be used
to strengthen the security and resilience of critical infrastructure;
Protocols to synchronize communication and actions within
the Federal Government; and
A metrics process to be used to measure the Nation's
ability to manage and reduce risks to critical infrastructure.
Some other actions required of the Secretary for Homeland Security
under PPD-21 also must be addressed in the successor to the NIPP,
including a description of functional relationships within DHS and
across the Federal Government related to critical infrastructure
security and resilience; and any changes to the sector partnership
resulting from the evaluation of the existing public-private
partnership model. Finally, the plan must consider sector dependencies
on energy and communications systems, and identify pre-event and
mitigation measures or alternate capabilities during disruptions to
those systems.
The NIPP review will be coordinated with a broad range of critical
infrastructure partners and other stakeholders. This notice extends an
invitation to the public to provide feedback on the 2009 NIPP and those
changes that should or should not be made. To assist the reviewer, DHS
has conducted a review of expected changes to the NIPP and an initial
list of potential changes is included in this notice. The purpose of
this notice is to request public comment on additional changes that
would help fulfill the mandate of PPD-21 to make the successor to the
NIPP more relevant and useful in strengthening the security and
resilience of the Nation's critical physical and cyber infrastructure.
Some of the known changes that will be addressed in the successor to
the NIPP are:
Changes to the sectors and designated SSAs;
Changes in terminology based on recent directives;
Alignment with PPD-8 on National Preparedness;
Updates to information-sharing tools and mechanisms;
Critical infrastructure security and resilience regulatory
programs;
Updates on measurement and reporting and risk-informed
resource allocation;
Review and update cycles for the NIPP and Sector-Specific
Plans (SSPs);
Closer integration of physical and cybersecurity,
including increased coordination of research and development efforts;
Review of the risk management approach;
Sector dependencies on energy and communications systems;
Increased regional emphasis of critical infrastructure
security and resilience; and
Other issues, such as aging infrastructure and climate
change adaptation.
[[Page 34114]]
These changes are discussed further below.
IV. Discussion of Issues To Be Addressed in the Successor to the NIPP
Implementing PPD-21 will require DHS to address a number of
specific issues in reviewing and updating the NIPP. However, since the
NIPP was last issued in 2009, critical infrastructure programs across
the Nation have matured and produced lessons learned and best practices
from day-to-day operations, exercises, and actual incidents that should
be incorporated in any successor to the plan. The new document must
incorporate developments including new laws, EOs, Presidential
directives, and regulations, and procedural changes to critical
infrastructure security and resilience activities based on real-world
events and emerging risks.
Some of the known changes that will be addressed in this review of
the NIPP are described below. DHS welcomes comments and ideas on areas
that should be updated, expanded, changed, added, or deleted as
appropriate.
Changes to the Sectors and SSAs
PPD-21 reduces the number of sectors from 18 to 16 by designating
two previously existing sectors as new subsectors. National Monuments
and Icons is now a subsector of the Government Facilities Sector and
Postal and Shipping is a subsector of the Transportation Systems
Sector. In addition, the PPD changed the names of two sectors to better
reflect their scope:
The Banking and Finance Sector is now the Financial
Services Sector; and
The Water Sector is now the Water and Wastewater Systems
Sector.
Finally, PPD-21 designates new co-SSAs for two sectors, as follows: The
General Services Administration joins DHS as a co-SSA of the Government
Facilities Sector and the U.S. Department of Transportation joins DHS
as a co-SSA for the Transportation Systems Sector.
Changes in Terminology and Alignment With Presidential Policy Directive
8, National Preparedness
PPD-21 changes the lexicon by using critical infrastructure
security and resilience in place of critical infrastructure protection.
The new terminology is consistent with the national preparedness
construct established by PPD-8. The five mission areas under PPD-8--
prevention, protection, mitigation, response, and recovery--link to the
two major outcomes that preparedness seeks to achieve: Security, which
closely aligns with prevention and protection; and resilience, which
more closely aligns with mitigation, response, and recovery. There is
overlap among all of the PPD-8 mission areas and between those mission
areas and the concepts of security and resilience. The new terminology
supports the move toward a more comprehensive approach to overall
national preparedness, of which critical infrastructure security and
resilience are major components. The use of the term ``security'' in
this context applies to all hazards and not simply threats from
terrorism.
Updates to Information-Sharing Tools and Mechanisms
PPD-21 sets forth the following strategic imperative: ``A secure,
functioning, and resilient critical infrastructure requires the
efficient exchange of information, including intelligence, between all
levels of government and critical infrastructure owners and
operators.'' To that end, several of the actions required of DHS in the
PPD are designed to improve and streamline information sharing between
the Federal Government and critical infrastructure partners and
stakeholders. DHS requests comments and input on ways that the current
NIPP information-sharing approach and mechanisms could be changed and
improved.
