Critical Infrastructure Security and Resilience

THE WHITE HOUSE
Office of the Press Secretary

For Immediate Release

February 12, 2013
February 12, 2013

PRESIDENTIAL POLICY DIRECTIVE/PPD-21
SUBJECT:

Critical Infrastructure Security and Resilience

The Presidential Policy Directive (PPD) on Critical
Infrastructure Security and Resilience advances a national unity
of effort to strengthen and maintain secure, functioning, and
resilient critical infrastructure.
Introduction
The Nation's critical infrastructure provides the essential
services that underpin American society. Proactive and
coordinated efforts are necessary to strengthen and maintain
secure, functioning, and resilient critical infrastructure –
including assets, networks, and systems – that are vital to
public confidence and the Nation's safety, prosperity, and wellbeing.
The Nation's critical infrastructure is diverse and complex. It
includes distributed networks, varied organizational structures
and operating models (including multinational ownership),
interdependent functions and systems in both the physical space
and cyberspace, and governance constructs that involve multilevel authorities, responsibilities, and regulations. Critical
infrastructure owners and operators are uniquely positioned to
manage risks to their individual operations and assets, and to
determine effective strategies to make them more secure and
resilient.
Critical infrastructure must be secure and able to withstand and
rapidly recover from all hazards. Achieving this will require
integration with the national preparedness system across
prevention, protection, mitigation, response, and recovery.
This directive establishes national policy on critical
infrastructure security and resilience. This endeavor is a
shared responsibility among the Federal, state, local, tribal,
and territorial (SLTT) entities, and public and private owners
and operators of critical infrastructure (herein referred to as
"critical infrastructure owners and operators"). This directive
also refines and clarifies the critical infrastructure-related
functions, roles, and responsibilities across the Federal
Government, as well as enhances overall coordination and
collaboration. The Federal Government also has a responsibility
to strengthen the security and resilience of its own critical
infrastructure, for the continuity of national essential
functions, and to organize itself to partner effectively with
and add value to the security and resilience efforts of critical
infrastructure owners and operators.

2
Policy
It is the policy of the United States to strengthen the security
and resilience of its critical infrastructure against both
physical and cyber threats. The Federal Government shall work
with critical infrastructure owners and operators and SLTT
entities to take proactive steps to manage risk and strengthen
the security and resilience of the Nation's critical
infrastructure, considering all hazards that could have a
debilitating impact on national security, economic stability,
public health and safety, or any combination thereof. These
efforts shall seek to reduce vulnerabilities, minimize
consequences, identify and disrupt threats, and hasten response
and recovery efforts related to critical infrastructure.
The Federal Government shall also engage with international
partners to strengthen the security and resilience of domestic
critical infrastructure and critical infrastructure located
outside of the United States on which the Nation depends.
U.S. efforts shall address the security and resilience of
critical infrastructure in an integrated, holistic manner to
reflect this infrastructure's interconnectedness and
interdependency. This directive also identifies energy and
communications systems as uniquely critical due to the enabling
functions they provide across all critical infrastructure
sectors.
Three strategic imperatives shall drive the Federal approach to
strengthen critical infrastructure security and resilience:
1) Refine and clarify functional relationships across the Federal
Government to advance the national unity of effort to
strengthen critical infrastructure security and resilience;
2) Enable effective information exchange by identifying baseline
data and systems requirements for the Federal Government; and
3) Implement an integration and analysis function to inform
planning and operations decisions regarding critical
infrastructure.
All Federal department and agency heads are responsible for the
identification, prioritization, assessment, remediation, and
security of their respective internal critical infrastructure
that supports primary mission essential functions. Such
infrastructure shall be addressed in the plans and execution of
the requirements in the National Continuity Policy.
Federal departments and agencies shall implement this directive
in a manner consistent with applicable law, Presidential
directives, and Federal regulations, including those protecting
privacy, civil rights, and civil liberties. In addition,
Federal departments and agencies shall protect all information
associated with carrying out this directive consistent with
applicable legal authorities and policies.
Roles and Responsibilities
Effective implementation of this directive requires a national
unity of effort pursuant to strategic guidance from the
Secretary of Homeland Security. That national effort must
include expertise and day-to-day engagement from the SectorSpecific Agencies (SSAs) as well as the specialized or support
capabilities from other Federal departments and agencies, and

