USA: +1(669)289-8683 
Sign in
With the increasing fear of terrorism since 9/11, how do we prepare to prevent, deter and respond to an enemy that we do not know, that can strike at any time, whether it be domestic, international, or a lone wolf. Explain the challenges, opportunities, and obstacles, and how would you think we should tackle it.
National Strategy for Physical Protection of Critical Infrastructure and Key Assets comprises public
domain material from the U.S. Department of Homeland Security. UMGC has modified this work.
The Physical Protection
of Critical Infrastructures
and Key Assets
f e b r u a r y
2 0 0 3
The Physical Protection
of Critical Infrastructures
and Key Assets
f e b r u a r y
2 0 0 3
the white house
washington
My Fellow Americans:
The September 11, 2001, attacks demonstrated the extent of our vulnerability to the terrorist threat.
In the aftermath of these tragic events, we, as a Nation, have demonstrated firm resolve in protecting our
critical infrastructures and key assets from further terrorist exploitation. In this effort, government at all
levels, the private sector, and concerned citizens across the country have begun an important partnership
and commitment to action.
To address the threat posed by those who wish to harm the United States, critical infrastructure owners
and operators are assessing their vulnerabilities and increasing their investment in security. State and
municipal governments across the country continue to take important steps to identify and assure the
protection of key assets and services within their jurisdictions. Federal departments and agencies are
working closely with industry to take stock of key assets and facilitate protective actions, while improving
the timely exchange of important security-related information. The Office of Homeland Security is
working closely with key public- and private-sector entities to implement the Homeland Security
Advisory System across all levels of government and the critical sectors. Finally, I commend the Members
of Congress for working diligently to pass comprehensive legislation that will unify our national critical
infrastructure and key asset protection efforts in the new Department of Homeland Security.
Much work remains, however, to insure that we sustain these initial efforts over the long term. This National
Strategy for the Physical Protection of Critical Infrastructures and Key Assets represents the first milestone in
the road ahead. Consistent with the National Strategy for Homeland Security, this document identifies a clear
set of goals and objectives and outlines the guiding principles that will underpin our efforts to secure the
infrastructures and assets vital to our public health and safety, national security, governance, economy, and
public confidence. It provides a unifying structure, defines roles and responsibilities, and identifies major
initiatives that will drive our near-term protection priorities. Most importantly, it establishes a foundation
for building and fostering a cooperative environment in which government, industry, and private citizens
can work together to protect our critical infrastructures and key assets.
The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets is the product
of many months of consultation across a broad range of public- and private-sector stakeholders.
It includes extensive input from the federal departments and agencies, state and municipal government,
private-sector infrastructure owners and operators, the scientific and technology community, professional
associations, research institutes, and concerned citizens across the country. This document is a truly
national strategy.
As we work to implement this Strategy, it is important to remember that protection of our critical
infrastructures and key assets is a shared responsibility. Accordingly, the success of our protective efforts
will require close cooperation between government and the private sector at all levels. Each of us has
an extremely important role to play in protecting the infrastructures and assets that are the basis for our
daily lives and that represent important components of our national power and prestige.
The terrorist enemy that we face is highly determined, patient, and adaptive. In confronting this threat,
protecting our critical infrastructures and key assets represents an enormous challenge. We must
remain united in our resolve, tenacious in our approach, and harmonious in our actions to overcome
this challenge and secure the foundations of our Nation and way of life.
Executive Summary ……………………………………………………………………………………………………..vii
Introduction ………………………………………………………………………………………………………………….1
The Case for Action ………………………………………………………………………………………………………5
National Policy and Guiding Principles ………………………………………………………………………….11
Organizing and Partnering for Critical Infrastructure and Key Asset Protection ………………….15
Cross-Sector Security Priorities……………………………………………………………………………………..21
Planning and Resource Allocation…………………………………………………………………………….22
Information Sharing and Indications and Warnings ……………………………………………………25
Personnel Surety, Building Human Capital, and Awareness …………………………………………28
Technology and Research & Development ………………………………………………………………..31
Modeling, Simulation, and Analysis ………………………………………………………………………….33
Securing Critical Infrastructures…………………………………………………………………………………….35
Agriculture and Food ………………………………………………………………………………………………36
Water ……………………………………………………………………………………………………………………39
Public Health …………………………………………………………………………………………………………41
Emergency Services ………………………………………………………………………………………………..43
Defense Industrial Base …………………………………………………………………………………………..45
Telecommunications ……………………………………………………………………………………………….47
Energy…………………………………………………………………………………………………………………..50
Transportation………………………………………………………………………………………………………..54
Banking and Finance ………………………………………………………………………………………………63
Chemical Industry and Hazardous Materials ……………………………………………………………..65
Postal and Shipping ………………………………………………………………………………………………..67
Protecting Key Assets …………………………………………………………………………………………………..71
National Monuments and Icons ……………………………………………………………………………….72
Nuclear Power Plants………………………………………………………………………………………………74
Dams…………………………………………………………………………………………………………………….76
Government Facilities……………………………………………………………………………………………..77
Commercial Key Assets …………………………………………………………………………………………..78
Conclusion ………………………………………………………………………………………………………………….81
Acronyms ……………………………………………………………………………………………………………………83
v
vi
This document defines the road ahead for a core
mission area identified in the President’s National
Strategy for Homeland Security—reducing the Nation’s
vulnerability to acts of terrorism by protecting our critical infrastructures and key assets from physical attack.
This document, the National Strategy for the Physical
Protection of Critical Infrastructures and Key Assets, the
Strategy, identifies a clear set of national goals and
objectives and outlines the guiding principles that will
underpin our efforts to secure the infrastructures and
assets vital to our national security, governance, public
health and safety, economy, and public confidence. This
Strategy also provides a unifying organization and
identifies specific initiatives to drive our near-term
national protection priorities and inform the resource
allocation process. Most importantly, it establishes a
foundation for building and fostering the cooperative
environment in which government, industry, and
private citizens can carry out their respective protection
responsibilities more effectively and efficiently.
This Strategy recognizes the many important steps that
public and private entities across the country have
taken in response to the September 11, 2001, attacks to
improve the security of their critical facilities, systems,
and functions. Building upon these efforts, this document provides direction to the federal departments and
agencies that have a role in critical infrastructure and
key asset protection. It also suggests steps that state
and local governments, private sector entities, and
concerned citizens across America can take to enhance
our collective infrastructure and asset security. In this
light, this Strategy belongs and applies to the Nation as
a whole, not just to the federal government or its
constituent departments and agencies.
A New Mission
The September 11 attacks demonstrated our nationallevel physical vulnerability to the threat posed by a
formidable enemy-focused, mass destruction terrorism.
The events of that day also validated how determined,
patient, and sophisticated—in both planning and
execution—our terrorist enemies have become. The
basic nature of our free society greatly enables terrorist
operations and tactics, while, at the same time, hinders
our ability to predict, prevent, or mitigate the effects of
terrorist acts. Given these realities, it is imperative
to develop a comprehensive national approach to
physical protection.
Defining the End State: Strategic Objectives
The strategic objectives that underpin our national
critical infrastructure and key asset protection
effort include:
• Identifying and assuring the protection of those
infrastructures and assets that we deem most critical
in terms of national-level public health and safety,
governance, economic and national security, and
public confidence consequences;
• Providing timely warning and assuring the protection of those infrastructures and assets that face a
specific, imminent threat; and
• Assuring the protection of other infrastructures and
assets that may become terrorist targets over time by
pursuing specific initiatives and enabling a collaborative environment in which federal, state, and local
governments and the private sector can better
protect the infrastructures and assets they control.
Homeland Security and Infrastructure
Protection: A Shared Responsibility
Protecting America’s critical infrastructures and key
assets calls for a transition to a new national cooperative paradigm. The basic tenets of homeland security are
fundamentally different from the historically defined
tenets of national security. Traditionally, national
security has been recognized largely as the responsibility
of the federal government. National security is underpinned by the collective efforts of the military, foreign
policy establishment, and intelligence community
in the defense of our airspace and national borders,
as well as operations overseas to protect our
national interests.
