[Federal Register: June 6, 2008 (Volume 73, Number 110)]
[Notices]               
[Page 32341-32343]
                       

-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

[Docket No. DHS-2008-0054]

 
Review and Revision of the National Infrastructure Protection 
Plan

AGENCY: National Protection and Programs Directorate, DHS.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: This notice informs the public that the Department of Homeland 
Security (DHS) is currently reviewing the National Infrastructure 
Protection Plan (NIPP) and, as part of a comprehensive national review 
process, solicits public comment on issues or language in the NIPP that 
need to be updated in this triennial review cycle.

DATES: Written comments must be submitted on or before July 7, 2008.

ADDRESSES: Comments must be identified by docket number DHS-2008-0054 
and may be submitted by one of the following methods:
     Federal Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     E-mail: [email protected] Include the docket number in the 
subject line of the message.
     Facsimile: 703-235-3057.
     Mail: Larry L. May, NPPD/IP/POD/NIPP Program Management 
Office; Mail Stop 8530, Department of Homeland Security, 245 Murray 
Lane, SW., Washington, DC 20528-8530.

FOR FURTHER INFORMATION CONTACT: Larry L. May, Deputy Director, NIPP 
Program Management Office (PMO) Partnership and Outreach Division, 
Office of Infrastructure Protection, National Protection and Programs 
Directorate, Department of Homeland Security, Washington, DC 20528, 
703-235-3648 or [email protected]

SUPPLEMENTARY INFORMATION: 

I. Public Participation

    DHS invites interested persons to contribute suggestions and 
comments for the revision of the National Infrastructure Protection 
Plan (NIPP) by submitting written data, views, or arguments. Comments 
that will provide the most assistance to DHS in revising the NIPP will 
explain the reason for any

[[Page 32342]]

recommended changes to the NIPP and include data, information, or 
authority that supports such recommended change. Linking changes to 
specific sections of the NIPP would also be helpful. There will be an 
opportunity to review a revised NIPP reflecting the various changes 
later this year.
    Instructions: All submissions received must include the agency name 
and docket number for this action. All comments received will be posted 
without change to http:// www.regulations.gov, including any personal 
information provided. You may submit your comments and material by one 
of the methods specified in the ADDRESSES section. Please submit your 
comments and material by only one means to avoid the adjudication of 
duplicate submissions. If you submit comments by mail, your submission 
should be an unbound document and no larger than 8.5 by 11 inches to 
enable copying and electronic document management. If you want DHS to 
acknowledge receipt of comments by mail, include with your comments a 
self-addressed, stamped postcard that includes the docket number for 
this action. We will date your postcard and return it to you via 
regular mail.
    Docket: Background documents and comments received can be viewed at 
http://www.regulations.gov.

II. Background

    The NIPP sets forth a comprehensive risk management framework and 
clearly defines critical infrastructure protection roles and 
responsibilities for the DHS; Sector-Specific Agencies (SSAs); and 
other Federal, State, local, tribal, territorial, and private-sector 
security partners. The NIPP provides a coordinated approach for 
establishing national priorities, goals, and requirements for 
infrastructure protection so that funding and resources are applied in 
the most effective manner. The NIPP risk management framework responds 
to an evolving risk landscape; as such, there will always be changes to 
the NIPP--from relatively minor to more significant. The 2006 NIPP 
established the requirement to fully review and reissue the plan every 
three years to ensure that it is current and of maximum value to all 
security partners. To assist the reviewer as we proceed with this 
process, an internal review of the NIPP by DHS has occurred and an 
initial list of potential changes to the NIPP is included in this 
notice. The purpose of this notice is to invite interested parties to 
suggest additional changes that would make the 2009 NIPP more relevant 
and useful as a National level document and within the framework of 
HSPD-7.
    Some of the known changes that will be addressed in this revision 
of the NIPP are:
     Establishment of Critical Manufacturing as the 18th 
critical infrastructure and key resources (CIKR) sector
     Release of the chemical security regulation
     Publishing of the Sector-Specific Plans (SSPs)
     Sector name changes
     Designation of the Education Subsector
     Removal of references to the National Asset Database 
(NADB) and replacement with information on the Infrastructure 
Information Collection System and the Infrastructure Data Warehouse
     Revision of the discussion of risk assessment 
methodologies
     Update on the Protected Critical Infrastructure 
Information (PCII) program
     Clarification of NIPP CIKR Protection Metrics
     Update on the State, Local, Tribal, and Territorial 
Government Coordinating Council (SLTTGCC)
     Homeland Security Information Network (HSIN) update
     Further definition of the CIKR Information-Sharing 
Environment (ISE)
     Critical Infrastructure Warning Information Network (CWIN)
     Evolution from the National Response Plan to the National 
Response Framework
     Further information on the National Infrastructure 
Simulation and Analysis Center (NISAC)
     Update on the Protective Security Advisor Program
     Additional Homeland Security Presidential Directives
     Issues regarding cross-sector cyber security
     Overarching issues: Protection and resiliency
     Delineate role of Private Sector Office
     DHS organizational changes: National Protection and 
Programs Directorate (NPPD).

Comments are welcome on other areas that should be updated, expanded, 
changed, added, or deleted as appropriate.

III. Initial List of Issues To Be Updated in the NIPP

    Since the NIPP was released in June 2006, DHS and its security 
partners have been working to implement the risk management framework 
and the sector partnership model to protect the Nation's CIKR. 
Throughout this implementation, DHS has engaged the NIPP feedback 
mechanisms to capture lessons learned and issues that need to be 
revised and updated in future versions of the NIPP. This section 
presents a brief summary of some those issues as a guide to reviewers 
and commenters on the types of changes being incorporated into the 
NIPP. DHS is soliciting public comment on these and other issues. These 
issues will be addressed through changes made in the appropriate 
sections of the NIPP.

Establishment of Critical Manufacturing as the 18th CIKR Sector

    On March 3, 2008, DHS formally established the Critical 
Manufacturing Sector as the 18th CIKR sector.

Release of Chemical Security Regulation

    On April 9, 2007, the U.S. Department of Homeland Security (DHS) 
issued the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR 
part 27. Congress authorized this interim final rule (IFR) under 
Section 550 of the Department of Homeland Security Appropriations Act 
of 2007, directing the Department to identify high-risk chemical 
facilities, assess their security vulnerabilities, and require those 
facilities to submit site security plans meeting risk-based performance 
standards. DHS also issued a final Appendix A to the CFATS IFR on 
November 20, 2007, listing chemicals of interest (COI) which, if 
possessed in specified quantities, require chemical facilities to 
submit certain information to DHS.

Publishing of the Sector-Specific Plans

    Section 5.3.1 of the NIPP will be updated to reflect the SSPs 
official release on May 21, 2007.

Sector Name Changes

    To better reflect the scope of three sectors, DHS has recognized 
the following name changes: ``Commercial Nuclear Reactors, Materials 
and Waste'' to ``Nuclear Reactors, Materials and Waste;'' ``Drinking 
Water and Water Treatment Systems'' to ``Water;'' and 
``Telecommunications'' to ``Communications.''

Designation of the Education Facilities Subsector

    In keeping with section 2.2.2 of the NIPP, DHS has recognized the 
Department of Education's Office of Safe and Drug-Free Schools (OSDFS) 
as the lead for Education Facilities (EF), a subsector of the 
Government Facilities Sector.

[[Page 32343]]

Removal of References to the National Asset Database

    Throughout the NIPP, references to the NADB will be removed and 
replaced with information on the Infrastructure Information Collection 
System and the Infrastructure Data Warehouse.

Revision of the Discussion on Risk Assessment Methodologies

    The discussion of risk assessment methodologies will be revised to 
indicate that there are multiple NIPP-compliant risk assessment 
methodologies. Revisions will also provide information on the current 
state of CIKR risk analysis capability and the Tier 1/Tier 2 Program.

Update on the Protected Critical Infrastructure Information Program

    DHS will clarify how vulnerability assessment information may be 
submitted for protection under the PCII program and which DHS programs 
may receive this information.

