Download:
pdf |
pdfThe White House
Office of the Press Secretary
For Immediate Release
February 12, 2013
Presidential Policy Directive -- Critical
Infrastructure Security and Resilience
PRESIDENTIAL POLICY DIRECTIVE/PPD-21
SUBJECT: Critical Infrastructure Security and Resilience
The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a
national unity of effort to strengthen and maintain secure, functioning, and resilient critical
infrastructure.
Introduction
The Nation's critical infrastructure provides the essential services that underpin American society.
Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and
resilient critical infrastructure – including assets, networks, and systems – that are vital to public
confidence and the Nation's safety, prosperity, and well-being.
The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied
organizational structures and operating models (including multinational ownership), interdependent
functions and systems in both the physical space and cyberspace, and governance constructs that
involve multi-level authorities, responsibilities, and regulations. Critical infrastructure owners and
operators are uniquely positioned to manage risks to their individual operations and assets, and to
determine effective strategies to make them more secure and resilient.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards.
Achieving this will require integration with the national preparedness system across prevention,
protection, mitigation, response, and recovery.
This directive establishes national policy on critical infrastructure security and resilience. This endeavor
is a shared responsibility among the Federal, state, local, tribal, and territorial (SLTT) entities, and
public and private owners and operators of critical infrastructure (herein referred to as "critical
�infrastructure owners and operators"). This directive also refines and clarifies the critical infrastructure related functions, roles, and responsibilities across the Federal Government, as well as enhances
overall coordination and collaboration. The Federal Government also has a responsibility to strengthen
the security and resilience of its own critical infrastructure, for the continuity of national essential
functions, and to organize itself to partner effectively with and add value to the security and resilience
efforts of critical infrastructure owners and operators.
Policy
It is the policy of the United States to strengthen the security and resilience of its critical infrastructure
against both physical and cyber threats. The Federal Government shall work with critical infrastructure
owners and operators and SLTT entities to take proactive steps to manage risk and strengthen the
security and resilience of the Nation's critical infrastructure, considering all hazards that could have a
debilitating impact on national security, economic stability, public health and safety, or any combination
thereof. These efforts shall seek to reduce vulnerabilities, minimize consequences, identify and disrupt
threats, and hasten response and recovery efforts related to critical infrastructure.
The Federal Government shall also engage with international partners to strengthen the security and
resilience of domestic critical infrastructure and critical infrastructure located outside of the United
States on which the Nation depends.
U.S. efforts shall address the security and resilience of critical infrastructure in an integrated, holistic
manner to reflect this infrastructure's interconnectedness and interdependency. This directive also
identifies energy and communications systems as uniquely critical due to the enabling functions they
provide across all critical infrastructure sectors.
Three strategic imperatives shall drive the Federal approach to strengthen critical infrastructure security
and resilience:
1) Refine and clarify functional relationships across the Federal Government to advance the national
unity of effort to strengthen critical infrastructure security and resilience;
2) Enable effective information exchange by identifying baseline data and systems requirements for th e
Federal Government; and
3) Implement an integration and analysis function to inform planning and operations decisions
regarding critical infrastructure.
�All Federal department and agency heads are responsible for the identification, prioritization,
assessment, remediation, and security of their respective internal critical infrastructure that supports
primary mission essential functions. Such infrastructure shall be addressed in the plans and execution
of the requirements in the National Continuity Policy.
Federal departments and agencies shall implement this directive in a manner consistent with applicable
law, Presidential directives, and Federal regulations, including those protecting privacy, civil rights, and
civil liberties. In addition, Federal departments and agencies shall protect all information associated
with carrying out this directive consistent with applicable legal authorities and policies.
Roles and Responsibilities
Effective implementation of this directive requires a national unity of effort pursuant to strategic
guidance from the Secretary of Homeland Security. That national effort must include expertise and day to-day engagement from the Sector-Specific Agencies (SSAs) as well as the specialized or support
capabilities from other Federal departments and agencies, and strong collaboration with critical
infrastructure owners and operators and SLTT entities. Although the roles and responsibilities identified
in this directive are directed at Federal departments and agencies, effective partnerships with critical
infrastructure owners and operators and SLTT entities are imperative to strengthen the security and
resilience of the Nation's critical infrastructure.
