Over the last several months, we have been barraged by random acts of mass violence in the United States that have shaken many Americans. As the average citizen questions how we can possibly protect every public venue from incidents like the theater shooting in Colorado or the myriad school attacks, there is a lurking vulnerability that presents a clear and present danger.
As Senator Patrick Leahy stated in 1990, “The United States is a society totally dependent on interlocking networks and nodes for communications, transportation, energy transmission, financial transactions, and essential government and public services. Disruption of key nodes by terrorists could cause havoc, untold expense, and perhaps even mass deaths. We are, in the jargon of the trade, a ‘target-rich environment.’”
If you ask most Americans to define what critical infrastructure actually means, you are usually met by a blank stare or an uninformed shrug. But once you explain that it encompasses almost every aspect of our daily life, from water and energy, to the electrical grid, banking networks and transportation systems, the light bulb turns on.
To get a sense of the magnitude, the Department of Homeland Security characterizes the nation’s critical infrastructure and key assets as including 68,000 public water systems, 300,000 oil and natural gas production facilities, 4,000 off-shore platforms, 278,000 miles of natural gas pipelines, 361 seaports, 104 nuclear power plants, 80,000 dams and tens of thousands of other potentially critical targets across 14 diverse infrastructure sectors.
Prior to the Sept. 11 attacks, few outside the security community understood that disruption of major critical infrastructure could occur beyond the scope of Mother Nature, such as technological obsolescence, poor maintenance, accidents or human error.
The intentional destruction and sabotage of critical infrastructure had been a low-key concern, but the terrorist attacks shot it to the top of the federal government’s priority chart. Homeland Security Presidential Directive 7 (HSPD-7) and the National Infrastructure Protection Plan (NIPP) were established to provide the overarching framework for a structured partnership between government and the private sector for protection of critical infrastructure.
The Department of Homeland Security’s Office of Infrastructure Protection (OIP), in close coordination with public- and private-sector critical infrastructure partners, leads the coordinated national effort to mitigate risk to the nation’s critical infrastructure.
“Our office was not a legacy sector like ICE or the Coast Guard,” explains William Flynn, deputy assistant secretary of the OIP. “We had a loose organization with a focused initiative approach to what we thought was needed for critical infrastructure protection policy and procedures, but as the threats have evolved, so have we. We have established solid protocols and procedures on how to react, mitigate and respond.”
Flynn stresses that information-sharing has been the real breakthrough in helping DHS work its plan. What were once tightly held agency-specific documents seldom shared, are now part of a highly-secured web-based information tool that helps all parties aggregate key data and trends.
The residual benefits of putting OIP’s internal priorities in order have lead to a clearer vision for the department and a more robust relationship with its private-sector partners.
“Our department now is more risk-based, we have constructed tier-based priority criteria to deal with events and we have mandated more engagement with local government and the private sector,” Flynn says. “Unless the government can do a good job of proving the business values to the private sector, there is no motivation for them to become part of the risk and security process — that is a formula for failure. We are now focusing on gaps in resources. Our goal is to converge our cyber and physical security efforts, along with solid business continuity roadmaps for both private and public partners.”