There can be no doubt that the nature of our world today is one of constant, rapid change. Events and disruptions to everyday operations happen—some that we can predict or forecast, others that we cannot. As a result, the owners and operators of the Nation's critical infrastructure need to be resilient and able to recover from any type of hazard.
"What do we really mean when we talk about resilience?" What actions can the homeland security enterprise take to promote greater resilience?" The 2010 DHS Quadrennial Homeland Security Review identifies four strategic goals of resilience: (1) Enhanced preparedness, (2) Effective emergency response, (3) Rapid recovery, and (4) hazard mitigation. These four goals encompass the actions that will be necessary to manage the consequences of any incident and to quickly restore operations.
Based on these goals and the strategic direction provided by the QHSR, I initiated an IP Resilience Initiative in August to unify critical infrastructure activities around this important document. I am encouraged by what we have found so far, though there is surely more that we and our partners can and must do. I would like to talk briefly about three current IP programs that help our government and private sector partners to strengthen the resilience of critical infrastructure throughout the Nation.
One of our most important resilience initiatives is the Regional Resiliency Assessment Program. The RRAP evaluates critical infrastructure in specific geographic regions to examine vulnerabilities, threats, and potential consequences from an all-hazards perspective. RRAP assessments identify regional critical infrastructure dependencies that could be affected by events or disasters, and also evaluate a system’s ability to quickly recover. This practical, real-world approach to resilience is leading to tangible, on-the-ground results. For example, we are pairing Protective Security Advisors with Regional Directors and mission collaboration teams to help regions uncover critical infrastructure dependencies, cascading effects, and gaps in capabilities, as well as synergies derived from tapping into shared resources that they may not have known were available to them. My hope is that the RRAP will continue to grow and become a model for how to implement meaningful critical infrastructure security activities.
I also want to acknowledge another Department-wide effort of which IP is a part—the Private Sector Preparedness Accreditation and Certification Program, or PS-Prep. PS-Prep, codified in the 9/11 Act, establishes a remarkable public-private partnership. It's a voluntary program that enables private sector entities to be certified - by objective third party entities - as meeting DHS preparedness standards. PS-Prep provides a tangible way for DHS and its partners to identify and recognize specific companies as compliant with resilience-based standards—and we are excited about the feedback we have been receiving from the private sector. The three standards of PS-Prep go right to the heart of resilience, addressing organizational preparedness, and emergency and business continuity. Given that companies of all kinds are eligible for certification, this program goes well beyond critical infrastructure security and demonstrates how raising awareness of critical infrastructure resilience can spill over into resilience among all types of companies and their communities.
(3) Information Sharing
In my view, part of critical infrastructure resilience is empowering owners and operators to make decisions in an evolving threat environment. This requires DHS to share security and risk information. IP has long recognized the importance of information sharing to maintaining strong partnerships. We have built an entire critical infrastructure information sharing environment to support the critical infrastructure community, and this environment can—and will—be a key component of IP’s resilience programs. Recently, IP hosted several webinars, briefings, and other events across the country to ensure that our partners have the information that they need about the risks we face—and about how to manage those risks. More about critical infrastructure information sharing.
The Future of the IP Resilience Initiative
Through the RRAP, PS-PREP, and our information sharing programs, IP is promoting resilience among our critical infrastructure partners. We also know that this handful of programs is not enough. Accordingly, the Resilience Initiative is, in part, focusing on developing further efforts that support rapid recovery of critical infrastructure and identifying gaps in programming so that we will be better able to develop solutions to address those gaps with the help of our partners. This organic approach to resilience, in my view, is not an academic exercise done in a vacuum. Instead, it utilizes the Department-driven definitions of resilience, as well as information and feedback from our partners and other stakeholders.
As Critical Infrastructure Protection Month 2010 draws to a close, I am looking forward to our work on this exciting initiative in 2011.
For more information about critical infrastructure programs, visit www.dhs.gov/criticalinfrastructure