Review and Revision of the National Infrastructure Protection Plan, 34112-34115 [2013-13427]

Download as PDF 34112 Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices 93.393, Cancer Cause and Prevention Research; 93.394, Cancer Detection and Diagnosis Research; 93.395, Cancer Treatment Research; 93.396, Cancer Biology Research; 93.397, Cancer Centers Support; 93.398, Cancer Research Manpower; 93.399, Cancer Control, National Institutes of Health, HHS) Dated: May 31, 2013. Melanie J. Gray, Program Analyst, Office of Federal Advisory Committee Policy. [FR Doc. 2013–13371 Filed 6–5–13; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HOMELAND SECURITY Agency Information Collection Activities: Request for Expressions of Interest (EOI) To Perform a Chemical Defense Demonstration Project Office of Health Affairs, Chemical Defense Program, DHS. ACTION: 30-Day Notice and request for comments; New Collection, 1601—NEW AGENCY: The Department of Homeland Security, Office of Health Affairs, Chemical Defense Program will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995 (Pub. L. 104–13, 44 U.S.C. Chapter 35). DHS previously published this information collection request (ICR) in the Federal Register on February 8, 2013, at FR 9405 for a 60-day public comment period. No comments were received by DHS. The purpose of this notice is to allow additional 30-days for public comments. DATES: Comments are encouraged and will be accepted until July 8, 2013. This process is conducted in accordance with 5 CFR 1320.10. ADDRESSES: Interested persons are invited to submit written comments on the proposed information collection to the Office of Information and Regulatory Affairs, Office of Management and Budget. Comments should be addressed to OMB Desk Officer, Department of Homeland Security and sent via electronic mail to oira_submission@omb.eop.gov or faxed to (202) 395–5806. The Office of Management and Budget is particularly interested in comments which: 1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including mstockstill on DSK4VPTVN1PROD with NOTICES SUMMARY: VerDate Mar<15>2010 17:35 Jun 05, 2013 Jkt 229001 whether the information will have practical utility; 2. Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; 3. Enhance the quality, utility, and clarity of the information to be collected; and 4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submissions of responses. FOR FURTHER INFORMATION CONTACT: If additional information is required contact: The Department of Homeland Security (DHS), Office of Health Affairs, Chemical Defense Program, Attn.: CAPT Joselito Ignacio, joselito.ignacio@hq.dhs.gov, 202–254– 5738. The Chemical Defense Program seeks to obtain information from respondents interested in hosting a demonstration project aimed at developing a comprehensive chemical defense framework. The authority for the Chemical Defense Program to collect this information can be found in Public Law 112–74, Consolidated Appropriations Act, 2012 and Conference Report 112–331. The information requested on the form includes: Name of state, local, tribal, or territorial government agency; address; submitter’s name, position and contact information; identified venue for demonstration project; interest in developing a chemical defense capability; specific reasons for the communities interest and needs for a chemical defense capability; community chemical threat assessed risks if applicable; any additional information respondent requests for consideration. As identified in Public Law 112–74 and Conference Report 112–331, the Chemical Defense Program must competitively select the locations for conducting the chemical defense demonstration projects. The Chemical Defense Program will use the provided information for the selection process. SUPPLEMENTARY INFORMATION: Analysis Agency: Office of Health Affairs Chemical Defense Program, DHS. Title: Request for Expressions of Interest (EOI) To Perform a Chemical Defense Demonstration Project. OMB Number: 1601—NEW. PO 00000 Frm 00082 Fmt 4703 Sfmt 4703 Frequency: Once. Affected Public: State, Local, or Tribal Government. Number of Respondents: 25. Estimated Time per Respondent: 20 hours. Total Burden Hours: 500 Hours. Dated: May 23, 2013. Margaret H. Graves, Acting Chief Information Officer. [FR Doc. 2013–13324 Filed 6–5–13; 8:45 am] BILLING CODE 9110–9B–P DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS–2013–0024] Review and Revision of the National Infrastructure Protection Plan National Protection and Programs Directorate, DHS. ACTION: Notice and request for comments. AGENCY: This notice informs the public that the Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP) is currently reviewing the National Infrastructure Protection Plan (NIPP) to conform to the requirements of Presidential Policy Directive 21, Critical Infrastructure Security and Resilience, and, as part of a comprehensive national review process, solicits public comment on issues or language in the NIPP that need to be updated. DATES: Written comments are encouraged and will be accepted until July 8, 2013. ADDRESSES: Written comments and questions about the NIPP should be forwarded to Lisa Barr, DHS/NPPD/IP/ Office of Strategy and Policy, 245 Murray Lane SW., Mail Stop 8530, Arlington, VA 20598–8530. Written comments should reach the contact person listed no later than July 8, 2013. Comments must be identified by ‘‘DHS– 2013–0024’’ and may be submitted by one of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. • Email: EO-PPDTaskForce@ hq.dhs.gov. Include the docket number in the subject line of the message. Instructions: All submissions received must include the words ‘‘Department of Homeland Security’’ and the docket number for this action. All comments received (via any of the identified methods) will be posted without change to https://www.regulations.gov, including any personal information provided. You may submit your comments and SUMMARY: E:\FR\FM\06JNN1.SGM 06JNN1 Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices material by one of the methods specified in the ADDRESSES section. Please submit your comments and material by only one means to avoid the adjudication of duplicate submissions. If you submit comments by mail, your submission should be an unbound document and no larger than 8.5 by 11 inches to enable copying and electronic document management. If you want DHS to acknowledge receipt of comments by mail, include with your comments a self-addressed, stamped postcard that includes the docket number for this action. We will date your postcard and return it to you via regular mail. For purposes of review, the 2009 NIPP can be found