Secretary of Homeland Security
The Secretary of Homeland Security shall provide strategic guidance, promote a national unity of effort,
and coordinate the overall Federal effort to promote the security and resilience of the Nation's critical
infrastructure. In carrying out the responsibilities assigned in the Homeland Security Act of 2002, as
amended, the Secretary of Homeland Security evaluates national capabilities, opportunities, and
challenges in protecting critical infrastructure; analyzes threats to, vulnerabilities of, and potenti al
consequences from all hazards on critical infrastructure; identifies security and resilience functions that
are necessary for effective public-private engagement with all critical infrastructure sectors; develops a
national plan and metrics, in coordination with SSAs and other critical infrastructure partners; integrates
and coordinates Federal cross-sector security and resilience activities; identifies and analyzes key
interdependencies among critical infrastructure sectors; and reports on the effective ness of national
efforts to strengthen the Nation's security and resilience posture for critical infrastructure.
Additional roles and responsibilities for the Secretary of Homeland Security include:
1) Identify and prioritize critical infrastructure, considering physical and cyber threats, vulnerabilities,
and consequences, in coordination with SSAs and other Federal departments and agencies;
�2) Maintain national critical infrastructure centers that shall provide a situational awareness capability
that includes integrated, actionable information about emerging trends, imminent threats, and the status
of incidents that may impact critical infrastructure;
3) In coordination with SSAs and other Federal departments and agencies, provide analysis, expertise,
and other technical assistance to critical infrastructure owners and operators and facilitate access to
and exchange of information and intelligence necessary to strengthen the security and resilience of
critical infrastructure;
4) Conduct comprehensive assessments of the vulnerabilities of the Nation's critical infrastructure in
coordination with the SSAs and in collaboration with SLTT entities and critical infrastructure owners and
operators;
5) Coordinate Federal Government responses to significant cyber or physical incidents affecting critical
infrastructure consistent with statutory authorities;
6) Support the Attorney General and law enforcement agencies with their responsibilities to investigate
and prosecute threats to and attacks against critical infrastructure;
7) Coordinate with and utilize the expertise of SSAs and other appropriate Federal departments and
agencies to map geospatially, image, analyze, and sort critical infrastructure by employing commercial
satellite and airborne systems, as well as existing capabilities within other departments and agencies;
and
8) Report annually on the status of national critical infrastructure efforts as required by statute.
Sector-Specific Agencies
Each critical infrastructure sector has unique characteristics, operating models, and risk profiles that
benefit from an identified Sector-Specific Agency that has institutional knowledge and specialized
expertise about the sector. Recognizing existing statutory or regulatory authorities of specific Federal
departments and agencies, and leveraging existing sector familiarity and relationships, SSAs shall
carry out the following roles and responsibilities for their respective sectors:
1) As part of the broader national effort to strengthen the security and resilience of cr itical
infrastructure, coordinate with the Department of Homeland Security (DHS) and other relevant Federal
departments and agencies and collaborate with critical infrastructure owners and operators, where
appropriate with independent regulatory agencies, and with SLTT entities, as appropriate, to implement
this directive;
2) Serve as a day-to-day Federal interface for the dynamic prioritization and coordination of sectorspecific activities;
�3) Carry out incident management responsibilities consistent with statutory authority and other
appropriate policies, directives, or regulations;
4) Provide, support, or facilitate technical assistance and consultations for that sector to identify
vulnerabilities and help mitigate incidents, as appropriate; and
5) Support the Secretary of Homeland Security's statutorily required reporting requirements by
providing on an annual basis sector-specific critical infrastructure information.
Additional Federal Responsibilities
The following departments and agencies have specialized or support functions related to critical
infrastructure security and resilience that shall be carried out by, or along with, other Federal
departments and agencies and independent regulatory agencies, as appropriate.
1) The Department of State, in coordination with DHS, SSAs, and other Federal departments and
agencies, shall engage foreign governments and international organizations to strengthen the security
and resilience of critical infrastructure located outside the United States and to facilitate the overall
exchange of best practices and lessons learned for promoting the security and resilience of critical
infrastructure on which the Nation depends.
2) The Department of Justice (DOJ), including the Federal Bureau of Investigation (FBI), shall lead
counterterrorism and counterintelligence investigations and related law enforcement activities across
the critical infrastructure sectors. DOJ shall investigate, disrupt, prosecute, and otherwise reduce
foreign intelligence, terrorist, and other threats to, and actual or attempted attacks on, or sabotage of,
the Nation's critical infrastructure. The FBI also conducts domestic collection, analysis, and
dissemination of cyber threat information, and shall be responsible for the operation of the National
Cyber Investigative Joint Task Force (NCIJTF). The NCIJTF serves as a multi-agency national focal
point for coordinating, integrating, and sharing pertinent information related to cyber threat
investigations, with representation from DHS, the Intelligence Community (IC), the Department of
Defense (DOD), and other agencies as appropriate. The Attorney General and the Secretary of
Homeland Security shall collaborate to carry out their respective critical infrastructure missions.
3) The Department of the Interior, in collaboration with the SSA for the Government Facilities Sector,
shall identify, prioritize, and coordinate the security and resilience efforts for national monuments and
icons and incorporate measures to reduce risk to these critical assets, while also promoting their use
and enjoyment.
4) The Department of Commerce (DOC), in collaboration with DHS and other relevant Federal
departments and agencies, shall engage private sector, research, academic, and government
organizations to improve security for technology and tools related to cyber-based systems, and
�promote the development of other efforts related to critical infrastructure to enable the timely availability
of industrial products, materials, and services to meet homeland security requirements.
5) The IC, led by the Director of National Intelligence (DNI), shall use applicable authorities and
coordination mechanisms to provide, as appropriate, intelligence assessments regarding threats to
critical infrastructure and coordinate on intelligence and other sensitive or proprietary information
related to critical infrastructure. In addition, information security policies, directives, standards, and
guidelines for safeguarding national security systems shall be overseen as directed by the President,
applicable law, and in accordance with that direction, carried out under the authority of the heads of
agencies that operate or exercise authority over such national security systems.
6) The General Services Administration, in consultation with DOD, DHS, and other departments and
agencies as appropriate, shall provide or support government-wide contracts for critical infrastructure
systems and ensure that such contracts include audit rights for the security and resilience of critical
infrastructure.
7) The Nuclear Regulatory Commission (NRC) is to oversee its licensees' protection of commercial
nuclear power reactors and non-power nuclear reactors used for research, testing, and training; nuclear
materials in medical, industrial, and academic settings, and facilities that fabricate nuclear fuel; and the
transportation, storage, and disposal of nuclear materials and waste. The NRC is to collaborate, to the
extent possible, with DHS, DOJ, the Department of Energy, the Environmental Protection Agency, and
other Federal departments and agencies, as appropriate, on strengthening critical infrastructure
security and resilience.
8) The Federal Communications Commission, to the extent permitted by law, is to exercise its authority
and expertise to partner with DHS and the Department of State, as well as other Federal departments
and agencies and SSAs as appropriate, on: (1) identifying and prioritizing communications
infrastructure; (2) identifying communications sector vulnerabilities and working with industry and other
stakeholders to address those vulnerabilities; and (3) working with stakeholders, including industry, and
engaging foreign governments and international organizations to increase the security and resilience of
critical infrastructure within the communications sector and facilitating the development and
implementation of best practices promoting the security and resilience of critical communications
infrastructure on which the Nation depends.
9) Federal departments and agencies shall provide timely information to the Secretary of Homeland
Security and the national critical infrastructure centers necessary to support cross-sector analysis and
inform the situational awareness capability for critical infrastructure.
�Three Strategic Imperatives
1) Refine and Clarify Functional Relationships across the Federal Government to Advance the National
Unity of Effort to Strengthen Critical Infrastructure Security and Resilience
An effective national effort to strengthen critical infrastructure security and resilience must be guided by
a national plan that identifies roles and responsibilities and is informed by the expertise, experience,
capabilities, and responsibilities of the SSAs, other Federal departments and agencies with critical
infrastructure roles, SLTT entities, and critical infrastructure owners and operators.
During the past decade, new programs and initiatives have been established to address specific
infrastructure issues, and priorities have shifted and expanded. As a result, Federal functions related to
critical infrastructure security and resilience shall be clarified and refined to establish baseline
capabilities that will reflect this evolution of knowledge, to define relevant Federal program functions,
and to facilitate collaboration and information exchange between and among the Federal Government,
critical infrastructure owners and operators, and SLTT entities.
As part of this refined structure, there shall be two national critical infrastructure centers operated by
DHS – one for physical infrastructure and another for cyber infrastructure. They shall function in an
integrated manner and serve as focal points for critical infrastructure partners to obtain situational
awareness and integrated, actionable information to protect the physical and cyber aspects of critical
infrastructure. Just as the physical and cyber elements of critical infrastructure are inextricably linked,
so are the vulnerabilities. Accordingly, an integration and analysis function (further developed in
Strategic Imperative 3) shall be implemented between these two national centers.