Clarification of NIPP CIKR Protection Metrics

    The NIPP CIKR protection metrics process includes four metrics 
areas:
    1. Core metrics represent a common set of measures that are tracked 
across all sectors.
    2. Sector-specific performance metrics are the set of measures 
tailored to the unique characteristics of each sector.
    3. CIKR protection programmatic metrics are used to measure the 
effectiveness of specific programs, initiatives, and investments that 
are managed by Government agencies and sector partners.
    4. Sector partnership metrics are used to assess the status of 
activities conducted under the sector partnership.

Update on the State, Local, Tribal, and Territorial Government 
Coordinating Council

    The SLTTGCC now has three working groups and also provides liaisons 
to all the sectors: Policy and Planning Working Group, Communication 
and Coordination Working Group, and Information-Sharing Working Group. 
The roles of State and Regional groups in CIKR protection will be 
described.

Homeland Security Information Network Update

    DHS IP is working closely with the DHS Chief Information Officer 
(CIO) to determine feasible solutions to mitigate issues from CIKR 
protection security partners related to HSIN.

Further Definition of the CIKR Information-Sharing Environment

    As follow-up to the original discussion of ISE in section 4.2.3 of 
the NIPP, the Program Manager (PM)-ISE formally issued the CIKR ISE 
paper in May 2007. The paper describes the core elements of robust 
information sharing with the CIKR sectors.

Critical Infrastructure Warning Information Network

    An ISE addition since the 2006 release of the NIPP, CWIN is a 
mechanism that facilitates the flow of information, mitigates obstacles 
to voluntary information sharing by CIKR owners and operators, and 
provides feedback and continuous improvement for structures and 
processes.

Evolution From the National Response Plan to the National Response 
Framework

    The National Response Framework replaces the former National 
Response Plan.

National Infrastructure Simulation and Analysis Center

    The Homeland Security Appropriations Act of 2007 specifies the 
NISAC's current mission to provide ``modeling, simulation, and analysis 
of the assets and systems comprising CIKR in order to enhance 
preparedness, protection, response, recovery, and mitigation 
activities.''

Protective Security Advisor Program

    The key elements of this program and the roles the Protective 
Security Advisors play in information sharing and support to security 
partners will be described.

Additional Homeland Security Presidential Directives

    HSPD-19 and others will be added in the appendixes and wherever 
they are appropriate in the main body of the NIPP.

Issues Regarding Cross-Sector Cyber Security

    The National Cyber Security Division (NCSD) is working closely with 
the SSAs and other security partners to integrate cyber security into 
the CIKR sectors' protection and preparedness efforts.

Overarching Issues: Protection and Resiliency

    Questions have been raised about the focus of the NIPP on 
protection rather than resiliency. The revised NIPP needs to better 
describe the complementary relationship of these two concepts.

Role of Private Sector Office

    The role of this office in coordinating with private sector 
security partners will be described in greater detail.

DHS Organizational Changes: National Protection and Programs 
Directorate

    There have been numerous organizational changes within DHS related 
to roles and responsibilities described throughout the NIPP. NPPD 
(formerly the Preparedness Directorate) was formed in 2007 to advance 
the Department's risk-reduction mission. The components of NPPD 
include:
     Office of Cyber Security and Communications (CS&C) has the 
mission to assure the security, resiliency, and reliability of the 
Nation's cyber and communications infrastructure in collaboration with 
the public and private sectors, including international partners.
     Office of Intergovernmental Programs (IGP) has the mission 
to promote an integrated national approach to homeland security by 
ensuring, coordinating, and advancing Federal interaction with State, 
local, tribal, and territorial governments.
     Office of Risk Management and Analysis (RMA) will lead the 
Department's efforts to establish a common framework to address the 
overall management and analysis of homeland security risk.
     United States Visitor and Immigrant Status Indicator 
Technology (US-VISIT) is part of a continuum of biometrically-enhanced 
security measures that begins outside U.S. borders and continues 
through a visitor's arrival in and departure from the United States.
     Office of Infrastructure Protection (IP) leads the 
coordinated national effort to reduce risk to our CIKR posed by acts of 
terrorism.
    For purposes of review, the NIPP can be found at http://
www.dhs.gov/nipp.

R. James Caverly,
Director, Partnership and Outreach Division, Department of Homeland 
Security.
[FR Doc. E8-12671 Filed 6-5-08; 8:45 am]

BILLING CODE 4410-10-P