My Point of View: Ensuring Private Buy-in for Infrastructure Protection

Aug. 24, 2012

Over the last several months, we have been barraged by random acts of mass violence in the United States that have shaken many Americans. As the average citizen questions how we can possibly protect every public venue from incidents like the theater shooting in Colorado or the myriad school attacks, there is a lurking vulnerability that presents a clear and present danger.

As Senator Patrick Leahy stated in 1990, “The United States is a society totally dependent on interlocking networks and nodes for communications, transportation, energy transmission, financial transactions, and essential government and public services. Disruption of key nodes by terrorists could cause havoc, untold expense, and perhaps even mass deaths. We are, in the jargon of the trade, a ‘target-rich environment.’”

If you ask most Americans to define what critical infrastructure actually means, you are usually met by a blank stare or an uninformed shrug. But once you explain that it encompasses almost every aspect of our daily life, from water and energy, to the electrical grid, banking networks and transportation systems, the light bulb turns on.

To get a sense of the magnitude, the Department of Homeland Security characterizes the nation’s critical infrastructure and key assets as including 68,000 public water systems, 300,000 oil and natural gas production facilities, 4,000 off-shore platforms, 278,000 miles of natural gas pipelines, 361 seaports, 104 nuclear power plants, 80,000 dams and tens of thousands of other potentially critical targets across 14 diverse infrastructure sectors.

Prior to the Sept. 11 attacks, few outside the security community understood that disruption of major critical infrastructure could occur beyond the scope of Mother Nature, such as technological obsolescence, poor maintenance, accidents or human error.

The intentional destruction and sabotage of critical infrastructure had been a low-key concern, but the terrorist attacks shot it to the top of the federal government’s priority chart. Homeland Security Presidential Directive 7 (HSPD-7) and the National Infrastructure Protection Plan (NIPP) were established to provide the overarching framework for a structured partnership between government and the private sector for protection of critical infrastructure.

The Department of Homeland Security’s Office of Infrastructure Protection (OIP), in close coordination with public- and private-sector critical infrastructure partners, leads the coordinated national effort to mitigate risk to the nation’s critical infrastructure.

“Our office was not a legacy sector like ICE or the Coast Guard,” explains William Flynn, deputy assistant secretary of the OIP. “We had a loose organization with a focused initiative approach to what we thought was needed for critical infrastructure protection policy and procedures, but as the threats have evolved, so have we. We have established solid protocols and procedures on how to react, mitigate and respond.”

Flynn stresses that information-sharing has been the real breakthrough in helping DHS work its plan. What were once tightly held agency-specific documents seldom shared, are now part of a highly-secured web-based information tool that helps all parties aggregate key data and trends.
The residual benefits of putting OIP’s internal priorities in order have lead to a clearer vision for the department and a more robust relationship with its private-sector partners.

“Our department now is more risk-based, we have constructed tier-based priority criteria to deal with events and we have mandated more engagement with local government and the private sector,” Flynn says. “Unless the government can do a good job of proving the business values to the private sector, there is no motivation for them to become part of the risk and security process — that is a formula for failure. We are now focusing on gaps in resources. Our goal is to converge our cyber and physical security efforts, along with solid business continuity roadmaps for both private and public partners.”

With approximately 85 percent of key infrastructure privately owned or operated in this country, the private sector is an increasingly important factor in the new security issues associated with homeland security.

While an integral part of national security, homeland security differs in that it is a shared responsibility that cannot be met by the federal government alone. It requires coordinated action on the part of government (federal, state and local) and the private sector.
New forms of public-private partnerships are essential to meet the challenges posed by new technologies and non-traditional threats.

If you have any comments for Steve Lasky regarding this or any other security industry-related issue, please e-mail him at [email protected].

About the Author

Steve Lasky | Editorial Director, Editor-in-Chief/Security Technology Executive

Steve Lasky is a 34-year veteran of the security industry and an award-winning journalist. He is the editorial director of the Endeavor Business Media Security Group, which includes the magazine's Security Technology Executive, Security Business, and Locksmith Ledger International, and the top-rated website He is also the host of the SecurityDNA podcast series.Steve can be reached at [email protected]