[Presidential Decision Directives - PDD]

FOR OFFICIAL USE ONLY

The Department of Defense Critical Infrastructure Protection (CIP) Plan

A Plan in Response to
Presidential Decision Directive 63
"Critical Infrastructure Protection"

 

Prepared By:

DASD (Security and Information Operations)

Critical Infrastructure Protection Directorate

Approved:

_____________________________________

Deputy Secretary of Defense

18 November 1998

 

 

 

 

 

 

 

 

 

(page is intentionally blank)

 

Table of Contents

1. Executive Summary *

2. Critical Infrastructure Protection *

2.1 Background *

2.2 Scope and Purpose *

2.3 Key Terms and Concepts *

3. The National Structure for Critical Infrastructure Protection *

3.1 National Coordinator for Security, Infrastructure Protection and Counter-Terrorism *

3.2 Infrastructure Assurance Research and Development (R&D) Coordination *

3.3 National Infrastructure Assurance Council (NIAC) *

3.4 Critical Infrastructure Coordination Group (CICG) *

3.5 CICG National Defense Coordination Sub-Group *

3.6 Lead Agencies for Sector Liaison *

3.7 National Plan Coordination Office *

3.8 Information Sharing and Analysis Center (ISAC) *

3.9 National Communications System (NCS) *

3.10 National Security Telecommunications Advisory Committee (NSTAC) *

3.11 National Infrastructure Protection Center (NIPC) *

3.12 Lead Agencies for Special Functions *

4. The Department of Defense Structure and Responsibilities for Critical Infrastructure Protection *

4.1 DoD Critical Infrastructure Protection Responsibilities *

4.2 CIP Functional Coordinator for National Defense , DoD Chief Infrastructure Assurance Officer, and DoD Chief Information Officer *

4.3 DoD General Counsel [DoD(GC)] *

4.4 Chief Infrastructure Assurance Officer Council *

4.5 Chief Information Officer Council *

4.6 Lead Components for Defense Infrastructure Sector Assurance Coordination *

4.7 DoD Critical Asset Owners *

4.8 DoD Installations *

4.9 Lead Components for Coordination of DoD Special Functions *

4.10 Joint Task Force--Computer Network Defense (JTF-CND) *

4.11 DoD CIP Integration Activity (CIPIA) *

4.12 The CICG National Defense Coordination Sub-Group *

5. The DoD Critical Infrastructure Protection Life Cycle *

5.1 Infrastructure Analysis and Assessment *

5.2 Remediation *

5.3 Indications and Warning *

5.4 Mitigation *

5.5 Incident Response *

5.6 Reconstitution *

6. Implementation Schedule *

7. Program Resources *

Appendix A: Glossary A-*

Appendix B: National and Defense Critical Infrastructure Definitions B-*

Appendix C: DoD CIP Integration Activity (CIPIA) C-*

Appendix D: DoD Critical Asset Assurance Program (CAAP) D-*

Appendix E: Infrastructure Assurance Program (IAP) E-*

Appendix F: The Defense-wide Information Assurance Program (DIAP) F-*

Appendix G: Defense Infrastructure Sector Assurance Plans G-*

Appendix H: Table of Acronyms H-*

 

1. Executive Summary

The DoD has improved operational readiness through a comprehensive, fully integrated, and sustainable life cycle process for protection of those elements of defense, national, and global infrastructure essential to its operations. – DoD CIP Vision 2000

 

Presidential Decision Directive 63 (PDD 63), Critical Infrastructure Protection, was approved 22 May 1998, in response to the findings and recommendations of the President’s Commission on Critical Infrastructure Protection (PCCIP). The Directive states that certain national infrastructures, e.g., energy, information and communications, and banking and finance, are critical to the national and economic security of the United States and the well being of its citizenry, and that the United States will take all necessary measures to protect them. The Directive calls for a public-private partnership to provide protection, establishes a national organizational structure to effect that partnership (Figure 1-1), and directs the development of two sets of plans: each Federal department’s or agency’s plan to protect its portion of the Federal Government Critical Infrastructure and a comprehensive National Infrastructure Assurance Plan with input from all infrastructure sectors.

Figure 1-1. National Structure for Critical Infrastructure Protection

This document addresses how the Department of Defense (DoD) will protect its portion of the Federal Government Critical Infrastructure. Where appropriate, the DoD Critical Infrastructure Protection (CIP) program will capitalize on the work occurring under the DoD Antiterrorism Force Protection (AT/FP) Program, e.g., installation vulnerability assessments. CIP and Force Protection (FP) are complementary efforts. CIP protects assets and assures the viability of infrastructures critical to mission success. FP protects people, facilities and equipment from an installation viewpoint.

The DoD portion of the Federal Government Critical Infrastructure is defined as the defense-wide sectors that provide infrastructure services within the Department: Defense Financial Services; the Defense Information Infrastructure; Defense Logistics; Defense Transportation; Defense Space; Defense Personnel; Defense Health Affairs; Defense Public Works; Defense Command, Control, and Communications; Defense Intelligence, Surveillance and Reconnaissance; and Defense Emergency Preparedness.

The portion of the national infrastructure that directly supports the Defense Infrastructure is defined as the National Defense Infrastructure. As the CIP Functional Coordinator for National Defense, DoD is responsible for identifying the National Defense Infrastructure and working with the national CIP organizational structure and with the private sector to ensure its protection.

The Assistant Secretary of Defense (Command, Control, Communications, and Intelligence) (ASD(C3I)) is appointed the Department Chief Infrastructure Assurance Officer (CIAO) and the CIP Functional Coordinator for National Defense. In these roles, the ASD(C3I) is responsible both for protection of DoD critical infrastructure and for DoD participation in the national program. The ASD(C3I) is also the DoD Chief Information Officer.

Additionally, Lead Components for Defense Infrastructure Sector Assurance are established. Each Lead Component will appoint a Sector Chief Infrastructure Assurance Officer. The DoD and Sector CIAOs, together with the CIP Special Function Coordinators (i.e., Military Plans and Operations, Intelligence Support, International Cooperation, Research and Development, and Education and Awareness), and the Services comprise the DoD CIAO Council. The DoD CIAO will establish a CIP Integration Activity to support coordination among DoD CIP entities and a number of extant DoD programs with functions that contribute to CIP, e.g., the Critical Asset Assurance Program (CAAP), the Defense-wide Information Assurance Program (DIAP), and the Infrastructure Assurance Program (IAP). The DoD organizational structure for Critical Infrastructure Protection is illustrated in Figure 1-2.

The DoD Critical Infrastructure Protection Program will address the full life cycle of protection. The life-cycle phases are described below:

Infrastructure Analysis and Assessment. Coordinated identification of DoD, National Defense, and International Defense critical assets, their system and infrastructure configuration and characteristics, and the interrelationships among infrastructure sectors; assessment of their vulnerabilities; quantification of the relationship between military plans and operations and critical assets / infrastructures; and assessment of the operational impact of infrastructure loss or compromise.

Figure 1-2. DoD Structure for Critical Infrastructure Protection

Remediation. Deliberate precautionary measures undertaken to improve the reliability, availability, survivability, etc. of critical assets and infrastructure, e.g., emergency planning for load shedding, graceful degradation and priority restoration; increased awareness, training and education; changes in business practices or operating procedures, asset hardening or design improvements, and system level changes such as physical diversity, deception, redundancy and backups.

Indications and Warning. Tactical indications through the implementation of sector monitoring and reporting, strategic indications through Intelligence Community support, and warning in coordination with the National Infrastructure Protection Center (NIPC) in concert with existing DoD and national capabilities.

Mitigation. Pre-planned and coordinated operator reactions to infrastructure warning and/or incidents designed to reduce or minimize impacts; support and complement emergency, investigatory, and crisis management response; and facilitate reconstitution.

Response. Coordinated third party (not owner/operator) emergency (e.g., medical, fire, hazardous or explosive material handling), law enforcement, investigation, defense, or other crisis management service aimed at the source or cause of the incident. Response to infrastructure incidents involving Defense infrastructure will follow one of two paths: (1) affected Components and/or the Joint Task Force -- Computer Network Defense (JTF-CND) will defend against and respond to all cyber incidents in accordance with granted authorities and established operational procedures, or (2) affected Components will defend against and respond to all non-cyber incidents in accordance with granted authorities and established operational procedures.

Reconstitution. Owner/operator directed restoration of critical assets and infrastructure.

 

The DoD will achieve critical infrastructure protection through the development (November1999) and implementation (November 2000) of coordinated Defense Infrastructure Sector and Special Function plans. The DoD will fulfill its CIP National Defense responsibilities by participating in the interagency Critical Infrastructure Coordination Group (CICG), chairing the CICG National Defense Coordination Sub-Group, and supporting the NIPC.

 

2. Critical Infrastructure Protection

2.1 Background

Executive Order (EO) 13010, Critical Infrastructure Protection, dated July 1996, states that certain national infrastructures are critical to the national and economic security of the United States and the well being of its citizenry. These infrastructures are potentially vulnerable to disruption by acts of terrorism and information warfare and are considered to be likely targets of opportunity. The EO established the President’s Commission on Critical Infrastructure Protection (PCCIP) composed of both public and private sector representatives, and charged them to assess the threats and vulnerabilities to the Nation’s infrastructures and to recommend national policy and a strategy for protection.

The PCCIP submitted its report, Critical Foundations, in October 1997. An electronic version is available at www.pccip.gov. The PCCIP’s findings and conclusions can be summarized as follows:

• US infrastructures are currently vulnerable to disruptions by both physical and cyber means. The vulnerability is increasing because of the ease of access to physical and cyber weapons and capabilities, including weapons of mass destruction; the low cost of weapons and capabilities; the high economic and political value of the infrastructures; the low probability of detection given the relative anonymity of the infrastructure environments; and the low probability of reprisal given the relative immaturity of criminal codes applicable to infrastructure disruptions.
• These vulnerabilities are exacerbated by several business trends within the infrastructures: extensive cybernation or widespread use of information automation; deregulation and restructuring; physical consolidation; globalization; and adoption of a "just-in-time" operational tempo.
• The United States has no more than a three to five year window to implement a comprehensive national infrastructure protection program before these trends begin to affect national and economic security.
• There is a general lack of awareness among both the public and private sector regarding vulnerabilities.
• The interdependent nature of infrastructures creates a shared risk environment. Managing that risk will require a public-private partnership. There exist many legal, social, cultural, and economic impediments to the kind of public-private partnership necessary for national protection.

The PCCIP report was the basis for Presidential Decision Directive 63 (22 May, 1998), Critical Infrastructure Protection, which establishes national policy and an organizational structure for effecting a public-private partnership and for accomplishing the special protection functions that are inherently the responsibility of government. The national structure for critical infrastructure protection is described in Section 3 of this document. Electronic white papers and facts sheets are available at www.ciao.gov.

2.2 Scope and Purpose

This document responds to the PDD 63 tasking to each federal Department and Agency to develop a plan for protecting its portion of the Federal Government Critical Infrastructure, and to submit that plan to the National Coordinator for Security, Infrastructure Protection and Counter-Terrorism for interagency review. This document describes the way the DoD will organize to identify and protect DoD owned infrastructure assets, and how the Department will interact with entities in the national program to effect that protection. It also describes the way the Department will identify and coordinate assurance requirements for those elements of US government and national infrastructure that are critical to Defense operations (the National Defense Infrastructure) and for those elements of global infrastructure that are critical to Defense operations (the International Defense Infrastructure).

This document does not address responsibilities of DoD’s Antiterrorism Force Protection (AT/FP) Program. This document does not address the life-cycle protection of the National Infrastructure, National Defense Infrastructure (NDI) or International Defense Infrastructure (INDI); nor the Federal Government’s partnership with the private sector.

These issues will be addressed in the forthcoming National Infrastructure Assurance Plan, to which DoD will contribute.

Figure 2.1. National Infrastructure Assurance Plan

 

PDD 63 requires the implementation of Federal Government Critical Infrastructure Protection plans within two years, coinciding with an Initial Operating Capability (IOC) for the national program. Target Full Operating Capability (FOC) for the national program is five years. DoD will achieve protection of its portion of the Federal Government Critical Infrastructure through the development and implementation of a series of DoD Critical Infrastructure Protection Plans. This document is the first in that series and is intended to establish roles and responsibilities, initial resources, and oversight and coordination mechanisms. This plan is not intended in and of itself to be sufficient guidance for DoD Components to generate supporting plans, nor is it intended to be comprehensive in its delineation of CIP responsibilities for those DoD Components which also have national responsibilities, e.g., the Defense Intelligence Community.

2.3 Key Terms and Concepts

Infrastructure Assurance and Infrastructure Protection

Providing assurance and protection for DoD critical infrastructure is a complex problem. The complexity of the problem manifests itself in several ways:

• The lack of a shared understanding of the terminology, insufficiently precise terminology, and misuse of terminology
• The use of "infrastructure", "infrastructure assurance", and "infrastructure protection" terminology both in DoD and at the national level is abundant; however, there is a general lack of rigor necessary to convey meaning consistently, ensure methodical use, and promote a healthy maturation of the lexicon
• The variety of different and valid perceptions held by the Department’s and the nation’s leadership and its practitioners about the meaning and discipline of designing, evolving, assuring and protecting infrastructures
• The breadth of the communities and disciplines which must be engaged and their attendant specialized and unreconciled lexicons
• An apparent suspicion of the government’s motives and capabilities on the part of many of the private sector entities that own the national infrastructures upon which the nation and DoD depend

The national policy and strategy articulated in PDD 63 calls for both infrastructure assurance and infrastructure protection; however, it fails to consistently distinguish between the two. Prior to PDD 63, the prevailing usage of assurance and protection within DoD was consistent with the third definition listed below. However, one can view the title of PDD 63 as an indication that the national trend will be toward the fourth definition below. The DoD has begun to move in that direction with the naming of the newly established Critical Infrastructure Protection Directorate and with the defining of the protection life cycle in Section 5 of this document. While DoD uses the term "assurance" according to the third definition, in interagency activities we must consider the term "protection" as a synonym for "assurance." For those elements of the Department interacting with the interagency community, it is important to note that at least five competing meanings are emerging, and unfortunately, are being applied within single documents and discussions:

• Assurance and protection as interchangeable synonyms (also interchangeable with security)
• Assurance as an umbrella term for the activities of analysis, assessment and remediation and protection as an umbrella term for indications and warning and response

Section 5 of this document contains a more detailed discussion of these activities. The designation of mitigation and reconstitution as either assurance or protection is less clear, with mitigation being included somewhat more often in protection and reconstitution somewhat more often in assurance.

• Assurance as a comprehensive term that includes all activities (analysis, assessment, remediation, I&W, mitigation, response, and reconstitution) with protection a subset of these activities (indications and warning, mitigation, and response)

This usage is consistent with DoDD 5160.54, Critical Asset Assurance Program, and DoD information assurance policy and programs.

• Protection as a comprehensive term that includes all activities (analysis, assessment, remediation, I&W, mitigation, response, and reconstitution) with assurance as a subset of these activities (analysis, assessment, remediation and sometimes reconstitution)
• Assurance: the state of having confidence, of being free from doubt and uncertainty; satisfaction with the truth or certainty of a matter based on an understanding of the risks
  
  Protection: the state of being defended, safeguarded, or shielded from injury, loss, or destruction

The emerging national meaning of ‘infrastructure protection’ must necessarily include the concepts contained in the fifth definition. Clearly, the DoD must strive to understand the risks to critical infrastructures. It must also understand the risks to national security and national defense operations posed by dependence on fragile or vulnerable interdependent critical infrastructures. Likewise, DoD must strive to shield its own operations from infrastructure compromise or disruption, in addition to supporting any national effort directed at the protection of critical national infrastructures. Decisions regarding infrastructure safeguards must be based upon a systematic and scientific understanding of infrastructure risks and the value of infrastructure to national security and national defense operations. The challenge for the Department and for the national program is to develop the ability to articulate how our current and planned infrastructure assurance and protection capabilities fit in the context of National Security, Economic Security, and National Defense.

Vulnerability and Criticality

PDD 63 also calls for assessments of the vulnerability of critical infrastructures to both physical and cyber attack. These assessments are to include, as appropriate, "the determination of the minimum essential infrastructure in each sector," and remedial plans are to be developed based on these assessments. This begs the questions: essential or critical to whom or for what? The DoD Critical Asset Assurance Program (CAAP) views criticality (or minimum essential) as a function of time and situation for two classes of assets: (1) those assets necessary to maintain a defined level of service for a given window of time within an infrastructure sector, and (2) those assets necessary to connect identified users to that service. Service level, service duration, and service connectivity requirements are driven by the user. For DoD, the primary user is the military operator. Protection activities are investments aimed at improving the probability that those service requirements will be met. The challenge for the DoD CIP program is to have military requirements drive protection investments. To do so, the Department must develop the ability to directly relate the cost/benefit of protection to user requirements.