3
strong collaboration with critical infrastructure owners and
operators and SLTT entities. Although the roles and
responsibilities identified in this directive are directed at
Federal departments and agencies, effective partnerships with
critical infrastructure owners and operators and SLTT entities
are imperative to strengthen the security and resilience of the
Nation's critical infrastructure.
Secretary of Homeland Security
The Secretary of Homeland Security shall provide strategic
guidance, promote a national unity of effort, and coordinate the
overall Federal effort to promote the security and resilience of
the Nation's critical infrastructure. In carrying out the
responsibilities assigned in the Homeland Security Act of 2002,
as amended, the Secretary of Homeland Security evaluates
national capabilities, opportunities, and challenges in
protecting critical infrastructure; analyzes threats to,
vulnerabilities of, and potential consequences from all hazards
on critical infrastructure; identifies security and resilience
functions that are necessary for effective public-private
engagement with all critical infrastructure sectors; develops a
national plan and metrics, in coordination with SSAs and other
critical infrastructure partners; integrates and coordinates
Federal cross-sector security and resilience activities;
identifies and analyzes key interdependencies among critical
infrastructure sectors; and reports on the effectiveness of
national efforts to strengthen the Nation's security and
resilience posture for critical infrastructure.
Additional roles and responsibilities for the Secretary of
Homeland Security include:
1) Identify and prioritize critical infrastructure, considering
physical and cyber threats, vulnerabilities, and consequences,
in coordination with SSAs and other Federal departments and
agencies;
2) Maintain national critical infrastructure centers that shall
provide a situational awareness capability that includes
integrated, actionable information about emerging trends,
imminent threats, and the status of incidents that may impact
critical infrastructure;
3) In coordination with SSAs and other Federal departments and
agencies, provide analysis, expertise, and other technical
assistance to critical infrastructure owners and operators and
facilitate access to and exchange of information and
intelligence necessary to strengthen the security and
resilience of critical infrastructure;
4) Conduct comprehensive assessments of the vulnerabilities of
the Nation's critical infrastructure in coordination with the
SSAs and in collaboration with SLTT entities and critical
infrastructure owners and operators;
5) Coordinate Federal Government responses to significant cyber
or physical incidents affecting critical infrastructure
consistent with statutory authorities;
6) Support the Attorney General and law enforcement agencies with
their responsibilities to investigate and prosecute threats to
and attacks against critical infrastructure;
7) Coordinate with and utilize the expertise of SSAs and other
appropriate Federal departments and agencies to map
geospatially, image, analyze, and sort critical infrastructure
by employing commercial satellite and airborne systems, as
well as existing capabilities within other departments and
agencies; and

