In late July, the U.S. Department of Homeland Security announced the establishment of a new National Risk Management Center to “provide a centralized home for collaborative, sector-specific and cross-sector risk management efforts to better protect critical infrastructure.” The announcement underscores the need for greater focus and attention on disciplined risk management in defending critical infrastructure against an increasingly adaptive set of security threats.
Coincidentally, this year marks the twentieth anniversary of Presidential Decision Directive 63 (PDD-63), the foundational executive branch guidance document on securing critical infrastructure. In a hopeful spirit, PDD-63 provided in part that “no later than five years from today the United States shall have achieved and shall maintain the ability to protect the nation’s critical infrastructures from intentional acts that would significantly diminish the abilities of … the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial and transportation services.”
And significant thought and investment has taken place since 1998 on…