National Strategy for Homeland Security
Protect the American People, Critical Infrastructure, and Key Resources
While protecting the lives and livelihoods of the American people demands that we work to prevent and disrupt terrorist attacks in the Homeland, it also requires that we undertake measures to deter the threat of terrorism, mitigate the Nation's vulnerabilities, and minimize the consequences of an attack or disaster should it occur. Our efforts include, among other things, protecting our population from infectious diseases and catastrophic public health threats, as well as reducing the effects and consequences of all hazards through improved systems to notify, alert, and warn the public.
Protection and Risk Management|
Despite our best efforts, achieving a complete state of CI/KR protection is not possible in the face of the numerous and varied catastrophic possibilities that could challenge the security of America today. Recognizing that the future is uncertain and that we cannot envision or prepare for every potential threat, we must understand and accept a certain level of risk as a permanent condition. Managing homeland security risk requires a disciplined approach to resource prioritization and the diversification of protective responsibilities across the full spectrum of our Nation's homeland security partners. Applying a risk-based framework to all homeland security efforts will help to ensure our success over the long term and is discussed in detail in the chapter titled "Ensuring Long-Term Success."
Safeguarding the American people also includes the preservation of the Nation's critical infrastructure and key resources (CI/KR). As set forth in the 2006 National Infrastructure Protection Plan (NIPP), critical infrastructure includes the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof. Key resources are publicly or privately controlled resources essential to the minimal operations of the economy and government. By protecting CI/KR, we further protect the American people and build a safer, more secure, and more resilient Nation.
DETER THE TERRORIST THREAT
We seek to deter state sponsors of terrorism, terrorist groups, and other non-state actors who support or facilitate terrorism by undertaking various actions to decrease their likelihood of success as well as alter their motivational calculus.
Decreasing likelihood of success. Terrorist actors can be deterred and dissuaded from conducting attacks if they perceive that they are not likely to achieve their objectives or that the costs of their efforts are too high. The counterterrorism and homeland security activities outlined in the chapter titled "Prevent and Disrupt Terrorist Attacks" are part of our deterrent strategy – making it increasingly difficult for our enemies to achieve their objective of an attack in the Homeland by denying them and their weapons entry to the United States, denying them the ability to operate effectively within our borders, and denying them future recruits by preventing homegrown radicalization.
The National Infrastructure Protection Plan|
Guiding our efforts to protect the Nation's CI/KR is the 2006 National Infrastructure Protection Plan (NIPP) and its supporting Sector-Specific Plans, which were developed pursuant to Homeland Security Presidential Directive-7, issued on December 17, 2003. The NIPP sets forth a comprehensive risk management framework and provides a coordinated approach to CI/KR protection roles and responsibilities for Federal, State, local, and private sector security partners. It sets national priorities, goals, and requirements for the effective distribution of funding and resources that will help ensure that our government, economy, and public services continue to function in the event of a man-made or natural disaster. In accordance with HSPD-7, the NIPP includes an augmented focus on the protection of CI/KR from the unique and potentially catastrophic effects of terrorist attacks. However, the NIPP framework supports a larger all-hazard approach to CI/KR protection.
As a protective function, this concept of "deterrence through denial" requires additional actions, including increased defensive postures at potential sites of attack. Prominent political, economic, and infrastructure targets are attractive to our enemies, as are large places of public gatherings and symbolic targets, such as national monuments. In order to deny terrorists access to potential targets and decrease their likelihood of success, the Federal Government, in full collaboration with State, local, Tribal, and private sector partners, will continue to harden sites, as appropriate, and strengthen security through the presence of security forces, reinforcement of defensive barriers, and enhancement of access control measures. The continued targeted provision of Federal assistance to State, local, and Tribal governments and the private sector – through risk- and performance-based criteria – will ensure that these entities receive the dollars and training necessary to effectively implement these measures. Additionally, the use of both active and passive countermeasures as well as their unpredictable application will help ensure greater effectiveness. We also must promote public awareness of our increased security practices so terrorists understand that we are increasing the likelihood that they will not succeed.
Hardening sites against external threats is only one side of the deterrence equation. Terrorists also may seek to infiltrate or recruit an individual with privileged access to a hardened site. These insiders can offer our terrorist enemies information on exploitable vulnerabilities or even provide terrorist operatives access to sensitive or controlled areas. We must therefore continue to work with our State, local, Tribal, and private sector partners to review workforce surety programs and standards for screening and background checks, where appropriate. Finally, we must continue to conduct threat and vulnerability assessments and calibrate our defensive measures accordingly to account for changes in terrorists' strategic targeting, tactics, techniques, and procedures, as well as changes in the larger operating environment.
