DOD teaming on critical infrastructure

The Defense Department is working with government officials at all levels, as well as with the private sector, to ensure that the nation's critical infrastructure assets are protected and that contingency plans are in place in the event of an attack or disaster.

Navy Capt. Robert Magee, deputy director for industrial base capabilities and readiness in the Office of the Secretary of Defense, said infrastructure protection is really "mission assurance" for DOD because the failure of critical assets would disrupt operations.

DOD infrastructure includes everything from personnel and health affairs to command, control, communications, and intelligence, surveillance and reconnaissance assets, Magee said during a June 17 panel discussion at a National Defense Industrial Association security conference in Reston, Va.

The defense industrial base must coordinate critical infrastructure protection efforts from top to bottom, because their collective assets represent the "blue target fodder" that any U.S. enemy would love to have, he said. The private sector controls about 80 percent of the nation's critical infrastructure, including utilities, telecommunications and transportation networks.

Magee said that a critical infrastructure protection directive and instructions are awaiting the signature of the deputy secretary of Defense, and the documents would update DOD's formal policy and guidance in this area.

DOD has made solid progress in identifying its internal critical assets and those within the defense industrial base, Magee said, adding that about a month ago the department began performing vulnerability assessments at the first of three private-sector sites approved for funding this year.

He said that 10 to 15 more sites should be funded through a supplemental budget, and DOD is issuing commercial off-the-shelf self-assessment software for vendors it is unable to visit in person.

Paula Scalingi, president of the Scalingi Group, a Vienna, Va.-based consulting firm, said that members of the private sector in general, not just utilities, often feel left out of the information sharing process, which is why many interdependencies take longer to be identified.

Randy Smith, head of critical infrastructure assurance for the Marine Corps, said that the Marines have been developing their own critical asset list for the past 18 months. He called it a "work in progress" because things are often missed if the Marines do not own them.

For example, it's obvious to include an air base on the list, but the telecommunications switch located behind a gas station just off the base also is critical, Smith said, adding that the Marine Corps is expanding its integrated vulnerability assessment program with the Navy.

The Marine Corps performed a critical infrastructure response and protection tabletop exercise with the New York City Police Department in September 2002 that garnered numerous information-sharing lessons and the opportunity to compare tactics, techniques and procedures, he said.

The program proved so successful that the service is doing another one in San Francisco. It will include all city and county agencies and test the "commander's handbook," a knowledge management tool the Marine Corps has developed to help civilian agencies it may need to coordinate with in the future.