US Critical Infrastructure Protection under Obama

Christopher Bellavita’s review of homeland security in the United States in 2008 posed questions to an extended network of homeland security experts and relied on their responses to ‘tell the story’ of an evolving field of study, namely homeland security.[1]

Unsurprisingly, the election of Barack Obama, the attacks in Mumbai, and the global economic meltdown featured prominently as the most important events of last year destined to shape homeland security in the forthcoming years. Critical infrastructure protection hardly featured in the responses to Bellavita’s questions, doing so only as an aside and as a potential knock-on benefit from any infrastructure spending under current economic stimulus plans.

The three principal issues identified in the review encompassed the new administration and its priorities, the tactical sophistication and impact of well-planned terrorist attacks, and the impact of recessionary politics and economics on resource allocations. Since the new administration is now no longer that new, and – at least in North America – the Mumbai attacks are simply one of many major news issues of 2008, recessionary politics and economics is likely to provide a more lasting effect on critical infrastructure protection policy in the US – and perhaps Canada also – than anything else on the horizon or in the recent past. Bailing out the North American auto industry, throwing money at ‘shovel ready’ infrastructure projects, and dealing with the economic and employment concerns of voters were dominant issues in the first third of 2009. Spending on infrastructure developments featured prominently in announcements from politicians and elected officials at all levels of government: protecting critical infrastructure, however, warranted much less attention.

In one sense, that is perhaps how it should be. In the face of a deep recession at home and a series of pressing foreign policy challenges abroad, it would be surprising if the US government did focus on Critical Infrastructure Protection (CIP) at this stage of its tenure. The cyber-security review was the one major critical infrastructure announcement to come out of the White House since the forty-fourth president was sworn in.[2] It, however, was a pressing issue that badly required new direction in light of the turf wars that had hampered US policy following the initiation of President Bush’s plan on cyber issues in January 2008. These turf wars became public when, prior to the launch of the new strategy, experts rounded on the Department of Homeland Security (DHS), labelling it unfit to manage and run any US national cyber-security strategy.[3] However, one former official with knowledge of the problem in the US publicly spoke against the increasing role of the US National Security Agency – the US signals intelligence agency – in the emerging cyber-security debate, given its penchant for secrecy and control versus the openness and importance of networks in contemporary public, business and government operations.

Beyond the developments on cyber-security, should we be worried if CIP is not a priority issue? The answer should be no: useful developments occurred in CIP before 9/11, and since 9/11 there have been a wide array of initiatives, policies and learning that have had, and will continue to have, a positive effect. (That’s not to claim all is well or ran like clockwork in the Bush administration as Hurricane Katrina proved.) The Obama administration does not, however, need to re-invent the wheel. After all, before 11 September 2001, the US already knew what it had to do and what CIP entailed. It was outlined in the October 1997 report of the President’s Commission on CIP, Critical Foundations: Protecting America’s Infrastructure. As in the UK, CIP has its own origins in civil defence issues, the early Cold War, and other national infrastructure plans.[4]

If CIP is not keeping people awake at night, however, there is a risk of complacency lulling politicians, industry and communities into a false sense of security. A number of respondents to Bellavita’s review raised concerns about the inability of politicians and the American public to stay focused on, and committed to, tasks that take a long time to bear fruit. CIP might be one of those tasks, and as one of Bellavita’s respondents noted, ‘perhaps we will not start paying attention until we bleed again.’[5] A similiar sentiment was expressed by former secretary of homeland security, Michael Chertoff:[6]

I have witnessed how worthy projects begin with a great deal of hoopla and public support, only to watch commitment wane once the television lights are off and the media moves on to the next issue. The plan to protect America’s infrastructure and facilities cannot be executed in a week, month, or year. By definition, it is long-term in nature. It will require a sustained commitment and follow through, year after year, for generations to come. This approach is necessary if Americans want to protect their nation and their fellow citizens.

Officially, the Obama administration’s plan for CIP and resilience envisages working through partnerships with the private sector to ‘develop an effective, holistic, critical infrastructure protection and resiliency plan that centers on investments in business, technology, civil society, government, and education.’[7]

What this means in practice has yet to be revealed, but in a speech to the Aspen Institute in June, Janet Napolitano, the serving Secretary of the Department of Homeland Security, identified five missions for the Department of Homeland Security (DHS).[8] Mission one is countering terrorism. Mission two is securing the US border in a manner that prevents illegal traffic but permits legitimate trade, tourism, and the movement of goods and people. Mission three related to the enforcement of immigration law, whereas mission four was identified as the preparation, response and recovery from major disasters. Finally, mission five was to unify DHS into a coherent, effective, and efficient organisation over five years following the merger of twenty-two agencies and over 200,000 people. The Secretary’s first testimony to the House Committee on Homeland Security on 25 February relayed the directives issued since the Obama administration assumed office and identified state and local partnerships, science and technology, and the unification of DHS as the three priorities of the new Secretary.[9]

Critical infrastructure does not readily feature in these missions or priorities, although it clearly relates to, and is part of, certain missions and priorities. What is actually ‘critical’ and what is simply ‘infrastructure’ may, however, be lost in the US context. The US identifies eighteen sectors as critical infrastructure or key resource assets: agriculture and food; dams; postal and shipping; information technology; commercial facilities; energy; banking and finance; communications; defence industrial base; government facilities; national monuments and icons; transportation systems; chemical facilities; critical manufacturing; emergency services; healthcare and public health; nuclear reactors, materials, and waste; and water.

This is in contrast to Canada’s ten sectors (energy and utilities, information and communications technology, finance, health, food, water, transportation, safety, and government manufacturing), but both the US and Canadian lists suffer from their expansive nature and all-things-to-all-people approach. For example, the US commercial facilities sector consists of eight sub-sectors that, according to the official DHS website, encompasses public assembly, sports leagues, resorts, lodging, theme and amusement parks, motion picture studios and broadcast media facilities, real estate and retail. By no stretch of the imagination are zoos, casinos, and motion picture studios critical national infrastructure in the US or elsewhere.

Perhaps therein lies the problem. No industry or commercial sector wants to be excluded from the list and no politician or leader has been prepared to say ‘no’ to lobbyists pushing for inclusion and the money and attention that comes with it. With such expansive definitions of critical infrastructure – or more accurately ‘critical infrastructure and key assets’ (CIKR) in US parlance – it is impossible to establish real priorities. Some things certainly have been done, even with such an expansive list. The National Infrastructure Protection Plan entailed a process that identified 3,000 national assets, systems, and networks across the eighteen sectors of CIKR in the US.[10] However, by trying to do everything, little can be accomplished and the immediate danger in CIP terms is a loss of direction and strategic planning for the US.

For understandable reasons CIP/CIKR is not on President Obama’s priority list. In the absence of any attacks on the US homeland since 2001, and the need to address other concerns, the priority is on issues that require immediate attention (cyber-security) rather than the hoopla and fanfare of new initiatives.

This also perhaps demonstrates that NIPP reflects work already completed, partnerships created and a strategic planning document where plans ‘are carried out in practice by an integrated network of Federal departments and agencies, State and local government agencies, private sector entities, and a growing number of regional consortia – all operating in a largely voluntary CIKR protection framework.’[11] Nevertheless, the NIPP requires actual implementation rather than strategic level direction and that task should fall to DHS staff such as the Assistant Secretary (acting) for Infrastructure Protection, James Snyder, rather than the Secretary of DHS. That CIP it is not on Secretary Napolitano’s list of priorities is open to discussion. That CIP issues barely warrant a mention in the 2008 poll of the extended network of US Homeland Security professionals is more worrisome.

Jez Littlewood
Director
Canadian Centre of Intelligence and Security Studies
Carleton University, Ottawa

NOTES