Processes and Responsibilities

Maintaining the relevance of the CF-SSP and reporting on progress in meeting goals are among the responsibilities of the SSA. Implementing the CF-SSP and supporting the sector’s goals will require sufficient resources and budgets, as well as training and education.

8.2.1 SSP Maintenance and Update

The SSP is the primary planning document for each CIKR sector, so it is essential that the document be kept current and that it reflect substantive changes to sector priorities, goals, dynamics, and programs. As one of its core competencies, the SSA is accountable for coordinating the development and maintenance of the sector’s SSP.

Each SSA undertakes a comprehensive triennial review of its SSP in close cooperation with its sector partners. In addition, the SSA completes and updates its SSP as necessary. While specific processes and required levels of effort vary across sectors— depending on that sector’s priorities, needs, and preferences—both the annual updates and the more comprehensive triennial revisions follow the same general drafting and development procedures, including rigorous technical and substantive review. The CF SSA works with its CF-GCC, CF-SCC, and other CIKR partners, as appropriate, to assess the requirements for updat- ing and amending the CF-SSP (based on changes to sector priorities, NIPP Program Management Office guidance, etc.). Prior to initiating the triennial CF-SSP revision, the CF SSA organized conference calls with sector partners to solicit their input on changes and updates. The conference calls were held on a chapter-by-chapter basis. The CF SSA developed a draft CF-SSP based on these conference calls. The CF SSA provided the draft CF-SSP to CF-GCC and CF-SCC members for review and, in the case of the CF-SCC, for further distribution to subsector council members and other interested partners. A copy of the draft was also posted on the CF HSIN to ensure that sector interests were broadly represented in the review of the document; the leadership of the SSA EMO and IP were also asked to review the document and provide substantive input. Subsequent to revising the draft CF-SSP based on partner comments, the CF SSA provided a copy of the revised CF-SSP for final review. The revision process also included final review by the Homeland Security Council’s Interagency Policy Committee.

8.2.2 SSP Implementation Milestones

The implementation milestones set forth in the SSP enable sector partners, the SSA, and DHS to gauge progress toward verify- ing, validating, and realizing the goals and objectives as defined in Chapter 1 of the SSP. The NIPP risk management framework provides a logical basis for describing the broad activities that the SSA and its partners will undertake in implementing the SSP. Milestones for the specific programs and activities that are the responsibility of the six SSAs within IP/SSA EMO are tracked and managed through the SSA Project Management Plan (PMP). The PMP is a comprehensive business-planning document that describes how IP will administer and resource SSA activities within its six sectors and how it will gauge the progress of internal business processes and SSA programmatic activities.

SSA EMO leadership meets regularly with IP and DHS senior leadership to discuss the status of various SSA initiatives; this includes formal IP quarterly reports that track budget, acquisition, personnel, and SSA Management Project execution. These

66

internal reporting and management mechanisms better enable SSA EMO to plan for and meet the needs of the SSA and the sec- tor, and to address DHS, congressional, and White House reporting requirements.

The CF SSA continues to work with sector partners to achieve the following sector-level implementation milestones, which are complementary to the progress reports issued each year through the CF SAR:

Review and refine sector goals to ensure that they provide a clear direction for the sector’s CIKR protection efforts; •

Ensure that the CF Sector data utilized in the IDW accurately represents the sector’s taxonomy and are relevant to the sector’s •

risk management framework;

Identify, develop, and promote risk assessment tools; •

Develop protective programs and highlight private-sector programs to show risk mitigation activities in the sector; and •

Identify capability gaps and technology needs and communicate them to the DHS S&T Directorate. •

8.2.3 Resources and Budgets

The SSA is responsible for leading the effort to coordinate protection and resilience initiatives and strategy across the sector. However, it is important to note that the private sector and numerous Federal, State, local, tribal, and territorial governments carry out critically important programs in support of the greater critical infrastructure protection mission, based on assessed risk and priorities. Accordingly, it is beyond the SSA’s capability and scope of mission to account for all resources devoted to CIKR protection in the sector, or to direct allocation of resources beyond its control.

Resourcing and budget for the six SSAs under the authority of IP are managed through the SSA EMO. As described in Section 8.1, SSA EMO has developed the SSA PMP, a comprehensive five-year planning document that describes budget, personnel, acquisi- tion, and programmatic strategies for the six IP SSAs and the Interagency Security Committee Program Management Office. Using the PMP to guide and prioritize its business processes, SSA EMO works within the IP budget process to submit personnel and program requirements in accordance with the needs of each of the SSAs for which it is responsible. Each SSA within SSA EMO is responsible for outlining SSA personnel needs, sector-specific programmatic priorities, and associated cost estimates in alignment with overarching SSA EMO and sector goals, objectives, and priorities.

The CF SSA identities and prioritizes sector-specific investments through engagement with sector partners. Owners and opera- tors and other sector partners share information on crucial CIKR protection gaps and needs, and the CF SSA relies on this close involvement with partners to identify and prioritize CIKR protection and resilience projects. The CF Sector competes with other sectors for available funding. Budget allocation decisions are made based on the stated priorities of each SSA within SSA EMO and through a consultative process among SSA EMO and IP leadership.

8.2.4 Training and Education

Training, education, and outreach are a key focus of IP and the SSA. Within the organizational construct of SSA EMO, one of the SSA’s core goals is to enhance sector-specific critical infrastructure protection capabilities through the coordinated develop- ment of education and training programs.

Training and education initiatives are critical for ensuring the continual improvement of CIKR preparedness efforts across both government and the private sector. To support broad situational awareness across CIKR sectors, SSA EMO is currently developing a voluntary Web-based, interactive training program designed to assist CIKR sector employees across sectors to identify suspi- cious activities at their facilities. This voluntary training is appropriate for any CIKR employee and will be freely available online. Based on cross-sector industry best practices, the interactive program augments an organization’s existing security training.

67 In addition to SSA EMO training initiatives, the CF SSA has developed the following programs in cooperation with sector partners:

Active Shooter: How to Respond

• materials

Evacuation Planning Guide for Stadiums •

Training Resources pamphlet •

The CF SSA also works in close coordination with other organizational elements within IP to develop training and educa- tion products across CIKR sectors and to participate in conferences, workshops, and other outreach and educational events. Additionally, the CF SSA leverages the expertise of government and private sector stakeholders to develop and participate in sector-specific training and education initiatives, including the development of leading physical and cybersecurity practices to complement existing private sector security, preparedness, and resilience training programs. Private sector expertise has yielded the following programs for the CF Sector:

International Association of Arena Managers Academy for Venue Safety and Security •

University of Southern Mississippi National Center for Spectator Sports Security Management •

Shopping Center Security Terrorism Awareness Training Program •

Training offered by DHS generally focuses on increasing competencies in risk analysis and implementation of protective mea- sures and strategies. Sector partners have participated in the following DHS training programs:

Soft-Target Awareness course •

Protective Measures course •

Private Sector Counterterrorism Workshop •

The CF SSA-, private sector-, and DHS-sponsored training programs identified above are more fully discussed in Section 4 of the 2009 CF SAR.