U.S. Strategy on Terrorism There

U.S. STRATEGY on TERRORISM

There have been several government-written strategies addressing terrorism in the United States since the terrorist acts of September 11, 2001, and all of these are required to complement one another if the defense against a terrorist attack in the United States is to be effective and efficient. This work intends to select three strategy documents from the required readings, the supplemental readings, and research and compare and contrast the objectives of each of these documents. Toward this end the three chosen documents to be examined are those listed as follows:

The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets published in February 2003 by the White House in Washington, DC;

The National Strategy for Secure Cyberspace published in February 2003, by the White House in Washington DC; and the DHS (Department of Homeland Security) Intelligence Enterprise Strategic Plan published in January 2006, by the U.S. Department of Homeland Security. Washington DC.

I. The NATIONAL STRATEGY for the PHYSICAL PROTECTION of CRITICAL INFRASTRUCTURES and KEY ASSETS

According to the White House in its 'National Strategy for the Physical Protection of Critical Infrastructures and Key Assets" relates strategic objectives which "underpin our national critical infrastructure and key asset protection effort" are stated to be those listed as follows: (1) Identifying and assuring the protection of those infrastructures and assets that we deem most critical in terms of national-level public health and safety, governance, economic and national security, and public confidence consequences; (3) Providing timely warning and assuring the protection of those infrastructures and assets that face a specific, imminent threat; and (4) Assuring the protection of other infrastructures and assets that may become terrorist targets over time by pursuing specific initiatives and enabling a collaborative environment in which federal, state, and local governments and the private sector can better protect the infrastructures and assets they control. (2003) This document additionally relates the fact that Homeland security especially in relation to critical infrastructure and key asset protection is a responsibility that is shared and one that the federal government alone cannot accomplish. Instead, there are the requirements of "coordinated action on the part of federal, state and local governments; the private sector and concerned citizens across the country." (White House, 2003) it is stated further that the nature of possible attacks launched by terrorists include the following three: (1) Direct infrastructure effects: Cascading disruption or arrest of the functions of critical infrastructures or key assets through direct attacks on a critical node, system, or function; (2) Indirect infrastructure effects: Cascading disruption and financial consequences for government, society, and economy through public- and private-sector reactions to an attack; and (3) Exploitation of infrastructure: Exploitation of elements of a particular infrastructure to disrupt or destroy another target. (White House, 2003) the guiding principles stated in protection of the critical infrastructure and key assets are the following: (1) Assure public safety, public confidence, and services; (2) Establish responsibility and accountability; (3) Encourage and facilitate partnering among all levels of government and between government and industry; (4) Encourage market solutions wherever possible and compensate for market failure with focused government intervention; (5) Facilitate meaningful information sharing; (6) Foster international cooperation; (7) Develop technologies and expertise to combat terrorist threats; and (8) Safeguard privacy and constitutional freedoms. (White House, 2003) This strategy document states that the federal government has the role of leadership in making sure that the three principles objectives already stated above in this work in writing are met. The leadership role of the federal government is stated to involve: (1) Taking stock of our most critical facilities, systems, and functions and monitoring their preparedness across economic sectors and governmental jurisdictions; (2) Assuring that federal, state, local, and private entities work together to protect critical facilities, systems, and functions that face an imminent threat and/or whose loss could have significant national consequences; (3) Providing and coordinating national-level threat information, assessments, and warnings that are timely, actionable, and relevant to state, local, and private sector partners; (4) Creating and implementing comprehensive, multi-tiered protection policies and programs; (5) Exploring potential options for enablers and incentives to encourage stakeholders to devise solutions to their unique protection impediments; (6) Developing cross-sector and cross-jurisdictional protection standards, guidelines, criteria, and protocols; (7) Facilitating the sharing of critical infrastructure and key asset protection best practices and processes and vulnerability assessment methodologies; (8) Conducting demonstration projects and pilot programs; (9) Seeding the development and transfer of advanced technologies while taking advantage of private sector expertise and competencies; (10) Promoting national-level critical infrastructure and key asset protection education and awareness; and (11) Improving the federal government's ability to work with state and local responders and service providers. (White