About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 [1] (July 25, 2024)

handle is hein.crs/goveqbq0001 and id is 1 raw text is: Congressional Research Sei Informing the legisitive debate s~nee 1914 ice July 25, 2024 The 2024 National Security Memorandum on Critical Infrastructure Security and Resilience The White House issued a directive, National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22), on April 30, 2024. The memorandum set forth a revised framework for federal agency roles and responsibilities within the national critical infrastructure risk management enterprise. The Secretary of Homeland Security is designated as the responsible official for coordination and implementation of NSM-22, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA) as the National Coordinator for the Security and Resilience of Critical Infrastructure. NSM-22 supersedes Presidential Policy Directive 21 (PPD-21), issued by President Barack Obama in 2013. As the first comprehensive high-level policy guidance on critical infrastructure security and resilience (CISR) in more than a decade, NSM-22 presents an updated assessment of the broader strategic environment that is characterized by rapidly evolving, high complexity threats. NSM-22 envisions an accelerated risk management cycle for the CISR enterprise, requiring biennial updates of national infrastructure risk management plans from designated officials and agencies, as well as enhanced intelligence collection, analysis, and sharing. Additionally, it mandates a more assertive use of federal regulatory authorities and fiscal instruments, such as procurement and grant rules to encourage private-sector compliance with minimum resilience standards. As such, the directive shifts away from the policy approach first established during the Clinton Administration, which eschewed compulsory measures in favor of voluntary public-private partnerships to promote infrastructure resilience. In some aspects, NSM-22 is restrained in scope. It retains PPD-21's sector-specific organization of the federal CISR enterprise, which is based on public-private partnerships organized within designated sectors that encompass wide areas of the economy and government (e.g., transportation, communications, energy). NSM-22 likewise preserves existing sector-specific coordination bodies and the leadership role of Sector Risk Management Agencies (SRMAs) for each of the 16 currently designated sectors. NSM-22 does not add any new sectors. (A Department of Homeland Security [DHS] 2022 report to Congress raised the possibility of adding new Space and Bioeconomy sectors.) Further, NSM-22 reiterates or reinstates many of the core concepts established by PPD-21 and other directives, such as the definitions of critical infrastructure and risk. NSM-22 places renewed policy emphasis on identification, cataloguing, and prioritization of specific assets within designated sectors, echoing the critical infrastructure protection policies of the Bush Administration after the terrorist attacks on September 11, 2001. Strategc Context and Polcy Approach The White House framed NSM-22 in the context of several key developments: the generational investment in critical infrastructure; the transition of the national energy and transportation sectors away from fossil fuels; (unspecified) technological transformations; and increasingly interdependent and interconnected critical infrastructure in the modern economy. PPD-21, by contrast, generally was more inward looking in its orientation, focusing on maturation of the modern homeland security enterprise that was little more than a decade old in 2013. It pivoted from the counterterrorism focus of the previous decade to broader engagement with an all-hazards environment of more diffuse and diverse challenges, including natural hazards. PPD-21 highlighted issues of interagency organization and coordination, information sharing, and analysis throughout the federal government, prioritizing development of interagency relationships and agency capabilities. NSM-22 retains elements of the PPD-21 all-hazards approach and concern with interagency relationships and functions. However, much of NSM-22's content reflects emergence of threats not mentioned in PPD-21 (i.e., effects of climate change, supply chain disruptions, malign foreign investments in critical infrastructure entities, and more aggressive threats from nation-states with advanced cyber capabilities). NSM-22 generally refrains from reimaginings of core concepts, institutions, and risk management methods. Instead, it directs federal agencies to mobilize for critical infrastructure protection and make use of existing authorities-and, if needed-seek new ones, stating that federal departments and agencies with regulatory authorities shall utilize regulation, drawing on existing voluntary consensus standards as appropriate, to establish minimum requirements and effective accountability mechanisms for the security and resilience of critical infrastructure. Key Definitions and Concepts In NSM-22, various key definitions and concepts developed in PPD-21 and other prior policy directives are restated, modified, or omitted. Critcal nfrastructure and Criticality NSM-22 restates the definition of critical infrastructure used in PPD-21 as certain vital infrastructure objects, whose incapacity or destruction would have a debilitating impact on national security, national economic security,

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most