Through this program, the Department of Homeland Security's Office of Infrastructure Protection (IP) works closely with federal, state, and local homeland security authorities, as well as the private-sector owners and operators, to identify security enhancements and protective measures.
The Comprehensive Review (CR) Program contributes to our homeland security by:
Fostering candid, open dialogue among all stakeholders to reach decisions about what additional protective and response measures are most appropriate for the given facility, the community, and the sector;
Identifying and resolving gaps in protection, planning, security, and response for the community around the facility, the facility itself, and federal/state/local emergency responders, and by identifying equipment shortfalls for protective and emergency response operations; and
Supporting investment and budgeting decisions for the most efficient allocation of resources through various grant programs.
The Department began the CR effort in May 2005 with the nuclear sector. In September 2007, IP’s Protective Security Coordination Division (PSCD) had completed CRs at all 104 nuclear power generation reactors, nationwide.
Comprehensive Review Process
Every CR uses a standard set of tools and templates to develop a given facility’s complete risk profile—including vulnerability to a variety of threats, the range of consequences related to the threats, and an evaluation of the existing security and response capabilities.
The process provides a vehicle for discussion with stakeholders on potential enhancements to security in and around the site. This framework assists in reducing vulnerabilities, implementing appropriate protective measures, and mitigating the potential consequences of a successful attack.
The CR team meets prior to the site visit and reviews the consequence and vulnerability information provided by the facility owner/operator as well as the various preexisting security and emergency response plans.
Following the orientation, the CR team deploys to conduct a site or regional visit, during which team members interact with key security personnel and emergency planning staff at each facility, selected operations and engineering personnel, and state and local law enforcement and emergency management leadership.
Comprehensive Review Team Structure
CR teams for each sector are led by PSCD and Sector Specific Agency Executive Management Office (SSA EMO), and include representation from federal agencies such as the following:
the US Coast Guard (USCG),
Federal Emergency Management Agency (FEMA),
Federal Bureau of Investigation (FBI),
Environmental Protection Agency (EPA),
Transportation Security Administration (TSA),
National Cybersecurity Division (NCSD), and
Nuclear Regulatory Commission (NRC).
The federal team works cooperatively with the State Homeland Security Advisor (HSA), and state, county, and local emergency managers and planners, and emergency response agencies, as well as private representatives and associations.
Comprehensive Review Results
Following the visit, the CR team reviews the information gathered and conducts analysis. The information is shared with appropriate stakeholders, including federal agencies, state/local law enforcement, emergency management organizations, and facility owners/operators.
Each CR produces the following:
- Identification of shortfalls (gaps) in resources, evaluation of response capabilities, coordination of all agency-specific response plans as well as training needs, and options to address protective and response challenges.
- The planning, tracking, and measurement of security and response capabilities and identification of their impact on the security and risk standing of the site.
CR data is also subsequently analyzed for sector and cross-sector trends. This information may be used to inform future federal investment decisions, or point to areas where research is required to evolve additional protective measures.