[Federal Register: June 6, 2008 (Volume 73, Number 110)] [Notices] [Page 32341-32343] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2008-0054] Review and Revision of the National Infrastructure Protection Plan AGENCY: National Protection and Programs Directorate, DHS. ACTION: Notice and request for comments. ----------------------------------------------------------------------- SUMMARY: This notice informs the public that the Department of Homeland Security (DHS) is currently reviewing the National Infrastructure Protection Plan (NIPP) and, as part of a comprehensive national review process, solicits public comment on issues or language in the NIPP that need to be updated in this triennial review cycle. DATES: Written comments must be submitted on or before July 7, 2008. ADDRESSES: Comments must be identified by docket number DHS-2008-0054 and may be submitted by one of the following methods: Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. E-mail: Nipp@dhs.gov. Include the docket number in the subject line of the message. Facsimile: 703-235-3057. Mail: Larry L. May, NPPD/IP/POD/NIPP Program Management Office; Mail Stop 8530, Department of Homeland Security, 245 Murray Lane, SW., Washington, DC 20528-8530. FOR FURTHER INFORMATION CONTACT: Larry L. May, Deputy Director, NIPP Program Management Office (PMO) Partnership and Outreach Division, Office of Infrastructure Protection, National Protection and Programs Directorate, Department of Homeland Security, Washington, DC 20528, 703-235-3648 or NIPP@dhs.gov. SUPPLEMENTARY INFORMATION: I. Public Participation DHS invites interested persons to contribute suggestions and comments for the revision of the National Infrastructure Protection Plan (NIPP) by submitting written data, views, or arguments. Comments that will provide the most assistance to DHS in revising the NIPP will explain the reason for any [[Page 32342]] recommended changes to the NIPP and include data, information, or authority that supports such recommended change. Linking changes to specific sections of the NIPP would also be helpful. There will be an opportunity to review a revised NIPP reflecting the various changes later this year. Instructions: All submissions received must include the agency name and docket number for this action. All comments received will be posted without change to http:// www.regulations.gov, including any personal information provided. You may submit your comments and material by one of the methods specified in the ADDRESSES section. Please submit your comments and material by only one means to avoid the adjudication of duplicate submissions. If you submit comments by mail, your submission should be an unbound document and no larger than 8.5 by 11 inches to enable copying and electronic document management. If you want DHS to acknowledge receipt of comments by mail, include with your comments a self-addressed, stamped postcard that includes the docket number for this action. We will date your postcard and return it to you via regular mail. Docket: Background documents and comments received can be viewed at http://www.regulations.gov. II. Background The NIPP sets forth a comprehensive risk management framework and clearly defines critical infrastructure protection roles and responsibilities for the DHS; Sector-Specific Agencies (SSAs); and other Federal, State, local, tribal, territorial, and private-sector security partners. The NIPP provides a coordinated approach for establishing national priorities, goals, and requirements for infrastructure protection so that funding and resources are applied in the most effective manner. The NIPP risk management framework responds to an evolving risk landscape; as such, there will always be changes to the NIPP--from relatively minor to more significant. The 2006 NIPP established the requirement to fully review and reissue the plan every three years to ensure that it is current and of maximum value to all security partners. To assist the reviewer as we proceed with this process, an internal review of the NIPP by DHS has occurred and an initial list of potential changes to the NIPP is included in this notice. The purpose of this notice is to invite interested parties to suggest additional changes that would make the 2009 NIPP more relevant and useful as a National level document and within the framework of HSPD-7. Some of the known changes that will be addressed in this revision of the NIPP are: Establishment of Critical Manufacturing as the 18th critical infrastructure and key resources (CIKR) sector Release of the chemical security regulation Publishing of the Sector-Specific Plans (SSPs) Sector name changes Designation of the Education Subsector Removal of references to the National Asset Database (NADB) and replacement with information on the Infrastructure Information Collection System and the Infrastructure Data Warehouse Revision of the discussion of risk assessment methodologies Update on the Protected Critical Infrastructure Information (PCII) program Clarification of NIPP CIKR Protection Metrics Update on the State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC) Homeland Security Information Network (HSIN) update Further definition of the CIKR Information-Sharing Environment (ISE) Critical Infrastructure Warning Information Network (CWIN) Evolution from the National Response Plan to the National Response Framework Further information on the National Infrastructure Simulation and Analysis Center (NISAC) Update on the Protective Security Advisor Program Additional Homeland Security Presidential Directives Issues regarding cross-sector cyber security Overarching issues: Protection and resiliency Delineate role of Private Sector Office DHS organizational changes: National Protection and Programs Directorate (NPPD). Comments are welcome on other areas that should be updated, expanded, changed, added, or deleted as appropriate. III. Initial List of Issues To Be Updated in the NIPP Since the NIPP was released in June 2006, DHS and its security partners have been working to implement the risk management framework and the sector partnership model to protect the Nation's CIKR. Throughout this implementation, DHS has engaged the NIPP feedback mechanisms to capture lessons learned and issues that need to be revised and updated in future versions of the NIPP. This section presents a brief summary of some those issues as a guide to reviewers and commenters on the types of changes being incorporated into the NIPP. DHS is soliciting public comment on these and other issues. These issues will be addressed through changes made in the appropriate sections of the NIPP. Establishment of Critical Manufacturing as the 18th CIKR Sector On March 3, 2008, DHS formally established the Critical Manufacturing Sector as the 18th CIKR sector. Release of Chemical Security Regulation On April 9, 2007, the U.S. Department of Homeland Security (DHS) issued the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR part 27. Congress authorized this interim final