WIXLIB

To build and implement a robust strategy to protectour critical infrastructures and key assets from furtherterrorist exploitation, we must understand the motivations of our enemies as well as their preferred tacticsand targets. We must complement this understandingwith a comprehensive assessment of the infrastructuresand assets to be protected, their vulnerabilities, and thechallenges associated with eliminating or mitigatingthose vulnerabilities—a task that will require theconcerted efforts of our entire Nation.The Importance of Critical InfrastructuresAmerica’s critical infrastructure sectors provide thefoundation for our national security, governance,economic vitality, and way of life. Furthermore, theircontinued reliability, robustness, and resiliency create asense of confidence and form an important part of ournational identity and purpose. Critical infrastructuresframe our daily lives and enable us to enjoy one of thehighest overall standards of living in the world.The facilities, systems, and functions that comprise ourcritical infrastructures are highly sophisticated andcomplex. They include human assets and physical andcyber systems that work together in processes that arehighly interdependent. They also consist of key nodesthat, in turn, are essential to the operation of thecritical infrastructures in which they function.The Importance of Key AssetsKey assets and high profile events are individual targetswhose attack—in the worst-case scenarios—couldresult in not only large-scale human casualties andproperty destruction, but also profound damage to ournational prestige, morale, and confidence.Individually, key assets like nuclear power plants anddams may not be vital to the continuity of critical services at the national level. However, a successful strikeagainst such targets may result in a significant loss oflife and property in addition to long-term, adversepublic health and safety consequences. Other key assetsare symbolically equated with traditional Americanvalues and institutions or U.S. political and economicpower. Our national icons, monuments, and historicalattractions preserve history, honor achievements, andrepresent the natural grandeur of our country. Theycelebrate our American ideals and way of life andpresent attractive targets for terrorists, particularly whencoupled with high profile events and celebratory activities that bring together significant numbers of people.viiiUnderstanding the ThreatCharacteristics of TerrorismThe September 11 attacks on the World Trade Centerand the Pentagon underscore the determination of ourterrorist enemies. Terrorists are relentless and patient,as evidenced by their persistent targeting of the WorldTrade Center towers over the years. Terrorists are alsoopportunistic and flexible. They learn from experienceand modify their tactics and targets to exploit perceivedvulnerabilities and avoid observed strengths. As security increases around more predictable targets, theyshift their focus to less protected assets. Enhancingcountermeasures for any one terrorist tactic or target,therefore, makes it more likely that terrorists willfavor another.The Nature of Possible AttacksTerrorists’ pursuit of their long-term strategic objectives includes attacks on critical infrastructures and keyassets. Terrorists target critical infrastructures toachieve three general types of effects: Direct infrastructure effects: Cascading disruption orarrest of the functions of critical infrastructures orkey assets through direct attacks on a critical node,system, or function. Indirect infrastructure effects: Cascading disruptionand financial consequences for government, society,and economy through public- and private-sectorreactions to an attack. Exploitation of infrastructure: Exploitation ofelements of a particular infrastructure to disrupt ordestroy another target. This Strategy reaffirms our longstanding nationalpolicy regarding critical infrastructure and key assetprotection. It also delineates a set of guiding principlesthat will underpin our domestic protection strategy.Statement of National PolicyAs a Nation we remain committed to protecting ourcritical infrastructures and key assets from acts ofterrorism that would: Impair the federal government’s ability to performessential national and homeland security missionsand ensure the general public’s health and safety; Undermine state and local government capacities tomaintain order and to deliver minimum essentialpublic services;