 

Assets, Infrastructures, and Interdependencies

In early 1997, prior to the issuance of PDD 63, the Deputy Secretary established the Critical Infrastructure Protection Working Group (CIPWG) and recommended that the new CAAP, developed to implement the requirements of Executive Order 12656, Assignment of Emergency Preparedness Responsibilities, also be the DoD mechanism for providing infrastructure assurance. They did so with an understanding that Defense Infrastructure is composed of assets which can be organized into sectors, as illustrated in Figure 2-2. An asset may be a simple contiguous facility with one geographic location or a complex asset composed of geospatially-distributed links and nodes. For example, the Global Command and Control System (GCCS) is a complex asset in the C3 defense infrastructure sector that is dependent on the Defense Information Infrastructure sector for services.

 

Appendices A and B contain additional terms and infrastructure definitions.

 

 

 

 

 

 

 

 

(page is intentionally blank)

3. The National Structure for Critical Infrastructure Protection

The national structure for CIP is established by PDD 63 and illustrated below.

Figure 3-1. National Structure for Critical Infrastructure Protection

 

Key entities of the national CIP structure include the following:

3.1 National Coordinator for Security, Infrastructure Protection and Counter-Terrorism

The National Coordinator reports to the President through the Assistant to the President for National Security Affairs (i.e., National Security Advisor). The National Coordinator provides budget advice and ensures interagency coordination for policy development, implementation, and crisis management.

3.2 Infrastructure Assurance Research and Development (R&D) Coordination

The Office of Science and Technology Policy (OSTP) in the Executive Office of the President is responsible for coordinating a national portfolio for infrastructure assurance research and development through the National Science and Technology Council (NSTC). An NSTC Interagency Working Group (IWG) for CIP R&D is co-chaired by OSTP and deputy co-chaired by DoD and Department of Commerce. The Directorate of Defense Research and Engineering (DDR&E) provides the DoD deputy co-chair.

3.3 National Infrastructure Assurance Council (NIAC)

An advisory panel of major infrastructure providers and state and local government officials is to be appointed by the President to serve as the NIAC. The NIAC will enhance the partnership of the public and private sectors in protecting the nation’s critical infrastructures and will provide reports to the President. Senior Federal Government officials will participate in NIAC meetings, as appropriate.

3.4 Critical Infrastructure Coordination Group (CICG)

The Sector Liaison Officials and Functional Coordinators, as well as representatives from other relevant Federal departments and agencies, including the National Economic Council, meet as the CICG to coordinate the implementation of PDD 63. The National Coordinator chairs the CICG. All Lead Agencies are required to establish and chair CICG sub-groups to address assigned responsibilities.

3.5 CICG National Defense Coordination Sub-Group

A permanent sub-group to the CICG for coordination of National Defense related issues. Its purpose is to assist the Functional Coordinator for National Defense in the planning and provision of infrastructure services required for national defense under all circumstances, including crisis or emergency, attack, recovery, and reconstitution. The DoD Director for Critical Infrastructure Protection chairs the sub-group. Proposed membership is provided in Section 4 of this document.

3.6 Lead Agencies for Sector Liaison

For each infrastructure, a single US Government department serves as the Lead Agency for liaison with the private sector for infrastructure assurance. Each Lead Agency appoints a senior official of Assistant Secretary rank or higher to serve as the Sector Liaison for that area and to cooperate with the private sector representatives (i.e., Sector Coordinators). The national critical infrastructures are described in Appendix B.

3.7 National Plan Coordination Office

A National Plan Coordination (NPC) Office staff will be contributed on a non-reimbursable basis by the Federal departments and agencies. Additionally, each Lead Agency for Sector Assurance will work with its sector to develop a sector assurance plan. The NPC staff will integrate the various sector plans into the National Infrastructure Assurance Plan (NIAP) and coordinate analyses of the US Government’s own dependencies on critical infrastructures. Within 180 days of the issuance of the PDD, a schedule for completion of the NIAP will be submitted to the President. NPC staff will also help coordinate a national education and awareness program, and legislative and public affairs. The National Plan Coordination Office is located in the Department of Commerce where, subsequent to the approval of the PDD, it has been renamed the Critical Infrastructure Assurance Office (CIAO). The Critical Infrastructure Assurance Office is distinct from and should not be confused with Federal Department and Agency Chief Infrastructure Assurance Officers (CIAOs).

3.8 Information Sharing and Analysis Center (ISAC)

The National Coordinator, working with the Sector Coordinators, Sector Liaison Officials, and the National Economic Council will consult with the owners and operators of the critical infrastructures to encourage creation of a private sector information sharing and analysis center. Such a center could serve as a mechanism for gathering, analyzing, appropriately sanitizing, and disseminating private sector information and information received from the NIPC regarding critical infrastructure protection, including information about vulnerabilities, threats, intrusions, and anomalies. Within 180 days of issuance of the PDD, the National Coordinator, with the assistance of the CICG, including the National Economic Council, will identify possible methods of providing Federal assistance to facilitate the startup of the ISAC.

3.9 National Communications System (NCS)

The NCS is an interagency organization initially established in 1963, and re-chartered by Executive Order 12472 in April 1984, to assist the Executive Office of the President in exercising wartime and non-wartime emergency telecommunications responsibilities. The mission of the NCS is to coordinate the planning for and provisioning of national security and emergency preparedness (NS/EP) communications for the Federal Government under all circumstances. The NCS consists of the telecommunications assets of twenty-three Federal departments and agencies. The Secretary of Defense is the Executive Agent of the NCS.
PDD 63 affirmed that, while the Department of Commerce is the lead agency for information and communications, DoD will retain its Executive Agent responsibilities for the NCS.

3.10 National Security Telecommunications Advisory Committee (NSTAC)

The NSTAC was created by Executive Order 12382 in September 1982, to provide industry-based analyses and recommendations to the President regarding policy and enhancements to NS/EP telecommunications. The NSTAC is composed of up to thirty chief executives, appointed by the President, representing elements of the Nation’s telecommunications industry, including the information services, electronics, aerospace and banking sectors. DoD, as Executive Agent of the NCS, provides technical, executive and administrative support to the NSTAC. This responsibility was reaffirmed by PDD 63.

3.11 National Infrastructure Protection Center (NIPC)

The NIPC serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC staff includes representatives from the Federal Bureau of Investigation (FBI) and investigators from other agencies experienced in computer crimes and infrastructure protection, as well as representatives detailed from DoD, the Intelligence Community and Lead Agencies. All executive departments and agencies are to cooperate with the NIPC providing such assistance, information, and advice as the NIPC may request, consistent with applicable legal authorities. The NIPC provides the principal means of facilitating and coordinating the Federal Government’s response to infrastructure incidents, mitigating attacks, investigating threats, and monitoring reconstitution efforts. The NIPC may be placed in a direct support role to either DoD or the Intelligence Community, depending on the nature and level of a foreign threat or attack, protocols established between special function agencies (DoD, Department of State [DoS], Central Intelligence Agency [CIA] and Department of Justice [DoJ]), and the ultimate decision of the President.

3.12 Lead Agencies for Special Functions

Certain functions related to critical infrastructure protection must be performed chiefly by the Federal Government (national defense, foreign affairs, intelligence, and law enforcement). Each Lead Agency appoints a senior official of Assistant Secretary rank or higher to serve as Functional Coordinator for the Federal Government. DoD is the CIP Functional Coordinator for National Defense.

4. The Department of Defense Structure and Responsibilities for Critical Infrastructure Protection

The DoD organizational structure for critical infrastructure protection must reflect, complement, and effectively interact with the national structure for CIP which is established by PDD 63 and described in the preceding section of this document. The DoD organizational structure is established by this document and is illustrated below.