4
8) Report annually on the status of national critical
infrastructure efforts as required by statute.
Sector-Specific Agencies
Each critical infrastructure sector has unique characteristics,
operating models, and risk profiles that benefit from an
identified Sector-Specific Agency that has institutional
knowledge and specialized expertise about the sector.
Recognizing existing statutory or regulatory authorities of
specific Federal departments and agencies, and leveraging
existing sector familiarity and relationships, SSAs shall carry
out the following roles and responsibilities for their
respective sectors:
1) As part of the broader national effort to strengthen the
security and resilience of critical infrastructure, coordinate
with the Department of Homeland Security (DHS) and other
relevant Federal departments and agencies and collaborate with
critical infrastructure owners and operators, where
appropriate with independent regulatory agencies, and with
SLTT entities, as appropriate, to implement this directive;
2) Serve as a day-to-day Federal interface for the dynamic
prioritization and coordination of sector-specific activities;
3) Carry out incident management responsibilities consistent with
statutory authority and other appropriate policies,
directives, or regulations;
4) Provide, support, or facilitate technical assistance and
consultations for that sector to identify vulnerabilities and
help mitigate incidents, as appropriate; and
5) Support the Secretary of Homeland Security's statutorily
required reporting requirements by providing on an annual
basis sector-specific critical infrastructure information.
Additional Federal Responsibilities
The following departments and agencies have specialized or
support functions related to critical infrastructure security
and resilience that shall be carried out by, or along with,
other Federal departments and agencies and independent
regulatory agencies, as appropriate.
1) The Department of State, in coordination with DHS, SSAs, and
other Federal departments and agencies, shall engage foreign
governments and international organizations to strengthen the
security and resilience of critical infrastructure located
outside the United States and to facilitate the overall
exchange of best practices and lessons learned for promoting
the security and resilience of critical infrastructure on
which the Nation depends.
2) The Department of Justice (DOJ), including the Federal Bureau
of Investigation (FBI), shall lead counterterrorism and
counterintelligence investigations and related law enforcement
activities across the critical infrastructure sectors. DOJ
shall investigate, disrupt, prosecute, and otherwise reduce
foreign intelligence, terrorist, and other threats to, and
actual or attempted attacks on, or sabotage of, the Nation's
critical infrastructure. The FBI also conducts domestic
collection, analysis, and dissemination of cyber threat
information, and shall be responsible for the operation of the
National Cyber Investigative Joint Task Force (NCIJTF). The
NCIJTF serves as a multi-agency national focal point for
coordinating, integrating, and sharing pertinent information
related to cyber threat investigations, with representation
from DHS, the Intelligence Community (IC), the Department of

5
Defense (DOD), and other agencies as appropriate. The
Attorney General and the Secretary of Homeland Security shall
collaborate to carry out their respective critical
infrastructure missions.
3) The Department of the Interior, in collaboration with the
SSA for the Government Facilities Sector, shall identify,
prioritize, and coordinate the security and resilience efforts
for national monuments and icons and incorporate measures to
reduce risk to these critical assets, while also promoting
their use and enjoyment.
4) The Department of Commerce (DOC), in collaboration with DHS
and other relevant Federal departments and agencies, shall
engage private sector, research, academic, and government
organizations to improve security for technology and tools
related to cyber-based systems, and promote the development of
other efforts related to critical infrastructure to enable the
timely availability of industrial products, materials, and
services to meet homeland security requirements.
5) The IC, led by the Director of National Intelligence (DNI),
shall use applicable authorities and coordination mechanisms
to provide, as appropriate, intelligence assessments regarding
threats to critical infrastructure and coordinate on
intelligence and other sensitive or proprietary information
related to critical infrastructure. In addition, information
security policies, directives, standards, and guidelines for
safeguarding national security systems shall be overseen as
directed by the President, applicable law, and in accordance
with that direction, carried out under the authority of the
heads of agencies that operate or exercise authority over such
national security systems.
6) The General Services Administration, in consultation with DOD,
DHS, and other departments and agencies as appropriate, shall
provide or support government-wide contracts for critical
infrastructure systems and ensure that such contracts include
audit rights for the security and resilience of critical
infrastructure.
7) The Nuclear Regulatory Commission (NRC) is to oversee its
licensees' protection of commercial nuclear power reactors and
non-power nuclear reactors used for research, testing, and
training; nuclear materials in medical, industrial, and
academic settings, and facilities that fabricate nuclear fuel;
and the transportation, storage, and disposal of nuclear
materials and waste. The NRC is to collaborate, to the extent
possible, with DHS, DOJ, the Department of Energy, the
Environmental Protection Agency, and other Federal departments
and agencies, as appropriate, on strengthening critical
infrastructure security and resilience.
8) The Federal Communications Commission, to the extent permitted
by law, is to exercise its authority and expertise to partner
with DHS and the Department of State, as well as other Federal
departments and agencies and SSAs as appropriate, on:
(1) identifying and prioritizing communications
infrastructure; (2) identifying communications sector
vulnerabilities and working with industry and other
stakeholders to address those vulnerabilities; and (3) working
with stakeholders, including industry, and engaging foreign
governments and international organizations to increase the
security and resilience of critical infrastructure within the
communications sector and facilitating the development and
implementation of best practices promoting the security and
resilience of critical communications infrastructure on which
the Nation depends.