The success of these national centers, including the integration and analysis function, is dependent on
the quality and timeliness of the information and intelligence they receive from the SSAs and other
Federal departments and agencies, as well as from critical infrastructure owners and operators and
SLTT entities.
These national centers shall not impede the ability of the heads of Federal departments and agencies
to carry out or perform their responsibilities for national defense, criminal, counterintelligence,
counterterrorism, or investigative activities.
2) Enable Efficient Information Exchange by Identifying Baseline Data and Systems Requirements for
the Federal Government
A secure, functioning, and resilient critical infrastructure requires the efficient exchange of information,
including intelligence, between all levels of governments and critical infrastructure owners and
operators. This must facilitate the timely exchange of threat and vulnerability information as well as
information that allows for the development of a situational awareness capability during incidents. The
�goal is to enable efficient information exchange through the identification of requirements for data and
information formats and accessibility, system interoperability, and redundant systems and alternate
capabilities should there be a disruption in the primary systems.
Greater information sharing within the government and with the private sector can and must be done
while respecting privacy and civil liberties. Federal departments and agencies shall ensure that all
existing privacy principles, policies, and procedures are implemented consistent with applicable law
and policy and shall include senior agency officials for privacy in their efforts to govern and oversee
information sharing properly.
3) Implement an Integration and Analysis Function to Inform Planning and Operational Decisions
Regarding Critical Infrastructure
The third strategic imperative builds on the first two and calls for the implementation of an integration
and analysis function for critical infrastructure that includes operational and strategic analysis on
incidents, threats, and emerging risks. It shall reside at the intersection of the two national c enters as
identified in Strategic Imperative 1, and it shall include the capability to collate, assess, and integrate
vulnerability and consequence information with threat streams and hazard information to:
a. Aid in prioritizing assets and managing risks to critical infrastructure;
b. Anticipate interdependencies and cascading impacts;
c. Recommend security and resilience measures for critical infrastructure prior to, during, and
after an event or incident; and
d. Support incident management and restoration efforts related to critical infrastructure.
This function shall not replicate the analysis function of the IC or the National Counterterrorism Center,
nor shall it involve intelligence collection activities. The IC, DOD, DOJ, DHS, and other Federal
departments and agencies with relevant intelligence or information shall, however, inform this
integration and analysis capability regarding the Nation's critical infrastructure by providing relevant,
timely, and appropriate information to the national centers. This function shall also use information and
intelligence provided by other critical infrastructure partners, including SLTT and nongovernmental
analytic entities.
Finally, this integration and analysis function shall support DHS's ability to maintain and share, as a
common Federal service, a near real-time situational awareness capability for critical infrastructure that
�includes actionable information about imminent threats, significant trends, and awareness of incidents
that may affect critical infrastructure.
Innovation and Research and Development
The Secretary of Homeland Security, in coordination with the Office of Science and Technology Policy
(OSTP), the SSAs, DOC, and other Federal departments and agencies, shall provide input to align
those Federal and Federally-funded research and development (R&D) activities that seek to strengthen
the security and resilience of the Nation's critical infrastructure, including:
1) Promoting R&D to enable the secure and resilient design and construction of critical infrastructure
and more secure accompanying cyber technology;
2) Enhancing modeling capabilities to determine potential impacts on critical infrastructure of an
incident or threat scenario, as well as cascading effects on other sectors;
3) Facilitating initiatives to incentivize cybersecurity investments and the adoption of critical
infrastructure design features that strengthen all-hazards security and resilience; and
4) Prioritizing efforts to support the strategic guidance issued by the Secretary o f Homeland Security.
Implementation of the Directive
The Secretary of Homeland Security shall take the following actions as part of the implementation of
this directive.
1) Critical Infrastructure Security and Resilience Functional Relationships. Within 120 days of the date
of this directive, the Secretary of Homeland Security shall develop a description of the functional
relationships within DHS and across the Federal Government related to critical infrastructure security
and resilience. It should include the roles and functions of the two national critical infrastructure centers
and a discussion of the analysis and integration function. When complete, it should serve as a roadmap
for critical infrastructure owners and operators and SLTT entities to navigate the Federal Government's
functions and primary points of contact assigned to those functions for critical infrastructure security
and resilience against both physical and cyber threats. The Secretary shall coordinate this effort with
the SSAs and other relevant Federal departments and agencies. The Secretary shall provide the
description to the President through the Assistant to the President for Homeland Security and
Counterterrorism.