House, 2003) the federal departments and agencies under the National Strategy for Homeland Security will assist lead departments and agencies in assisting state and local governments and private-sector partnerships in the following efforts: (1) Organize and conduct protection and continuity of government and operations planning, and elevate awareness and understanding of threats and vulnerabilities to their critical facilities, systems, and functions; (2) Identify and promote effective sector-specific protection practices and methodologies; and (4) Expand voluntary security-related information sharing among private entities within the sector, as well as between government and private entities. (White House, 2003) Cross-sector coordination will be the responsibility of the Department of Homeland Security who will serve as "the primary liaison and facilitator for cooperation among federal agencies, state and local governments and the private sector. As the cross-sector coordinator. DHS will also be responsible for the detailed refinement and implementation of the core elements of this strategy." (White House, 2003) it is interesting to note that this work relate that the largest part of the country's "critical infrastructures and key assets are owned and operated by the private sector" and that these private sector firms "prudently engage in risk management and planning and invest in security as a necessary function of business operations and customer confidence" (White House, 2003) Stated as the level of investment in security that "reflects implicit risk-versus consequence tradeoffs are based on: (1) the known factors about the risk environment; and (2) what can be justified economically and sustainability in a marketplace characterized by competitiveness as well as in the limited government resources environment. The private sector is said to look "to the government for assistance when the threat at hand exceeds an enterprise's capability to protect itself beyond a reasonable level of additional investment." (White House, 2003) This require collaboration between the federal government and the private sector and as well the state and local governments toward the goal of providing warning in a timey nature and ensuring the protection of infrastructures and assets that face a specific imminent threat and promote an environment in which the private sector can better carry out its specific protection responsibilities." (White House, 2003) Planning and resource allocation makes identification of eight primary initiatives including: (1) creation of mechanisms that are collaborative in nature for 'government-industry critical infrastructure and key asset protection planning'; (2) Identification of key protection priorities and development of appropriate mechan9isms for supporting those priorities; (3) Fostering increased risk-management sharing of expertise between the public and private sectors; (4) identification of options for incentives for private organizations that proactively enact security measures that are enhanced; (5) Coordinate and consolidate federal and state protection plans; (6) Establishment of a task force to review legal impediments to 'reconstitution and recovery in the aftermath of an attack against a critical infrastructure or key asset; (7) Development of an integrated critical infrastructure and key asset geospatial database; and; (8) conduct critical infrastructure protection planning with our international partners. (White House, 2003) Information sharing, indications and warnings is an area with six identified initiatives as follows: (1) Define protection-related information sharing requirements and establish effective, efficient information sharing processes; (2) Implement the statutory authorities and powers of the Homeland Security Act of 2002 to protect security and proprietary information regarded as sensitive by the private sector; (3) Promote the development and operation of critical sector Information Sharing Analysis Centers; (4) Improve processes for domestic threat data collection, analysis, and dissemination to state and local government and private industry; (5) Support the development of interoperable secure communications systems for state and local governments and designated private sector entities; and (6) Complete implementation of the Homeland Security Advisory System. (White House, 2003) Personnel surety, building human capital and awareness is an area with six primary identified initiatives including: (1) coordination of the development of national standards for personnel surety; (2) development of a certification program for background screening companies; (3) exploration of establishment of a certification regime or model security training program for private security officers; (4) identification of requirements and develop programs to protect critical personnel; (5) facilitation of the sharing of public- and private-sector protection expertise; and (6) development and implementation of a national awareness program for critical infrastructure and key asset protection. (White House, 2003) the area of technology and research and development has four identified primary initiatives including: (1) Coordination of public- and private-sector security research and development activities; (2) coordination of interoperability standards to ensure compatibility of communications systems; (3) exploration of methods to authenticate and verify personnel identity; and (4) improvement of technical surveillance, monitoring and detection capabilities. (White House, 2003)

II. The NATIONAL STRATEGY for SECURE CYBERSPACE

The National Strategy for Secure Cyberspace strategic plan states that its strategic objectives are "consistent with the National Strategy for Homeland Security' and that those objectives include: (1) prevention of cyber attacks against America's critical infrastructure; (2) reduction of national vulnerability to cyber attacks and; (3) minimization of damage and recovery time from cyber attacks that do occur. (White House, 2003) This report additionally relates that the sector best equipped and structured in providing a response to cyber threats which are constantly evolving is the private sector. Specifically stated in the report is "Public-private engagement is a key component of our Strategy to secure cyberspace. Public-private partnerships can usefully confront coordination problems. They can significantly enhance information exchange and cooperation." (White House, 2003) Under this strategy to secure cyberspace it is stated that engagement between the pubic and private sectors will take various forms and additionally will "...address awareness, training, technological improvements, vulnerability remediation, and recovery operations." (White House, 2003) the Department of Homeland Security was signed into legislation on November 25, 2002. DHS is a "cabinet-level department" that serves to "unite 22 federal entities for the common purpose of improving" homeland security in the United States. Responsibilities of the Secretary of DHS include: (1) development of a comprehensive national plan for securing the key resources and critical infrastructure of the United States; (2) Providing crisis management in response to attacks on critical information systems; (3) Providing technical assistance to the private sector and other government entities with respect to emergency recovery plans for failures of critical information systems; (4) coordination with other agencies of the federal government to provide specific warning information and advice about appropriate protective measures and countermeasures to state, local, and nongovernmental organizations including the private sector, academia, and the public; and; (5) Performing and funding research and development along with other agencies that will lead to new scientific understanding and technologies in support of homeland security. (White House, 2003) Five national priorities stated by the National Strategy to Secure Cyberspace are the following: (1) a National Cyberspace Security Response System; (2) a National Cyberspace Security Threat and Vulnerability Reduction Program; (3) a National Cyberspace Security Awareness and Training Program; (4) Securing Governments' Cyberspace; and (5) National Security and International Cyberspace Security Cooperation. (White House, 2003) Stated as eight major actions and initiatives for cyberspace security response are the following: (1) establishment of a public-private architecture for responding to national-level cyber incidents; (2) Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments; (3) Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace; (4) Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security; (5) Improve national incident management;(6) Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans; (7) Exercise cybersecurity continuity plans for federal systems; and (8) Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.

Stated as the eight major actions and initiatives to reduce threats and related vulnerabilities are the following: (1) Enhance law enforcement's capabilities for preventing and prosecuting cyberspace attacks; (2) Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities; (3) Secure the mechanisms of the Internet by improving protocols and routing; (4) Foster the use of trusted digital control systems/supervisory control and data acquisition systems; (5) Reduce and remediate software vulnerabilities; (6) understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications; (7) Prioritize federal cybersecurity research and development agendas; and (8) Assess and secure emerging systems.

III. The DHS (DEPARTMENT of HOMELAND SECURITY) INTELLIGENCE ENTERPRISE STRATEGIC PLAN

Stated as goals that "encompass the breadth of activities of the Department of Homeland Security Intelligence Enterprise" and that illustrates where efforts will be concentrated in the improvement of capabilities are those as follows:

Goal 1: Requirements, Collection and Dissemination: Ensure all Homeland Security intelligence-related information is gathered, collected, reported, and disseminated to those who need it.

Goal 2: Analysis and Warning: Be the premier provider of Homeland Security intelligence analysis and warning.

Goal 3: Information Sharing & Knowledge Management: Build and implement an intelligence information systems capability that enables DHS to add value to the national knowledge base.

Goal 4: Mitigation, Prevention, and Readiness: Focus on mitigating threats and preventing attacks against the Homeland, particularly the systems, facilities, and individuals protected by the DHS Stakeholder Community. Lead the Homeland Security Intelligence Community to support Continuity of Operations (COOP), Continuity of Government (COG) and National Special Security Events (NSSEs) and other special events, emerging incidents, and exercises.