Homeland security, particularly in the context of critical
infrastructure and key asset protection, is a shared
responsibility that cannot be accomplished by the
federal government alone. It requires coordinated
action on the part of federal, state, and local governments; the private sector; and concerned citizens across
the country.1
vii
To build and implement a robust strategy to protect
our critical infrastructures and key assets from further
terrorist exploitation, we must understand the motivations of our enemies as well as their preferred tactics
and targets. We must complement this understanding
with a comprehensive assessment of the infrastructures
and assets to be protected, their vulnerabilities, and the
challenges associated with eliminating or mitigating
those vulnerabilities—a task that will require the
concerted efforts of our entire Nation.
The Importance of Critical Infrastructures
America’s critical infrastructure sectors provide the
foundation for our national security, governance,
economic vitality, and way of life. Furthermore, their
continued reliability, robustness, and resiliency create a
sense of confidence and form an important part of our
national identity and purpose. Critical infrastructures
frame our daily lives and enable us to enjoy one of the
highest overall standards of living in the world.
The facilities, systems, and functions that comprise our
critical infrastructures are highly sophisticated and
complex. They include human assets and physical and
cyber systems that work together in processes that are
highly interdependent. They also consist of key nodes
that, in turn, are essential to the operation of the
critical infrastructures in which they function.
The Importance of Key Assets
Key assets and high profile events are individual targets
whose attack—in the worst-case scenarios—could
result in not only large-scale human casualties and
property destruction, but also profound damage to our
national prestige, morale, and confidence.
Individually, key assets like nuclear power plants and
dams may not be vital to the continuity of critical services at the national level. However, a successful strike
against such targets may result in a significant loss of
life and property in addition to long-term, adverse
public health and safety consequences. Other key assets
are symbolically equated with traditional American
values and institutions or U.S. political and economic
power. Our national icons, monuments, and historical
attractions preserve history, honor achievements, and
represent the natural grandeur of our country. They
celebrate our American ideals and way of life and
present attractive targets for terrorists, particularly when
coupled with high profile events and celebratory activities that bring together significant numbers of people.
viii
Understanding the Threat
Characteristics of Terrorism
The September 11 attacks on the World Trade Center
and the Pentagon underscore the determination of our
terrorist enemies. Terrorists are relentless and patient,
as evidenced by their persistent targeting of the World
Trade Center towers over the years. Terrorists are also
opportunistic and flexible. They learn from experience
and modify their tactics and targets to exploit perceived
vulnerabilities and avoid observed strengths. As security increases around more predictable targets, they
shift their focus to less protected assets. Enhancing
countermeasures for any one terrorist tactic or target,
therefore, makes it more likely that terrorists will
favor another.
The Nature of Possible Attacks
Terrorists’ pursuit of their long-term strategic objectives includes attacks on critical infrastructures and key
assets. Terrorists target critical infrastructures to
achieve three general types of effects:
• Direct infrastructure effects: Cascading disruption or
arrest of the functions of critical infrastructures or
key assets through direct attacks on a critical node,
system, or function.
• Indirect infrastructure effects: Cascading disruption
and financial consequences for government, society,
and economy through public- and private-sector
reactions to an attack.
• Exploitation of infrastructure: Exploitation of
elements of a particular infrastructure to disrupt or
destroy another target.
This Strategy reaffirms our longstanding national
policy regarding critical infrastructure and key asset
protection. It also delineates a set of guiding principles
that will underpin our domestic protection strategy.
Statement of National Policy
As a Nation we remain committed to protecting our
critical infrastructures and key assets from acts of
terrorism that would:
• Impair the federal government’s ability to perform
essential national and homeland security missions
and ensure the general public’s health and safety;
• Undermine state and local government capacities to
maintain order and to deliver minimum essential
public services;
• Damage the private sector’s capability to ensure the
orderly functioning of the economy and the delivery
of essential services; and
• Undermine the public’s morale and confidence in
our national economic and political institutions.
We must work collaboratively to employ the tools
necessary to implement such protection.
Guiding Principles
Eight guiding principles underpin this Strategy:
• Assure public safety, public confidence, and services;
• Establish responsibility and accountability;
• Encourage and facilitate partnering among all
levels of government and between government
and industry;
• Encourage market solutions wherever possible
and compensate for market failure with focused
government intervention;
• Facilitate meaningful information sharing;
• Foster international cooperation;
• Develop technologies and expertise to combat
terrorist threats; and
• Safeguard privacy and constitutional freedoms.
Implementing this Strategy requires a unifying organization, a clear purpose, a common understanding of
roles and responsibilities, accountability, and a set of
well-understood coordinating processes. A solid
organizational scheme sets the stage for effective
engagement and interaction between the public and
private sectors at all levels. Without it, the tasks of
coordinating and integrating domestic protection
policy, planning, resource allocation, performance
measurement, and enabling initiatives across federal,
state, and local governments and the private sector are
virtually impossible to accomplish. Our strategy for
action must provide the foundation these entities can
use to achieve common objectives, applying their core
capabilities, expertise, and experience as necessary to
meet the threat at hand.
Federal Government Responsibilities
The federal government has the capacity to organize,
convene, and coordinate broadly across governmental
jurisdictions and the private sector. It has the responsibility to develop coherent national policies, strategies,
and programs for implementation. In the context of
homeland security, the federal government will coordinate the complementary efforts and capabilities of
government and private institutions to raise our level
of protection over the long term as appropriate for each
of our critical infrastructures and key assets.
Every terrorist event has a potential national impact.
The federal government will, therefore, take the lead
to ensure that the three principal objectives detailed
in the Introduction of this Strategy are met. This
leadership role involves:
• Taking stock of our most critical facilities, systems,
and functions and monitoring their preparedness
across economic sectors and governmental
jurisdictions;
• Assuring that federal, state, local, and private
entities work together to protect critical facilities,
systems, and functions that face an imminent threat
and/or whose loss could have significant national
consequences;
• Providing and coordinating national-level threat
information, assessments, and warnings that are
timely, actionable, and relevant to state, local, and
private sector partners;
• Creating and implementing comprehensive,
multi-tiered protection policies and programs;
• Exploring potential options for enablers and
incentives to encourage stakeholders to devise
solutions to their unique protection impediments;
• Developing cross-sector and cross-jurisdictional
protection standards, guidelines, criteria, and
protocols;
• Facilitating the sharing of critical infrastructure and
key asset protection best practices and processes and
vulnerability assessment methodologies;
• Conducting demonstration projects and pilot
programs;
• Seeding the development and transfer of advanced
technologies while taking advantage of privatesector expertise and competencies;
• Promoting national-level critical infrastructure and
key asset protection education and awareness; and
• Improving the federal government’s ability to
work with state and local responders and
service providers.
ix
Federal Lead Departments and Agencies
The National Strategy for Homeland Security provides a
sector-based organizational scheme for protecting
critical infrastructure and key assets. It identifies the
federal lead departments and agencies responsible for
coordinating protection activities and developing and
maintaining collaborative relationships with their state
and local government and industry counterparts in the
critical sectors.
In addition to securing federally owned and operated
infrastructures and assets, the role of the federal lead
departments and agencies is to assist state and local
governments and private-sector partners in their
efforts to:
• Organize and conduct protection and continuity of
government and operations planning, and elevate
awareness and understanding of threats and
vulnerabilities to their critical facilities, systems,
and functions;
• Identify and promote effective sector-specific
protection practices and methodologies; and
• Expand voluntary security-related information
sharing among private entities within the sector, as
well as between government and private entities.
Department of Homeland Security
The Department of Homeland Security (DHS) will
provide overall cross-sector coordination in this new
organizational scheme, serving as the primary liaison
and facilitator for cooperation among federal agencies,
state and local governments, and the private sector. As
the cross-sector coordinator, DHS will also be responsible for the detailed refinement and implementation
of the core elements of this Strategy.
Other Federal Departments and Agencies
Besides the designated federal lead departments and
agencies, the federal government will rely on the
unique expertise of other departments and agencies to
enhance the physical protection dimension of homeland security. Additionally, overall sector initiatives will
often include an international component or requirement, require the development of a coordinated
relationship with other governments or agencies, and
entail information sharing with foreign governments.
Accordingly, the Department of State (DoS) will
support the development and implementation of sector
protection initiatives by laying the groundwork for
bilateral and multilateral infrastructure protective
agreements with our international allies.
x
State and Local Government Responsibilities
The 50 states, 4 territories, and 87,000 local jurisdictions that comprise this Nation have an important and
unique role to play in the protection of our critical
infrastructures and key assets. State and local governments, like the federal government, should identify and
secure the critical infrastructures and key assets they
own and operate within their jurisdictions.
States should also engender coordination of protective
and emergency response activities and resource support
among local jurisdictions and regions in close collaboration with designated federal lead departments and
agencies. States should further facilitate coordinated
planning and preparedness for critical infrastructure
and key asset protection, applying unified criteria for
determining criticality, prioritizing protection investments, and exercising preparedness within their
jurisdictions. States should also act as conduits for
requests for federal assistance when the threat at hand
exceeds the capabilities of local jurisdictions and
private entities within those jurisdictions. Finally,
states should facilitate the exchange of relevant security
information and threat alerts down to the local level.
State and local governments look to the federal
government for coordination, support, and resources
when national requirements exceed local capabilities.
Protecting critical infrastructures and key assets will
require a close and extensive cooperation among all
three levels of government. DHS, in particular, is
designed to provide a single point of coordination with
state and local governments for homeland security
issues, including the critical infrastructure and key asset
protection mission area. Other federal lead departments and agencies and law enforcement organizations
will provide support as needed and appropriate for
specific critical infrastructure and key asset
protection requirements.
Private Sector Responsibilities
The lion’s share of our critical infrastructures and key
assets are owned and operated by the private sector.
Customarily, private sector firms prudently engage in
risk management planning and invest in security as a
necessary function of business operations and customer
confidence. Moreover, in the present threat environment, the private sector generally remains the first line
of defense for its own facilities. Consequently, privatesector owners and operators should reassess and adjust
their planning, assurance, and investment programs to
better accommodate the increased risk presented by
deliberate acts of violence. Since the events of
September 11, many businesses have increased their
threshold investments and undertaken enhancements
in security in an effort to meet the demands of the
new threat environment.
For most enterprises, the level of investment in security
reflects implicit risk-versus-consequence tradeoffs,
which are based on: (1) what is known about the risk
environment; and (2) what is economically justifiable
and sustainable in a competitive marketplace or in an
environment of limited government resources. Given
the dynamic nature of the terrorist threat and the
severity of the consequences associated with many
potential attack scenarios, the private sector naturally
looks to the government for better information to help
make its crucial security investment decisions.
Similarly, the private sector looks to the government
for assistance when the threat at hand exceeds an
enterprise’s capability to protect itself beyond a reasonable level of additional investment. In this light, the
federal government will collaborate with the private
sector (and state and local governments) to assure the
protection of nationally critical infrastructures and
assets; provide timely warning and assure the protection of infrastructures and assets that face a specific,
imminent threat; and promote an environment in
which the private sector can better carry out its specific
protection responsibilities.
Near-term Roadmap: Cross-Sector
Security Priorities
The issues and security initiatives outlined in the
Cross-Sector Security Priorities chapter of this document
represent important, near-term national priorities.
They are focused on impediments to physical protection that significantly impact multiple sectors of our
government, society, and economy. Potential solutions
to the problems identified—such as information
sharing and threat indications and warning—are highleverage areas that, when realized, will enhance the
Nation’s collective ability to protect critical infrastructures and key assets across the board. Accordingly,
DHS and designated federal lead departments and
agencies will prepare detailed implementation plans to
support the activities outlined in this chapter.
This Strategy identifies major cross-sector initiatives in
five areas:
Planning and Resource Allocation: This Strategy
identifies eight major initiatives in this area.
• Create collaborative mechanisms for governmentindustry critical infrastructure and key asset
protection planning;
• Identify key protection priorities and develop
appropriate supporting mechanisms for these
priorities;
• Foster increased sharing of risk-management
expertise between the public and private sectors;
• Identify options for incentives for private
organizations that proactively implement
enhanced security measures;
• Coordinate and consolidate federal and state
protection plans;
• Establish a task force to review legal impediments
to reconstitution and recovery in the aftermath
of an attack against a critical infrastructure or
key asset;
• Develop an integrated critical infrastructure and
key asset geospatial database; and
• Conduct critical infrastructure protection planning
with our international partners.
Information Sharing and Indications and Warnings:
This Strategy identifies six major initiatives in this area.
• Define protection-related information sharing
requirements and establish effective, efficient
information sharing processes;
• Implement the statutory authorities and powers
of the Homeland Security Act of 2002 to protect
security and proprietary information regarded as
sensitive by the private sector;
• Promote the development and operation of critical
sector Information Sharing Analysis Centers;
• Improve processes for domestic threat data
collection, analysis, and dissemination to state
and local government and private industry;
• Support the development of interoperable secure
communications systems for state and local governments and designated private sector entities; and
• Complete implementation of the Homeland
Security Advisory System.
Personnel Surety, Building Human Capital, and
Awareness: This Strategy identifies six major initiatives
in this area.
• Coordinate the development of national standards
for personnel surety;
• Develop a certification program for backgroundscreening companies;
xi
• Explore establishment of a certification regime or
model security training program for private
security officers;
• Identify requirements and develop programs to
protect critical personnel;
• Facilitate the sharing of public- and private-sector
protection expertise; and
• Develop and implement a national awareness
program for critical infrastructure and key
asset protection.
and special categories of key assets have unique issues
that require action. These considerations and associated
enabling initiatives are discussed in the last two
chapters of this Strategy:
Securing Critical Infrastructures: This Strategy identifies
major protection initiatives for the following critical
infrastructure sectors:
• Agriculture and Food
• Water
• Public Health
Technology and Research & Development: This Strategy
identifies four major initiatives in this area.
• Coordinate public- and private-sector security
research and development activities;
• Emergency Services
• Defense Industrial Base
• Telecommunications
• Coordinate interoperability standards to ensure
compatibility of communications systems;
• Energy
• Explore methods to authenticate and verify
personnel identity; and
• Banking and Finance
• Improve technical surveillance, monitoring and
detection capabilities.
• Postal and Shipping
Modeling, Simulation, and Analysis: This Strategy
identifies seven major initiatives in this area.
• Enable the integration of modeling, simulation,
and analysis into national infrastructure and asset
protection planning and decision support activities;
• Transportation
• Chemicals and Hazardous Materials
Protecting Key Assets: This Strategy identifies
major protection initiatives for the following key
asset categories:
• National Monuments and Icons
• Nuclear Power Plants
• Develop economic models of near- and long-term
effects of terrorist attacks;
• Dams
• Develop critical node/chokepoint and
interdependency analysis capabilities;
• Commercial Key Assets
• Model interdependencies across sectors with respect
to conflicts between sector alert and warning
procedures and actions;
• Conduct integrated risk modeling of cyber and
physical threats, vulnerabilities, and consequences;
and
• Develop models to improve information integration.
Unique Protection Areas
In addition to the cross-sector themes addressed in this
Strategy, the individual critical infrastructure sectors
xii
• Government Facilities
________
1 The National Strategy for Homeland Security defines “State”
to mean “any state of the United States, the District of
Columbia, Puerto Rico, the Virgin Islands, Guam, American
Samoa, the Commonwealth of the Northern Mariana
Islands, or the trust territory of the Pacific Islands.” The
Strategy defines “local government” as “any county, city,
village, town, district, or other political subdivision of any
state, any Native American tribe or authorized tribal organization, or Alaska native village or organization, and includes
any rural community or unincorporated town or village or
any other public entity for which and application for
assistance is made by a state or political subdivision thereof.”
On July 16, 2002, President Bush issued the National
Strategy for Homeland Security, an overarching strategy
for mobilizing and organizing our Nation to secure the
U.S. homeland from terrorist attacks. It communicates
a comprehensive approach “based on the principles of
shared responsibility and partnership with Congress,
state and local governments, the private sector, and the
American people”—a truly national effort, not merely
a federal one.
The National Strategy for Homeland Security defines
“homeland security” and identifies a strategic
framework based on three national objectives. In order
of priority, these are: (1) preventing terrorist attacks
within the United States, (2) reducing America’s
vulnerability to terrorism, and (3) minimizing the
damage and recovering from attacks that
do occur.
Intelligence and Warning
Border and Transportation Security
Domestic Counter-terrorism
Protecting Critical Infrastructures and
Key Assets
Defending against Catastrophic Terrorism
Emergency Preparedness and Response
To attain these objectives, the National Strategy for
Homeland Security aligns our homeland security efforts
into six critical mission areas: intelligence and warning,
border and transportation security, domestic counterterrorism, protecting critical infrastructures and key
assets, defending against catastrophic terrorism, and
emergency preparedness and response.
This document, the National Strategy for the Physical
Protection of Critical Infrastructures and Key Assets, the
Strategy,1 takes the next step to facilitate the strategic
planning process for a core mission area identified in
“The United States will forge an
unprecedented level of cooperation
throughout all levels of government,
with private industry and institutions,
and with the American people to
protect our critical infrastructure
and key assets from terrorist attack.”
-The National Strategy for Homeland Security
1
the National Strategy for Homeland Security—reducing
the Nation’s vulnerability by protecting our critical
infrastructures and key assets from physical attack. It
identifies a clear set of national goals and objectives
and outlines the guiding principles that will underpin
our efforts to secure the infrastructures and assets vital
to our national security, governance, public health and
safety, economy, and public confidence. It also provides
a unifying organizational structure and identifies
specific initiatives to drive our near-term national
protection priorities and inform the resource allocation
process. Most importantly, it provides a foundation for
building and fostering the cooperative environment in
which government, industry, and private citizens can
carry out their respective protection responsibilities
more effectively and efficiently.
This Strategy recognizes the many important steps
that public and private entities across the country
have taken in response to the World Trade Center and
Pentagon attacks on September 11, 2001, to improve
the security of their critical facilities, systems, and
functions. Building on these efforts, this Strategy
provides direction to the federal departments and
agencies that have a role in critical infrastructure and
key asset protection. It also suggests steps that state
and local governments, private sector entities, and
concerned citizens across America can take to
enhance our collective infrastructure and asset security.
Accordingly, this Strategy belongs and applies to the
Nation as a whole, not just to the federal government
or its constituent departments and agencies.
This Strategy complements the National Strategy to
Secure Cyberspace, which focuses on the identification,
assessment, and protection of interconnected information systems and networks. The Physical and Cyber
Strategies share common underlying policy objectives
and principles. Together, they form the road ahead for
one of our core homeland security mission areas.
The September 11 attacks on the World Trade Center
and the Pentagon demonstrated our national-level
physical vulnerability to the threat posed by a formidable enemy—focused, mass destruction terrorism.
The events of that day also validated how determined,
patient, and sophisticated—in both planning and
execution—our terrorist enemies have become.
Ironically, the basic nature of our free society greatly
enables terrorist operations and tactics, while, at the
same time, it hinders our ability to predict, prevent,
or mitigate the effects of terrorist acts. Given these
2
realities, it is imperative to develop a comprehensive
national approach to physical protection.
Protecting America’s critical infrastructures and key
assets represents an enormous challenge. Our Nation’s
critical infrastructures and key assets are a highly
complex, heterogeneous, and interdependent mix of
facilities, systems, and functions that are vulnerable to a
wide variety of threats. Their sheer numbers, pervasiveness, and interconnected nature create an almost
infinite array of high-payoff targets for terrorist
exploitation. Given the immense size and scope of the
potential target set, we cannot assume that we will be
able to protect completely all things at all times against
all conceivable threats. As we develop protective
measures for one particular type of target, our terrorist
enemies will likely focus on another. To be effective,
our national protection strategy must be based on a
thorough understanding of these complexities as we
build and implement a focused plan for action.
:
To frame the initial focus of our national protection
effort, we must acknowledge that the assets, systems,
and functions that comprise our infrastructure sectors
are not uniformly “critical” in nature, particularly in a
national or major regional context.
The first objective of this Strategy is to identify and
assure the protection of those assets, systems, and
functions that we deem most “critical” in terms of
national-level public health and safety, governance,
economic and national security, and public confidence.
We must develop a comprehensive, prioritized
assessment of facilities, systems, and functions of
national-level criticality and monitor their preparedness across infrastructure sectors. The federal
government will work closely with state and local
governments and the private sector to establish a
uniform methodology for determining national-level
criticality. This methodology will enable a focus on
high-priority activities and the development of
consistent approaches to counter the terrorist threat.
The second major objective is to assure the protection
of infrastructures and assets that face a specific,
imminent threat. Federal, state, and local governments
and private-sector partners must collaborate closely to
develop thorough assessment and alert processes and
systems to ensure that threatened assets receive timely
advance warnings. These entities must further
cooperate to provide focused protection against the
anticipated threat.
Finally, as we act to secure our most critical
infrastructures and assets, we must remain cognizant
that criticality varies as a function of time, risk, and
market changes. Acting to better secure our highest
priority facilities, systems, and functions, we should
expect our terrorist enemies to shift their destructive
focus to targets they consider less protected and more
likely to yield desired shock effects. Hence, the third
objective of this Strategy is to pursue collaborative
measures and initiatives to assure the protection of
other potential targets that may become attractive over
time. The focus will be to foster an environment in
which key public- and private-sector stakeholders can
better protect the infrastructures and assets they
control according to their specific responsibilities,
competencies, and capabilities.
The last three chapters of this Strategy detail the
cross-sector and sector-specific priority solution
paths we will pursue to achieve the fullest measure
of national protection possible across all categories
of critical infrastructures and key assets.
:
Protecting America’s critical infrastructures and key
assets calls for a transition to an important new
national cooperative paradigm. The basic tenets of
homeland security are fundamentally different from the
historically defined tenets of national security.
Historically, securing the United States entailed the
projection of force outside of our borders. We
protected ourselves by “keeping our neighborhood safe”
in the global, geopolitical sense. The capability and
responsibility to carry out this mission rested largely
with the federal government.
The emergence of international terrorism within our
borders has moved the front line of domestic security
to Main Street, U.S.A. Faced with the realities of the
September 11 attacks, the mission of protecting our
homeland now entails “keeping our neighborhood safe”
in the most literal sense. Safeguarding our Nation
against the terrorist threat depends on our ability to
marshal and project appropriate resources inward.
Respect for the open, pluralistic nature of our society;
the individual rights and liberties of our citizenry; and
our federalist system of government define the
framework within which security can be implemented.
Acting alone, the federal government lacks the
comprehensive set of tools and competencies required
“Homeland security is a concerted
national effort to prevent terrorist
attacks within the United States, reduce
America’s vulnerability to terrorism,
and minimize the damage and recover
from attacks that do occur.”
-The National Strategy for Homeland Security
to deliver the most effective protection and response
for most homeland security threats. Therefore, to
combat the threat terrorism poses for our critical
infrastructures and key assets, we must draw upon the
resources and capabilities of those who stand on the
new front lines—our local communities and private
sector entities that comprise our national critical
infrastructure sectors.
Forging this unprecedented level of cooperation will
require dramatic changes in the institutional mindsets
honed and shaped by Cold War-era regimes. Success
in this effort must be built and sustained over time.
This Strategy provides a starting point for defining how
this national-level cooperation can best be achieved.
In the context of a new national cooperative paradigm,
this Strategy further serves as an important vehicle for
educating the public and achieving realistic expectations on the emergent terrorist threat and the roles
government and industry must play in defending
against it. Public understanding and acceptance of this
Strategy is essential. The American public’s resilience
and support will be sustainable in the aftermath of
future terrorist attacks only if expectations are clearly
defined, attainable, and fulfilled.
This Strategy is comprehensive in scope and focused
in detail. The following chapters lay out a roadmap to
identify specific priority actions to be taken to assure
more comprehensive protection of our critical
infrastructures and key assets.
The Case for Action
This chapter discusses the role critical infrastructures and key assets play as a foundation of our
Nation’s economic security, governance, national
defense, public health and safety, and public
confidence. It describes in greater detail the characteristics of terrorism and the challenges we must
3
address to protect the Nation’s critical
infrastructures and key assets against this threat.
National Policy and Guiding Principles
This chapter describes the overarching national
policy and guiding principles that underpin this
Strategy and our collective approach to action.
Organizing and Partnering for Critical Infrastructure
and Key Asset Protection
This chapter provides an organizational structure
for our national-level critical infrastructure and key
asset protection effort. It also clarifies key publicand private-sector roles and responsibilities and
provides a collaborative framework for cross-sector
and cross-jurisdictional infrastructure and
asset protection.
Cross-Sector Security Priorities
This chapter addresses important cross-sector
issues, impediments to action, and the steps
necessary to address them. It describes actions to
foster cooperation, lower costs, and provide leverage
across key issue areas for maximum effect. In
concert, these initiatives form the framework
through which we will align the resources of the
federal budget to the critical infrastructure and
key asset protection mission.
4
Securing Critical Infrastructures
This chapter outlines protection priorities for
the critical infrastructure sectors identified in
the National Strategy for Homeland Security. The
overviews provided are designed to highlight pressing
issues in need of concerted attention at the individual
sector level. Each federal lead department and agency
will develop plans and programs to implement or
facilitate these priority sector initiatives.
Protecting Key Assets
This chapter describes protection considerations for
unique facilities, such as dams, nuclear power plants,
and national monuments and icons whose attack, in a
worst-case scenario, could present significant health
and safety and/or public confidence consequences.
Conclusion
This chapter summarizes the next steps required
to assure comprehensive protection of our critical
infrastructures and key assets.
________
1 The primary focus of this Strategy is the physical protection
of critical infrastructures and key assets. The protective
strategy for information technology and network assets for
specific sectors is discussed in detail in the National Strategy
to Secure Cyberspace. Accordingly, the protection of the
Information Technology component of the Information and
Telecommunications sector is not discussed in this document.
Developing an effective strategy for critical
infrastructure and key asset protection requires a clear
understanding of the threats we face and the potential
consequences they entail. The September 11 attacks
were a wake-up call. Before these devastating events,
we, as Americans, considered ourselves relatively
immune to a massive physical attack on our homeland.
Our victory in the Cold War left us with few significant conventional military threats, and the world of
terrorism seemed more the concern of troubled regions
like the Middle East than Middle America. As a
Nation, we were generally unfamiliar with the motivations of terrorists and the deep hatred behind their
agendas. Furthermore, we underestimated the depth
and scope of their capabilities and did not fully appreciate the extent to which they would go to carry out
their destructive acts. The September 11 attacks
changed these misconceptions.
Al-Qaeda terrorists exploited key elements of our own
transportation infrastructure as weapons. Their targets
were key assets symbolic of our national prestige and
military and economic power. The effects of the attacks
cascaded throughout our society, economy, and government. As a Nation, we became suddenly and painfully
aware of the extent of our domestic vulnerability—
more so than at any time since the Second World War.
To protect our critical infrastructures and key assets
from further terrorist exploitation, we must understand
the intent and objectives of terrorism as well as the
tactics and techniques its agents could employ against
various types of targets. We must complement this
understanding with a comprehensive assessment of the
assets to be protected, their vulnerabilities, and the
challenges associated with eliminating or mitigating
those vulnerabilities—a task that will require the
concerted efforts of our entire Nation.
5
The Importance of Critical Infrastructures
America’s critical infrastructure sectors provide the
goods and services that contribute to a strong national
defense and thriving economy. Moreover, their
continued reliability, robustness, and resiliency create
a sense of confidence and form an important part of
our national identity and strategic purpose. They also
frame our way of life and enable Americans to enjoy
one of the highest overall standards of living of any
country in the world.
When we flip a switch, we expect light. When we pick
up a phone, we expect a dial tone. When we turn a tap,
we expect drinkable water. Electricity, clean water, and
telecommunications are only a few of the critical infrastructure services that we tend to take for granted. They
have become so basic in our daily lives that we notice
them only when, for some reason, service is disrupted.
When disruption does occur, we expect reasonable
explanations and speedy restoration of service.
The National Strategy for Homeland Security categorizes
our critical infrastructures into the following sectors:
Agriculture
Food
Water
Public Health
Emergency Services
Government
Defense Industrial Base
Information and Telecommunications
Energy
Transportation
Banking and Finance
Chemical Industry and Hazardous Materials
Postal and Shipping
6
Critical infrastructures are “systems and
assets, whether physical or virtual, so
vital to the United States that the
incapacity or destruction of such systems
and assets would have a debilitating
impact on security, national economic
security, national public health or safety,
or any combination of those matters.”
– USA Patriot Act
Together these industries provide:
Production and Delivery of Essential Goods and Services
Critical infrastructure sectors such as agriculture,
food, and water, along with public health and
emergency services, provide the essential goods and
services that Americans depend on to survive.
Energy, transportation, banking and financial
services, chemical manufacturing, postal services,
and shipping sustain the Nation’s economy and
make possible and available a continuous array of
goods and services.
Interconnectedness and Operability
Information and telecommunications infrastructures
connect and increasingly control the operations of
other critical infrastructures.
Public Safety and Security
Our government institutions guarantee our national
security, freedom, and governance, as well as services
that make up the Nation’s public safety net.
The facilities, systems, and functions that comprise our
critical infrastructures are highly sophisticated and
complex. They consist of human capital and physical
and cyber systems that work together in processes that
are highly interdependent. They each encompass a
series of key nodes that are, in turn, essential to the
operation of the critical infrastructures in which they
function. To complicate matters further, our most
critical infrastructures typically interconnect and,
therefore, depend on the continued availability and
operation of other dynamic systems and functions.
For example, e-commerce depends on electricity as
well as information and communications. Assuring
electric service requires operational transportation and
distribution systems to guarantee the delivery of fuel
necessary to generate power. Such interdependencies
have developed over time and are the product of
innovative operational processes that have fueled
unprecedented efficiency and productivity. Given the
dynamic nature of these interdependent infrastructures
and the extent to which our daily lives rely on them,
a successful terrorist attack to disrupt or destroy them
could have tremendous impact beyond the immediate
target and continue to reverberate long after the
immediate damage is done.
The Importance of Key Assets
Key assets represent individual targets whose destruction could cause large-scale injury, death, or destruction
of property, and/or profoundly damage our national
prestige, and confidence. Such assets and activities
alone may not be vital to the continuity of critical
services on a national scale, but an attack on any one of
them could produce, in the worst case, significant loss
of life and/or public health and safety consequences.
This category includes such facilities as nuclear power
plants, dams, and hazardous materials storage facilities.
Other key assets are symbolically equated with
traditional American values and institutions or U.S.
political and economic power. Our national symbols,
icons, monuments, and historical attractions preserve
history, honor achievements, and represent the natural
grandeur of our country. They also celebrate our
American ideals and way of life—a key target of
terrorist attacks. Successful terrorist strikes against such
assets could profoundly impact national public confidence. Monuments and icons, furthermore, tend to be
gathering places for large numbers of people, particularly during high-profile celebratory events—a factor
that adds to their attractiveness as targets.
Ownership of key assets varies. The private sector owns
and operates dams and nuclear power plants as well as
most of this Nation’s large buildings holding important
commercial and/or symbolic value and/or housing large
numbers of people. The protection of national monuments and icons often entails overlapping state, local,
and federal jurisdictions. Some are managed and operated by private foundations. These realities complicate
our protective efforts.
Characteristics of Terrorism
The September 11 attacks offered undeniable proof
that our critical infrastructures and key assets represent
high-value targets for terrorism. The attacks underscored the determination and patience of our terrorist
enemies. The highly coordinated nature of the strikes
demonstrated a previously unanticipated level of
sophistication in terms of planning and execution.
Through these attacks, Al-Qaeda terrorists also showed
a dogged resolve in pursuit of their objectives. When
their first attempt to topple the World Trade Center
towers failed in 1993, they persisted by planning and
executing a second attack eight years later that proved
to be more successful than even they expected.
Our terrorist enemies have proven themselves to be
opportunistic and flexible. As illustrated by the two
separate World Trade Center attacks, they learn from
experience and modify their tactics accordingly. They
also adapt their methods in order to exploit newly
observed or perceived vulnerabilities. As security
increases around more predictable targets, they will
likely seek more accessible and less protected facilities
and events. Enhancing countermeasures against any
one terrorist tactic, therefore, makes it more likely that
terrorists will favor another.
Terrorists are inventive and resourceful in terms of
target selection, as well as in the selection and use of
specific instruments of violence and intimidation. They
exploit vulnerabilities wherever they exist, with any
means at their disposal, at times and locations of their
choosing. Terrorists are attempting to acquire a broad
range of weapons, from high-yield conventional
explosives and firearms to weapons of mass destruction. Oftentimes the nature of the target will dictate
the weapon of choice. Other times the availability of a
particular type of weapon, such as a nuclear or
biological device, will determine target selection.
