Skip to main content

Critical Infrastructure Protection: Update to National Infrastructure Protection Plan Includes Increased Emphasis on Risk Management and Resilience

GAO-10-296 Published: Mar 05, 2010. Publicly Released: Apr 05, 2010.
Jump To:
Skip to Highlights

Highlights

According to the Department of Homeland Security (DHS), there are thousands of facilities in the United States that if destroyed by a disaster could cause casualties, economic losses, or disruptions to national security. The Homeland Security Act of 2002 gave DHS responsibility for leading and coordinating the nation's effort to protect critical infrastructure and key resources (CIKR). Homeland Security Presidential Directive 7 (HSPD-7) defined responsibilities for DHS and certain federal agencies--known as sector-specific agencies (SSAs)--that represent 18 industry sectors, such as energy. In accordance with the Homeland Security Act and HSPD-7, DHS issued the National Infrastructure Protection Plan (NIPP) in June 2006 to provide the approach for integrating the nation's CIKR. GAO was asked to study DHS's January 2009 revisions to the NIPP in light of a debate over whether DHS has emphasized protection--to deter threats, mitigate vulnerabilities, or minimize the consequences of disasters---rather than resilience---to resist, absorb, or successfully adapt, respond to, or recover from disasters. This report discusses (1) how the 2009 NIPP changed compared to the 2006 NIPP and (2) how DHS and SSAs addressed resiliency as part of their planning efforts. GAO compared the 2006 and 2009 NIPPs, analyzed documents, including NIPP Implementation Guides and sector- specific plans, and interviewed DHS and SSA officials from all 18 sectors about their process to identify potential revisions to the NIPP and address resiliency.

Full Report

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

Computer securityCritical infrastructure protectionCyber securityDisaster recovery plansEmergency preparednessHomeland securityInformation disclosureInformation technologyInternational organizationsInternational relationsLossesRegional planningRisk assessmentRisk managementStrategic planningPolicies and procedures