Critical Infrastructure Security and Resilience Regulatory Programs
Through existing regulations, the Federal Government can mandate
security-related activities and protocols, as appropriate and
authorized by Congress, to better ensure that a baseline level of
security is being maintained at various types of critical
infrastructure facilities. An example of currently existing regulatory
regimes that enhance critical infrastructure security and resilience
include regulations pursuant to the U.S. Coast Guard's Maritime
Transportation Security Act (MTSA), 33 CFR Parts 101-107, which
requires certain critical infrastructure located adjacent to a U.S.
port or waterway to conduct facility security assessments and develop
and implement facility security plans. DHS is not proposing new
regulatory authority through this notice, but is requesting input on
ways to better integrate existing regulatory programs into the NIPP
framework.
Updates on Measurement and Reporting Processes and Risk-Informed
Resource Allocation
DHS has been working to improve metrics and reporting processes to
assess national critical infrastructure security and resilience efforts
and identify opportunities for improvement. Over the last year, DHS and
the SSAs have worked to streamline data collection processes, and
identify links between the National Preparedness Goal core capabilities
and the national critical infrastructure protection outcomes. The
successor to the NIPP will reflect the maturation of metrics processes,
and efforts to use those metrics to inform resource allocation
decisions.
Review and Update Cycles for the NIPP and SSPs
The revision cycle for the SSPs follows the NIPP revision cycle by
one year, to ensure that the concepts and strategic direction provided
in the NIPP are captured in the next edition of the SSPs. In 2010,
government and private sector partners agreed that a four-year review
cycle was sufficient to keep the NIPP and SSPs current and would
provide better alignment with the Quadrennial Homeland Security Review.
This change took effect in July 2011, placing the next review and
rewrite of the NIPP in 2013 and the next reissue of the SSPs in 2014.
Following development of the successor to the NIPP in late 2013,
DHS will issue guidance to the SSAs for revising the SSPs. This
guidance will cover the major updates and changes to the NIPP to
address implementation of PPD-21 so the sectors can incorporate these
updates into the SSPs as appropriate.
Closer Integration of Physical and Cyber Security
DHS leads an Interagency Task Force charged with accomplishing the
integrated implementation of PPD-21 and EO 13636. The task force
includes representatives from DHS, the SSAs, and other Federal
departments and agencies with a role in critical infrastructure
security and resilience and/or cybersecurity. The task force
established various working groups to address the deliverables required
for implementation of the EO and PPD. Many of these deliverables will
influence and be reflected in the successor to the NIPP and the
document will address physical and cybersecurity in a more integrated
and holistic manner.
A key part of this approach includes greater integration and
coordination of research and development efforts for physical and
cybersecurity and strategic planning to support the development and use
of incentives to facilitate this integration. DHS requests comments on
the timeframe and requirements for research, development, and
incentives
[[Page 34115]]
for increased cyber-physical integration and how the successor to the
NIPP can integrate the concepts and implementation of physical and
cybersecurity.
Review of the Risk Management Approach
The NIPP's risk management framework establishes an approach for
setting goals; identifying infrastructure; combining consequence,
vulnerability, and threat information to produce a comprehensive,
systematic, and rational assessment of national or sector risk;
developing security measures and resilience strategies; and measuring
effectiveness.
It is designed to respond to an ever-changing risk environment and,
as such, it provides an adaptable framework to address evolving and
emerging risks to critical infrastructure. DHS is not seeking to make
significant changes to the basic structure and concept of the risk
management framework but rather to review how PPD-21 and other recent
directives and events will influence the context and application of the
risk management framework going forward.
Sector Dependencies on Energy and Communications Systems
PPD-21 acknowledges the dependency of all critical infrastructure
sectors on energy and communications systems and functions and requires
that these dependencies be specifically considered in reviewing the
NIPP. The updated document will consider pre-event and mitigation
measures or alternate capabilities that communities and critical
infrastructure owners and operators may bring to bear during
disruptions to those systems and functions. This aligns with
implementation of the National Preparedness Goal under PPD-8.
Increased Regional Emphasis
As DHS has sought to improve the efficacy of the delivery of
critical infrastructure protection and resilience support and
assistance to state, local, tribal, territorial, and private sector
partners, it has moved toward a more decentralized regional model that
leverages field-based employees. The regional model synchronizes with
DHS's effort to provide more tailored support to specific geographic
regions to more closely address their unique challenges, such as
region-specific hazards (e.g., earthquakes, hurricanes), and operating
environments.
Other Issues--Aging Infrastructure and Climate Change Adaptation
The areas of aging infrastructure and climate change are
appreciated as risks of concern to critical infrastructure security and
resilience. As a result, these issues will be considered as part of the
all-hazards approach in reviewing and rewriting the NIPP.
Dated: May 31, 2013.
Robert Kolasky,
Director for Strategy and Policy, Office of Infrastructure Protection,
National Protection and Programs Directorate, Department of Homeland
Security.
[FR Doc. 2013-13427 Filed 6-5-13; 8:45 am]
BILLING CODE 9110-9P-P