at https://www.dhs.gov/nipp. Docket: Background documents and comments can be viewed at https:// www.regulations.gov. Lisa Barr, DHS/NPPD/IP/Office of Strategy and Policy; 245 Murray Lane SW., Mail Stop 8530, Washington, DC 20528–8530 or 703–235–9542. FOR FURTHER INFORMATION CONTACT: SUPPLEMENTARY INFORMATION: I. Public Participation The Department of Homeland Security (DHS) invites interested persons to contribute suggestions and comments for the rewrite of the National Infrastructure Protection Plan (NIPP) by submitting written data, views, or ideas. Comments that will provide the most assistance to DHS in updating the NIPP will explain the reason for any recommended changes to the NIPP and include data, information, or authority that supports such recommended change. Linking changes to specific sections of the NIPP would also be helpful. There will be an opportunity to review a revised document reflecting the various changes sometime this summer. mstockstill on DSK4VPTVN1PROD with NOTICES II. Background On February 12, 2013, President Obama signed Presidential Policy Directive 21 1 (PPD–21), Critical Infrastructure Security and Resilience, which builds on the extensive work done to date to protect and enhance the resilience of the Nation’s critical infrastructure. This directive aims to clarify roles and responsibilities across the Federal Government and establish a more effective partnership with owners and operators and state, local, tribal, and territorial entities to enhance the 1 PPD–21 can be found at: https:// www.whitehouse.gov/the-press-office/2013/02/12/ presidential-policy-directive-critical-infrastructuresecurity-and-resil. VerDate Mar<15>2010 17:35 Jun 05, 2013 Jkt 229001 security and resilience of critical infrastructure. President Obama also signed Executive Order (EO) 13636 2 on February 12, 2013, entitled Improving Critical Infrastructure Cybersecurity. By issuing the EO and PPD together, the Administration is taking an integrated approach to strengthening the security and resilience of critical infrastructure against all hazards, through an updated and overarching national framework that acknowledges the increased role of cybersecurity in securing physical assets. PPD–21 sets forth several actions that the Secretary of Homeland Security shall take to implement the directive. One of these is to develop a successor to the NIPP to address the implementation of PPD–21; the requirements of Title II of the Homeland Security Act of 2002, as amended; and alignment with the National Preparedness Goal and System required by Presidential Policy Directive 8 (PPD–8). The 2009 NIPP set forth a comprehensive risk management framework and defined roles and responsibilities for DHS; the SectorSpecific Agencies (SSAs); other Federal departments and agencies; state, local, tribal, and territorial governments; critical infrastructure owners and operators; and other stakeholders in industry, academia, and nongovernmental organizations. The NIPP provides a coordinated approach for establishing national priorities, goals, and requirements so that resources can be applied in the most effective manner. The NIPP risk management framework responds to an evolving risk landscape; as such, there will always be changes to the NIPP—from relatively minor to more significant—to ensure it remains relevant to the critical infrastructure mission over time. III. Initial List of Issues To Be Updated in the NIPP PPD–21 specifies the following elements that shall be included in the successor to the NIPP: • Identification of a risk management framework to be used to strengthen the security and resilience of critical infrastructure; • Protocols to synchronize communication and actions within the Federal Government; and • A metrics process to be used to measure the Nation’s ability to manage and reduce risks to critical infrastructure. 2 EO 13636 can be found at: https://www.gpo.gov/ fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf. PO 00000 Frm 00083 Fmt 4703 Sfmt 4703 34113 Some other actions required of the Secretary for Homeland Security under PPD–21 also must be addressed in the successor to the NIPP, including a description of functional relationships within DHS and across the Federal Government related to critical infrastructure security and resilience; and any changes to the sector partnership resulting from the evaluation of the existing public-private partnership model. Finally, the plan must consider sector dependencies on energy and communications systems, and identify pre-event and mitigation measures or alternate capabilities during disruptions to those systems. The NIPP review will be coordinated with a broad range of critical infrastructure partners and other stakeholders. This notice extends an invitation to the public to provide feedback on the 2009 NIPP and those changes that should or should not be made. To assist the reviewer, DHS has conducted a review of expected changes to the NIPP and an initial list of potential changes is included in this notice. The purpose of this notice is to request public comment on additional changes that would help fulfill the mandate of PPD–21 to make the successor to the NIPP more relevant and useful in strengthening the security and resilience of the Nation’s critical physical and cyber infrastructure. Some of the known changes that will be addressed in the successor to the NIPP are: • Changes to the sectors and designated SSAs; • Changes in terminology based on recent directives; • Alignment with PPD–8 on National Preparedness; • Updates to information-sharing tools and mechanisms; • Critical infrastructure security and resilience regulatory programs; • Updates on measurement and reporting and risk-informed resource allocation; • Review and update cycles for the NIPP and Sector-Specific Plans (SSPs); • Closer integration of physical and cybersecurity, including increased coordination of research and development efforts; • Review of the risk management approach; • Sector dependencies on energy and communications systems; • Increased regional emphasis of critical infrastructure security and resilience; and • Other issues, such as aging infrastructure and climate change adaptation. E:\FR\FM\06JNN1.SGM 06JNN1 34114 Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices These changes are discussed further below. IV. Discussion of Issues To Be Addressed in the Successor to the NIPP Implementing PPD–21 will require DHS to address a number of specific issues in reviewing and updating the NIPP. However, since the NIPP was last issued in 2009, critical infrastructure programs across the Nation have matured and produced lessons learned