rule (IFR) under Section 550 of the Department of Homeland Security Appropriations Act of 2007, directing the Department to identify high-risk chemical facilities, assess their security vulnerabilities, and require those facilities to submit site security plans meeting risk-based performance standards. DHS also issued a final Appendix A to the CFATS IFR on November 20, 2007, listing chemicals of interest (COI) which, if possessed in specified quantities, require chemical facilities to submit certain information to DHS. Publishing of the Sector-Specific Plans Section 5.3.1 of the NIPP will be updated to reflect the SSPs official release on May 21, 2007. Sector Name Changes To better reflect the scope of three sectors, DHS has recognized the following name changes: ``Commercial Nuclear Reactors, Materials and Waste'' to ``Nuclear Reactors, Materials and Waste;'' ``Drinking Water and Water Treatment Systems'' to ``Water;'' and ``Telecommunications'' to ``Communications.'' Designation of the Education Facilities Subsector In keeping with section 2.2.2 of the NIPP, DHS has recognized the Department of Education's Office of Safe and Drug-Free Schools (OSDFS) as the lead for Education Facilities (EF), a subsector of the Government Facilities Sector. [[Page 32343]] Removal of References to the National Asset Database Throughout the NIPP, references to the NADB will be removed and replaced with information on the Infrastructure Information Collection System and the Infrastructure Data Warehouse. Revision of the Discussion on Risk Assessment Methodologies The discussion of risk assessment methodologies will be revised to indicate that there are multiple NIPP-compliant risk assessment methodologies. Revisions will also provide information on the current state of CIKR risk analysis capability and the Tier 1/Tier 2 Program. Update on the Protected Critical Infrastructure Information Program DHS will clarify how vulnerability assessment information may be submitted for protection under the PCII program and which DHS programs may receive this information. Clarification of NIPP CIKR Protection Metrics The NIPP CIKR protection metrics process includes four metrics areas: 1. Core metrics represent a common set of measures that are tracked across all sectors. 2. Sector-specific performance metrics are the set of measures tailored to the unique characteristics of each sector. 3. CIKR protection programmatic metrics are used to measure the effectiveness of specific programs, initiatives, and investments that are managed by Government agencies and sector partners. 4. Sector partnership metrics are used to assess the status of activities conducted under the sector partnership. Update on the State, Local, Tribal, and Territorial Government Coordinating Council The SLTTGCC now has three working groups and also provides liaisons to all the sectors: Policy and Planning Working Group, Communication and Coordination Working Group, and Information-Sharing Working Group. The roles of State and Regional groups in CIKR protection will be described. Homeland Security Information Network Update DHS IP is working closely with the DHS Chief Information Officer (CIO) to determine feasible solutions to mitigate issues from CIKR protection security partners related to HSIN. Further Definition of the CIKR Information-Sharing Environment As follow-up to the original discussion of ISE in section 4.2.3 of the NIPP, the Program Manager (PM)-ISE formally issued the CIKR ISE paper in May 2007. The paper describes the core elements of robust information sharing with the CIKR sectors. Critical Infrastructure Warning Information Network An ISE addition since the 2006 release of the NIPP, CWIN is a mechanism that facilitates the flow of information, mitigates obstacles to voluntary information sharing by CIKR owners and operators, and provides feedback and continuous improvement for structures and processes. Evolution From the National Response Plan to the National Response Framework The National Response Framework replaces the former National Response Plan. National Infrastructure Simulation and Analysis Center The Homeland Security Appropriations Act of 2007 specifies the NISAC's current mission to provide ``modeling, simulation, and analysis of the assets and systems comprising CIKR in order to enhance preparedness, protection, response, recovery, and mitigation activities.'' Protective Security Advisor Program The key elements of this program and the roles the Protective Security Advisors play in information sharing and support to security partners will be described. Additional Homeland Security Presidential Directives HSPD-19 and others will be added in the appendixes and wherever they are appropriate in the main body of the NIPP. Issues Regarding Cross-Sector Cyber Security The National Cyber Security Division (NCSD) is working closely with the SSAs and other security partners to integrate cyber security into the CIKR sectors' protection and preparedness efforts. Overarching Issues: Protection and Resiliency Questions have been raised about the focus of the NIPP on protection rather than resiliency. The revised NIPP needs to better describe the complementary relationship of these two concepts. Role of Private Sector Office The role of this office in coordinating with private sector security partners will be described in greater detail. DHS Organizational Changes: National Protection and Programs Directorate There have been numerous organizational changes within DHS related to roles and responsibilities described throughout the NIPP. NPPD (formerly the Preparedness Directorate) was formed in 2007 to advance the Department's risk-reduction mission. The components of NPPD include: Office of Cyber Security and Communications (CS&C) has the mission to assure the security, resiliency, and reliability of the Nation's cyber and communications infrastructure in collaboration with the public and private sectors, including international partners. Office of Intergovernmental Programs (IGP) has the mission to promote an integrated national approach to homeland security by ensuring, coordinating, and advancing Federal interaction with State, local, tribal, and territorial governments. Office of Risk Management and Analysis (RMA) will lead the Department's efforts to establish a common framework to address the overall management and analysis of homeland security risk. United States Visitor and Immigrant Status Indicator Technology (US-VISIT) is part of a continuum of biometrically-enhanced security measures that begins outside U.S. borders and continues through a visitor's arrival in and departure from the United States. Office of Infrastructure Protection (IP) leads the coordinated national effort to reduce risk to our CIKR posed by acts of terrorism. For purposes of review, the NIPP can be found at http:// www.dhs.gov/nipp. R. James Caverly, Director, Partnership and Outreach Division, Department of Homeland Security. [FR Doc. E8-12671 Filed 6-5-08; 8:45 am] BILLING CODE 4410-10-P