Presidential Decision Directive-63 (PDD-63) recognized the growing potential vulnerability of physical and cyber-based systems essential to the economy and government. As a result, the Department of the Navy (DON) Critical Infrastructure Protection (CIP) program was designed to develop, administer, and coordinate an enterprise-wide effort to:
• Identify mission essential infrastructures
• Assess their vulnerability
• Develop a coordinated physical and cyber indications and warning capability
• Take the necessary actions to ensure achievement of DON objectives during critical infrastructure loss
This DON CIP program, began in 1999, is actively pursuing outreach to regional and local commanders for education on the CIP construct, shown in Figure 1, to coordinate Naval Integrated Vulnerability Assessments (NIVA).
The CIP construct, which covers six phases of the self-renewing event cycle, includes infrastructure analysis and assessment, remediation, indications and warning, mitigation, response, and reconstitution. Each phase of this event cycle is crucial to the protection of DON critical infrastructures that support the warfighting mission.
DON CIP is committed to supporting regional and local installation commanders in assessing their physical and cyber-based mission critical assets, as well as those commercially owned supporting infrastructures upon which their warfighting mission depends. The assessment process takes place in the form of a NIVA, which looks at various existing elements and incorporates them into one comprehensive package. These elements include: Computer Network Defense, Physical Security and Force Protection, Continuity of Operations, and Commercial Dependencies.
Regional and local commanders should not only be concerned with protecting internal physical and cyber-based infrastructures, but should also be concerned about regional infrastructures owned and operated by private industry and state and local governments. This includes assets such as telecommunications; natural gas and petroleum suppliers; electricity; water; transportation; public works; emergency services; and others.
Identifying single points of failure outside the fence and taking remediation actions with the asset owners are critical to our mission accomplishment. The Joint Program Office for Special Technology Countermeasures is an integral part of the NIVA, identifying single points of service that could be vulnerable to loss through acts of terrorism and natural or man-made disasters. Regional and local commanders are encouraged to actively participate in regional infrastructure interdependency analyses and take corrective actions.
The DON CIP concept includes providing the Department's counterterrorism experts at the Naval Criminal Investigative Service (NCIS) with additional tools and outreach services sufficient to establish a model Indications and Warning (I&W) capability. A major contributor to this vision will be the DON CIP Data Management System (DMS), which is being developed as a central repository for all information about the Department's mission critical infrastructure.
The DON CIP DMS will reside in NCIS Headquarters at the Washington Navy Yard, and is intended to complement and enhance the existing counterterrorism capabilities of the NCIS. When this capability is operational, in the late summer of 2002, the NCIS will utilize it for analyzing intelligence information relating to the DON's mission critical assets. NCIS will use established notification capabilities to alert local commanders of impending threats.
The final key component to CIP, Consequence Management, involves dealing with the worst case scenario — mitigating the effects of a terrorist attack. The DON CIP Team is developing best of breed guidance for developing Continuity of Operations, Disaster Recovery, and Reconstitution Plans for use by local commanders in the event that the unthinkable occurs.
Draft guidance was released in early June with plans for CD-based help to be available in FY03. We look forward to assisting local commanders in setting up these elements of local mission assurance. By bringing high-level attention to the vulnerabilities within each of these CIP elements, the DON will be able to lend increased support at the local level.
The goal must be to protect the installation by recognizing the vulnerabilities and moving expeditiously to correct them. It is imperative that more senior level officials become involved in this process, thereby bringing the necessary attention to highlighting the importance of protecting the local mission—both inside and outside the fence line.
To date, successful tests of the NIVA concept have been performed in Hampton Roads, Va., the Pacific Northwest, and Southern California. In FY02 the DON is collaborating with government agencies in Virginia to conduct a NIVA covering the entire commonwealth.
A CIP Self-Assessment Tool has also been developed and copies have been sent to each installation and regional commander. The tool helps Navy and Marine Corps installation commanders identify vulnerabilities in mission critical infrastructures, as well as those commercially owned critical infrastructures supporting Naval efforts. It addresses physical and cyber antiterrorism, overviews objective methods of evaluating risk management, and even provides software to access “natural” threats for specific geographical locations. Local commanders are encouraged to perform their own independent vulnerability assessments and provide comments on the utility of Self-Assessment Tool to DON CIO.
The ultimate objective is an integrated CIP capability that provides DON warfighters with the assurance that infrastructures on which they depend will be available when needed.
For more information to the DON CIO website: www.doncio.navy.mil/ and click on Critical Infrastructure Protection from the site index.
Hun Kim is the DON special assistant for critical infrastructure protection.