Figure 4-1. DoD Organizational Structure for Critical Infrastructure Protection

4.1 DoD Critical Infrastructure Protection Responsibilities

For critical infrastructure protection, DoD has responsibility to:

• Identify DoD owned critical assets and infrastructure and provide assurance through analysis, assessment, and remediation
• Identify National Defense Infrastructure (NDI) and International Defense Infrastructure (INDI) requirements to industry and other government agencies and monitor their inclusion in protection planning
• Address in DoD acquisitions the assurance and protection of commercial assets and infrastructure services that are critical for DoD operations
• Assess the potential impact to DoD operations (military and support) that would result from the loss or compromise of infrastructure services
• Embrace prudent business and operational planning practices to mitigate the potential impact of the loss or compromise of infrastructure services
• Monitor DoD operations and detect and respond to infrastructure incidents
• Provide Department Indications and Warning (I&W) as part of the national I&W process
• Support national critical infrastructure protection

4.2 CIP Functional Coordinator for National Defense , DoD Chief Infrastructure Assurance Officer, and DoD Chief Information Officer

ASD(C3I) is responsible for CIP policy and executive direction, and, in accordance with PDD 63, will serve in the following roles:

• Critical Infrastructure Protection Functional Coordinator for National Defense and the DoD representative on the interagency Critical Infrastructure Coordination Group
• DoD Chief Information Officer (CIO), responsible for information assurance
• DoD Chief Infrastructure Assurance Officer (CIAO), responsible for protection of all other aspects of DoD critical infrastructures not addressed by information assurance

The ASD(C3I) will ensure all DoD critical infrastructure protection needs are identified and satisfied in a timely, effective, and efficient manner, will advocate and support appropriate funding initiatives under the CIP program, and will ensure DoD General Counsel review of critical infrastructure related matters.

The Director for Critical Infrastructure Protection within ASD/C3I will directly support the DoD CIAO and, through the establishment and management of the DoD CIP Integration Activity, will provide integration at two levels:

• Integration of the activities of the various DoD CIP organizational entities identified in this document
• Integration of extant DoD programs which will either contribute to or be realigned into a single comprehensive DoD Critical Infrastructure Protection program

Among such programs are the Critical Asset Assurance Program, the Infrastructure Assurance Program and the Defense-wide Information Assurance Program.

The DoD contingent to the NIPC is responsible for ensuring the integration of intelligence, counter-intelligence, and law enforcement in support of DoD critical infrastructure protection.

4.3 DoD General Counsel [DoD(GC)]

The DoD General Counsel [DoD(GC)] is responsible for legal review of critical infrastructure related matters.

4.4 Chief Infrastructure Assurance Officer Council

The Chief Infrastructure Assurance Officer Council will provide executive oversight for the implementation of the DoD CIP Plan and advice to the ASD(C3I) regarding responsibilities as CIAO, CIO, and CIP Functional Coordinator for National Defense. The CIAO Council will be composed of senior department officials. The CIAO Council will be chaired by the ASD(C3I). Membership will include: Defense Sector Chief Infrastructure Assurance Officers (Sector CIAOs); Defense Special Function Coordinators; the Military Services; the Joint Staff; the JTF-CND Commander; the Manager, National Communications System; the Under Secretary of Defense (Comptroller) [USD(C)]; and the DoD(GC). The CIP Directorate will provide executive secretary support to the CIAO Council.

4.5 Chief Information Officer Council

The DoD CIO Council was established in 1997 as the principal DoD forum to advise the Secretary and Deputy Secretary of Defense on the full range of matters pertaining to information technology (IT); to exchange pertinent information and discuss issues regarding DoD IT and IT management; and to coordinate the implementation of DoD activities under Division E (Information Technology Management Reform) of the Clinger-Cohen Act of 1996 (Public Law 104-106). For purposes of the CIO Council charter, the term "IT" encompasses both IT and national security systems (NSS) as defined in the Act. CIO Council members include the DoD CIO, the CIOs for the Departments of Air Force, Army and Navy; the Under Secretary of Defense for Acquisition and Technology [USD(A&T)]; the Under Secretary of Defense for Policy [USD(P)]; the USD(C); Director, Program Analysis and Evaluation [Director, PA&E]; CIO, Marine Corps; Director, Command, Control, Communications, and Computers, Joint Staff (J-6), and the Deputy CIO, DoD.

4.6 Lead Components for Defense Infrastructure Sector Assurance Coordination

Defense operations are supported by complex, interrelated, and decentralized networks of systems and services without single points of management that traverse DoD organizational boundaries. These support networks or defense infrastructure sectors research, design, develop, and produce defense-unique goods and services. They also acquire, add value to, assemble, and extend commercial services to defense operators.

The defense infrastructures share the vulnerabilities of the national infrastructures and have some unique vulnerabilities as well. They are also subject to the same business forces that exacerbate those vulnerabilities in the private sector. The defense infrastructure sectors are further described in Appendix B. Lead Components for DoD Infrastructure Sectors provide single focal points for planning and coordination of assurance activities within each sector.

 

Coordination is established as follows:

Defense Infrastructure Sector	Lead Component for Sector Assurance Coordination
Financial Services	Defense Finance and Accounting Service
Transportation	US Transportation Command
Public Works	US Army (Corps of Engineers)
Defense Information Infrastructure Command, Control, and Communications (C3)	Defense Information Systems Agency
Intelligence, Surveillance and Reconnaissance	Defense Intelligence Agency
Health Affairs	OASD, Health Affairs
Personnel	Defense Human Resources Agency
Emergency Preparedness	US Army (Director of Military Support)
Space	US Space Command
Logistics	Defense Logistics Agency

Responsibilities of the Lead Components for Sector Assurance Coordination include but are not limited to:

• Appointment of a senior official at the Flag / SES rank to serve as the Sector Chief Infrastructure Assurance Officer (CIAO) and to represent the sector on the CIAO Council
• Identification of the sector’s critical assets, to include NDI and INDI, and defense infrastructure characterization of the sector (see Section 5.1)
• Coordination with all DoD Components that own and/or operate elements of the sector to develop and implement a Sector Assurance Plan, which includes sector monitoring and reporting. General requirements for Sector Assurance Plans are at Appendix G
• Cooperation with the JTF-CND and the CIP Integration Activity in infrastructure protection and integration activities
• If applicable, participation in the CICG National Defense Coordination Sub-Group in order to coordinate with and monitor the activities of national Lead Agencies in support of NDI and INDI protection
• Appropriate legal review for assigned critical infrastructure matters

4.7 DoD Critical Asset Owners

Critical assets fall into four broad categories:

• DoD assets that support Force Projection or other Military Plans and Operations
• DoD assets that are components of defense infrastructure sectors
• DoD assets that support the site, installation or unit
• NDI or INDI assets that support DoD critical assets

DoD critical assets will be the focus of implementation for the majority of DoD protection activities.

Heads of Components are responsible for:

• Assuring the availability, integrity, survivability and adequacy of critical assets IAW DoD Directive 5160.54, DoD Critical Asset Assurance Program (CAAP), 20 January 1998; the Defense-wide Information Assurance Program (DIAP), information assurance policy and programs; and the guidelines established in this document
• Cooperating with the applicable DoD Sector CIAO and Special Function Coordinators in the planning, coordinating, and execution of assurance activities
• Monitoring and reporting the assurance status of critical assets in accordance with Sector CIAO guidance and the Sector Assurance Plan

4.8 DoD Installations

DoD installations occupy a special place in the CIP organizational structure in that they are the Department’s primary interface with host nation, federal, state and local law enforcement, emergency services personnel, and commercial infrastructure providers. DoD installations are likely to be the first to identify and react to infrastructure incidents.

Heads of Components will ensure that commanders of DoD installations worldwide review and support the assurance requirements of DoD Critical Asset Owners IAW DoDD 5160.54 and the guidelines of this document.

CIP efforts will closely coordinate with DoD’s Antiterrorism Force Protection (AT/FP) Program. CIP and Force Protection are complementary. CIP’s major concern is assuring the viability of infrastructures critical to mission success, whereas Force Protection has an installation viewpoint with emphasis on protecting people, facilities, and equipment. The Antiterrorism Force Protection Program has instituted Joint Staff Integrated Vulnerability Assessments (JSIVA) to review installation AT/FP programs. The JSIVAs look at physical security measures, AT/FP training, operational intelligence fusion, structures, and plans for responding to terrorist incidents. DoD’s CIP program will utilize these vulnerability assessments to preclude the potential for duplicative effort.

4.9 Lead Components for Coordination of DoD Special Functions

Lead Components for certain special functions are established to interface with the equivalent national Functional Coordinators and to coordinate all activities related to the function within the Department of Defense. The following table assigns the DoD Lead Components for these special functions.