and best practices from day-to-day operations, exercises, and actual incidents that should be incorporated in any successor to the plan. The new document must incorporate developments including new laws, EOs, Presidential directives, and regulations, and procedural changes to critical infrastructure security and resilience activities based on real-world events and emerging risks. Some of the known changes that will be addressed in this review of the NIPP are described below. DHS welcomes comments and ideas on areas that should be updated, expanded, changed, added, or deleted as appropriate. mstockstill on DSK4VPTVN1PROD with NOTICES Changes to the Sectors and SSAs PPD–21 reduces the number of sectors from 18 to 16 by designating two previously existing sectors as new subsectors. National Monuments and Icons is now a subsector of the Government Facilities Sector and Postal and Shipping is a subsector of the Transportation Systems Sector. In addition, the PPD changed the names of two sectors to better reflect their scope: • The Banking and Finance Sector is now the Financial Services Sector; and • The Water Sector is now the Water and Wastewater Systems Sector. Finally, PPD–21 designates new coSSAs for two sectors, as follows: The General Services Administration joins DHS as a co-SSA of the Government Facilities Sector and the U.S. Department of Transportation joins DHS as a co-SSA for the Transportation Systems Sector. Changes in Terminology and Alignment With Presidential Policy Directive 8, National Preparedness PPD–21 changes the lexicon by using critical infrastructure security and resilience in place of critical infrastructure protection. The new terminology is consistent with the national preparedness construct established by PPD–8. The five mission areas under PPD–8—prevention, protection, mitigation, response, and recovery—link to the two major outcomes that preparedness seeks to achieve: Security, which closely aligns VerDate Mar<15>2010 17:35 Jun 05, 2013 Jkt 229001 with prevention and protection; and resilience, which more closely aligns with mitigation, response, and recovery. There is overlap among all of the PPD– 8 mission areas and between those mission areas and the concepts of security and resilience. The new terminology supports the move toward a more comprehensive approach to overall national preparedness, of which critical infrastructure security and resilience are major components. The use of the term ‘‘security’’ in this context applies to all hazards and not simply threats from terrorism. Updates to Information-Sharing Tools and Mechanisms PPD–21 sets forth the following strategic imperative: ‘‘A secure, functioning, and resilient critical infrastructure requires the efficient exchange of information, including intelligence, between all levels of government and critical infrastructure owners and operators.’’ To that end, several of the actions required of DHS in the PPD are designed to improve and streamline information sharing between the Federal Government and critical infrastructure partners and stakeholders. DHS requests comments and input on ways that the current NIPP informationsharing approach and mechanisms could be changed and improved. Critical Infrastructure Security and Resilience Regulatory Programs Through existing regulations, the Federal Government can mandate security-related activities and protocols, as appropriate and authorized by Congress, to better ensure that a baseline level of security is being maintained at various types of critical infrastructure facilities. An example of currently existing regulatory regimes that enhance critical infrastructure security and resilience include regulations pursuant to the U.S. Coast Guard’s Maritime Transportation Security Act (MTSA), 33 CFR Parts 101–107, which requires certain critical infrastructure located adjacent to a U.S. port or waterway to conduct facility security assessments and develop and implement facility security plans. DHS is not proposing new regulatory authority through this notice, but is requesting input on ways to better integrate existing regulatory programs into the NIPP framework. Updates on Measurement and Reporting Processes and Risk-Informed Resource Allocation DHS has been working to improve metrics and reporting processes to assess national critical infrastructure security and resilience efforts and PO 00000 Frm 00084 Fmt 4703 Sfmt 4703 identify opportunities for improvement. Over the last year, DHS and the SSAs have worked to streamline data collection processes, and identify links between the National Preparedness Goal core capabilities and the national critical infrastructure protection outcomes. The successor to the NIPP will reflect the maturation of metrics processes, and efforts to use those metrics to inform resource allocation decisions. Review and Update Cycles for the NIPP and SSPs The revision cycle for the SSPs follows the NIPP revision cycle by one year, to ensure that the concepts and strategic direction provided in the NIPP are captured in the next edition of the SSPs. In 2010, government and private sector partners agreed that a four-year review cycle was sufficient to keep the NIPP and SSPs current and would provide better alignment with the Quadrennial Homeland Security Review. This change took effect in July 2011, placing the next review and rewrite of the NIPP in 2013 and the next reissue of the SSPs in 2014. Following development of the successor to the NIPP in late 2013, DHS will issue guidance to the SSAs for revising the SSPs. This guidance will cover the major updates and changes to the NIPP to address implementation of PPD–21 so the sectors can incorporate these updates into the SSPs as appropriate. Closer Integration of Physical and Cyber Security DHS leads an Interagency Task Force charged with accomplishing the integrated implementation of PPD–21 and EO 13636. The task force includes representatives from DHS, the SSAs, and other Federal departments and agencies with a role in critical infrastructure security and resilience and/or cybersecurity. The task force established various working groups to address the deliverables required for implementation of the EO and PPD. Many of these deliverables will influence and be reflected in the successor to the NIPP and the document will address physical and cybersecurity in a more integrated and holistic manner. A key part of this approach includes greater integration and coordination of research and development efforts for physical and cybersecurity and strategic planning to support the development and use of incentives to facilitate this integration. DHS requests comments on the timeframe and requirements for research, development, and incentives E:\FR\FM\06JNN1.SGM 06JNN1 Federal Register / Vol. 78, No. 109 / Thursday, June 6, 2013 / Notices for increased cyber-physical integration and how the successor to the NIPP can integrate the concepts and implementation of physical and cybersecurity. Review of the Risk Management Approach The NIPP’s risk management framework establishes an approach for setting goals; identifying infrastructure; combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of national or sector risk; developing security measures and resilience strategies; and measuring effectiveness. It is designed to respond to an everchanging risk environment and, as such, it provides an adaptable framework to address evolving and emerging risks to critical infrastructure. DHS is not seeking to make significant changes to the basic structure and concept of the risk management framework but rather to review how PPD–21 and other recent directives and events will influence the context and application of the risk management framework going forward. Sector Dependencies on Energy and Communications Systems mstockstill on DSK4VPTVN1PROD with NOTICES Increased Regional Emphasis As DHS has sought to improve the efficacy of the delivery of critical infrastructure protection and resilience support and assistance to state, local, tribal, territorial, and private sector partners, it has moved toward a more decentralized regional model that leverages field-based employees. The regional model synchronizes with DHS’s effort to provide more tailored support to specific geographic regions to more closely address their unique challenges, such as region-specific hazards (e.g., earthquakes, hurricanes), and operating environments. 17:35 Jun 05, 2013 Jkt 229001 Dated: May 31, 2013. Robert Kolasky, Director for Strategy and Policy, Office of Infrastructure Protection, National Protection and Programs Directorate, Department of Homeland Security. [FR Doc. 2013–13427 Filed 6–5–13; 8:45 am] BILLING CODE 9110–9P–P DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG–2013–0461] National Offshore Safety Advisory Committee AGENCY: United States Coast Guard, DHS. Notice of teleconference meeting. ACTION: The National Offshore Safety Advisory Committee (NOSAC) will meet via teleconference to receive a Final Report from the Subcommittee on the Implementation of Standards from the International Labor Organization— Maritime Labour Convention of 2006, a task statement presented at the 17–18 April, 2013 NOSAC meeting. Upon committee approval, the final report will be presented to the Coast Guard for acceptance. Additionally the committee will reconvene the Subcommittee on commercial diving safety to consider recommendations for commercial diving operational standards. This teleconference meeting will be open to the public. DATES: The teleconference meeting will take place on Tuesday June 25, 2013, from 11 a.m. to 2 p.m. EST. This teleconference meeting may end early if all business is finished before 2 p.m. If you wish to make oral comments at the teleconference meeting, simply notify Mr. Scott Hartley before the teleconference, as specified in the ADDRESSES section, or the designated Coast Guard staff at the meeting. If you wish to submit written comments or make a presentation, submit your comments or request to make a presentation by June 7, 2013. ADDRESSES: The Committee will meet via teleconference. To participate by SUMMARY: PPD–21 acknowledges the dependency of all critical infrastructure sectors on energy and communications systems and functions and requires that these dependencies be specifically considered in reviewing the NIPP. The updated document will consider preevent and mitigation measures or alternate capabilities that communities and critical infrastructure owners and operators may bring to bear during disruptions to those systems and functions. This aligns with implementation of the National Preparedness Goal under PPD–8. VerDate Mar<15>2010 Other Issues—Aging Infrastructure and Climate Change Adaptation The areas of aging infrastructure and climate change are appreciated as risks of concern to critical infrastructure security and resilience. As a result, these issues will be considered as part of the all-hazards approach in reviewing and rewriting the NIPP. PO 00000 Frm 00085 Fmt 4703 Sfmt 4703 34115 phone, contact the Alternate Designated Federal Officer (ADFO) listed below in the FOR FURTHER INFORMATION CONTACT section to obtain teleconference information. Note the number of teleconference lines is limited and will be available on a first-come, first-served basis. To join those participating in this teleconference from U.S. Coast Guard Headquarters, come to Room 5–1222, U.S. Coast Guard Headquarters Building, 2100 Second Street SW., Washington, DC 20593. You must present a valid, government-issued photo identification to gain entrance to the Coast Guard Headquarters building. If you want to make a presentation, send your request by June 7, 2013, to Mr. Scott Hartley, NOSAC ADFO, telephone 202–372–1437, Commandant (CG–OES–2), 2100 Second Street SW., Stop 7126, Washington, DC 20593–7126 or by fax to 202–372–1926. To facilitate public participation we are inviting public comment on the issues to be considered by the committee as listed in the ‘‘AGENDA’’ section below. You may submit a written comment on or before June 7, 2013 or make an oral comment during the public comment portion of the teleconference. To submit a comment in writing, use one of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Email: Scott.E.Hartley@uscg.mil. Include the docket number (USCG– 2013–0461) on the subject line of the message. • Fax: (202) 372–1925. Include the docket number (USCG–2010–0164) on the subject line of the fax. • Mail: Docket Management Facility (M–30), U.S. Department of Transportation, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE., Washington, DC 20590– 0001. We encourage use of electronic submissions because security screening may delay the delivery of mail. • Hand Delivery: Same as mail address above, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202–366–9329. • To avoid duplication, please use only one of the above methods. Instructions: All submissions received must include the words ‘‘Department of Homeland Security’’ and the docket number for this action. Comments received will be posted without alteration at https://www.regulations.gov, including any personal information provided. You may review a Privacy Act notice regarding our public dockets in the January 17, 2008, issue of the Federal Register (73 FR 3316). E:\FR\FM\06JNN1.SGM 06JNN1

Agencies

[Federal Register Volume 78, Number 109 (Thursday, June 6, 2013)]
[Notices]
[Pages 34112-34115]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-13427]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2013-0024]


Review and Revision of the National Infrastructure Protection 
Plan

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: This notice informs the public that the Department of Homeland 
Security (DHS) National Protection and Programs Directorate (NPPD) 
Office of Infrastructure Protection (IP) is currently reviewing the 
National Infrastructure Protection Plan (NIPP) to conform to the 
requirements of Presidential Policy Directive 21, Critical 
Infrastructure Security and Resilience, and, as part of a comprehensive 
national review process, solicits public comment on issues or language 
in the NIPP that need to be updated.

DATES: Written comments are encouraged and will be accepted until July 
8, 2013.

ADDRESSES: Written comments and questions about the NIPP should be 
forwarded to Lisa Barr, DHS/NPPD/IP/Office of Strategy and Policy, 245 
Murray Lane SW., Mail Stop 8530, Arlington, VA 20598-8530. Written 
comments should reach the contact person listed no later than July 8, 
2013. Comments must be identified by ``DHS-2013-0024'' and may be 
submitted by one of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov.
     Email: EO-PPDTaskForce@ hq.dhs.gov. Include the docket 
number in the subject line of the message.
    Instructions: All submissions received must include the words 
``Department of Homeland Security'' and the docket number for this 
action. All comments received (via any of the identified methods) will 
be posted without change to https://www.regulations.gov, including any 
personal information provided. You may submit your comments and

[[Page 34113]]

material by one of the methods specified in the ADDRESSES section. 
Please submit your comments and material by only one means to avoid the 
adjudication of duplicate submissions. If you submit comments by mail, 
your submission should be an unbound document and no larger than 8.5 by 
11 inches to enable copying and electronic document management. If you 
want DHS to acknowledge receipt of comments by mail, include with your 
comments a self-addressed, stamped postcard that includes the docket 
number for this action. We will date your postcard and return it to you 
via regular mail. For purposes of review, the 2009 NIPP can be found at 
https://www.dhs.gov/nipp.
    Docket: Background documents and comments can be viewed at https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Lisa Barr, DHS/NPPD/IP/Office of 
Strategy and Policy; 245 Murray Lane SW., Mail Stop 8530, Washington, 
DC 20528-8530 or 703-235-9542.

SUPPLEMENTARY INFORMATION:

I. Public Participation

    The Department of Homeland Security (DHS) invites interested 
persons to contribute suggestions and comments for the rewrite of the 
National Infrastructure Protection Plan (NIPP) by submitting written 
data, views, or ideas. Comments that will provide the most assistance 
to DHS in updating the NIPP will explain the reason for any recommended 
changes to the NIPP and include data, information, or authority that 
supports such recommended change. Linking changes to specific sections 
of the NIPP would also be helpful. There will be an opportunity to 
review a revised document reflecting the various changes sometime this 
summer.

II. Background

    On February 12, 2013, President Obama signed Presidential Policy 
Directive 21 \1\ (PPD-21), Critical Infrastructure Security and 
Resilience, which builds on the extensive work done to date to protect 
and enhance the resilience of the Nation's critical infrastructure. 
This directive aims to clarify roles and responsibilities across the 
Federal Government and establish a more effective partnership with 
owners and operators and state, local, tribal, and territorial entities 
to enhance the security and resilience of critical infrastructure.
---------------------------------------------------------------------------

    \1\ PPD-21 can be found at: https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil.
---------------------------------------------------------------------------

    President Obama also signed Executive Order (EO) 13636 \2\ on 
February 12, 2013, entitled Improving Critical Infrastructure 
Cybersecurity. By issuing the EO and PPD together, the Administration 
is taking an integrated approach to strengthening the security and 
resilience of critical infrastructure against all hazards, through an 
updated and overarching national framework that acknowledges the 
increased role of cybersecurity in securing physical assets.
---------------------------------------------------------------------------

    \2\ EO 13636 can be found at: https://www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf.
---------------------------------------------------------------------------

    PPD-21 sets forth several actions that the Secretary of Homeland 
Security shall take to implement the directive. One of these is to 
develop a successor to the NIPP to address the implementation of PPD-
21; the requirements of Title II of the Homeland Security Act of 2002, 
as amended; and alignment with the National Preparedness Goal and 
System required by Presidential Policy Directive 8 (PPD-8).
    The 2009 NIPP set forth a comprehensive risk management framework 
and defined roles and responsibilities for DHS; the Sector-Specific 
Agencies (SSAs); other Federal departments and agencies; state, local, 
tribal, and territorial governments; critical infrastructure owners and 
operators; and other stakeholders in industry, academia, and non-
governmental organizations. The NIPP provides a coordinated approach 
for establishing national priorities, goals, and requirements so that 
resources can be applied in the most effective manner. The NIPP risk 
management framework responds to an evolving risk landscape; as such, 
there will always be changes to the NIPP--from relatively minor to more 
significant--to ensure it remains relevant to the critical 
infrastructure mission over time.

