Keeping National Infrastructure Safe: Private Sector Partnerships
Because, 85% of critical infrastructure in the United States is privately owned, public-private cooperation and coordination is required to keep our critical infrastructure safe.
Presidential Policy Directive 21 (issued in February 2013) called for an update to the 2009 National Infrastructure Protection Plan (NIPP). The Department of Homeland Security (DHS) has released its newest plan: “NIPP 2013: Partnering for Critical Infrastructure Security and Resilience.” The Plan “outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.”
“The Plan was developed through a collaborative process involving stakeholders from all 16 critical infrastructure sectors, all 50 states, and from all levels of government and industry. It provides a clear call to action to leverage partnerships, innovate for risk management, and focus on outcomes.”
Agencies, Centers, Programs, and Organizations
Infrastructure protection mission is a core focus of the ISE. As the civilian department at the intersection of public-private information sharing, the Department of Homeland Security proactively collaborates with public and private sector partners to improve the security and resilience of critical infrastructure while responding to and mitigating the impacts of attempted disruptions to the Nation’s critical cyber and communications networks.
- All Hazards Consortium (AHC)
- Critical Infrastructure Partnership Advisory Council (CIPAC)
- Domestic Security Alliance Council (DSAC)
- FBI InfraGard
- Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)
- National Infrastructure Advisory Council (NIAC)
- National Security Business Alliance Council (NSBAC)
- Overseas Security Advisory Council (OSAC)
- Protected Critical Infrastructure Information (PCII)
All Hazards Consortium (AHC)
The All Hazards Consortium (AHC) is a 501(c)(3) non-profit organization founded in 2005 that includes representatives of all levels of government in the mid-Atlantic region, along with stakeholders from higher education, business and industry, non-profit and volunteer organizations, research firms, and trade associations. Focusing on homeland security, emergency management, and business continuity issues, the AHC’s footprint represents more than 60 million citizens, a significant percentage of the nation’s critical infrastructure, and more than 50% of all FEMA grant dollars issued to states, urban areas, and maritime ports in the United States.
The AHC addresses issues related to managing natural and manmade hazards by regularly hosting regional meetings and conference calls that bring government and private-sector partners together to focus on specific issues. When participants identify a common need or priority, the AHC conducts a regional workshop in cooperation with the state sponsoring the issue. The needs, issues, best practices, lessons learned, and recommendations emerging from the workshop are memorialized in a “regional consensus” white paper that serves to create awareness and to attract funding and in-kind donations to help the states address the issues at hand.
During emergencies the AHC activates its trusted relationships to assist in sharing critical recovery information between government and the private sector.
For example, in the aftermath of Hurricane Sandy, the AHC realized the need to work with out-of-state entities to obtain assistance, and quickly turned to its private-sector partners to provide data, support, and services. The AHC organized this information into daily Private Sector Resource Reports, which showed potential “open and closed” locations for necessities such as fast food, fuel, hotels with available rooms, and pharmacies, and then emailed the information to tens of thousands of public and private stakeholders.
Critical Infrastructure Partnership Advisory Council (CIPAC)
The Department of Homeland Security has established the Critical Infrastructure Partnership Advisory Council (CIPAC) to facilitate effective coordination between federal infrastructure protection programs with the infrastructure protection activities of the private sector and of state, local, tribal, and territorial governments. The CIPAC represents a partnership between government and critical infrastructure owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.
Domestic Security Alliance Council (DSAC)
The Domestic Security Alliance Council (DSAC), a strategic partnership among the FBI, the DHS, and the U.S. private sector, was established to promote the timely and effective exchange of information. The DSAC enhances the ability of the private sector to protect its employees, assets, and proprietary information. DSAC products and services include: Liaison Information Reports, member training events, FBI and DHS Intelligence reports, and various newsletters.
The DSAC also maintains a secure web portal for delivery of unclassified intelligence products, contact information, training material, and other information to DSAC members.
- The portal is a collaborative platform that allows members to work jointly to solve common problems.
- The portal also includes a discussion board so that members can share information trends and best practices.
InfraGard is a two-way information sharing exchange between the FBI and the public and private sector. “It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.” Activities are organized around 16 critical infrastructures and 60 chapters around the country.
- InfraGard provides members access to law enforcement sensitive (LES) analytical threat products pertaining to their areas of expertise.
- In turn, these members assist the FBI by initiating and/or enhancing FBI investigations and intelligence products.
Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)
The Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) is the DHS’s infrastructure-intelligence fusion center conducting threat and risk analyses for the critical infrastructure and key resources sectors. HITRAC focuses on understanding and analyzing strategic-level risks within and across sectors, as well as developing and enhancing modeling capabilities to address current, evolving, and future threats.
In collaboration with other DHS components, the Center provides tailored risk-assessment products for critical infrastructure and key resource sectors. It fuses consequence and vulnerability information from infrastructure protection communities with threat information from the intelligence and law enforcement communities. HITRAC analytical products support DHS components in their engagement with stakeholders and audiences at the national, state, local, and international levels.