The matching of means to ends is limited only by the
creativity and resources of the terrorists; the only
constant is their desire to inflict maximum destruction,
injury, and shock in pursuit of their strategic objectives.
Terrorism is with us for the foreseeable future.
Following the September 11 attacks, President Bush
stated that the war on terrorism would be a long-term
effort. While the tools and tactics of terrorists may
change, their fundamental determination remains the
same. Those with enmity toward the U.S. and its
interests consider terrorism an effective weapon to use
against us, and they will continue to employ such
tactics until we can prove that it is not.
The Nature of Possible Attacks
The terrorist endgame includes a complex mix of
political, economic, and psychological objectives. To
achieve their objectives, terrorists may choose to target
critical infrastructures and key assets as low-risk means
to generate mass casualties, shock, and panic.
7
Terrorists target critical infrastructure and key assets to
achieve effects that fall into three general categories:
• Direct infrastructure effects: Cascading disruption or
arrest of the functions of critical infrastructures or
key assets through direct attacks on a critical node,
system, or function.
The immediate damage to facilities and disruption
of services that resulted from the attack on the
World Trade Center towers, which housed critical
assets of the financial services sector, are examples of
direct infrastructure effects.
• Indirect infrastructure effects: Cascading disruption
and financial consequences for government, society,
and economy through public- and private-sector
reactions to an attack.
Public disengagement from air travel and other
facets of the economy as a result of the September
11 attacks exemplifies this effect. Mitigating the
potential consequences from these types of attacks
will require careful assessment of policy and regulatory responses, understanding the psychology of
their impacts, and appropriately weighing the costs
and benefits of specific actions in response to
small-scale attacks.
• Exploitation of infrastructure: Exploitation of
elements of a particular infrastructure to disrupt or
destroy another target.
On September 11, terrorists exploited elements of
the aviation infrastructure to attack the World Trade
Center and the Pentagon, which represented seats
of U.S. economic and military power. Determining
the potential cascading and cross-sector consequences of this type of attack is extremely difficult.
The New Front Lines
Our technologically sophisticated society and
institutions present a wide array of potential targets
for terrorist exploitation. Our critical infrastructure
industries change rapidly to reflect the demands of the
markets they serve. Much of the expertise required for
planning and taking action to protect critical infrastructures and key assets lies outside the federal government,
including precise knowledge of what needs to be
protected. In effect, the front lines of defense in this
new type of battle have moved into our communities
and the individual institutions that make up our
critical infrastructure sectors.
8
Private industry owns and operates approximately
85 percent of our critical infrastructures and key assets.
Facility operators have always been responsible for
protecting their physical assets against unauthorized
intruders. These measures, however conventionally
effective, generally have not been designed to cope with
significant military or terrorist threats, or the cascading
economic and psychological impact they may entail.
The unique characteristics of critical infrastructures and
key assets, their continuing—often rapid—evolution,
and the significant impediments complicating their
protection will require an unprecedented level of key
public- and private-sector cooperation and coordination.
Our country has more than 87,000 jurisdictions of local
governance alone. The challenge ahead is to develop a
coordinated and complementary system that reinforces
protection efforts rather than duplicates them, and that
meets mutually identified essential requirements. In
addition, many of our critical infrastructures also span
national borders and, therefore, must be protected
within the context of international cooperation.
:
Our open society, highly creative and responsive
economic markets, and system of values that engenders
individual recognition and freedom have created wealth
for our nation, built a strong national security system,
and instilled a sense of national confidence in the
future. Destruction of our traditions, values, and way of
life represents a key objective of our terrorist enemies.
Ironically, the tenets of American society that make us
free also create an environment that facilitates
terrorist operations.
As we strive to understand the nature of terrorism and
identify appropriate means to defend against it, we will
require new collaborative structures and mechanisms
for working together. During the Cold War era, many
government and private organizations isolated parts
of their physical and information infrastructures into
“stovepipes” to assure their protection. This approach
is no longer adequate to protect our homeland from
determined terrorists. Stimulating voluntary, rapidly
adaptive protection activities requires a culture of trust
and ongoing collaboration among relevant public- and
private-sector stakeholders, rather than more traditional systems of command and control.
Security investments made by all levels of government
and private industry have increased since the
September 11 attacks. As terrorism continues to
evolve, so must the way in which we protect our
country and ourselves. The costs of protection—
including expenditures to develop new technologies,
tools, and procedures—will weigh heavily on all levels
of government and private industry. Consequently, an
effective protection strategy must incorporate wellplanned and highly coordinated approaches that have
been developed by the best minds in our country
through innovation and sharing of information, best
practices, and shared resources.
National Resilience: Sustaining Protection
for the Long Term
Combating terrorism will be a long-term effort. Its
dynamic nature means that we must enhance the
protection of our critical infrastructures and key assets
in an environment of persistent and evolving threats.
Our Nation’s critical infrastructures are generally
robust and resilient. These attributes result from
decades of experience gained from responding to
natural disasters, such as hurricanes and floods, and
the deliberate acts of malicious individuals. The
critical infrastructure sectors have learned from each
disruption and applied those lessons to improve their
protection, response, and recovery operations. For
example, during the immediate aftermath of the
September 11 attacks, the electric system in New York
City remained operational for the island of Manhattan
outside of the World Trade Center complex—Ground
Zero. Furthermore, needed electric service at Ground
Zero was quickly and efficiently restored to support
rescue and recovery operations. This success is a good
example of American ingenuity, as well as a tenacious
application of lessons learned from the 1993 World
Trade Center bombing and other terrorist events.
Resilience is characteristic of most U.S. communities,
and it is reflected in the ways they cope with natural
disasters. Over time, residents of communities in areas
that are persistently subjected to natural disasters
become accustomed to what to expect when one
occurs. Institutions and residents in such areas grow to
understand the nature of catastrophic events, as well as
their roles and responsibilities in managing their aftereffects. They are also familiar with and rely on trusted
community systems and resources that are in place
to support protection, response, and recovery efforts.
As a result, they have confidence in their communities’
abilities to contend with the aftermath of disasters
and learn from each event.
Institutions and residents nationwide must likewise
come to understand the nature of terrorism, its consequences, and the role they play in combating it. Ideally,
they will become familiar with and have confidence in
Agriculture and Food
1,912,000 farms; 87,000
food-processing plants
Water
1,800 federal reservoirs;
1,600 municipal waste
water facilities
Public Health
Emergency Services
5,800 registered
hospitals
87,000 U.S. localities
Defense Industrial Base 250,000 firms in 215
distinct industries
Telecommunications
Energy
Electricity
Oil and Natural Gas
Transportation
Aviation
Passenger Rail
and Railroads
2 billion miles of cable
2,800 power plants
300,000 producing sites
5,000 public airports
120,000 miles of major
railroads
Highways, Trucking,
and Busing
590,000 highway
bridges
Pipelines
2 million miles of
pipelines
Maritime
300 inland/costal ports
Mass Transit
500 major urban public
transit operators
Banking and Finance
Chemical Industry and
Hazardous Materials
Postal and Shipping
Key Assets
National Monuments
and Icons
Nuclear Power Plants
Dams
Government Facilities
Commercial Assets
26,600 FDIC insured
institutions
66,000 chemical plants
137 million delivery
sites
5,800 historic buildings
104 commercial nuclear
power plants
80,000 dams
3,000 government
owned/operated facilities
460 skyscrapers
*These are approximate figures.
9
the protection, response, and recovery mechanisms that
exist within their communities. Together with local
officials, private organizations and residents must work
to improve these systems and resources to meet the
challenge of safeguarding our country from terrorists.
Our challenge is to identify, build upon, and apply the
lessons learned from the September 11 attacks to
10
anticipate and protect against future terrorist attacks on
our critical infrastructures and key assets. Our ability to
do so will determine how successfully we adapt to the
current dynamic threat environment and whether we
can emerge as a stronger, more vibrant nation with our
values and way of life intact.
This document reaffirms our Nation’s longstanding
policy regarding critical infrastructure and key asset
protection. It also delineates a set of guiding principles
that underpins our strategy for action to protect our
Nation’s critical infrastructures and key assets from
terrorist attack.
As a Nation, we are committed to protecting our
critical infrastructures and key assets from acts of
terrorism that would:
• Impair the federal government’s ability to perform
essential national security missions and ensure the
general public’s health and safety;
• Undermine state and local government capacities to
maintain order and to deliver minimum essential
public services;
• Damage the private sector’s capability to ensure the
orderly functioning of the economy and the delivery
of essential services; and
• Undermine the public’s morale and confidence in
our national economic and political institutions.
As a Nation, we must utilize every tool at our disposal
and work collaboratively to develop and implement the
protective measures that this policy entails. The
strategic objectives discussed in the Introduction will
focus and drive this effort.
Our domestic protection efforts are grounded in core
strengths and values that we have traditionally relied
upon during major periods of crisis in our Nation’s
history. Using these core strengths and values as a
guide, eight principles underpin this Strategy and its
associated enabling initiatives:
1. Assure public safety, public confidence,
and services
Anticipating that widespread or large-scale
disruptions will undermine public confidence in our
political and economic institutions, terrorists will
continue to use horrific violence against people and
property to impact the efficient functioning of our
society and economy. By making strategic improvements in security and reducing the vulnerability of
our Nation’s critical infrastructures and key assets to
such physical attack—particularly those involving
the most catastrophic potential consequences—this
strategy seeks to reassure the public and reinforce its
confidence in our institutions and systems.
11
By making our infrastructures and key assets more
robust through such measures as deliberate redundancies, hardening, and dispersal, we increase their
capacity to withstand attack without sustaining
significant damage. Through effective protection
and response planning, we make them more
resilient to allow for the quick restoration of critical
services to minimize the detrimental effects to our
economy and public welfare. Implementing and
exercising well-developed plans assures their
effectiveness in times of crisis and is key to shaping
public expectations and instilling confidence in our
Nation’s ability to manage the aftermath of
terrorist attacks.
2. Establish responsibility and accountability
This Strategy recognizes the crucial role of
government, industry, and the public at large in
protecting our critical infrastructures and key assets
from terrorist attack. Our valued heritage of
federalism and limited government decentralizes
our governance and affords private citizens and
institutions with certain rights and freedoms to
conduct their lives and businesses. In this context,
organizations and individuals outside of the federal
government must take the lead in many aspects of
critical infrastructure and key asset protection.
Consequently, a key component of this Strategy
is the delineation of roles, responsibilities, and
accountability among the various public- and
private-sector entities that have an important part
to play in domestic protection. This necessarily
encompasses the mechanisms required to coordinate
and integrated protection policies, planning,
resource management, performance measurement,
and enabling initiatives across federal, state, and
local governments and the private sector.
3. Encourage and facilitate partnering among all levels of
government and between government and industry
Critical infrastructure and key asset protection
concerns span all levels of government as well as
the private sector. Protection over the long term is
necessarily a shared responsibility that involves
mustering resources and expertise nationwide. The
National Strategy for Homeland Security recognizes
the need to mobilize our entire society in a collective effort to defend our homeland. Accordingly, it
places great emphasis on “the crucial role of state
and local governments, private institutions, and the
American people.” This principle is central to our
critical infrastructure and key asset protection effort.
12
Every disruption or attack is initially a local
problem. Because of the immediate effects
experienced by local communities, state and local
governments, and private-sector infrastructure
owners and operators invariably form the vanguard
of response when terrorists strike. Consequently,
public confidence depends heavily on how well the
community implements protective measures and
plans in advance of a crisis. Accordingly, the federal
government will provide overall support,
coordination, and focused leadership to foster an
environment in which all stakeholders can better
carry out their individual protection responsibilities.
4. Encourage market solutions whenever possible;
compensate for market failure with focused government
intervention
Protecting our Nation’s critical infrastructures and
key assets requires a broad spectrum of possible
government actions, including: improving
understanding and awareness of the current threat
environment; providing threat indications and
warnings; investing in research and development;
transferring pilot technology; exploring various
forms of financial incentives; and taking targeted
regulatory action, where appropriate.
Through this Strategy, the federal government strives
to encourage proactive, market-based protective
solutions. Many of the critical infrastructure sectors
are currently highly regulated, and additional regulatory directives or mandates should only be necessary
in instances where market forces are insufficient to
prompt the investments necessary to assure critical
infrastructure and key asset protection. They may
also be used when a uniform national standard or
coordinated response is required to address a particularly challenging threat, especially in the context of
cross-sector interdependencies.
In many cases, incentives can reinforce knowledge
and experience within the private sector and state
and local governments, including the development
of new tools and innovative processes that are
appropriate for their particular systems, operations,
and security challenges. Incentives can also help to
offset certain negative aspects of market dynamics,
such as the natural tendency of market pressures to
eliminate redundancies, and, hence, create single
points of failure.
5. Facilitate meaningful information sharing
Information sharing underpins any true partnership
and is necessary to mitigate the threat posed by a
cunning, adaptive, and determined enemy. To
formulate comprehensive security plans and make
informed security investment and action decisions,
individuals and institutions alike require timely,
accurate, and relevant information. Accordingly, we
must adopt measures to identify and evaluate potential impediments or disincentives to security-related
information sharing and formulate appropriate
measures to overcome these barriers. We must also
develop and facilitate reliable, secure, and efficient
communications and information systems to
support meaningful information sharing among
various public- and private-sector entities.
6. Foster international security cooperation
Following the events of September 11, the United
States moved quickly to engage friends and allies
around the world in the war on terrorism. We also
took prompt action with Canada and Mexico to
initiate programs designed to improve the security
of our shared borders and trans-border infrastructures. Further global engagement is needed to
protect our critical infrastructures and key assets
from terrorists. In a world characterized by complex
interdependencies, international cooperation is a key
component of our protective scheme.
7. Develop technologies and expertise to combat
terrorist threats
The National Strategy for Homeland Security
underscores the importance of science and
technology as key elements of homeland security.
Our efforts to secure critical infrastructures and
key assets must fully leverage our technological
advantages to make protection more effective,
more efficient, and less costly. Pooling our national
resources and fostering collaboration between the
public and private sectors will enable us to capitalize
on emerging technologies and enhance our
protection against the most lethal threats.
Similarly, through advances in modeling, simulation,
and analysis we can improve our understanding of
the complex, interdependent nature of the infrastructures and assets we must protect. Emergent
capabilities in this area will facilitate protection
planning, decision making, and resource allocation.
8. Safeguard privacy and constitutional freedoms
Our society is a tapestry of diverse races, ethnicities,
cultures, religions, and political viewpoints. This
pluralism and our ability as a society to accommodate diversity significantly contribute to America’s
strength. However, as the National Strategy for
Homeland Security observes, our free society is also
inherently vulnerable. Nevertheless, achieving security at the expense of the civil rights and liberties
that form an integral part of our national character
would hand a victory to terrorism.
Consequently, we must accept some level of terrorist
risk as a persisting condition in our daily lives.
The challenge is finding the path that enables us
to mitigate risk and defend our country while
preserving the freedoms and liberties that shape
our way of life. In providing for our collective
protection, we will respect privacy, the freedom of
expression, the freedom of movement, the freedom
from unlawful discrimination, and other cherished
liberties that define us as a Nation.
13
14
Implementing a comprehensive national critical
infrastructure and key asset protection strategy requires
clear and unifying organization, clarity of purpose,
common understanding of roles and responsibilities,
accountability, and a set of well-understood coordinating processes. A solid organizational scheme sets
the stage for effective engagement and interaction
between the public and private sectors. Without it,
accomplishing the task of coordinating and integrating
domestic protection policy, planning, resource
management, performance measurement, and enabling
initiatives across federal, state, and local governments,
and the private sector would be impossible.
complementary, collaborative relationships and
efficiently aligns our Nation’s protection resources.
In our federalist system of government, federal, state,
and local governments and private industry have
specific roles and perform certain functions that must
be integrated to assure protection. Additionally, each
critical infrastructure owner/operator possesses unique
capabilities, expertise, and resources that, when integrated appropriately, can contribute to a comprehensive
national protection effort.
The work of providing a clearly defined and unifying
organizational framework began with the publication
of the President’s National Strategy for Homeland
Security and continues in this document. This chapter
clarifies public- and private-sector roles and responsibilities for critical infrastructure and key asset
protection. Ultimately, success lies in our ability to
draw effectively and efficiently upon the unique core
competencies and resources of each stakeholder. Given
the range and complexity of required protection
activities and the number of entities involved, clearlydefined authority, accountability, and coordinating
processes will provide the foundation for a successful
and sustainable national protection effort.
