The White House, Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21) (Feb. 12, 2013) (full-text).
This Directive updates the national approach on critical infrastructure security and resilience. It shifted the nation's focus from protecting critical infrastructure against terrorism to protecting and securing critical infrastructure and increasing its resilience against all hazards, including natural disasters, terrorism, and cyber incidents.
PPD-21 revoked Homeland Security Presidential Directive 7 (HSPD-7), issued in 2003, although it states that plans developed pursuant to HSPD-7 shall remain in effect until specifically revoked or superseded.
PPD-21 re-aligned the HSPD-7 critical infrastructure sectors and reduced the number from 18 to 16. The 16 critical infrastructure sectors are chemical; commercial facilities; communications; critical manufacturing; dams; defense industrial base; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; nuclear reactors, materials, and waste; transportation systems; and water and wastewater systems.
The Nation's critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary for us to strengthen and maintain secure, functioning, and resilient critical infrastructure — including the assets, networks, and systems that are vital to public confidence and the Nation's safety, prosperity, and well-being. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial entities, and public and private owners and operators of critical infrastructure.
The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical and cyber spaces, and governance constructs that involve varied authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient.
While there has been extensive work done to enhance both the physical and cyber security and resilience of critical infrastructure, this PPD will create a stronger alliance between these two intertwined components. The ability to leverage and integrate successes in both of these fields is crucial to the enhancement of our Nation's security and resilience.
- Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience;
- Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government; and
- Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure.
Accomplishment of these imperatives will be through the successful completion of six key deliverables:
- Development of a description of the functional relationships within the Department of Homeland Security and across the Federal Government related to critical infrastructure security and resilience within 120 days.
- Completion of an assessment of the existing public-private partnership model and recommended options for improving the partnership within 150 days.
- Identification of baseline data and systems requirements for the Federal Government to enable efficient information exchange within 180 days.
- Development of a situational awareness capability for critical infrastructure within 240 days.
- Update the National Infrastructure Protection Plan within 240 days.
- Completion of a national critical infrastructure security and resilience research and development plan within 2 years.
Federal Communications Commission Edit
Under PPD-21, the FCC is responsible for exercising its authority and expertise to partner with other federal agencies on:
- identifying and prioritizing communications infrastructure;
- identifying communications sector vulnerabilities and working with industry and other stakeholders to address those vulnerabilities; and
- working with stakeholders, including industry, and engaging foreign governments and international organizations to increase the security and resilience of critical infrastructure within the communications sector and facilitating the development and implementation of best practices promoting the security and resilience of the nation's critical communications infrastructure.
- "Federal Communications Commission" section: Telecommunications Networks: Addressing Potential Security Risks of Foreign-Manufactured Equipment, at 8-9.