Changing motivational calculus. Terrorist actors also can be deterred or dissuaded from conducting attacks if they fear potential consequences for their actions. Since September 11, the United States has made it clear that we and our partners in the War on Terror make no distinction between those who commit acts of terror and those who support and harbor them. Any government that chooses to be an ally of terror has chosen to be The National Infrastructure Protection Plan Guiding our efforts to protect the Nation's CI/KR is the 2006 National Infrastructure Protection Plan (NIPP) and its supporting Sector-Specific Plans, which were developed pursuant to Homeland Security Presidential Directive-7, issued on December 17, 2003. The NIPP sets forth a comprehensive risk management framework and provides a coordinated approach to CI/KR protection roles and responsibilities for Federal, State, local, and private sector security partners. It sets national priorities, goals, and requirements for the effective distribution of funding and resources that will help ensure that our government, economy, and public services continue to function in the event of a man-made or natural disaster. In accordance with HSPD-7, the NIPP includes an augmented focus on the protection of CI/KR from the unique and potentially catastrophic effects of terrorist attacks. However, the NIPP framework supports a larger all-hazard approach to CI/KR protection. an enemy of freedom, justice, and peace, and we, along with our international partners, will hold our terrorist enemies to account.
Altering the calculus of our terrorist enemies – including all elements of the terrorist network – so that they fear the consequences of their actions requires credibility. We will continue to communicate and demonstrate our will to take action, both to our enemies in order to raise their awareness and to the American people so that they remain confident in our resolve. Maintaining our credibility also requires that we not only demonstrate our will to hold terrorists, their sponsors, and facilitators accountable, but that we also retain the capabilities and flexibility to do so. This includes enhancing our ability to respond to acts of terror using all instruments of national power, as well as refining our ability to define the nature, source, and perpetrator of an attack. To further strengthen the potential consequences our terrorist enemies face, we will continue to isolate and discredit those who support or facilitate terrorism, bring to justice terrorist actors, build a moral counterweight to undermine the perceived legitimacy of terrorism and the targeting of innocents, and ultimately create a global environment inhospitable to terrorists, violent extremists, and all who support them.
Critical Infrastructure and Key Resources |
Our Nation has identified 17 sectors of critical infrastructure and key resources, each with cross-cutting physical, cyber, and human elements:
Agriculture and Food
Banking and Finance
Commercial Nuclear Reactors, Materials, and Waste
Defense Industrial Base
Drinking Water and Water Treatment Systems
National Monuments and Icons
Postal and Shipping
Public Health and Health Care
We will not be able to deter all terrorist threats, and it is impossible to deter or prevent natural catastrophes. We can, however, mitigate the Nation's vulnerability to acts of terrorism, other man-made threats, and natural disasters by ensuring the structural and operational resilience of our critical infrastructure and key resources and by further protecting the American people through medical preparedness.
Ensuring CI/KR structural resilience. While the devastation of even one sector of our critical infrastructure or key resources would have a debilitating effect on our national security and possibly damage the morale and confidence of the American people, interdependencies make the protection of CI/KR particularly essential. A failure in one area, such as our water supply system, can adversely affect not only public health but also the ability of first responders to provide emergency services. Accordingly, ensuring the survivability of our CI/KR assets, systems, and networks requires that we continue to accurately model their interdependencies and better assess and understand the potential cascading effects that could impact and impede operations in interconnected infrastructures.
For each CI/KR sector, we must collectively work to ensure the ability of power, communications, and other life sustaining systems to survive an attack by terrorists, a natural disaster, and other assessed risks or hazards. In the past, investments in redundant and duplicative infrastructure were used to achieve this objective. We must now focus on the resilience of the system as a whole – an approach that centers on investments that make the system better able to absorb the impact of an event without losing the capacity to function. While this might include the building of redundant assets, resilience often is attained through the dispersal of key functions across multiple service providers and flexible supply chains and related systems. Resilience also includes the protection and physical survivability of key national assets and structures.
Additionally, an important aspect of promoting resilience includes seismic retrofitting and adherence to stricter building codes, as appropriate. Flood mitigation activities are also important and include the maintenance of flood plains. We also must increase participation in the National Flood Insurance Program and base that program on actuarial rates.
While the Federal Government provides overarching leadership and coordination for protecting and mitigating the vulnerabilities of our Nation's CI/KR, all partners in homeland security have important roles to play. This is especially true of the private sector, which owns and operates approximately 85 percent of the Nation's critical infrastructure and is the first line of defense for those assets. We will continue to strengthen our partnerships with State, local, and Tribal governments and the private sector so that we collectively can fulfill our responsibilities, as outlined in the NIPP, to protect and ensure the resilience of our Nation's most critical assets. Our partnerships also extend to our international neighbors. Many of our CI/KR assets are intertwined with a global infrastructure that has evolved to support modern economies. While this global system brings efficiencies and benefits, it also creates vulnerabilities and challenges, and we must continue to work with our partners across the globe to protect the structural resilience of what has become a system of systems at home and abroad.
Cyber Security: A Special Consideration |
Many of the Nation's essential and emergency services, as well as our critical infrastructure, rely on the uninterrupted use of the Internet and the communications systems, data, monitoring, and control systems that comprise our cyber infrastructure. A cyber attack could be debilitating to our highly interdependent CI/KR and ultimately to our economy and national security.
