At our last board meeting here at Corporation X, we decided that it would be a good idea to share our critical infrastructure information with the Department of Homeland Security. We have a warm fuzzy feeling that the information will be protected using the Protected Critical Infrastructure Information. After all, you've got to know when to hold 'em, and know when to fold 'em. In this case, we fold. Though, we wonder, how will our information be used? Of course it will be used when natural or man-made disasters occur, but where will this information go?
Wouldn't it be great if there were some sort of inventory of the Nation's critical infrastructure data? Some sort of index of all (or most) of the assets that allow us to live our daily lives in a convenient and (potentially) efficient manner? Luckily, those that drafted Homeland Security Presidential Directive–7 (HSPD-7) considered that possibility. HSPD-7 mandated a central federal data repository for analysis and integration to provide DHS (and associated state homeland security and emergency management agencies, generally through a fusion center) with the capability to identify, collect, catalog, and maintain a national inventory of information on assets, systems, and networks critical to the Nation's well-being, economy, and security. Additionally, the inventory is an invaluable asset to inform decision-making and specific response and recovery during natural and man-made disasters.
The NIPP says that the federated Infrastructure Data Warehouse (IDW) filled this requirement. The IDW is a continually evolving and comprehensive catalog of the assets, systems, and networks that make up the Nation's critical infrastructure. It enables access to descriptive information regarding the CI. Of note, it is not a list of assets prioritized by criticality, but does have the capability to help inform risk-mitigation strategies across all CI sectors and government jurisdictions. DHS has gone away from the IDW and towards the Infrastructure Information Collection Division (IICD). PCII and all associated infrastructure information fall under the cognizance of the IICD.
Check out the next print issue of IHS for a more in-depth look at the IICD and how they work to organize, maintain, ensure the accuracy of, and employ the critical infrastructure information that Corporation X has decided to submit.