Three Homeland Security Agencies to Watch
On Feb. 12, 2013, the Obama administration released Presidential Policy Directive - Critical Infrastructure Security and Resilience, more frequently referred to as PPD-21, which tasked the Department of Homeland Security with the lead responsibility of protecting U.S. critical infrastructure.
Over the last two-and-a-half years, the department’s strategy in defending the United States has developed considerably, and the role of DHS has begun to crystalize.
PPD-21 assigned DHS as a sector-specific agency for half of the 16 critical infrastructure sectors. While in theory this might mean a significant amount of responsibility will fall on DHS, in reality it is important to make a distinction about what DHS does and does not do in the realm of critical infrastructure protection. Most critical infrastructure sectors are not owned or operated by the federal government but instead, by private industry. Government does not purchase products nor offer extensive services to protect those sectors directly.
This doesn’t mean that opportunities at DHS for critical infrastructure support don’t exist. It just means that products specifically addressing critical infrastructure protection aren’t the ones that can be sold directly to DHS. So while cyber security tools are of interest to DHS for its own operations, there is little point in trying to use it as a vehicle to sell cyber security tools to private industry.
Focus should instead be on supporting DHS’ Federal Emergency Management Agency, the Science and Technology Directorate and the National Protection and Programs Directorate.
FEMA trains communities at the state, local and tribal levels to respond to disasters. FEMA also provides grants to rebuild communities after floods, hurricanes, wildfires and so on. For the agency, logistics and supply chains are of critical importance because of the need to quickly respond to emergency scenarios. Engaging with FEMA means being able to support the agency in preparing first responders and other disaster professionals before tragedy strikes, or supporting its supply chain and logistics operations so it can adequately respond in a timely fashion.
The Science and Technology Directorate studies risk-based approaches to cyber security that could be of interest to critical infrastructure sectors. It is a research-oriented organization that looks toward the development of tools and technologies to help better protect critical infrastructure, both from an information technology as well as a structural standpoint.
Within the S&T group are offices that conduct cyber security research to protect all types of info-tech systems in addition to critical infrastructure systems more broadly, including supervisory control and data acquisition, or SCADA, systems, as well as research into more effective methods to protect the physical location and strength of dams, power plants and more.
Small businesses in particular should look to engage with the S&T group, particularly the Homeland Security Advanced Research Projects Agency, where a variety of divisions conduct research to improve the resiliency of critical infrastructure sectors within the United States.
The National Protection and Programs Directorate is the lead entity within DHS for protecting critical infrastructure and is also the home to many of the department’s information sharing and dissemination centers. It conducts assessments on critical infrastructure and shares that information among federal, state, local, tribal and territorial authorities. NPPD is arguably the most important entry point within the federal government for companies looking to participate in the protection of critical infrastructure. It has three main offices of interest: the office of cybersecurity and communications, which assures the security, resiliency and reliability of the nation’s cyber and communications infrastructure; the office of cyber and infrastructure analysis, which analyzes the potential impact of a cyber threat or incident to critical infrastructure; and the office of infrastructure protection, which leads the effort to reduce risk to U.S. critical infrastructure.
The office of cybersecurity and communications is the lead for protecting critical infrastructure, particularly against cyber threats, while infrastructure protection takes more of the lead role in physical threats against the nation’s infrastructure. Both of those offices have significant needs for information sharing tools that enable effective and timely communication with private industry as well as other public entities.
The office of cyber and infrastructure analysis examines threats and develops response plans for different threat scenarios, thereby providing an opportunity for companies that sell big data and analytics technologies.
Protecting critical infrastructure is a mandate within DHS, and there are plenty of opportunities to support it. That means adapting sales strategies and selling technology and services that align with the responsibilities of the department. Additionally, it means reading up on documentation released by DHS, including the Quadrennial Homeland Security Review and the National Infrastructure Protection Plan.
Knowing where to target sales activities as well as the challenges facing homeland security should help you identify existing opportunities to support DHS to ensure the safety and security of the American public.
Tomas O’Keefe is a market intelligence consultant with immixGroup (an Arrow company). He can be reached at email@example.com or on LinkedIn at https://www.linkedin.com/in/tomasokeefe.
Topics: Homeland Security, DHS Leadership, DHS Policy