A variety of actors threaten the security of our cyber infrastructure. Terrorists increasingly exploit the Internet to communicate, proselytize, recruit, raise funds, and conduct training and operational planning. Hostile foreign governments have the technical and financial resources to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. Criminal hackers threaten our Nation's economy and the personal information of our citizens, and they also could pose a threat if wittingly or unwittingly recruited by foreign intelligence or terrorist groups. Our cyber networks also remain vulnerable to natural disasters.
In order to secure our cyber infrastructure against these man-made and natural threats, our Federal, State, and local governments, along with the private sector, are working together to prevent damage to, and the unauthorized use and exploitation of, our cyber systems. We also are enhancing our ability and procedures to respond in the event of an attack or major cyber incident. The National Strategy to Secure Cyberspace and the NIPP's Cross-Sector Cyber Security plan are guiding our efforts.
Ensuring operational resilience. Mitigating the vulnerability of government and private sector operations to man-made or natural disasters depends not only on the structural resilience of our assets, systems, and networks but also on operational resilience. First, we will continue to maintain comprehensive and effective continuity programs, including those that integrate continuity of operations and continuity of government programs, to ensure the preservation of our government under the Constitution and the continuing performance of national essential functions – those government roles that are necessary to lead and sustain the Nation during and following a catastrophic emergency. A national approach to continuity also requires that State, local, and Tribal governments work to ensure that they are able to maintain or rapidly resume effective functioning during and after catastrophic incidents and are able to interact effectively with each other and the Federal Government. Likewise, we strongly encourage the private sector to conduct business continuity planning that recognizes interdependencies and complements governmental efforts – doing so not only helps secure the United States, but also makes good long-term business sense for individual companies. Such integrated and comprehensive planning is essential to protecting and preserving lives and livelihoods and maintaining our robust economy during crises.
Protecting the American people through medical preparedness. As we protect our Nation's critical infrastructure and key resources by working to deter terrorist threats and mitigate vulnerabilities through structural and operational resilience, we are helping to protect the American people. Our population, however, requires additional protective measures. We must reduce the vulnerability of the American populace to intentional dissemination of harmful biological agents, detonation of a nuclear or radiological device, the intentional or accidental release of toxic chemicals, naturally occurring infectious disease such as an influenza pandemic, and meteorological or geological events such as hurricanes or earthquakes.
Reducing the Nation's vulnerability to public health threats requires that we continue to build sustainable systems for prevention, detection, reporting, investigation, control, and recovery. We must continue to expand the capabilities of the public health and medical communities to identify and assess threats and to determine if an attack or outbreak has occurred – all in a rapid and reliable manner. In order to facilitate our efforts, we will continue to upgrade our systems for clinical surveillance and environmental monitoring, as well as ensure the effective and timely integration and sharing of data, conclusions, and other information with State, local, and Tribal authorities and other appropriate homeland security partners. Likewise, we will encourage the timely sharing of information learned at the State, local, and Tribal level with the Federal Government.
In order to further mitigate the vulnerability of the American people to natural or man-made health threats, we must ensure that we have access to the necessary medical countermeasures, appropriately enhancing and expanding our flexible medical toolkit against potential biological threats. We must facilitate States and local and Tribal communities in establishing appropriate levels of medical stockpiles and the systems that can rapidly distribute medical countermeasures to large, at-risk populations. Finally, we must assist communities as they develop medical systems that are able to sustain delivery of situation- appropriate care in the setting of catastrophic events. Like other homeland security activities, protecting the health of citizens is a shared responsibility – one that starts at the individual and family level, involves government and the private sector, and relies heavily on local action. While the Federal Government possesses unique tools and resources to guide and assist efforts to protect the health of citizens from all disasters, collaborative community and regional planning is essential for the protection of the American people.
Despite our best deterrent and mitigation efforts, terrorist attacks and natural disasters will happen, and we must work to minimize the consequences of their occurrence. Several of our efforts to reduce our Nation's vulnerabilities necessarily reduce the consequences of a disaster. This is the mutually reinforcing nature of our integrated efforts to protect the American people, critical infrastructure, and key resources. Moreover, the core of our efforts to minimize consequences lies with our comprehensive approach for responding to and recovering from incidents, which is described in the next chapter.
There are, however, pre-incident steps that we can take that can help to further reduce the effects and consequences of those events that do occur and better protect the American people, particularly through improved notification, alert, and warning systems. We must continue to develop reliable, effective, and flexible national systems to warn Americans of impending threats, including acts of terrorism, natural disasters, acts of war, and other hazards to public security and well-being. Beyond press conferences and warnings through television and radio, these systems must leverage modern and changing technology to push vital information to citizens wherever they are. Pre-incident alerts and warnings should be geographically or functionally targeted and provide guidance and instruction so that governments, the private sector, and individual citizens can take necessary preparatory or protective actions. These messages should continue throughout and immediately after the event, providing situational updates and current directions, as appropriate.
Join the GlobalSecurity.org mailing list