Overlapping federal, state, and local governance and
the ownership structure of our critical infrastructures
and key assets present significant protection challenges.
The entities involved are diverse, and the level of
understanding of protection roles and responsibilities
differs accordingly. Furthermore, these organizations
and individuals represent systems, operations, and
institutional cultures that are complex and diverse.
The range of protective activities that each must
undertake is vast and varies from one enterprise to
the next. Finally, overlapping protection authorities
across federal, state, and local jurisdictions vary greatly.
Success in implementing this Strategy’s wide range of
protection activities lies in establishing a unifying organizational framework that allows the development of
15
Federal Government Responsibilities
The federal government has fundamental, clearly
defined responsibilities under the Constitution.
Providing for the common defense and promoting the
general welfare of our country are among them. The
federal government alone has the capability to use
military, intelligence, and diplomatic assets to defend
America’s interests outside its borders. Closer to home,
with support from state and local governments, the
federal government has also traditionally led the effort
to maintain the security of our borders. To prevent
terrorists from entering the U.S., the federal government employs several tools unique to its arsenal,
including: military, diplomatic, and intelligencegathering activities; immigration and naturalization
functions; and border agents, customs inspectors,
and port and air terminal security.
The federal law enforcement apparatus consists of
mechanisms that allow it to coordinate multijurisdictional approaches to security threats and incidents and the pursuit of perpetrators across state lines
and overseas. Additionally, federal agencies conduct
vital research activities, coordinate protection planning
and incident management, and provide material and
other types of support to state and local authorities.
These capabilities serve as elements of deterrence,
prevention, protection, and incident response.
Beyond such critical services and functions, the federal
government has the capacity to organize, convene, and
coordinate across governmental jurisdictions and the
private sector. It therefore has the responsibility to
develop coherent national policies, strategies, and
programs. In the context of homeland security, the
federal government will coordinate the complementary
efforts and capabilities of government and private
institutions to raise our level of protection over the
long term for each of our critical infrastructures and
key assets.
Every terrorist event has national impact. The federal
government will therefore take the lead to insure
that the three principal objectives defined in the
Introduction of this Strategy are met. This leadership
role involves:
• Taking stock of our most critical facilities, systems,
and functions and monitoring their preparedness
across sectors and governmental jurisdictions;
• Assuring that federal, state, local, and private
entities work together to protect critical facilities,
systems, and functions that face an imminent threat
and/or or whose loss would have significant,
national-level consequences;
16
• Providing and coordinating national threat assessments and warnings that are timely, actionable, and
relevant to state, local, and private sector partners;
• Creating and implementing comprehensive,
multi-tiered protection policies and programs;
• Exploring potential options for enablers and
incentives to encourage public- and-private sector
entities to devise solutions to their unique
protection impediments;
• Developing protection standards, guidelines,
and protocols across sectors and jurisdictions;
• Facilitating the exchange of critical infrastructure
and key asset protection best practices and
vulnerability assessment methodologies;
• Conducting demonstration projects and pilot
programs;
• Seeding the development and transfer of advanced
technologies while taking advantage of private
sector expertise and competencies;
• Promoting national-level critical infrastructure and
key asset protection education and awareness; and
• Improving its ability to work with state and local
responders and service providers through partnership.
As custodian of many of our Nation’s key assets, such
as some of our most treasured icons and monuments,
and as the owner and operator of mission-critical facilities, the federal government also has significant, direct
protection responsibilities. Accordingly, the federal
government will take appropriate steps to:
• Identify its own critical facilities, systems,
and functions;
• Identify the critical nodes upon which these
assets depend;
• Assess associated vulnerabilities; and
• Implement appropriate steps to mitigate those
vulnerabilities and protect the infrastructures and
assets under its control.
Federal Lead Departments and Agencies
Each critical infrastructure sector has unique security
challenges. The National Strategy for Homeland Security
provides a sector-based organizational scheme for
protecting America’s critical infrastructures and key
assets. (See Federal Organization for Critical
Infrastructure and Key Asset Protection, p. 18.) This
organizational scheme identifies the federal lead
departments and agencies charged with coordinating
protection activities and cultivating long-term collaborative relationships with their sector counterparts.
In addition to securing federally-owned and -operated
infrastructures and assets, the roles of the federal lead
departments and agencies are to assist state and local
governments and private-sector partners in their efforts to:
• Organize and conduct protection and continuity
of operations planning, and elevate awareness and
understanding of threats and vulnerabilities to
critical facilities, systems, and functions;
• Identify and promote effective sector-specific,
risk-management policies and protection practices
and methodologies; and
• Expand voluntary, protection-related information
sharing among private entities within sectors, as
well as between government and private entities.
Each federal lead department or agency selects a “sector
liaison,” who represents industry’s primary interface
with the government. Industry’s counterpart, the “sector
coordinator,” is designated by the federal lead department or agency to serve as a neutral party and facilitate
sector coordination for a wide range of planning and
activities to secure critical facilities and systems.
The federal government will expand on this model of
public-private sector cooperation as a key component
of our strategy for action. Accordingly, the federal lead
departments and agencies of critical infrastructure
sectors newly identified in the National Strategy for
Homeland Security will take immediate steps to
designate sector liaisons and coordinators and initiate
protection activities. This will include identifying
critical facilities, systems, and functions within their
sectors and facilitating the development of sector
protection plans.
Department of Homeland Security
The organizational model of federal lead departments
and agencies provides a focused leadership structure for
national-level protection coordination and planning.
The newly created Department of Homeland Security
(DHS) will significantly enhance the effectiveness of
this model by providing overall cross-sector coordination. In this role, DHS will serve as the primary liaison
and facilitator for cooperation among federal departments and agencies, state and local governments, and
the private sector.
As the cross-sector coordinator, DHS will also be
responsible for the detailed refinement and implementation of the core elements of this Strategy. This charter
includes building and maintaining a complete, current,
and accurate assessment of national-level critical assets,
systems, and functions, as well as assessing vulnerabilities and protective postures across the critical
infrastructure sectors. DHS will use this information to
assess threats, provide timely warnings to threatened
infrastructures, and build “red team” capabilities to
evaluate preparedness across sectors and government
jurisdictions. Furthermore, DHS will collaborate with
other federal departments and agencies, state and local
governments, and the private sector to define and
implement complementary structures and coordination
processes for critical infrastructure and key asset protection. An effective starting point for this effort is the
approach presently employed by federal lead departments and agencies and state and local governments to
cooperate when responding to natural disasters.
In addition to cross-sector coordination, DHS will
act as the federal lead department for several sectors,
including government, emergency response, transportation, postal and shipping, and information and
telecommunications.
To fulfill these responsibilities, DHS will:
Build partnerships with state and local governments and
the private sector by designing and implementing its own
processes to be open, inclusive, and results-oriented.
• Actively develop opportunities to build upon
proven models;
• Identify and share the federal government’s core
competencies, capabilities, and selected resources to
enhance the efforts of its partners; and
• Facilitate honest brokering and communication
between organizations and sectors.
Office of Homeland Security
The Office of Homeland Security (OHS) will
continue to act as the President’s principal policy advisory staff and coordinating body for major interagency
policy issues related to Homeland Security, including
the critical infrastructure and key asset protection
mission area. The functions of OHS will be to advise
and assist the President in the coordination of the
Executive Branch’s efforts to detect, prepare for,
prevent, protect against, respond to, and recover from
terrorist attacks within the United States. OHS will
work with the Office of Management and Budget
(OMB) to integrate and endorse the President’s
critical infrastructure and key asset protection budget
proposals. Under its existing authority, OHS will also
work with OMB to certify that the budgets of other
federal departments and agencies are sufficient to carry
out their respective protection missions effectively.
17
President
Secretary of Homeland Security
Federal, state, local, and private sector coordination and integration
Comprehensive national infrastructure protection plan
Mapping threats to vulnerabilities and issuing warnings
Sector
Agriculture
Food:
Meat and poultry
All other food products
Water
Public Health
Lead Agency
Department of Agriculture
Department of Agriculture
Department of Health & Human Services
Environmental Protection Agency
Department of Health & Human Se…