6
9) Federal departments and agencies shall provide timely
information to the Secretary of Homeland Security and the
national critical infrastructure centers necessary to support
cross-sector analysis and inform the situational awareness
capability for critical infrastructure.
Three Strategic Imperatives
1) Refine and Clarify Functional Relationships across the Federal
Government to Advance the National Unity of Effort to
Strengthen Critical Infrastructure Security and Resilience
An effective national effort to strengthen critical
infrastructure security and resilience must be guided by a
national plan that identifies roles and responsibilities and is
informed by the expertise, experience, capabilities, and
responsibilities of the SSAs, other Federal departments and
agencies with critical infrastructure roles, SLTT entities, and
critical infrastructure owners and operators.
During the past decade, new programs and initiatives have been
established to address specific infrastructure issues, and
priorities have shifted and expanded. As a result, Federal
functions related to critical infrastructure security and
resilience shall be clarified and refined to establish baseline
capabilities that will reflect this evolution of knowledge, to
define relevant Federal program functions, and to facilitate
collaboration and information exchange between and among the
Federal Government, critical infrastructure owners and
operators, and SLTT entities.
As part of this refined structure, there shall be two national
critical infrastructure centers operated by DHS – one for
physical infrastructure and another for cyber infrastructure.
They shall function in an integrated manner and serve as focal
points for critical infrastructure partners to obtain
situational awareness and integrated, actionable information to
protect the physical and cyber aspects of critical
infrastructure. Just as the physical and cyber elements of
critical infrastructure are inextricably linked, so are the
vulnerabilities. Accordingly, an integration and analysis
function (further developed in Strategic Imperative 3) shall be
implemented between these two national centers.
The success of these national centers, including the integration
and analysis function, is dependent on the quality and
timeliness of the information and intelligence they receive from
the SSAs and other Federal departments and agencies, as well as
from critical infrastructure owners and operators and SLTT
entities.
These national centers shall not impede the ability of the heads
of Federal departments and agencies to carry out or perform
their responsibilities for national defense, criminal,
counterintelligence, counterterrorism, or investigative
activities.
2) Enable Efficient Information Exchange by Identifying Baseline
Data and Systems Requirements for the Federal Government
A secure, functioning, and resilient critical infrastructure
requires the efficient exchange of information, including
intelligence, between all levels of governments and critical

7
infrastructure owners and operators. This must facilitate the
timely exchange of threat and vulnerability information as well
as information that allows for the development of a situational
awareness capability during incidents. The goal is to enable
efficient information exchange through the identification of
requirements for data and information formats and accessibility,
system interoperability, and redundant systems and alternate
capabilities should there be a disruption in the primary
systems.
Greater information sharing within the government and with the
private sector can and must be done while respecting privacy and
civil liberties. Federal departments and agencies shall ensure
that all existing privacy principles, policies, and procedures
are implemented consistent with applicable law and policy and
shall include senior agency officials for privacy in their
efforts to govern and oversee information sharing properly.
3) Implement an Integration and Analysis Function to Inform
Planning and Operational Decisions Regarding Critical
Infrastructure
The third strategic imperative builds on the first two and calls
for the implementation of an integration and analysis function
for critical infrastructure that includes operational and
strategic analysis on incidents, threats, and emerging risks.
It shall reside at the intersection of the two national centers
as identified in Strategic Imperative 1, and it shall include
the capability to collate, assess, and integrate vulnerability
and consequence information with threat streams and hazard
information to:
a. Aid in prioritizing assets and managing risks to critical
infrastructure;
b. Anticipate interdependencies and cascading impacts;
c. Recommend security and resilience measures for critical
infrastructure prior to, during, and after an event or
incident; and
d. Support incident management and restoration efforts related
to critical infrastructure.
This function shall not replicate the analysis function of the
IC or the National Counterterrorism Center, nor shall it involve
intelligence collection activities. The IC, DOD, DOJ, DHS, and
other Federal departments and agencies with relevant
intelligence or information shall, however, inform this
integration and analysis capability regarding the Nation's
critical infrastructure by providing relevant, timely, and
appropriate information to the national centers. This function
shall also use information and intelligence provided by other
critical infrastructure partners, including SLTT and
nongovernmental analytic entities.
Finally, this integration and analysis function shall support
DHS's ability to maintain and share, as a common Federal
service, a near real-time situational awareness capability for
critical infrastructure that includes actionable information
about imminent threats, significant trends, and awareness of
incidents that may affect critical infrastructure.
Innovation and Research and Development