See the HITRAC brochure for more information.
National Infrastructure Advisory Council (NIAC)
National Infrastructure Advisory Council (NIAC) is a Federal Advisory Committee that makes recommendations on improving the cooperation and partnership between the Federal Government and industry, for the purpose of securing critical infrastructure. Advice from the NIAC is meant to assist the President and the Secretary of Homeland Security in the development of policies and strategies that range from risk assessment and management to information sharing, protective measures, and clarification on roles and responsibilities between public and private sectors.
National Security Business Alliance Council (NSBAC)
The National Security Business Alliance Council (NSBAC) is a partnership between the FBI and leading companies in the defense industrial base and information technology (IT)/telecommunications sectors, whose members are the cleared Chief Security Officers from more than 30 of the top national security and IT/telecom business leaders. Together, the NSBAC and Strategic Partnership Coordinators from each of the FBI’s 56 field offices collaborate on measures for effectively hardening the target around technologies deemed valuable to the U.S. government.
NSBAC is part of the FBI Counterintelligence Division’s Counterintelligence Strategic Partnership Program and also includes two councils.
- The National Security Business Alliance Council-Aerospace and Defense (NSBAC-A&D) “is a partnership with several leading companies in the defense industrial base who are the stakeholders of key technologies targeted by foreign adversaries.”
- The National Security Business Alliance Council-Information Technology (NSBAC-IT) “is a partnership with several leading telecommunications and information technology companies in an effort to confront cyber threats and protect US information systems.”
For more information, contact your local FBI office and ask for the Strategic Partnership Coordinator.
Overseas Security Advisory Council (OSAC)
The Overseas Security Advisory Council (OSAC) was “created in 1985 under the Federal Advisory Committee Act to promote security cooperation between American private sector interests worldwide and the U.S. Department of State. The OSAC ‘Council’ is comprised of 34 private sector and public sector member organizations that represent specific industries or agencies operating abroad. The member organizations designate representatives to serve on the Overseas Security Advisory Council to provide direction and guidance to develop programs that most benefit the U.S. private sector overseas.”
“With a constituency of 4,600 U.S. companies and other organizations with overseas interests, OSAC operates an Internet website, www.osac.gov, which is one of its principal means of information exchange with the private sector. The website offers its visitors the latest in safety and security-related information, public announcements, warden messages, travel advisories, significant anniversary dates, terrorist group profiles, country crime and safety reports, special topic reports, foreign press reports, and much more.”
Protected Critical Infrastructure Information (PCII)
The Protected Critical Infrastructure Information (PCII) Program is an information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. The Department of Homeland Security (DHS) and other federal, State, tribal, and local analysts use PCII to:
- Analyze and secure critical infrastructure and protected systems,
- Identify vulnerabilities and develop risk assessments, and
- Enhance recovery preparedness measures.
Critical Infrastructure Cybersecurity
On February 12, 2013, President Obama signed Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” “The Executive Order is designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk.
“It does this by focusing on three key areas:
- information sharing,
- privacy, and
- the adoption of cybersecurity practices.”
“The EO tasked the National Institute for Standards and Technology (NIST) to work with the private sector to identify existing voluntary consensus standards and industry best practices and build them into a Cybersecurity Framework.” “The President then directed DHS to establish a voluntary program to promote the adoption of the Framework. An organization ‘adopts’ the Framework when it becomes a key part of its systematic process for identifying, prioritizing, addressing, managing, and/or communicating cybersecurity risks.”
Also see the Privacy and Civil Liberties Impact Assessment of Executive Order 13636 (conducted by the Department of Homeland Security).
In February 2014, Ambassador Susan Rice highlighted public-private cooperation to protect the nation’s critical infrastructure, pointing to a National Institute of Standards and Technology (NIST) announcement on the first version of the Framework for Improving Critical Infrastructure Cybersecurity. The Framework-which consists of standards, guidelines, and practices-helps owners and operators of critical infrastructure manage cybersecurity-related risk. Agencies are undertaking new and emerging information sharing initiatives beyond traditional terrorism and homeland security missions.
- One example are the ISE best practices and solutions supporting the cybersecurity mission and the priorities of the White House National Security Staff Cyber Directorate. The PM-ISE, with the National Fusion Center Association and the International Association of Chiefs of Police, convened stakeholders from law enforcement, homeland security, emergency management, information technology, and the private sector to clarify requirements for sharing both tactical and strategic cybersecurity information and to plan pilots for demonstrating these capabilities.
- With a broader but related mission, the National Cyber Investigative Joint Task Force (NCIJTF) is the “focal point for all government agencies to coordinate, integrate, and share information related to all domestic cyber threat investigations. The FBI is responsible for developing and supporting the joint task force, which includes 19 intelligence agencies and law enforcement, working side by side to identify key players and schemes. Its goal is to predict and prevent what’s on the horizon and to pursue the enterprises behind cyber attacks.”
- More from the PM-ISE on cybersecurity.