�2) Evaluation of the Existing Public-Private Partnership Model. Within 150 days of the date of this
directive, the Secretary of Homeland Security, in coordination with the SSAs, other relevant Federal
departments and agencies, SLTT entities, and critical infrastructure owners and operators, shall
conduct an analysis of the existing public-private partnership model and recommend options for
improving the effectiveness of the partnership in both the physical and cyber space. The evaluation
shall consider options to streamline processes for collaboration and exchange of information and to
minimize duplication of effort. Furthermore, the analysis shall consider how the model can be flexible
and adaptable to meet the unique needs of individual sectors while providing a focused, disciplined,
and effective approach for the Federal Government to coordinate with the critical infrastructure owners
and operators and with SLTT governments. The evaluation shall result in recommendations to enhance
partnerships to be approved for implementation through the processes established in the Organization
of the National Security Council System directive.
3) Identification of Baseline Data and Systems Requirements for the Federal Government to Enable
Efficient Information Exchange. Within 180 days of the date of this directive, the Secretary of Homeland
Security, in coordination with the SSAs and other Federal departments and agencies, shall convene a
team of experts to identify baseline data and systems requirements to enable the efficient exchange of
information and intelligence relevant to strengthening the security and resilience of critical
infrastructure. The experts should include representatives from those entities that routinely possess
information important to critical infrastructure security and resilience; those that determine and m anage
information technology systems used to exchange information; and those responsible for the security of
information being exchanged. Interoperability with critical infrastructure partners; identification of key
data and the information requirements of key Federal, SLTT, and private sector entities; availability,
accessibility, and formats of data; the ability to exchange various classifications of information; and the
security of those systems to be used; and appropriate protections for individual privacy and civil
liberties should be included in the analysis. The analysis should result in baseline requirements for
sharing of data and interoperability of systems to enable the timely exchange of data and information to
secure critical infrastructure and make it more resilient. The Secretary shall provide that analysis to the
President through the Assistant to the President for Homeland Security and Counterterrorism.
4) Development of a Situational Awareness Capability for Critical Infrastructure. Within 240 days of the
date of this directive, the Secretary of Homeland Security shall demonstrate a near real -time situational
awareness capability for critical infrastructure that includes threat streams and all-hazards information
as well as vulnerabilities; provides the status of critical infrastructure and potential cascading effects;
supports decision making; and disseminates critical information that may be needed to save or sustain
lives, mitigate damage, or reduce further degradation of a critical infrastructure capability throughout an
incident. This capability should be available for and cover physical and cyber elements of critical
infrastructure, and enable an integration of information as necessitated by the incident.
�5) Update to National Infrastructure Protection Plan. Within 240 days of the date of this directive, the
Secretary of Homeland Security shall provide to the President, through the Assistant to the President
for Homeland Security and Counterterrorism, a successor to the National Infrastruc ture Protection Plan
to address the implementation of this directive, the requirements of Title II of the Homeland Security
Act of 2002 as amended, and alignment with the National Preparedness Goal and System required by
PPD-8. The plan shall include the identification of a risk management framework to be used to
strengthen the security and resilience of critical infrastructure; the methods to be used to prioritize
critical infrastructure; the protocols to be used to synchronize communication and actions wi thin the
Federal Government; and a metrics and analysis process to be used to measure the Nation's ability to
manage and reduce risks to critical infrastructure. The updated plan shall also reflect the identified
functional relationships within DHS and across the Federal Government and the updates to the publicprivate partnership model. Finally, the plan should consider sector dependencies on energy and
communications systems, and identify pre-event and mitigation measures or alternate capabilities
during disruptions to those systems. The Secretary shall coordinate this effort with the SSAs, other
relevant Federal departments and agencies, SLTT entities, and critical infrastructure owners and
operators.
6) National Critical Infrastructure Security and Resilience R&D Plan. Within 2 years of the date of this
directive, the Secretary of Homeland Security, in coordination with the OSTP, the SSAs, DOC, and
other Federal departments and agencies, shall provide to the President, through the Assistant to the
President for Homeland Security and Counterterrorism, a National Critical Infrastructure Security and
Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other
relevant information to identify priorities and guide R&D requirements and investments. The plan
should be issued every 4 years after its initial delivery, with interim updates as needed.
Policy coordination, dispute resolution, and periodic in-progress reviews for the implementation of this
directive shall be carried out consistent with PPD-1, including the use of Interagency Policy Committees
coordinated by the National Security Staff.