8
The Secretary of Homeland Security, in coordination with the
Office of Science and Technology Policy (OSTP), the SSAs, DOC,
and other Federal departments and agencies, shall provide input
to align those Federal and Federally-funded research and
development (R&D) activities that seek to strengthen the
security and resilience of the Nation's critical infrastructure,
including:
1) Promoting R&D to enable the secure and resilient design and
construction of critical infrastructure and more secure
accompanying cyber technology;
2) Enhancing modeling capabilities to determine potential impacts
on critical infrastructure of an incident or threat scenario,
as well as cascading effects on other sectors;
3) Facilitating initiatives to incentivize cybersecurity
investments and the adoption of critical infrastructure design
features that strengthen all-hazards security and resilience;
and
4) Prioritizing efforts to support the strategic guidance issued
by the Secretary of Homeland Security.
Implementation of the Directive
The Secretary of Homeland Security shall take the following
actions as part of the implementation of this directive.
1) Critical Infrastructure Security and Resilience Functional
Relationships. Within 120 days of the date of this directive,
the Secretary of Homeland Security shall develop a description
of the functional relationships within DHS and across the
Federal Government related to critical infrastructure security
and resilience. It should include the roles and functions of
the two national critical infrastructure centers and a
discussion of the analysis and integration function. When
complete, it should serve as a roadmap for critical
infrastructure owners and operators and SLTT entities to
navigate the Federal Government's functions and primary points
of contact assigned to those functions for critical
infrastructure security and resilience against both physical
and cyber threats. The Secretary shall coordinate this effort
with the SSAs and other relevant Federal departments and
agencies. The Secretary shall provide the description to the
President through the Assistant to the President for Homeland
Security and Counterterrorism.
2) Evaluation of the Existing Public-Private Partnership Model.
Within 150 days of the date of this directive, the Secretary
of Homeland Security, in coordination with the SSAs, other
relevant Federal departments and agencies, SLTT entities, and
critical infrastructure owners and operators, shall conduct an
analysis of the existing public-private partnership model and
recommend options for improving the effectiveness of the
partnership in both the physical and cyber space. The
evaluation shall consider options to streamline processes for
collaboration and exchange of information and to minimize
duplication of effort. Furthermore, the analysis shall
consider how the model can be flexible and adaptable to meet
the unique needs of individual sectors while providing a
focused, disciplined, and effective approach for the Federal
Government to coordinate with the critical infrastructure
owners and operators and with SLTT governments. The
evaluation shall result in recommendations to enhance
partnerships to be approved for implementation through the

9
processes established in the Organization of the National
Security Council System directive.
3) Identification of Baseline Data and Systems Requirements for
the Federal Government to Enable Efficient Information
Exchange. Within 180 days of the date of this directive, the
Secretary of Homeland Security, in coordination with the SSAs
and other Federal departments and agencies, shall convene a
team of experts to identify baseline data and systems
requirements to enable the efficient exchange of information
and intelligence relevant to strengthening the security and
resilience of critical infrastructure. The experts should
include representatives from those entities that routinely
possess information important to critical infrastructure
security and resilience; those that determine and manage
information technology systems used to exchange information;
and those responsible for the security of information being
exchanged. Interoperability with critical infrastructure
partners; identification of key data and the information
requirements of key Federal, SLTT, and private sector
entities; availability, accessibility, and formats of data;
the ability to exchange various classifications of
information; and the security of those systems to be used; and
appropriate protections for individual privacy and civil
liberties should be included in the analysis. The analysis
should result in baseline requirements for sharing of data and
interoperability of systems to enable the timely exchange of
data and information to secure critical infrastructure and
make it more resilient. The Secretary shall provide that
analysis to the President through the Assistant to the
President for Homeland Security and Counterterrorism.
4) Development of a Situational Awareness Capability for Critical
Infrastructure. Within 240 days of the date of this
directive, the Secretary of Homeland Security shall
demonstrate a near real-time situational awareness capability
for critical infrastructure that includes threat streams and
all-hazards information as well as vulnerabilities; provides
the status of critical infrastructure and potential cascading
effects; supports decision making; and disseminates critical
information that may be needed to save or sustain lives,
mitigate damage, or reduce further degradation of a critical
infrastructure capability throughout an incident. This
capability should be available for and cover physical and
cyber elements of critical infrastructure, and enable an
integration of information as necessitated by the incident.
5) Update to National Infrastructure Protection Plan. Within
240 days of the date of this directive, the Secretary of
Homeland Security shall provide to the President, through
the Assistant to the President for Homeland Security and
Counterterrorism, a successor to the National Infrastructure
Protection Plan to address the implementation of this
directive, the requirements of Title II of the Homeland
Security Act of 2002 as amended, and alignment with the
National Preparedness Goal and System required by PPD-8. The
plan shall include the identification of a risk management
framework to be used to strengthen the security and resilience
of critical infrastructure; the methods to be used to
prioritize critical infrastructure; the protocols to be used
to synchronize communication and actions within the Federal
Government; and a metrics and analysis process to be used to
measure the Nation's ability to manage and reduce risks to

10
critical infrastructure. The updated plan shall also reflect
the identified functional relationships within DHS and across
the Federal Government and the updates to the public-private
partnership model. Finally, the plan should consider sector
dependencies on energy and communications systems, and
identify pre-event and mitigation measures or alternate
capabilities during disruptions to those systems. The
Secretary shall coordinate this effort with the SSAs, other
relevant Federal departments and agencies, SLTT entities, and
critical infrastructure owners and operators.
6) National Critical Infrastructure Security and Resilience R&D
Plan. Within 2 years of the date of this directive, the
Secretary of Homeland Security, in coordination with the OSTP,
the SSAs, DOC, and other Federal departments and agencies,
shall provide to the President, through the Assistant to the
President for Homeland Security and Counterterrorism, a
National Critical Infrastructure Security and Resilience R&D
Plan that takes into account the evolving threat landscape,
annual metrics, and other relevant information to identify
priorities and guide R&D requirements and investments. The
plan should be issued every 4 years after its initial
delivery, with interim updates as needed.
Policy coordination, dispute resolution, and periodic inprogress reviews for the implementation of this directive shall
be carried out consistent with PPD-1, including the use of
Interagency Policy Committees coordinated by the National
Security Staff.
Nothing in this directive alters, supersedes, or impedes the
authorities of Federal departments and agencies, including
independent regulatory agencies, to carry out their functions
and duties consistent with applicable legal authorities and
other Presidential guidance and directives, including, but not
limited to, the designation of critical infrastructure under
such authorities.
This directive revokes Homeland Security Presidential
Directive/HSPD-7, Critical Infrastructure Identification,
Prioritization, and Protection, issued December 17, 2003.
developed pursuant to HSPD-7 shall remain in effect until
specifically revoked or superseded.