Special Function	DoD Lead Component	National Lead Agency or Office of Primary Responsibility
Military Plans and Operations	Joint Staff	NA
International Cooperation (National = Foreign Affairs)	Under Secretary of Defense for Policy	Department of State
Intelligence Support (National = Foreign Intelligence)	Defense Intelligence Agency	Central Intelligence Agency
Research and Development	Director of Defense Research and Engineering	Office of Science and Technology Policy
Education and Awareness	National Defense University	Critical Infrastructure Coordination Group

Lead Component for Coordination with Military Plans and Operations

The primary focus of the DoD CIP program is the shielding or safeguarding of DoD operations from infrastructure compromise or disruption. The Joint Staff will take the lead, working with the Military Services and the DoD CIP organizational structure to ensure the following are incorporated into the military deliberate and crisis action planning process:

• Capability to quantify operational requirements for infrastructure services and to communicate those requirements by plan or operation to the defense infrastructure service providers
• Capability to identify operational dependencies upon and connectivity to infrastructures and to account for those dependencies in operational planning
• Capability to monitor infrastructure readiness and availability in preparation for and during operations

International Cooperation

International cooperation in critical infrastructure protection issues and information exchange is pursued in coordination with the national CIP program with other nations, international organizations, and industrial security officials of nations with multinational corporations within their borders. Objectives may include, but are not limited to the following:

• Improving infrastructure assurance and emergency planning at military and supporting sites outside the United States
• Supporting intelligence activities
• Improving cooperation for incident response
• Understanding the impact of globalization on US infrastructure
• Ensuring that Defense Security Service (DSS) implementation mechanisms are appropriately included in existing and future international agreements whenever CIP and/or Information Assurance are addressed

Any applicable international agreements are distributed from Office of the Under Secretary of Defense - Policy [OUSD(P)] to the JTF-CND, DIA, the CIP Integration Activity, and affected DoD components. The CIP Integration Activity incorporates the agreements into the DoD CIP process and coordinates new requirements, which are passed to OUSD(P) for action. DSS will participate in the CIP Integration Activity to provide advice and support for implementing international industrial security related arrangements.

Intelligence Support

In addition to and complementing its national CIP responsibilities, the entire Defense Intelligence Community will work together under the leadership of the DoD Functional Coordinator for Intelligence Support and provide intelligence support to the Department of Defense in protection of the Defense portion of Federal Government Critical Infrastructure. The DoD Functional Coordinator for Intelligence Support will develop an annual CIP Intelligence Support Plan for consolidation into the DoD CIP Plan, and will provide status to the DoD CIAO Council on its implementation. The CIP Intelligence Support Plan will address the Defense Warning System (DWS), Alert & Notification, specific roles and responsibilities within the Defense Intelligence Community, and interfaces with the national Intelligence Community in the provision of:

• Timely and accurate state, non-state, (domestic and foreign), and individual (domestic and foreign) threat assessments, to include intentions and specific capabilities
• Indications and warning of all potential attacks to those elements of defense, national and global infrastructures essential to defense operations

This includes advice and support to Sector CIAOs in the development of defense infrastructure sector monitoring and reporting.

• Effective crisis management support for all contingencies affecting the security of those elements of defense, national and global infrastructures essential to defense operations
• Effective counter-intelligence in defense of those elements of defense, national and global infrastructures essential to defense operations

Support to the DoD contingent of the NIPC in the integration of intelligence, counter-intelligence, and law enforcement.

Research and Development

The Department of Defense will develop and manage an infrastructure and information assurance and protection research and development portfolio that complements and leverages the national portfolio. The Office of Director, Defense Research and Engineering will coordinate with the DoD CIAO, CIP Integration Activity, Sector CIAOs, and Service/Agency research and development activities to formulate a CIP DoD research and development agenda responsive to the Defense Sector and critical interdependency R&D needs. Additionally, the ODDR&E will coordinate with R&D activities ongoing within the DIAP, CAAP, IAP, and other programs that are identified to be CIP related. The CIP DoD R&D agenda will leverage ongoing research in DoD and the Federal Government. The ODDR&E, as the DoD representative and deputy co-chair to the National CIP R&D Interagency Working Group, will provide feedback and advice to the CIAO and Council regarding national issues and initiatives. The ODDR&E will reconcile the DoD agenda with the national R&D agenda and provide DoD input to the national agenda.

Education and Awareness

Although education and awareness may rightly be considered everyone’s responsibility, a comprehensive education and awareness strategy is essential for a successful DoD CIP program. The PCCIP Critical Foundations report repeatedly stresses the systemic lack of awareness regarding infrastructure vulnerabilities and PDD 63 calls for a national education and awareness program.

The National Defense University (NDU) will provide advice and assistance to the CIAO in assessing DoD education and awareness requirements and will develop and maintain the CIAO Education Program, which may be modeled after or combined with the CIO Certificate Program. The NDU may be tasked to assist in the development of any special education or training required for CIP crisis management personnel, e.g., those personnel assigned to the NIPC. The NDU will support both DoD and national CIP policy and strategy formulation and executive leadership development through periodic "infrastructure games." Additional information on the DoD CIO Certificate Program is available electronically at www.ndu.edu/irmc.

4.10 Joint Task Force--Computer Network Defense (JTF-CND)

The Joint Task Force – Computer Network Defense is the primary DoD agent for the defense of DoD computer networks. In this role, the JTF will perform a variety of activities designed to synchronize technical, operational, and intelligence assessments of the nature of a computer network attack. The JTF will within the services and agencies, coordinate, and if necessary, direct the DoD response to a computer network attack (CNA) to limit the scope or impact of an attack, and coordinate and direct as required, actions to restore network functionality. Finally, the JTF will plan defensive measures to deter and defeat future computer network attacks. JTF-CND operations will be coordinated with the Services, unified Commands, DoD agencies, Joint Staff/OSD, law enforcement agencies, and the National Infrastructure Protection Center (NIPC). JTF-CND directive authority will flow from the Secretary of Defense for implementation by the task force. DISA will be the core and host of the JTF-CND.

4.11 DoD CIP Integration Activity (CIPIA)

The DoD CIP Integration Activity, under the policy guidance and oversight of the Director, Critical Infrastructure Protection and with the full time liaison of domain experts for the defense infrastructures, military operations and planning, infrastructure analysis and information assurance, will provide a common management environment within which the Critical Asset Assurance, Defense-wide Information Assurance, and Infrastructure Assurance Programs are planned, coordinated, implemented, and administered. The CIPIA will leverage these programs to assist the Sector CIAOs in the development of Sector Assurance Plans and the Special Function Coordinators in the development of annual CIP support plans. The CIPIA will support the integration of these plans into an overall DoD CIP plan and into the deliberate and crisis action planning process, and it will support the implementation of the DoD CIP Plan. Additionally, the CIPIA will:

• Coordinate with, and where appropriate, provide direct support to the JTF-CND or affected Component(s) responsible for the conduct of defensive operations in response to significant attacks on Defense Infrastructure
• Support the Sector CIAOs, Components, the JTF-CND, and the Defense Intelligence Community in the integration and implementation of defense infrastructure monitoring and reporting
• Map Defense Infrastructure to the National and International Defense Infrastructures
• Perform infrastructure interdependency analyses
• Prepare and coordinate DoD responses to the Critical Infrastructure Coordination Group, its sub-groups, or other interagency entities on behalf of the CIP Functional Coordinator and to the NIPC for other than operations affecting the JTF-CND
• Coordinate the activities of the DoD Lead Components with the national Lead Agencies and other interagency working groups
• Prepare and coordinate DoD input to the National Infrastructure Assurance Plan, interface with the National Plan Coordination Office, and function as the primary DoD interface to the national Information Sharing and Analysis Center(s)
• Support the development and administration of the Critical Asset Assurance Program
• Coordinate with and leverage other related DoD programs, e.g., Force Protection
• Coordinate and integrate infrastructure protection and information assurance

For information assurance, the DoD will be organized in accordance with the Defense-wide Information Assurance Program (DIAP), approved January 1998.

The differences and interrelationships among the Critical Asset Assurance Program, the Defense-wide Information Assurance Program and Critical Infrastructure Protection are illustrated in Figure 4-2. Further discussion of the CIP Integration Activity is provided at Appendix C. Additional information on the CAAP, IAP, and DIAP is available at Appendices D-F.

Differences and Interrelationships
CAAP	DIAP	CIP
Identifies Critical Assets (physical and information) By DI Sector By Military Plan/Op By site, installation, or unit Provides business case for asset assurance investments Reconciles Component and Sector assurance activities Coordinates engineering standards for physical assurance designs, practices, and countermeasures Provides integrated risk management decision support environment	Assists in identifying critical assets in the DII and C3 sectors Determines required level of information assurance for critical information assets in all DI sectors Provides business case for information assurance investments, especially shared risk remediation investments Provides engineering standards for information assurance designs, practices, and countermeasures	Determines interrelationships among assets (both physical and information) within sectors and among sectors. Determines required level of infrastructure assurance for all DI sectors. Provides business case for infrastructure protection investments, especially I&W, Mitigation, & Response Links DI sectors to Military Plans and Ops Links DI CIP to national CIP

Figure 4-2. CAAP, DIAP, CIP Differences and Interrelationships

4.12 The CICG National Defense Coordination Sub-Group

The Director for Critical Infrastructure Protection will chair a permanent sub-group to the interagency Critical Infrastructure Coordination Group (CICG) for coordination of National Defense related issues. The Sub-Group will assist the Functional Coordinator for National Defense in the planning for and provision of infrastructure services required for national defense under all circumstances, including crisis or emergency, attack, recovery and reconstitution. This sub-group will link DoD Critical Infrastructure Protection efforts to national efforts and provide the mechanism for addressing national defense requirements in the national infrastructure sectors. Specifically, the sub-group will ensure that the National Defense Infrastructure identified by the DoD CIP program is incorporated in the national Sector Assurance Plans and in the NIAP.

