Lesson 4 Overview

This lesson provides an overview of the Call to Action: Steps to Advance the National Effort. By the end of this lesson, you will be able to:

Describe actions critical infrastructure community partners can take to:
- Build upon partnership efforts
- Innovate in managing risk
- Focus on outcomes
Explain how these actions inform and guide priority-setting and joint planning efforts

Call to Action: Steps to Advance the National Effort

NIPP 2013 envisions a Nation in which physical and cyber critical infrastructure remain secure and resilient, with vulnerabilities reduced, consequences minimized, threats identified and disrupted and response and recovery hastened. It provides a clear call to action to leverage partnerships, innovate in risk management and focus on outcomes.

The NIPP Call to Action is meant to guide the collaborative efforts of the critical infrastructure community to advance security and resilience outcomes under three broad activity categories:

Build upon Partnership Efforts
Innovate in Managing Risk
Focus on Outcomes

Federal departments and agencies, engaging with State, Local, Tribal, Territorial, regional and private sector partners—taking into consideration the unique risk management perspectives, priorities and resource constraints of each sector—will work together to promote continuous improvement of security and resilience efforts to accomplish the tasks called for.

A Complete List of the Calls to Action

The Call to Action calls upon the critical infrastructure community (respective of authorities, responsibilities and business environments) to take cross-cutting, proactive and coordinated actions that support collective efforts to strengthen critical infrastructure security and resilience in the coming years.

Build upon Partnership Efforts:

Set National Focus through Jointly-Developed Priorities
Determine Collective Actions through Joint-Planning Efforts
Empower Local and Regional Partnerships to Build Capacity Nationally
Leverage Incentives to Advance Security and Resilience

Innovate in Managing Risk:

Enable Risk-Informed Decision-making through Enhanced Situational Awareness
Analyze Infrastructure Dependencies, Interdependencies and Associated Cascading Effects
Identify, Assess and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents
Promote Infrastructure, Community and Regional Recovery Following Incidents
Strengthen Coordinated Development and Delivery of Technical Assistance, Training and Education
Improve Critical Infrastructure Security and Resilience by Advancing Research and Development Solutions

Focus on Outcomes:

Evaluate Progress toward the Achievement of Goals
Learn and Adapt During and After Exercises and Incidents

Links between Call to Action, Risk Management Framework and National Goals

Throughout NIPP 2013, call-out boxes identify linkages between the Call to Action activities, steps toward implementing the risk management framework and the National Goals covered earlier in this course.

The National Goals include:

Assess and analyze risks to critical infrastructure
Address the human, physical and cyber threat
Enhance security and resilience through advance planning
Share actionable and relevant information across the critical infrastructure community
Promote learning and adaptation

Five steps toward implementing the risk management framework include:

Set Infrastructure Goals and Objectives
Identify Infrastructure
Assess and Analyze Risks
Implement Risk Management Activities
Measure Effectiveness

What SLTT Executives Can Do

The NIPP calls on executive decisionmakers in the private sector and elected officials at the State, Local, Tribal and Territorial (SLTT) level to work with partners across the critical infrastructure community to manage risks and achieve security and resilience outcomes.

Build Upon Partnership Efforts

Foster active local and regional cross-sector partnerships.
Evaluate your organization's risk management policies with the NIPP framework.
Engage private sector partners in your area of responsibility on critical infrastructure security and resilience efforts.
Use existing partnership structures to enhance relationships across the critical infrastructure community.
Encourage staff attendance in webinars, conference calls, cross-sector events and listening sessions.

Innovate in Managing Risk

Identify the strengths and weaknesses in your organization's security posture and explore the government and industry resources available to improve.
Consider security and resilience when designing infrastructure.
Encourage private sector and emergency response coordination on emergency management plans and exercises.
Share essential security and resilience information with partners.
Review and use the Cybersecurity Framework.
Participate in the Critical Infrastructure Cyber Community (C³) voluntary program.
Use training and exercises to innovate and evaluate critical infrastructure security and resilience.
Encourage staff attendance in risk management trainings.
Promote risk management across the state.
Encourage information sharing within the state and with neighboring States.

Focus on Outcomes

Participate in critical infrastructure planning and priority setting activities.
Identify effective security and resilience practices.
Understand interdependencies.
Share success stories and opportunities for improvement with critical infrastructure partners.

What Private Sector Companies Can Do

The NIPP outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.

Build Upon Partnership Efforts

Become involved in sector-specific and information sharing partnerships
Establish relationships with key local partners including emergency management
Participate in training and exercises; Attend webinars, conference calls, cross-sector events and listening sessions.

Innovate in Managing Risk

Incorporate security and resilience into the design and upkeep of critical infrastructure
Help develop analysis to better understand risks
Adopt the Cybersecurity Framework.

Focus on Outcomes

Identify shared goals, define success and document effective practices.
Build security and resilience considerations into cost-benefit analysis to understand return on investment

What First Responder Organizations Can Do

The NIPP calls on State and Local Law Enforcement, Fusion Centers and Public Safety organizations to work with State, Local, Tribal and Territorial government and private sector partners across the critical infrastructure community to manage risks and achieve security and resilience outcomes.

Build Upon Partnership Efforts

Become involved in a relevant local, regional sector and cross-sector partnership.
Engage with private sector partners in your area of responsibility on critical infrastructure security and resilience efforts.
Use existing partnership structures to enhance relationships across the critical infrastructure community.

Innovate in Managing Risk

Work with private sector and emergency response partners on emergency management plans and exercising participation and response.
Participate in multi-directional information sharing.
Review and use the Cybersecurity Framework.
Use training and exercises to innovate and evaluate critical infrastructure security and resilience.

Focus on Outcomes

Participate in critical infrastructure planning and priority setting activities.
Participate in implementation efforts.
Identify effective security and resilience practices.
Understand interdependencies.
Share success stories and opportunities for improvement.

Lesson 4 Summary

In this lesson you learned to:

Describe actions critical infrastructure community partners can take to:
- Build upon partnership efforts
- Innovate in managing risk
- Focus on outcomes
Explain how these actions inform and guide priority-setting and joint planning efforts

Below are the NIPP 2013 resources referenced in this lesson for further review: