Phase 1: Memo

erladgrsce47
Memo.docx

To: Chris Staples, Chief Information Officer

From: Janella Lawton, Information Systems Security Director

Date: October 21, 2018

Subject: National Infrastructure Protection Plan (NIPP) Standards Assessment

Protecting our nations Critical Infrastructure and Key Resources (CIKR) is a single national effort and the NIPP provides a detailed guideline of how to do so. It is important that we follow these specific guidelines to ensure that our CIKR are protected from both manmade and natural threats. I have outlined the following topics for analysis to determine what needs to be done to safeguard out CIKR from potential threats while maintaining NIPP standards.

· Analysis of Authorities, Roles, and Responsibilities

· Analysis of the Risk Management Strategy

· Determining the Method of Organizing and Partnering for CIKR Protection

· Assurance of an Effective, Efficient Program Over the Long Term

Analysis of Authorities, Roles, and Responsibilities

The Homeland Security Presidential Directive 7 (HSPD-7) is a framework established by the President that assigns the Secretary of Homeland Security (DHS) with the duty of “principle Federal official to lead CIKR protection efforts among Federal departments and agencies, State and local governments, and private sector” and assigns responsibility for CIKR sectors to Federal Sector-Specific Agencies (SSAs)” (NIPP, 2009, pg. 2). The CIKR partners include a group of federal, state, and local government agencies and partners, private sector agencies, councils and research centers.

All of the CIKR partners have their own specific responsibilities that play a key role in protecting, improving, and maintaining our nation’s critical infrastructure and key resources by abiding by the NIPP framework. For example, according to the NIPP Plan, DHS is responsible for coordinating the entire nation’s CIKR efforts and “NIPP development, implementation, and integration with national preparedness initiatives” (NIPP, 2009, pg. 2). Therefore, if DHS has failed to properly development NIPP standards that are functional for all of the CIKR entities than the entire framework will become unstable.

In additional to the different roles and responsibilities each entity has, there are several authorities that have been established to provide more specific details in regards to the protection and response of CIKR threats. Examples of these authorities include: the Aviation Transportation Security Act of 2001, the Federal Information Security Management Act, and HSPD-8 National Preparedness.

It is important that every organization that is responsible for a critical infrastructure or resource understand the importance of their role in the nations NIPP. Identifying threats, employing essential personnel, and implementing the NIPP standards will guarantee that our organization is supporting the nations CIKR protection initiative.

Analysis of the Risk Management Strategy

1. Identify Assets, Systems, and Networks

2. Assess Risk

3. Prioritize

4. Implement Protective Programs and Resiliency Strategies

5. Measure Effectiveness

Determining the Method of Organizing and Partnering for CIKR Protection

1. Leadership and Coordination Mechanisms

2. Information Sharing

3. Protection of Sensitive CIKR Information

Assurance of an Effective, Efficient Program Over the Long Term

1. Building National Awareness

2. Conducting Research and Development and Using Technology

3. Building, Protecting, and Maintaining Databases, Simulations, and Other Tools

4. Continuously Improving the NIPP and the SSPs