Figure 4-3. Interrelationships Between DoD CIP Plan and NIAP

 

Proposed membership for the CICG National Defense Coordination Sub-Group is listed on the following page.

 

 

National		Defense
SECTOR LIAISON	Dept of Treasury – Banking and Finance	Defense Finance & Accounting Service (DFAS) – Defense Financial Services
	Dept of Energy - Electric Power and Oil and Gas Storage and Distribution Environmental Protection Agency – Water Supply	U.S. Army (Corps of Engineers) – Defense Public Works (includes all installation level utilities, e.g., electric power, fuels, and water supply)
	Dept of Transportation – all transportation sub-sectors	U.S. Transportation Command (USTRANSCOM) – Defense Transportation
	National Communications System – Telecommunications for National Security and Emergency Preparedness Dept of Commerce – Information and Communications	Defense Information Systems Agency (DISA) – the Defense Information Infrastructure (DII) and Command, Control and Communications (C3)
	Federal Emergency Management Agency – Continuity of Government Services and Emergency Fire Protection Services Dept of Justice/FBI – Emergency Law Enforcement Services	U.S. Army (Directorate of Military Support) – Emergency Preparedness
	Department of Health and Human Services – Public Health	Assistant Secretary of Defense (Health Affairs) – Health Affairs
National		Defense
SPECIAL FUNCTIONS	Department of State – Foreign Affairs	Under Secretary of Defense for Policy – International Cooperation
	Central Intelligence Agency – Foreign Intelligence	Defense Intelligence Agency – Intelligence Support
	Department of Justice/FBI – Law Enforcement and Internal Security	Joint Staff – Military Plans and Operations
	National Infrastructure Protection Center – Warning and Response	Joint Task Force - Computer Network Defense (JTF-CND) – Warning and Response
	Office of Science and Technology Policy – Research and Development	Directorate of Defense Research and Engineering (DDR&E) – Research and Development

 

 

 

 

 

 

 

 

 

(page is intentionally blank)

5. The DoD Critical Infrastructure Protection Life Cycle

The DoD has improved operational readiness through a comprehensive, fully integrated and sustainable process of life-cycle protection for those elements of defense, national, and global infrastructures essential to DoD. – DoD CIP Vision 2000

The six life cycle phases – Infrastructure Analysis and Assessment, Remediation, Indications and Warning, Mitigation, Response, and Reconstitution – span activities that occur before, during, and after events which may result in infrastructure compromise or disruption. As shown in the figure, Infrastructure Analysis and Assessment, Remediation, and Indications and Warning primarily occur before events. Mitigation occurs both before and during events. Response occurs during events, and Reconstitution may start during events but is generally concentrated afterward. The figure also shows which entities within the DoD and national organizational structures have primary assurance or protection responsibilities in which phases. Supporting and coordinating entities have responsibilities throughout the life cycle that will be described later in this section. The activities of national CIP entities in this section represent current understanding and planning assumptions, and are included to provide a context for DoD activities. This characterization of the activities of national CIP entities is intended to be neither comprehensive nor directive in nature. Figure 5-1 illustrates the DoD CIP life cycle.

	Before Event				During Event			After Event
	Analysis & Assessment	Remediation	Indications and Warning1	Mitigation		Response	Reconstitution
Critical Asset Owners	u	u	u	u			u
DoD Installations	u	u	u	u		u	u
DI Sector CIAOs	u	u	u	u			u
JTF-CND			u			u
NIPC	u		u			u
Natl Sector Liaison Officials	u	u	u	u			u
1 Critical Asset Owners, DoD Installations, Defense Infrastructure Sector CIAOs and National Sector Liaison Officials are responsible for monitoring critical assets and infrastructure sectors and for reporting incidents, which may be indicators.

Figure 5-1. The DoD Critical Infrastructure Protection Life Cycle

Effective life cycle management will ensure that protection activities can be coordinated and reconciled among all entities; best practices can be exchanged; and DoD Critical Asset Owners, DoD installations, Sector CIAOs, and military planners and operators continuously share a coherent and information-rich risk-based decision framework. DoD must have the capability to make the protection profile of all critical assets visible and known to all appropriate defense users during every phase of their protection life cycle and during the transition from one phase to the next. Decisions and investments in each phase must be made in consideration of and balanced by investments in the remaining phases.

Within each cell of this life cycle matrix, the responsible entity will be able to select among protection activities ranging from immediate and low-to-no cost, e.g., increased awareness, to programmed asset or infrastructure improvements. An increasing number of protection activities will be aimed at the risks inherent in shared environments, and therefore require collaboration among entities to be effective. Some protection activities will have prerequisites, that is, activities must build upon one another. Protection activities that have a cumulative effect may be grouped within a single cell, down a given column, across a given row, or across multiple rows and columns.

5.1 Infrastructure Analysis and Assessment

The Infrastructure Analysis and Assessment phase encompasses a continuum of activities:

Critical Asset Identification

Through coordinated domain expertise and inspection, assets that are critical for military operations or defense infrastructure operations are identified to the Critical Asset Assurance Program Critical Assets and include DI, NDI, and INDI components. The CAAP will have the capability to associate criticality attributes to the asset and to derive a criticality index for planning.

Defense Infrastructure Characterization

Through coordinated domain expertise and the application of systems engineering and analysis methods and modeling and simulation technologies, critical asset functions and relationships within a defense infrastructure sector are mapped and associated with the critical assets in the Critical Asset Assurance Program Defense Infrastructures are also mapped to the National and International Defense Infrastructures.

Operational Impact Analysis

Through the development of operational dependency matrices and the application of operations research methods, the relationship between military plans and operations and critical assets is established along with the service level requirements such as maximum allowable down time. This information is associated with both the military plan/operation and the critical asset. Potential operational impacts and service level requirements will be reflected in the asset’s criticality attributes and criticality index.

Vulnerability Assessment

Through CAAP, all critical assets will have an associated baseline vulnerability index which is calculated from inputs associated with the class of asset and geographic region (i.e., probability of natural disasters, criminal or national security events, technological failures, etc.). Information regarding asset operational readiness and emergency preparedness will be associated with the critical asset and factored into the vulnerability index rating. Asset operational readiness and emergency preparedness information may be provided by the asset owner, the host installation, the Sector CIAO, or by various Defense programs (e.g., National Industrial Security Program).

Interdependency Analysis

Through coordinated domain expertise and the application of systems engineering and analysis methods and modeling and simulation technologies, functions and relationships among defense infrastructure sectors will be mapped. The criticality attributes of current critical assets may be updated and additional critical assets may be identified to the Critical Asset Assurance Program.

Infrastructure Analysis and Assessment Activities by Organizational Entity
Organizational Entity	Activities	Comments
DoD Critical Asset Owners	Critical Asset Identification Asset Level Vulnerability Assessment	Coordinate with DI Sector CIAOs, Military Plans & Operations Functional Coordinator & DoD CIP Integration Activity
DoD Installations	Installation Level Vulnerability Assessment Critical Asset Identification	Coordinate among tenants
DI Sector CIAOs	Defense Infrastructure Characterization DI Sector Level Vulnerability Assessment Critical Asset Identification	Coordinate with Critical Asset Owners, Military Plans & Operations Functional Coordinator, & DoD CIP Integration Activity
DoD Functional Coordinator for Military Plans & Operations	Operational Impact Analysis Military Operations Critical Asset Identification	Sponsor and coordinate
DoD Functional Coordinator for Intelligence Support		Provide threat information
DoD Functional Coordinator for Research and Development		Provide tools, methods, and models
DoD CIP Integration Activity	Defense Infrastructure Interdependency Analysis Operational Impact Analysis Defense-wide Vulnerability Assessment Defense Infrastructure Characterization Critical Asset Identification	Sponsor Defense-wide analysis and assessment Provide technical and systems support and integration for all other levels
DoD CIAO Council		Provide oversight and resources, set priorities
CIP Functional Coordinator for National Defense	Critical Asset Identification	Identify to National Sector Liaison Officials those assets in the national infrastructure sectors that are critical to National Defense
National Sector Liaison Officials	National Sector Critical Asset Identification National Sector Infrastructure Characterization National Sector Vulnerability Assessment
NIPC	National Interdependency Analysis Nation-wide Vulnerability Assessment Nation-wide and Federal Government-wide operational impact analysis

5.2 Remediation

Remediation refers to those precautionary actions taken before undesirable events occur to improve known deficiencies and weaknesses that could cause an outage or compromise a defense infrastructure sector or critical asset. The precautions are applicable regardless of whether those events are acts of nature, technology, or malicious actors. Remediation may include education and awareness, operational process or procedural changes, system configuration changes (e.g., physical diversity, redundancy, deception) or system component changes (e.g., hardware, software, links).

