National Infrastructure Protection Plan: Opportunity for Comment
The Department of Homeland Security (DHS) announced the release of a draft National Infrastructure Protection Plan (NIPP). The NIPP, which builds on the Interim NIPP released in February, is designed to help protect critical infrastructures and key resources (CI/KR) from a wide range of threats.

Cybersecurity is, of course, an essential element of the draft NIPP. Appendix A of the NIPP provides substantial detail in support of federal cybersecurity goals. The Appendix focus on the users of cybersecurity infrastructure. Key issues addressed in the Appendix include the specific responsibilities of key stakeholders including federal, state and local governments, the private sector and academia.

The draft NIPP specifies the responsibilities of various federal agencies including DHS, the Federal Trade Commission, the Justice Department and the Pentagon. Oddly, the list of various agency responsibilities enumerated in Section A. 2. does not mention the Office of Management and Budget (OMB) even though they play a crucial role in coordinating federal cybersecurity efforts.

Under Homeland Security Presidential Directive 7 (HSPD-7), all federal agencies submit their plans for protecting physical and cyber CI/KR to OMB for review and approval. The Appendix explains that DHS will act as a subject matter expert to OMB in reviewing agency plans. Other OMB coordinating and security compliance functions are also discussed in the Appendix.

DHS can certainly provide OMB with technical assistance on cybersecurity issues. However, it is important for DHS and the NIPP to recognize and utilize the significant management expertise that OMB can provide to the Department and other agencies on cybersecurity programs.

Comments on the draft plan are due to DHS by December 5, 2005.