Departmental Critical Infrastructure Protection
Planning for the Protection of Physical Infrastructure
Report No. 02-01
November 2001
Office of the Inspector General
In PDD 63, the President called for a national effort to assure the security of the nation's critical infrastructure. The critical infrastructure consists of physical and computer-based systems essential to the minimum operations of the economy and government. The critical infrastructure includes, but is not limited to, telecommunications, banking and finance, energy, transportation, and essential government services. According to the National Plan for Information Systems Protection issued by the White House in January 2000, "[t] he threat is that in a future crisis a criminal cartel, terrorist group, or hostile nation will seek to inflict economic damage, disruption and death, and degradation of our defense response" by attacking our critical infrastructure.
Advances in information technology have caused the daily activities of government and businesses to become increasingly automated and inter-linked. These same advances have created new vulnerabilities to equipment failures, human error, weather, and physical and cyber-attacks. 2 According to PDD 63, the President intended that the United States take all necessary measures to swiftly eliminate any significant vulnerability to both physical and computer attacks on our nation's critical infrastructure, especially our computer systems.
Under PDD 63, each federal department and agency is required to prepare a plan for protecting its own critical infrastructure. These plans are to include an inventory of the department or agency's mission essential assets and an assessment of the vulnerabilities of those essential assets. Critical physical assets are those non-cyber based assets (e.g., personnel and facilities) essential for a department's operation.
To ensure quality, continuity, and effective implementation of agency plans to protect critical infrastructures, PDD 63 created an interagency Expert Review Team. The Expert Review Team reviewed and commented on agency plans in accordance with a set of essential plan elements.
The Justice Management Division (JMD) has oversight responsibility for the implementation of PDD 63 within the Department. Headed by the Assistant Attorney General for Administration, the JMD assists the Department in organization, management, and administrative matters. The Information Management and Security Staff (IMSS) within the JMD has lead responsibility for coordinating the Department's PDD 63 efforts and preparing the Department's critical infrastructure protection plan. The Security and Emergency Planning Staff (SEPS) is responsible for the planning of the Department's PDD 67 3 activities.
As required by PDD 63, the Department submitted its initial critical infrastructure plan to the CIAO in November 1998 (November 1998 Plan). In January 1999, the Expert Review Team returned the results of its review and asked the Department to revise the plan accordingly. The Department addressed some of the Expert Review Team's comments and submitted its revised plan to the CIAO in April 1999 (April 1999 Plan). In April 2000, the Department provided us with a copy of the Initial Operating Capability version of the critical infrastructure protection plan, the first version to include an inventory of mission essential assets and a vulnerability assessment. In January 2001, the Department completed an effort to identify its mission essential infrastructure (MEI). The resulting inventory was the basis for our review of the Department's efforts to identify its physical MEI.