The Defense Infrastructure Sector Assurance Plans establish priorities and resources for remediation. Requirements are determined by the following:

• Analysis and assessment
• Input from military planners
• Input from other Defense Infrastructure sectors
• Lessons learned from Defense Infrastructure sector monitoring and reporting
• The National Infrastructure Assurance Plan and other plans, reports, and information on national infrastructure vulnerabilities and remediation
• Lessons learned from infrastructure protection operations and exercises
• Intelligence estimates and assessments of threats

The Critical Asset Assurance Program will provide the means to track the status of remediation activities for critical assets.

Remediation Activities by Organizational Entity
DoD Critical Asset Owners	Resource and perform asset level remediation
DoD Installations	Resource and perform installation level remediation
DI Sector CIAOs	Resource and perform sector level remediation Integrate and reconcile asset level remediation within each sector
DoD Functional Coordinator for Military Plans and Operations	Ensure the results of operational impact analysis are considered during the deliberate and crisis action planning process
DoD Functional Coordinator for Research and Development	Provide design and material improvements to critical assets and defense infrastructure configuration and management
DoD CIP Integration Activity	Integrate and reconcile defense sector level remediation
DoD CIAO Council	Provide oversight and resources, set priorities
DoD CIO Council	Sponsor development of IT remediation solutions and their incorporation in IT systems
CIP Functional Coordinator for National Defense (supported by CICG National Defense Coordination Sub-Group)	Monitor national sector remediation activities and advocate remediation for national infrastructure assets that are critical to national defense.
National Sector Liaison Officials	Coordinate development and implementation of national Sector Assurance Plans

5.3 Indications and Warning

Infrastructure indications are preparatory actions or preliminary infrastructure conditions that signify that an incident is likely, is planned, or is under way. This definition both embraces and expands upon the Department’s traditional focus on intelligence of foreign developments. Expansion is necessary because the indications may be related to domestic criminal activity or technical anomalies that indicate system failure or degradation is likely. Infrastructure owners and operators are the most likely detectors of changes in infrastructure state, and must therefore be considered full partners in the indications process. The innovative fusion of traditional intelligence information with sector monitoring and reporting information is essential for critical infrastructure indications and warning.

When a determination is made that an infrastructure incident is likely to occur, is planned, or is under way, an official warning is issued by the responsible organization. The NIPC is the primary national warning center for significant infrastructure attacks. It will exchange information aimed at improving the definition and collection of I&W for DoD CIP with the Service Law Enforcement and Counter-Intelligence Communities, DIA and the CIP Integration Activity. Indications of infrastructure incidents will be defined, observed and reported by the Defense Infrastructure Sectors and DoD Components to the NMCC. Indications of computer network attacks will also be reported to the JTF-CND. The NMCC and JTF-CND will assess these indications and pass them on to the NIPC and appropriate DoD organizations. These initial assessments will be used for tactical warning. DIA and NIPC will provide long range indications and warning. The CIPIA and JTF-CND will provide the IC with priority intelligence requirements (PIR) and indications and warning requirements for potential attacks against DoD infrastructure.

The NMCC and JTF-CND will pass the NIPC warnings and alerts to the DoD Components. These warnings may include or be supplemented with guidance regarding additional protection measures DoD should take.

DoD Critical Asset Owners and Sector CIAOs are responsible for monitoring events and conditions that could or have led to disruption of operations or provision of services to DoD and for reporting appropriately.

Indications and Warning Activities by Organizational Entity
DoD Critical Asset Owners	Participate in the definition of reportable incidents. Monitor and report infrastructure incidents.
DoD Installations	Participate in the definition of reportable incidents. Monitor and report infrastructure incidents.
Sector CIAOs	Develop and implement sector monitoring and reporting IAW Appendix G of this document.
NMCC/NMJIC and JTF-CND	Receive, consolidate, and assess sector reports. Develop DoD indications through the fusion of sector reports with traditional intelligence information. Report DoD indications to the NIPC. Issue DoD warning. Receive, assess, and disseminate national warning.
DoD CIP Integration Activity	Provide technical integration, support and process improvement.
DoD Functional Coordinator for Research and Development	Provide improved materials, tools, methods, and models for detection.
DoD Functional Coordinator for Intelligence Support	Provide intelligence support to the NMCC and JTF-CND. Provide expert advice, assistance and support to Sector CIAOs in the development and implementation of DI sector monitoring and reporting.
DoD CIAO Council	Provide oversight and resources, set priorities.
CIP Functional Coordinator for National Defense (supported by CICG National Defense Coordination Sub-Group)	Participate in the development of national indications requirements. Participate in the design of national sector monitoring and reporting.
NIPC	Lead the development of national indications requirements. Participate in the design and development of national sector monitoring and reporting. Receive, consolidate, and assess national sector reporting. Develop infrastructure indications through the fusion of national sector reporting and traditional intelligence information. Issue national warning.
National Sector Liaison Officials	Lead the design, development, and implementation of national sector monitoring and reporting.

5.4 Mitigation

Mitigation actions are those actions taken by DoD Critical Asset Owners, DoD Installations, defense infrastructure sectors, and military operators in response to an infrastructure warning or incident. Mitigation actions are intended to minimize or alleviate the potentially adverse effects on a given military operation or infrastructure, facilitate incident response, and quickly restore the infrastructure service. Such actions may include measures to safeguard information, gracefully degrade service or shed load in accordance with established priorities, restart equipment or software, or switch to emergency or backup service options.

DoD Critical Asset Owners, DoD Installations, and Sector CIAOs, in concert with the NMCC and the JTF-CND develop, train for and exercise mitigation responses in various scenarios. The CAAP provides the means to programmatically track mitigation plans and attendant approval and coordination requirements.

DoD Critical Asset Owners, DoD Installations, and Sector CIAOs, during times of warning, emergency, and/or infrastructure incidents, are responsible for initiating mitigation action to sustain services to DoD and for providing status information to the NMCC and JTF-CND.

The NMCC monitors for consequences within one defense infrastructure sector that extend enough to significantly affect other sectors, for events occurring across two or more sectors and advises on prioritization and coordination of mitigating actions. Continued escalation of either the threat or consequences results in NMCC activation of appropriate authority to direct mitigation actions by sector to ensure DoD-wide coordination and response.

The NMCC and the JTF-CND keep the NIPC apprised of any significant mitigation activities.

 

 

Mitigation Activities by Organizational Entity
DoD Critical Asset Owners	Develop, train for, and exercise asset level mitigation activities. Initiate asset level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to the NMCC, JTF-CND, and affected Sector CIAOs.
DoD Installations	Develop, train for, and exercise installation level mitigation activities. Initiate installation level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to the NMCC, JTF-CND, and affected Sector CIAOs.
Sector CIAOs	Integrate and reconcile asset level mitigation planning and activities within the sector. Develop, train for, and exercise sector level mitigation activities. Initiate sector level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to the NMCC and JTF-CND.
NMCC and JTF-CND	Monitor emergencies and incidents, provide mitigation status to affected DoD entities and Components, and recommend or direct mitigation activities.
DoD CIP Integration Activity	Provide technical integration support to the NMCC, JTF-CND, and Sector CIAOs.
DoD CIAO Council	Provide oversight and resources, set priorities
DoD CIO Council	Enable mitigation activities through IT.
CIP Functional Coordinator for National Defense (supported by CICG National Defense Coordination Sub-Group)	Advocate mitigation planning within national sectors, especially for assets critical to National Defense. Sponsor "joint" planning, training and exercise of the coordination and interface between DoD and national mitigation activities at all levels – asset, infrastructure sector, and national defense.
NIPC	Monitor national emergencies and incidents, provide mitigation status to affected national entities, and recommend mitigation activities.
National Sector Liaison Officials	Lead national sectors in the planning, training and exercise of mitigation activities.