Plans

Designated Critical Infrastructure Sectors and Sector-Specific
Agencies
This directive identifies 16 critical infrastructure sectors and
designates associated Federal SSAs. In some cases co-SSAs are
designated where those departments share the roles and
responsibilities of the SSA. The Secretary of Homeland Security
shall periodically evaluate the need for and approve changes to
critical infrastructure sectors and shall consult with the
Assistant to the President for Homeland Security and
Counterterrorism before changing a critical infrastructure
sector or a designated SSA for that sector. The sectors and
SSAs are as follows:
Chemical:
Sector-Specific Agency:

Department of Homeland Security

Commercial Facilities:
Sector-Specific Agency:

Department of Homeland Security

11
Communications:
Sector-Specific Agency:

Department of Homeland Security

Critical Manufacturing:
Sector-Specific Agency:

Department of Homeland Security

Dams:
Sector-Specific Agency:

Department of Homeland Security

Defense Industrial Base:
Sector-Specific Agency: Department of Defense
Emergency Services:
Sector-Specific Agency:

Department of Homeland Security

Energy:
Sector-Specific Agency:

Department of Energy

Financial Services:
Sector-Specific Agency:

Department of the Treasury

Food and Agriculture:
Co-Sector-Specific Agencies: U.S. Department of
Agriculture and Department of Health and Human Services
Government Facilities:
Co-Sector-Specific Agencies: Department of Homeland
Security and General Services Administration
Healthcare and Public Health:
Sector-Specific Agency: Department of Health and Human
Services
Information Technology:
Sector-Specific Agency:

Department of Homeland Security

Nuclear Reactors, Materials, and Waste:
Sector-Specific Agency: Department of Homeland Security
Transportation Systems:
Co-Sector-Specific Agencies: Department of Homeland
Security and Department of Transportation
Water and Wastewater Systems:
Sector-Specific Agency: Environmental Protection Agency
Definitions
For purposes of this directive:
The term "all hazards" means a threat or an incident, natural or
manmade, that warrants action to protect life, property, the
environment, and public health or safety, and to minimize
disruptions of government, social, or economic activities. It
includes natural disasters, cyber incidents, industrial
accidents, pandemics, acts of terrorism, sabotage, and
destructive criminal activity targeting critical infrastructure.
The term "collaboration" means the process of working together
to achieve shared goals.

12
The terms "coordinate" and "in coordination with" mean a
consensus decision-making process in which the named
coordinating department or agency is responsible for working
with the affected departments and agencies to achieve consensus
and a consistent course of action.
The term "critical infrastructure" has the meaning provided in
section 1016(e) of the USA Patriot Act of 2001 (42 U.S.C.
5195c(e)), namely systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or
destruction of such systems and assets would have a debilitating
impact on security, national economic security, national public
health or safety, or any combination of those matters.
The term "Federal departments and agencies" means any authority
of the United States that is an "agency" under 44 U.S.C.
3502(1), other than those considered to be independent
regulatory agencies, as defined in 44 U.S.C. 3502(5).
The term "national essential functions" means that subset of
Government functions that are necessary to lead and sustain the
Nation during a catastrophic emergency.
The term "primary mission essential functions" means those
Government functions that must be performed in order to support
or implement the performance of the national essential functions
before, during, and in the aftermath of an emergency.
The term "national security systems" has the meaning given to it
in the Federal Information Security Management Act of 2002
(44 U.S.C. 3542(b)).
The term "resilience" means the ability to prepare for and adapt
to changing conditions and withstand and recover rapidly from
disruptions. Resilience includes the ability to withstand and
recover from deliberate attacks, accidents, or naturally
occurring threats or incidents.
The term "Sector-Specific Agency" (SSA) means the Federal
department or agency designated under this directive to be
responsible for providing institutional knowledge and
specialized expertise as well as leading, facilitating, or
supporting the security and resilience programs and associated
activities of its designated critical infrastructure sector in
the all-hazards environment.
The terms "secure" and "security" refer to reducing the risk to
critical infrastructure by physical means or defense cyber
measures to intrusions, attacks, or the effects of natural or
manmade disasters.
# # #