EPIC - PPD-21

PPD-21

Top News |
Background |
EPIC's Interest|
EPIC's FOIA Request|
Freedom of Information Act Documents |
Related Matters |
News Items

Background

On February 12, 2013, President Obama released Presidential Policy Directive 21 - Critical Infrastructure Security and Resilience (“PPD-21”). This directive, in conjunction with an executive order released the same day, outlines the policy goals of the administration in securing infrastructure critical to the nation. To facilitate this, PPD-21 authorizes the creation of infrastructure centers to be overseen by the Department of Homeland Security. One of these centers shall be for physical infrastructure and one for cyber infrastructure.

The goal of these centers is to facilitate the exchange of information within the government and with the private sector. The directive states that all such exchange of information shall respect all privacy principles, policies, and procedures are consistent with all applicable laws. Additionally, PPD-21 directs the implementation of an integration and analysis function under the DHS. This calls for a near real-time situational awareness. Such awareness would require operators of cyber networks, including private networks, to automatically share information with DHS.

In order to implement this directive, PD-21 establishes a time line far various deliverables.

Within 120 days of release, the Secretary of Homeland Security is to develop a description of the functional relationships across the Federal government related to critical infrastructure security.
Within 150 days, the Secretary is to submit a report on the evaluation of the existing public-private partnership model. This evaluation includes recommendations for enhancing the partnership.
Within 180 days, the Secretary shall convene a team of experts to determine the baseline requirements for data sharing. This includes private sector information technology systems. Such analysis shall include the security of such systems and the protection of the privacy of such information.
Within 240 days, the Secretary shall develop a near real-time situational awareness for critical infrastructure. In addition, the Secretary shall provide the President an update to the National Infrastructure Protection Plan.
Within 2 years, the Secretary shall provide the President with a National Critical Infrastructure Security and Resilience R&D Plan.

EPIC's Interest

PPD-21 creates a new framework for cyber infrastructure security. It expands on the current public-private partnership model and calls for increases in information sharing. DHS is to have the ability to monitor the cyber network traffic in real time. This requires private operators of information technology networks to automatically share information about network usage. This inevitably raises privacy concerns. Obtaining the responses by DHS to PPD-21 will allow the public to see what information is to be shared, with whom, and how the privacy of this information is secured.

EPIC's Freedom of Information Act Request

On September 27, 2013, EPIC submitted a FOIA request asking for:

The description of the functional relationships within DHS and across the Federal government related to critical infrastructure security and resilience provided to the President through the Assistant to the President for Homeland Security and Counterterrorism.

The evaluation of the existing public-private partnership model and the recommendations for improving the effectiveness of the partnership.

The analysis of the baseline data and systems requirements for the Federal Government to enable efficient information exchange provided to the President through the Assistant to the President for Homeland Security and Counterterrorism.