5.5 Incident Response

Response refers to those activities undertaken to eliminate the cause or source of an event. It includes emergency measures from dedicated third parties (i.e., not the asset owners/operators themselves) such as law enforcement, investigation, medical, and fire and rescue. Response to incidents impacting DoD owned assets may take one of two paths, depending on whether the impacted asset is under the defense of the JTF-CND. Response to incidents impacting assets under the defense of the JTF-CND will follow JTF-CND direction. Response to incidents involving all other DoD-owned assets will follow traditional channels and procedures, coordinated by installation commanders and critical asset owners. Sector CIAOs will be included in initial notification and status reporting for all incidents on all assets within their sectors. Initial response to incidents impacting NDI is a law enforcement responsibility, whether local, state, or federal, and coordinated by the National Infrastructure Protection Center (NIPC) as appropriate.

DoD Critical Asset Owners and Sector CIAOs are responsible for coordinating mitigation and reconstitution activities with the incident responders, to include the NIPC for assets not under the defense of the JTF-CND.

The primary function of the JTF-CND is to staff, plan, train, and conduct defense and response operations for the DoD computer networks. The JTF-CND coordinates or directs appropriate actions within the DoD to stop the computer network attack, contain and mitigate damage, and restore minimum required functionality. The JTF-CND is responsible for requesting and coordinating any support or assistance from other Federal agencies and civilian organizations during any incident for which it has responsibility.

Incident Response Activities by Organizational Entity
DoD Critical Asset Owners	Coordinate with appropriate response entities.
DoD Installations	Plan, train for, and exercise local emergency response. Coordinate with appropriate response entities.
Sector CIAOs	Monitor response activities and coordinate appropriate sector mitigation and reconstitution activities. Provide support to the NMCC.
JTF-CND	Respond to incidents impacting assets under its defense.
NMCC	Monitor status of response activities.
DoD CIP Integration Activity	Provide technical support to the NMCC, the JTF-CND and Sector CIAOs.
NIPC	Coordinate national response.
National Sector Liaison Officials	Monitor incident response activities and coordinate appropriate national sector mitigation and reconstitution activities. Provide support to the NIPC.

5.6 Reconstitution

Reconstitution refers to the actions required to rebuild or restore an infrastructure after it has been damaged.

Asset owners are responsible for reconstitution and status reporting to the NMCC. The affected Sector CIAOs are responsible for monitoring and coordinating reconstitution efforts, for providing any sector specific reports to the NMCC, and for conducting any sector level reviews. DoD Critical Asset Owners are responsible for identifying any changes to Critical Assets and Sector CIAOs are responsible for reflecting any changes to the sector configuration or architecture in the DI sector characterization. The NMCC coordinates any NIPC information requirements regarding reconstitution.

Following certain significant computer network attacks, the JTF-CND, in conjunction with the NIPC, will hold an after-action review to collect lessons learned. This information will be shared with the Sector CIAOs and affected Components for consideration in reconstitution. All post-computer incident status reporting, as well as after-action reports and reviews with the NIPC, is the responsibility of the JTF-CND. The JTF-CND also advises on substantial computer network reconstitution activities within the DoD and reports the status of these activities to the NMCC and NIPC as appropriate.

Reconstitution Activities by Organizational Entity
DoD Critical Asset Owners	Reconstitute critical assets. Report status of reconstitution efforts to Sector CIAOs.
DoD Installations	Support the reconstitution activities of DoD Critical Asset Owners.
Sector CIAOs	Monitor reconstitution activities. Share information with the NMCC, the JTF-CND and NIPC as appropriate. Conduct sector level reviews and sponsor or initiate CIP process improvements. Update DI sector characterization.
JTF-CND	Monitor and advise on reconstitution of assets under its defense. Provide input from response after action analysis to Sector CIAOs and affected Component(s) for consideration in reconstitution.
NMCC	Monitor reconstitution of significant DoD assets and coordinate any NIPC information requirements.
DoD CIP Integration Activity	Provide technical support to the NMCC, the JTF-CND, affected Component(s) and Sector CIAOs.
DoD CIAO Council	Provide oversight and resources, set priorities
DoD CIO Council	Incorporate and leverage IT advances in reconstitution.
CIP Functional Coordinator for National Defense (supported by CICG National Defense Coordination Sub-Group)	Represent DoD requirements and equities in the reconstitution of national infrastructure assets.
NIPC	Provide incident response review results as input to reconstitution planning. Monitor significant national infrastructure reconstitution efforts and coordinate as appropriate.
National Sector Liaison Officials	Monitor reconstitution activities within sector. Share information with the NIPC as appropriate. Conduct national sector level reviews and sponsor or initiate CIP process improvements. Update national sector characterization.
FEMA	Function as the Lead Agency for Consequence Management of national emergencies IAW the Federal Response Plan

 

 

Organizational Entity Activities Across the DoD CIP Life Cycle

The following tables group DoD CIP life cycle activities by organizational entity.

DoD Critical Asset Owner Activities Across the DoD CIP Life Cycle
Infrastructure Analysis and Assessment	Critical Asset Identification Asset Level Vulnerability Assessment Coordinate with Sector CIAOs, Military Plans & Operations Functional Coordinator & DoD CIP Integration Activity
Remediation	Resource and perform asset level remediation.
Indications and Warning	Participate in the definition of reportable incidents. Monitor and report infrastructure incidents
Mitigation	Develop, train for, and exercise asset level mitigation activities. Initiate asset level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to NMCC, JTF-CND, and affected Sector CIAOs.
Incident Response	Coordinate with appropriate response entities.
Reconstitution	Reconstitute critical assets. Report status of reconstitution efforts to Sector CIAOs.

DoD Installation Activities Across the DoD CIP Life Cycle
Infrastructure Analysis and Assessment	Installation Level Vulnerability Assessment Critical Asset Identification Coordinate among tenants.
Remediation	Resource and perform installation level remediation.
Indications and Warning	Participate in the definition of reportable incidents. Monitor and report infrastructure incidents.
Mitigation	Develop, train for, and exercise installation level mitigation activities. Initiate installation level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to NMCC, JTF-CND, and affected Component(s) and Sector CIAOs.
Incident Response	Plan, train for, and exercise local emergency response. Coordinate with appropriate response entities.
Reconstitution	Support the reconstitution activities of DoD Critical Asset Owners.

Defense Infrastructure Sector CIAO Activities Across the DoD CIP Life Cycle
Infrastructure Analysis and Assessment	Defense Infrastructure Characterization DI Sector Level Vulnerability Assessment Critical Asset Identification Coordinate with DoD Critical Asset Owners, Military Plans & Operations Functional Coordinator, & DoD CIP Integration Activity.
Remediation	Resource and perform sector level remediation Integrate and reconcile asset level remediation within each sector
Indications and Warning	Develop and implement sector monitoring and reporting IAW Appendix G of this document.
Mitigation	Integrate and reconcile asset level mitigation planning and activities within the sector. Develop, train for, and exercise sector level mitigation activities. Initiate sector level mitigation activities in response to warning, emergency, or infrastructure incident. Report mitigation status to the NMCC and JTF-CND.
Incident Response	Monitor response activities and coordinate appropriate sector mitigation and reconstitution activities. Provide support to the NMCC.
Reconstitution	Monitor reconstitution activities. Share information with the NMCC, the JTF-CND and NIPC as appropriate. Conduct sector level reviews and sponsor or initiate CIP process improvements. Update DI sector characterization.

JTF-CND Activities Across the DoD CIP Life Cycle
Infrastructure Analysis and Assessment
Remediation
Indications and Warning	Receive, consolidate, and assess sector reports. Develop DoD indications through the fusion of sector reports with traditional intelligence information. Report DoD indications to the NIPC. Issue DoD warning. Receive, assess, and disseminate national warning.
Mitigation	Monitor emergencies and incidents, provide mitigation status to affected DoD entities and Components, and recommend or direct mitigation activities.
Incident Response	Respond to incidents impacting assets under its defense.
Reconstitution	Monitor and advise on reconstitution of assets under its defense. Provide input from response after action analysis to Sector CIAOs for consideration in reconstitution.

 

 

NMCC / NMJIC Activities Across the DoD CIP Life Cycle
Infrastructure Analysis and Assessment
Remediation
Indications and Warning	Receive, consolidate, and assess sector reports. Develop DoD indications through the fusion of sector reports with traditional intelligence information. Report DoD indications to the NIPC.