Nothing in this directive alters, supersedes, or impedes the authorities of Federal departments and
agencies, including independent regulatory agencies, to carry out their functions and duties consistent
with applicable legal authorities and other Presidential guidance and directives, including, but not
limited to, the designation of critical infrastructure under such authorities.
This directive revokes Homeland Security Presidential Directive/HSPD-7, Critical Infrastructure
Identification, Prioritization, and Protection, issued December 17, 2003. Plans developed pursuant to
HSPD-7 shall remain in effect until specifically revoked or superseded.
�Designated Critical Infrastructure Sectors and Sector-Specific Agencies
This directive identifies 16 critical infrastructure sectors and designates associated Federal SSAs. In
some cases co-SSAs are designated where those departments share the roles and responsibilities of
the SSA. The Secretary of Homeland Security shall periodically evaluate the need for and approve
changes to critical infrastructure sectors and shall consult with the Assistant to the President for
Homeland Security and Counterterrorism before changing a critical infrastructure sector or a
designated SSA for that sector. The sectors and SSAs are as follows:
Chemical:
Sector-Specific Agency: Department of Homeland Security
Commercial Facilities:
Sector-Specific Agency: Department of Homeland Security
Communications:
Sector-Specific Agency: Department of Homeland Security
Critical Manufacturing: Sector-Specific Agency: Department of Homeland Security
Dams:
Sector-Specific Agency: Department of Homeland Security
Defense Industrial Base:
Sector-Specific Agency: Department of Defense
Emergency Services:
Sector-Specific Agency: Department of Homeland Security
Energy:
Sector-Specific Agency: Department of Energy
Financial Services:
Sector-Specific Agency: Department of the Treasury
Food and Agriculture:
Co-Sector-Specific Agencies: U.S. Department of Agriculture and Department of Health and
Human Services
Government Facilities:
Co-Sector-Specific Agencies: Department of Homeland Security and General Services
Administration
�Healthcare and Public Health:
Sector-Specific Agency: Department of Health and Human Services
Information Technology:
Sector-Specific Agency: Department of Homeland Security
Nuclear Reactors, Materials, and Waste:
Sector-Specific Agency: Department of Homeland Security
Transportation Systems:
Co-Sector-Specific Agencies: Department of Homeland Security and Department of
Transportation
Water and Wastewater Systems:
Sector-Specific Agency: Environmental Protection Agency
Definitions
For purposes of this directive:
The term "all hazards" means a threat or an incident, natural or manmade, that warrants action to
protect life, property, the environment, and public health or safety, and to minimize disruptions of
government, social, or economic activities. It includes natural disasters, cyber incidents, industrial
accidents, pandemics, acts of terrorism, sabotage, and destructive criminal activity targeting critical
infrastructure.
The term "collaboration" means the process of working together to achieve shared goals.
The terms "coordinate" and "in coordination with" mean a consensus decision-making process in which
the named coordinating department or agency is responsible for working with the affected departments
and agencies to achieve consensus and a consistent course of action.
The term "critical infrastructure" has the meaning provided in section 1016(e) of the USA Patriot Act of
2001 (42 U.S.C. 5195c(e)), namely systems and assets, whether physical or virtual, so vital to the
United States that the incapacity or destruction of such systems and assets would have a debilitating
impact on security, national economic security, national public health or safety, or any combination of
those matters.
�The term "Federal departments and agencies" means any authority of the United States that is an
"agency" under 44 U.S.C. 3502(1), other than those considered to be independent regulatory agencies,
as defined in 44 U.S.C. 3502(5).
The term "national essential functions" means that subset of Government functions that are necessary
to lead and sustain the Nation during a catastrophic emergency.
The term "primary mission essential functions" means those Government functions that must be
performed in order to support or implement the performance of the national essential functions befo re,
during, and in the aftermath of an emergency.
The term "national security systems" has the meaning given to it in the Federal Information Security
Management Act of 2002 (44 U.S.C. 3542(b)).
The term "resilience" means the ability to prepare for and adapt to changing conditions and withstand
and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from
deliberate attacks, accidents, or naturally occurring threats or incidents.
The term "Sector-Specific Agency" (SSA) means the Federal department or agency designated under
this directive to be responsible for providing institutional knowledge and specialized expertise as well
as leading, facilitating, or supporting the security and resilience programs and associated ac tivities of
its designated critical infrastructure sector in the all-hazards environment.
The terms "secure" and "security" refer to reducing the risk to critical infrastructure by physical means
or defense cyber measures to intrusions, attacks, or the effects of natural or manmade disasters.
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |