Citation[]
The White House, Homeland Security Presidential Directive 7 (HSPD-7): Critical Infrastructure Identification, Prioritization, and Protection (Dec. 17, 2003) (full-text).
Overview[]
HSPD-7, issued in December 2003, superseded PDD-63 and:
- established the Department of Homeland Security (DHS) as the principal federal agency to lead, integrate, and coordinate the implementation of efforts to protect the cybersecurity for the nation’s critical infrastructure and key resources (CIKR). This includes analysis, warning, information sharing, vulnerability reduction, mitigation, and recovery efforts for critical infrastructure information systems. It also directs DHS to develop a national indications and warnings architecture for infrastructure protection and capabilities, including cyber, that will facilitate an understanding of baseline infrastructure operations, the identification of indicators and precursors to an attack, and create a surge capacity for detecting and analyzing patterns of potential attacks;
- called for the development and implementation of a National Infrastructure Protection Plan (NIPP);
- established a framework for NIPP partners to identify, prioritize, and protect the nation's CIKR from terrorist attacks. The directive identified 17 CIKR sectors, namely: Agriculture and Food, Water, Public Health and Healthcare, Emergency Services, the Defense Industrial Base, Information Technology, Telecommunications, Energy, Transportation Systems, Banking and Finance, Chemical, Postal and Shipping, National Monuments and Icons, Dams, Government Facilities, Commercial Facilities, and Nuclear Reactors, Materials and Waste.
- directed DHS to establish uniform policies, approaches, guidelines, and methodologies for integrating federal infrastructure protection and risk management activities within and across the 17 CIKR sectors.
- designated a federal Sector-Specific Agency (SSA)[1] (including, but not limited to, DHS, the Department of the Treasury, and the Department of Health and Human Services) to lead CIKR protection efforts in each. The directive allows for the Department of Homeland Security to identify gaps in existing CIKR sectors and establish new sectors to fill these gaps. Under this authority, the Department established the Critical Manufacturing Sector in March 2008.
HSPD 7 did not encompass protection of Federal government information systems.
As of February 12, 2013, Presidential Policy Directive 21 revoked HSPD 7. However, the policy directive continues to assign sector-specific agencies and states that plans developed pursuant to HSPD 7 will remain in effect until specifically revoked or superseded.
Additional obligations[]
The Secretary of the Department of Homeland Security (DHS), in coordination with the Director of the Office of Science and Technology Policy (OSTP), must prepare on an annual basis a federal research and development (R&D) plan in support of the HSPD-7 directive. As the appropriate standing federal interagency forum, the Infrastructure Subcommittee[2] of the National Science and Technology Council (NSTC) was tasked with the development of the annual R&D plan to address critical infrastructure protection (CIP) for the United States.
The HSPD-7 directive also required the development of a comprehensive, integrated National Infrastructure Protection Plan (NIPP). This R&D plan was developed in close coordination with the Interim NIPP, released in February 2005. In its first year, the focus of the R&D plan was twofold: (1) the creation of a baseline, including the identification of major research and technology development efforts within federal agencies, and (2) the articulation of a vision that takes into account future needs and identifies research gaps based on known threats. Agency capabilities and near term plans were mapped to R&D focus areas. With this baseline in place and a vision for the future identified, a roadmap and investment plan can be developed in the 2005 national critical infrastructure protection R&D planning effort.
References[]
- ↑ Each of the Sector-Specific Agencies developed a Sector-Specific Plan that details the application of the NIPP framework to the unique characteristics of their sector. The Critical Manufacturing Sector-Specific plan is under development.
- ↑ The Infrastructure Subcommittee is supported by two interagency working groups, namely Physical Structures and Systems and Critical Information Infrastructure Protection.