Finance, Health Care, Agriculture Play Key Roles in Critical Infrastructure Protection

By Chris Wiedemann

Of the major agencies of the federal government involved in critical infrastructure protection, the Department of Homeland Security and the Department of Defense receive the most attention. 

But there are three less discussed, but equally important, elements of the nation’s critical infrastructure: the financial sector — banks and the technology they rely on — health care and public health, where critical infrastructure constitutes hospitals, medical transport and drug supplies; and food and agriculture — farms, supporting infrastructure, and financial systems.

When Presidential Policy Directive 21 (PPD-21) broadened the critical infrastructure segments and definitions originally outlined in Homeland Security Policy Directive 7 (HSPD-7), it created new responsibilities for a number of federal departments, termed sector-specific agencies.

They are responsible for developing and disseminating infrastructure protection requirements to states, local authorities and industry.

While there is little opportunity to sell explicitly security-related technologies to the government — the market for those rests with the infrastructure owners themselves — sector-specific agencies have requirements around information sharing and dissemination that industry can help meet. And anyone looking to support the mission of critical infrastructure protection outside of DHS should be reaching out to the Departments of Treasury, Health and Human Services, and Agriculture.

The responsibilities of the sector-specific agencies entrusted with infrastructure issues are diverse.

The agency for financial services is the Treasury Department, and those looking to assist their critical infrastructure mission should look to the office of critical infrastructure protection and compliance policy, under the direction of the assistant secretary for financial institutions. The office coordinates the development and implementation of financial infrastructure protection requirements, which revolve primarily around data privacy and redundancy. These requirements are intended to ensure that a successful attack against a major system does not shut down the nation’s financial infrastructure.

The office also facilitates information sharing between the federal government, state and local regulators and the financial sector.

In this capacity, it will have industry requirements for tools and services enabling information exchange and coordinating activities between geographically disparate stakeholders. This office is also involved in shaping policy around financial privacy; as such, those in the data protection industry need to keep an eye on the latest developments coming out of OCIP.

Protection of the health care and public health sector is the responsibility of Health and Human Services, specifically the critical infrastructure program under the assistant secretary for preparedness and response.

That program is the federal presence on a coordinating body known as the healthcare sector coordinating council, which is focused this year on the second stage of their critical infrastructure plan. Having successfully identified which elements of the health care and public health infrastructure are mission critical, the focus has shifted to risk management tools that can help infrastructure owners protect the critical systems they control from system failure or external attack.

The Health and Human Services critical infrastructure program serves in a coordinating capacity in this effort, and requires the same information sharing capabilities needed by other agencies to facilitate communication and collaboration between stakeholders across the country. There are also needs for data analytics and visualization capabilities at the federal level to enable more effective decisions driven by stakeholder-provided data.

With responsibilities over areas ranging from water and food transportation to farm-specific financial systems, the food and agriculture sector is perhaps the broadest of the identified 16 critical infrastructure sectors. Consequently, responsibility is split between the Department of Agriculture — specifically the national security policy staff at the office of homeland security and emergency coordination – and the Food and Drug Administration, which is primarily involved in researching and developing food safety technologies that are critical to food and agriculture’s protection responsibilities.

Both of these agencies are heavily involved in research and development of infrastructure-protecting technologies, and industry has an opportunity to assist. Specifically, FDA’s center for food safety and applied nutrition is leading efforts to develop and disseminate new technologies that safeguard the country’s food supply, with a particular focus on responding to terrorist actions.

PPD-21 created protection mandates that extend far beyond information systems and “traditional” infrastructure.

This opens up wide swathes of the government to industry engagement, particularly around information sharing, analytics, and research support. Understanding where the pockets of protection responsibility lie, and acting on that information, will enable industry to provide real value to both the government and the American public by helping to ensure that the nation’s critical infrastructure remains safe.

Chris Wiedemann is a senior analyst with immixGroup, an Arrow company. He can be reached at, or connect with him on LinkedIn at

Photo: Thinkstock

Topics: Defense Department, Homeland Security

Comments (0)

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
Please enter the text displayed in the image.