III. Initial List of Issues To Be Updated in the NIPP

    PPD-21 specifies the following elements that shall be included in 
the successor to the NIPP:
     Identification of a risk management framework to be used 
to strengthen the security and resilience of critical infrastructure;
     Protocols to synchronize communication and actions within 
the Federal Government; and
     A metrics process to be used to measure the Nation's 
ability to manage and reduce risks to critical infrastructure.
    Some other actions required of the Secretary for Homeland Security 
under PPD-21 also must be addressed in the successor to the NIPP, 
including a description of functional relationships within DHS and 
across the Federal Government related to critical infrastructure 
security and resilience; and any changes to the sector partnership 
resulting from the evaluation of the existing public-private 
partnership model. Finally, the plan must consider sector dependencies 
on energy and communications systems, and identify pre-event and 
mitigation measures or alternate capabilities during disruptions to 
those systems.
    The NIPP review will be coordinated with a broad range of critical 
infrastructure partners and other stakeholders. This notice extends an 
invitation to the public to provide feedback on the 2009 NIPP and those 
changes that should or should not be made. To assist the reviewer, DHS 
has conducted a review of expected changes to the NIPP and an initial 
list of potential changes is included in this notice. The purpose of 
this notice is to request public comment on additional changes that 
would help fulfill the mandate of PPD-21 to make the successor to the 
NIPP more relevant and useful in strengthening the security and 
resilience of the Nation's critical physical and cyber infrastructure. 
Some of the known changes that will be addressed in the successor to 
the NIPP are:
     Changes to the sectors and designated SSAs;
     Changes in terminology based on recent directives;
     Alignment with PPD-8 on National Preparedness;
     Updates to information-sharing tools and mechanisms;
     Critical infrastructure security and resilience regulatory 
programs;
     Updates on measurement and reporting and risk-informed 
resource allocation;
     Review and update cycles for the NIPP and Sector-Specific 
Plans (SSPs);
     Closer integration of physical and cybersecurity, 
including increased coordination of research and development efforts;
     Review of the risk management approach;
     Sector dependencies on energy and communications systems;
     Increased regional emphasis of critical infrastructure 
security and resilience; and
     Other issues, such as aging infrastructure and climate 
change adaptation.

[[Page 34114]]

    These changes are discussed further below.

IV. Discussion of Issues To Be Addressed in the Successor to the NIPP

    Implementing PPD-21 will require DHS to address a number of 
specific issues in reviewing and updating the NIPP. However, since the 
NIPP was last issued in 2009, critical infrastructure programs across 
the Nation have matured and produced lessons learned and best practices 
from day-to-day operations, exercises, and actual incidents that should 
be incorporated in any successor to the plan. The new document must 
incorporate developments including new laws, EOs, Presidential 
directives, and regulations, and procedural changes to critical 
infrastructure security and resilience activities based on real-world 
events and emerging risks.
    Some of the known changes that will be addressed in this review of 
the NIPP are described below. DHS welcomes comments and ideas on areas 
that should be updated, expanded, changed, added, or deleted as 
appropriate.

Changes to the Sectors and SSAs

    PPD-21 reduces the number of sectors from 18 to 16 by designating 
two previously existing sectors as new subsectors. National Monuments 
and Icons is now a subsector of the Government Facilities Sector and 
Postal and Shipping is a subsector of the Transportation Systems 
Sector. In addition, the PPD changed the names of two sectors to better 
reflect their scope:
     The Banking and Finance Sector is now the Financial 
Services Sector; and
     The Water Sector is now the Water and Wastewater Systems 
Sector.

Finally, PPD-21 designates new co-SSAs for two sectors, as follows: The 
General Services Administration joins DHS as a co-SSA of the Government 
Facilities Sector and the U.S. Department of Transportation joins DHS 
as a co-SSA for the Transportation Systems Sector.

Changes in Terminology and Alignment With Presidential Policy Directive 
8, National Preparedness

    PPD-21 changes the lexicon by using critical infrastructure 
security and resilience in place of critical infrastructure protection. 
The new terminology is consistent with the national preparedness 
construct established by PPD-8. The five mission areas under PPD-8--
prevention, protection, mitigation, response, and recovery--link to the 
two major outcomes that preparedness seeks to achieve: Security, which 
closely aligns with prevention and protection; and resilience, which 
more closely aligns with mitigation, response, and recovery. There is 
overlap among all of the PPD-8 mission areas and between those mission 
areas and the concepts of security and resilience. The new terminology 
supports the move toward a more comprehensive approach to overall 
national preparedness, of which critical infrastructure security and 
resilience are major components. The use of the term ``security'' in 
this context applies to all hazards and not simply threats from 
terrorism.

Updates to Information-Sharing Tools and Mechanisms

    PPD-21 sets forth the following strategic imperative: ``A secure, 
functioning, and resilient critical infrastructure requires the 
efficient exchange of information, including intelligence, between all 
levels of government and critical infrastructure owners and 
operators.'' To that end, several of the actions required of DHS in the 
PPD are designed to improve and streamline information sharing between 
the Federal Government and critical infrastructure partners and 
stakeholders. DHS requests comments and input on ways that the current 
NIPP information-sharing approach and mechanisms could be changed and 
improved.

Critical Infrastructure Security and Resilience Regulatory Programs

    Through existing regulations, the Federal Government can mandate 
security-related activities and protocols, as appropriate and 
authorized by Congress, to better ensure that a baseline level of 
security is being maintained at various types of critical 
infrastructure facilities. An example of currently existing regulatory 
regimes that enhance critical infrastructure security and resilience 
include regulations pursuant to the U.S. Coast Guard's Maritime 
Transportation Security Act (MTSA), 33 CFR Parts 101-107, which 
requires certain critical infrastructure located adjacent to a U.S. 
port or waterway to conduct facility security assessments and develop 
and implement facility security plans. DHS is not proposing new 
regulatory authority through this notice, but is requesting input on 
ways to better integrate existing regulatory programs into the NIPP 
framework.

