Funding for the National Protection and Programs Directorate would overall go down by about an inflation-adjusted 10 percent under the Obama administration's fiscal 2014 budget proposal transmitted to Congress April 10.
The framework will provide confidence that the essential services that adopters provide will continue to be delivered by critical customers in the face of most cyber incidents directly affecting the adopter, said McConnell. He added that this strategic thinking includes "a lot of qualifiers," meaning that framework will be flexible.
It will take the Homeland Security Department between about 7 to 9 years at its current rate to complete the approval process of the security plans submitted via the Chemical Facility Anti-Terrorism Standards program, estimates the Government Accountability Office.
Private sector operators of critical infrastructure are not in fact naturally motivated toward resilience, say two academics in a paper noting systemic difficulties with public-private collaboration on critical infrastructure protection. While it might be reasonable to think that a business would want to invest in resilience to keep itself going amid wider disruptions, "a business can only fully understand the need to spend money on emergency preparedness measures when it is in the midst of an emergency."
The directorate within the Homeland Security Department responsible for regulating chemical facilities for safety paid the Transportation Security Administration $7.7 million to conduct terrorist screening on chemical workers since April 2010 – despite not releasing the notice of proposed rulemaking regarding worker screening until March 22.
The Homeland Security Department plans to commission an independent review of how it identifies and prioritizes critical infrastructure under its National Infrastructure Protection Plan, following recommendations in a new Government Accountability Office report (.pdf).
Chemical plants would have three main options for satisfying background checks required by Chemical Facility Anti-Terrorism Standards under a notice of proposed rulemaking the Homeland Security Department published March 22.
Decisions about infrastructure protection rely too much on intelligence, Stephen Flynn of Northeastern University said at the AFCEA Homeland Security conference in Washington. "We need to throw out a model that I'm afraid has almost been completely institutionalized in the homeland security space."
Napolitano was asked about the debate over the definition and how dozens of federal agencies outside the Homeland Security Department include "homeland security" in their missions. Napolitano replied, "That's the first time I've even heard that, and I've been secretary four-plus years, so it's certainly not affecting my day-to-day work."
The cybersecurity framework for private sector critical infrastructure called for by President Obama's executive order on Feb. 12 will specify "information security measures and controls" but not "particular technological solutions or specifications," says the National Institute of Standards and Technology.