Measure Effectiveness

While the results of risk analyses help set national and sector priorities, performance metrics allow NIPP partners to track progress against these priorities. The metrics provide a basis to establish accountability, document actual performance, facilitate diagnoses, promote effective management and provide a feedback mechanism to decision makers.

The critical infrastructure community evaluates the effectiveness of risk management efforts within sectors and at national, State, local and regional levels by developing metrics for both direct and indirect indicator measurement. SSAs work with SCCs through the sector-specific planning process to develop attributes that support the national goals and national priorities as well as other sector-specific priorities. Such measures inform the risk management efforts of partners throughout the critical infrastructure community and help build a national picture of progress toward the vision of this National Plan as well as the National Preparedness Goal. At a national level, the National Plan articulates broad area goals to achieve the Plan’s vision that will be complemented by a set of multi-year national priorities. The critical infrastructure community will subsequently evaluate its collective progress in accomplishing the goals and priorities.

This evaluation process functions as an integrated and continuing cycle:
  • Articulate the vision and national goals;
  • Define national priorities;
  • Identify high-level outputs or outcomes associated with the national goals and national priorities;
  • Collect performance data to assess progress in achieving identified outputs and outcomes;
  • Evaluate progress toward achievement of the national priorities, national goals and vision;
  • Update the national priorities and adapt risk management activities accordingly; and
  • Revisit the national goals and vision on a periodic basis.

Just as regular evaluation of progress toward the national goals informs the ongoing evolution of security and resilience practices, planned exercises and real-world incidents also provide opportunities for learning and adaptation.

For example, fuel shortages after Hurricane Sandy illustrated the interdependencies and complexities of infrastructure systems, the challenges in achieving shared situational awareness during large events and the need for improved information collection and sharing among government and private sector partners to support restoration activities.

The critical infrastructure and national preparedness communities also conduct exercises on an ongoing basis through the National Exercise Program and other mechanisms to assess and validate the capabilities of organizations, agencies and jurisdictions.

During and after such planned and unplanned operations, partners identify individual and group weaknesses, implement and evaluate corrective actions and share best practices with the wider critical infrastructure and emergency management communities.

Such learning and adaptation inform future plans, activities, technical assistance, training and education.

NIPP Performance Management

The key to NIPP performance management is to align outcome metrics to sector priorities. The 16 sectors are diverse, operate in every State and affect every level of government. As a result, NIPP priorities and many NIPP metrics will vary from sector to sector. All NIPP metrics must be specific and clear as to what they are measuring, practical or feasible in that the needed data are available and built on objectively measured data.

Measuring Performance

In addition to outcome metrics, other information will be utilized, such as output data and descriptive data.

Output (or Process) Data are used to gauge whether specific activities were performed as planned, track the progress of a task, or report on the output of a process. Output data show progress toward performing the activities necessary to achieve critical infrastructure protection goals and can serve as leading indicators for outcome measures. They also help build a comprehensive picture of critical infrastructure security status and activities. Examples include the number of protective programs implemented in a fiscal year, percentage of sector organizations exchanging critical infrastructure information and the level of response to a data call for asset information.

Descriptive Data are used to understand sector resources and activities, but do not reflect critical infrastructure security performance. Examples include: a narrative description of progress; the number of facilities in a jurisdiction; the population resident or working in the area affected by an incident; and the number of suppliers in an infrastructure service provider’s supply chain. NIPP metrics are evolving from the current focus on descriptive and output data to a focus on outcome metrics. Descriptive and output data have been critical during the initial implementation of the NIPP in order to closely track the progress of the sectors in building key NIPP elements, such as the SSPs and GCCs/SCCs. The next stage of NIPP implementation will concentrate on working with the sectors to identify and track outcome metrics that are aligned to sector priorities and provide NIPP partners with a more comprehensive assessment of the success of critical infrastructure security efforts.

Gathering Performance Information DHS works with the SSAs and sector partners to:
  • Gather the information necessary to measure the level of performance associated with the progress indicators. Given the inherent differences in critical infrastructure sectors, a “one size fits all” approach to gathering this information is not appropriate.
  • Determine the appropriate measurement approach to be included in the sector’s SSP.
  • Ensure that partners engaged with multiple sectors or in cross-sector matters are not subject to unnecessary redundancy or conflicting guidance in information collection.
Information collected as part of this effort is protected.Information collected as part of this effort is protected.

Assessing Performance and Reporting on Progress

The National Critical Infrastructure Annual Report:

  • Is based on information about priorities, requirements and related program funding information that is submitted to DHS by the SSA of each sector, the SLTTGCC and the RC3.
  • Analyzes information about sector priorities, requirements and programs in the context of the National Risk Profile, a high-level summary of the aggregate risk and protective status of all sectors.
The National Risk Profile:
  • Drives the development of national priorities, which, in turn, are used to assess existing critical infrastructure programs and to identify existing gaps or shortfalls in national critical infrastructure security efforts.
  • Provides the Executive Office of the President with information that supports both strategic and investment decisions related to critical infrastructure security and resilience.