Damage the private sector’s capability to ensure theorderly functioning of the economy and the deliveryof essential services; and Undermine the public’s morale and confidence inour national economic and political institutions.We must work collaboratively to employ the toolsnecessary to implement such protection.Guiding PrinciplesEight guiding principles underpin this Strategy: Assure public safety, public confidence, and services; Establish responsibility and accountability; Encourage and facilitate partnering among alllevels of government and between governmentand industry; Encourage market solutions wherever possibleand compensate for market failure with focusedgovernment intervention; Facilitate meaningful information sharing; Foster international cooperation; Develop technologies and expertise to combatterrorist threats; and Safeguard privacy and constitutional freedoms. Implementing this Strategy requires a unifying organization, a clear purpose, a common understanding ofroles and responsibilities, accountability, and a set ofwell-understood coordinating processes. A solidorganizational scheme sets the stage for effectiveengagement and interaction between the public andprivate sectors at all levels. Without it, the tasks ofcoordinating and integrating domestic protectionpolicy, planning, resource allocation, performancemeasurement, and enabling initiatives across federal,state, and local governments and the private sector arevirtually impossible to accomplish. Our strategy foraction must provide the foundation these entities canuse to achieve common objectives, applying their corecapabilities, expertise, and experience as necessary tomeet the threat at hand.Federal Government ResponsibilitiesThe federal government has the capacity to organize,convene, and coordinate broadly across governmentaljurisdictions and the private sector. It has the responsibility to develop coherent national policies, strategies,and programs for implementation. In the context ofhomeland security, the federal government will coordinate the complementary efforts and capabilities ofgovernment and private institutions to raise our levelof protection over the long term as appropriate for eachof our critical infrastructures and key assets.Every terrorist event has a potential national impact.The federal government will, therefore, take the leadto ensure that the three principal objectives detailedin the Introduction of this Strategy are met. Thisleadership role involves: Taking stock of our most critical facilities, systems,and functions and monitoring their preparednessacross economic sectors and governmentaljurisdictions; Assuring that federal, state, local, and privateentities work together to protect critical facilities,systems, and functions that face an imminent threatand/or whose loss could have significant nationalconsequences; Providing and coordinating national-level threatinformation, assessments, and warnings that aretimely, actionable, and relevant to state, local, andprivate sector partners; Creating and implementing comprehensive,multi-tiered protection policies and programs; Exploring potential options for enablers andincentives to encourage stakeholders to devisesolutions to their unique protection impediments; Developing cross-sector and cross-jurisdictionalprotection standards, guidelines, criteria, andprotocols; Facilitating the sharing of critical infrastructure andkey asset protection best practices and processes andvulnerability assessment methodologies; Conducting demonstration projects and pilotprograms; Seeding the development and transfer of advancedtechnologies while taking advantage of privatesector expertise and competencies; Promoting national-level critical infrastructure andkey asset protection education and awareness; and Improving the federal government’s ability towork with state and local responders andservice providers. ix

Federal Lead Departments and AgenciesThe National Strategy for Homeland Security provides asector-based organizational scheme for protectingcritical infrastructure and key assets. It identifies thefederal lead departments and agencies responsible forcoordinating protection activities and developing andmaintaining collaborative relationships with their stateand local government and industry counterparts in thecritical sectors.In addition to securing federally owned and operatedinfrastructures and assets, the role of the federal leaddepartments and agencies is to assist state and localgovernments and private-sector partners in theirefforts to: Organize and conduct protection and continuity ofgovernment and operations planning, and elevateawareness and understanding of threats andvulnerabilities to their critical facilities, systems,and functions; Identify and promote effective sector-specificprotection practices and methodologies; and Expand voluntary security-related informationsharing among private entities within the sector, aswell as between government and private entities.Department of Homeland SecurityThe Department of Homeland Security (DHS) willprovide overall cross-sector coordination in this neworganizational scheme, serving as the primary liaisonand facilitator for cooperation among federal agencies,state and local governments, and the private sector. Asthe cross-sector coordinator, DHS will also be responsible for the detailed refinement and implementationof the core elements of this Strategy.Other Federal Departments and AgenciesBesides the designated federal lead departments andagencies, the federal government will rely on theunique expertise of other departments and agencies toenhance the physical protection dimension of homeland security. Additionally, overall sector initiatives willoften include an international component or requirement, require the development of a coordinatedrelationship with other governments or agencies, andentail information sharing with foreign governments.Accordingly, the Department of State (DoS) willsupport the development and implementation of sectorprotection initiatives by laying the groundwork forbilateral and multilateral infrastructure protectiveagreements with our international allies.xState and Local Government ResponsibilitiesThe 50 states, 4 territories, and 87,000 local jurisdictions that comprise this Nation have an important andunique role to play in the protection of our criticalinfrastructures and key assets. State and local governments, like the federal government, should identify andsecure the critical infrastructures and key assets theyown and operate within their jurisdictions.States should also engender coordination of protectiveand emergency response activities and resource supportamong local jurisdictions and regions in close collaboration with designated federal lead departments andagencies. States should further facilitate coordinatedplanning and preparedness for critical infrastructureand key asset protection, applying unified criteria fordetermining criticality, prioritizing protection investments, and exercising preparedness within theirjurisdictions. States should also act as conduits forrequests for federal assistance when the threat at handexceeds the capabilities of local jurisdictions andprivate entities within those jurisdictions. Finally,states should facilitate the exchange of relevant securityinformation and threat alerts down to the local level.State and local governments look to the federalgovernment for coordination, support, and resourceswhen national requirements exceed local capabilities.Protecting critical infrastructures and key assets willrequire a close and extensive cooperation among allthree levels of government. DHS, in particular, isdesigned to provide a single point of coordination withstate and local governments for homeland securityissues, including the critical infrastructure and key assetprotection mission area. Other federal lead departments and agencies and law enforcement organizationswill provide support as needed and appropriate forspecific critical infrastructure and key assetprotection requirements.Private Sector ResponsibilitiesThe lion’s share of our critical infrastructures and keyassets are owned and operated by the private sector.Customarily, private sector firms prudently engage inrisk management planning and invest in security as anecessary function of business operations and customerconfidence. Moreover, in the present threat environment, the private sector generally remains the first lineof defense for its own facilities. Consequently, privatesector owners and operators should reassess and adjusttheir planning, assurance, and investment programs tobetter accommodate the increased risk presented bydeliberate acts of violence. Since the events of

September 11, many businesses have increased theirthreshold investments and undertaken enhancementsin security in an effort to meet the demands of thenew threat environment.For most enterprises, the level of investment in securityreflects implicit risk-versus-consequence tradeoffs,which are based on: (1) what is known about the riskenvironment; and (2) what is economically justifiableand sustainable in a competitive marketplace or in anenvironment of limited government resources. Giventhe dynamic nature of the terrorist threat and theseverity of the consequences associated with manypotential attack scenarios, the private sector naturallylooks to the government for better information to helpmake its crucial security investment decisions.Similarly, the private sector looks to the governmentfor assistance when the threat at hand exceeds anenterprise’s capability to protect itself beyond a reasonable level of additional investment. In this light, thefederal government will collaborate with the privatesector (and state and local governments) to assure theprotection of nationally critical infrastructures andassets; provide timely warning and assure the protection of infrastructures and assets that face a specific,imminent threat; and promote an environment inwhich the private sector can better carry out its specificprotection responsibilities.Near-term Roadmap: Cross-SectorSecurity PrioritiesThe issues and security initiatives outlined in theCross-Sector Security Priorities chapter of this documentrepresent important, near-term national priorities.They are focused on impediments to physical protection that significantly impact multiple sectors of ourgovernment, society, and economy. Potential solutionsto the problems identified—such as informationsharing and threat indications and warning—are highleverage areas that, when realized, will enhance theNation’s collective ability to protect critical infrastructures and key assets across the board. Accordingly,DHS and designated federal lead departments andagencies will prepare detailed implementation plans tosupport the activities outlined in this chapter.This Strategy identifies major cross-sector initiatives infive areas:Planning and Resource Allocation: This Strategyidentifies eight major initiatives in this area. Create collaborative mechanisms for governmentindustry critical infrastructure and key assetprotection planning; Identify key protection priorities and developappropriate supporting mechanisms for thesepriorities; Foster increased sharing of risk-managementexpertise between the public and private sectors; Identify options for incentives for privateorganizations that proactively implementenhanced security measures; Coordinate and consolidate federal and stateprotection plans; Establish a task force to review legal impedimentsto reconstitution and recovery in the aftermathof an attack against a critical infrastructure orkey asset; Develop an integrated critical infrastructure andkey asset geospatial database; and Conduct critical infrastructure protection planningwith our international partners.Information Sharing and Indications and Warnings:This Strategy identifies six major initiatives in this area. Define protection-related information sharingrequirements and establish effective, efficientinformation sharing processes; Implement the statutory authorities and powersof the Homeland Security Act of 2002 to protectsecurity and proprietary information regarded assensitive by the private sector; Promo

Strategy for Homeland Security—reducing the Nation’s vulnerability to acts of terrorism by protecting our crit-ical infrastructures and key assets from physical attack. This document, the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets,