Earlier this month, President Biden announced his intention for the administration to “review and revise, as appropriate” the nation’s foundational policy on critical infrastructure, Presidential Policy Directive 21 (PPD 21). This is a seminal moment in homeland security as presidential policy has long been a driver of the nation’s approach to critical infrastructure, which most significantly defines the fundamental relationship between – and within – government and industry to manage risk. And it is a welcome move.
PPD 21, itself, is the third major iteration of executive branch critical infrastructure policy. In 1998, following the Oklahoma City bombing and the rise of the Internet, President Clinton established the importance of the issue through Presidential Decision Directive via PDD-63 on “critical infrastructure protection,” which established much of the modern U.S. framework for government-industry coordination and information sharing on threats and vulnerabilities. President Bush updated that with a terrorism-centric policy on critical infrastructure protection via Homeland Security Policy 7 i(HSPD 7) in 2003, which established the idea of intelligence…
