The IT Law Wiki
The IT Law Wiki

Citation[]

The White House, Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21) (Feb. 12, 2013) (full-text).

Overview[]

This Directive updates the national approach on critical infrastructure security and resilience. It shifted the nation's focus from protecting critical infrastructure against terrorism to protecting and securing critical infrastructure and increasing its resilience against all hazards, including natural disasters, terrorism, and cyber incidents.

PPD-21 revoked Homeland Security Presidential Directive 7 (HSPD-7), issued in 2003, although it states that plans developed pursuant to HSPD-7 shall remain in effect until specifically revoked or superseded.

PPD-21 re-aligned the HSPD-7 critical infrastructure sectors and reduced the number from 18 to 16. The 16 critical infrastructure sectors are chemical; commercial facilities; communications; critical manufacturing; dams; defense industrial base; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; nuclear reactors, materials, and waste; transportation systems; and water and wastewater systems.

The Nation's critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary for us to strengthen and maintain secure, functioning, and resilient critical infrastructure — including the assets, networks, and systems that are vital to public confidence and the Nation's safety, prosperity, and well-being. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial entities, and public and private owners and operators of critical infrastructure.

The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multinational ownership), interdependent functions and systems in both the physical and cyber spaces, and governance constructs that involve varied authorities, responsibilities, and regulations. Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient.

While there has been extensive work done to enhance both the physical and cyber security and resilience of critical infrastructure, this PPD will create a stronger alliance between these two intertwined components. The ability to leverage and integrate successes in both of these fields is crucial to the enhancement of our Nation's security and resilience.

Three strategic imperatives drive the Federal approach to strengthen critical infrastructure security and resilience:

Accomplishment of these imperatives will be through the successful completion of six key deliverables:

Federal Communications Commission[]

Under PPD-21, the FCC is responsible for exercising its authority and expertise to partner with other federal agencies on:

Source[]