Updates on Measurement and Reporting Processes and Risk-Informed 
Resource Allocation

    DHS has been working to improve metrics and reporting processes to 
assess national critical infrastructure security and resilience efforts 
and identify opportunities for improvement. Over the last year, DHS and 
the SSAs have worked to streamline data collection processes, and 
identify links between the National Preparedness Goal core capabilities 
and the national critical infrastructure protection outcomes. The 
successor to the NIPP will reflect the maturation of metrics processes, 
and efforts to use those metrics to inform resource allocation 
decisions.

Review and Update Cycles for the NIPP and SSPs

    The revision cycle for the SSPs follows the NIPP revision cycle by 
one year, to ensure that the concepts and strategic direction provided 
in the NIPP are captured in the next edition of the SSPs. In 2010, 
government and private sector partners agreed that a four-year review 
cycle was sufficient to keep the NIPP and SSPs current and would 
provide better alignment with the Quadrennial Homeland Security Review. 
This change took effect in July 2011, placing the next review and 
rewrite of the NIPP in 2013 and the next reissue of the SSPs in 2014.
    Following development of the successor to the NIPP in late 2013, 
DHS will issue guidance to the SSAs for revising the SSPs. This 
guidance will cover the major updates and changes to the NIPP to 
address implementation of PPD-21 so the sectors can incorporate these 
updates into the SSPs as appropriate.

Closer Integration of Physical and Cyber Security

    DHS leads an Interagency Task Force charged with accomplishing the 
integrated implementation of PPD-21 and EO 13636. The task force 
includes representatives from DHS, the SSAs, and other Federal 
departments and agencies with a role in critical infrastructure 
security and resilience and/or cybersecurity. The task force 
established various working groups to address the deliverables required 
for implementation of the EO and PPD. Many of these deliverables will 
influence and be reflected in the successor to the NIPP and the 
document will address physical and cybersecurity in a more integrated 
and holistic manner.
    A key part of this approach includes greater integration and 
coordination of research and development efforts for physical and 
cybersecurity and strategic planning to support the development and use 
of incentives to facilitate this integration. DHS requests comments on 
the timeframe and requirements for research, development, and 
incentives

[[Page 34115]]

for increased cyber-physical integration and how the successor to the 
NIPP can integrate the concepts and implementation of physical and 
cybersecurity.

Review of the Risk Management Approach

    The NIPP's risk management framework establishes an approach for 
setting goals; identifying infrastructure; combining consequence, 
vulnerability, and threat information to produce a comprehensive, 
systematic, and rational assessment of national or sector risk; 
developing security measures and resilience strategies; and measuring 
effectiveness.
    It is designed to respond to an ever-changing risk environment and, 
as such, it provides an adaptable framework to address evolving and 
emerging risks to critical infrastructure. DHS is not seeking to make 
significant changes to the basic structure and concept of the risk 
management framework but rather to review how PPD-21 and other recent 
directives and events will influence the context and application of the 
risk management framework going forward.

Sector Dependencies on Energy and Communications Systems

    PPD-21 acknowledges the dependency of all critical infrastructure 
sectors on energy and communications systems and functions and requires 
that these dependencies be specifically considered in reviewing the 
NIPP. The updated document will consider pre-event and mitigation 
measures or alternate capabilities that communities and critical 
infrastructure owners and operators may bring to bear during 
disruptions to those systems and functions. This aligns with 
implementation of the National Preparedness Goal under PPD-8.

Increased Regional Emphasis

    As DHS has sought to improve the efficacy of the delivery of 
critical infrastructure protection and resilience support and 
assistance to state, local, tribal, territorial, and private sector 
partners, it has moved toward a more decentralized regional model that 
leverages field-based employees. The regional model synchronizes with 
DHS's effort to provide more tailored support to specific geographic 
regions to more closely address their unique challenges, such as 
region-specific hazards (e.g., earthquakes, hurricanes), and operating 
environments.

Other Issues--Aging Infrastructure and Climate Change Adaptation

    The areas of aging infrastructure and climate change are 
appreciated as risks of concern to critical infrastructure security and 
resilience. As a result, these issues will be considered as part of the 
all-hazards approach in reviewing and rewriting the NIPP.

    Dated: May 31, 2013.
Robert Kolasky,
Director for Strategy and Policy, Office of Infrastructure Protection, 
National Protection and Programs Directorate, Department of Homeland 
Security.
[FR Doc. 2013-13427 Filed 6-5-13; 8:45 am]
BILLING CODE 9110-9P-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.