During the presidential campaign, Barack Obama said that his administration will work to "ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally occurring and deliberate threats throughout their life cycle."
Rating this promise is tricky. Tim Clancy of George Mason University's Center for Infrastructure Protection said that the promise "goes well beyond the reach of the federal government, given that most infrastructures are owned and operated by the private sector," he said. "Construction of infrastructures in certain sectors such as transportation (roads, bridges, public transit systems) are dependent on federal funding but are built by states and localities, while some are only partially so (electrical grid) and others not at all (IT networks and manufacturing plants, for example)."
In addition, Obama's promise appears to be forward-looking -- specifically, improving the robustness of newly built or installed infrastructure. By contrast, most of what the Department of Homeland Security has been focusing on in recent years addresses retroactive efforts to assess and protect existing infrastructure.
Finally, any project to revamp the security of major infrastructure assets is inevitably going to take years, if not decades. So it's a bit unfair to expect miracles from any administration in one year.
Still, we'll take a look at what has been done so far.
Late in the Bush administration, the Department of Homeland Security issued the 2009 version of the National Infrastructure Protection Plan, which provides a strategy for assuring "a safer, more secure, and more resilient America by preventing, deterring, neutralizing, or mitigating the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit elements of our nation's [critical infrastructure and key resources, or CIKR] and to strengthen national preparedness, timely response, and rapid recovery of CIKR in the event of an attack, natural disaster, or other emergency."
It was the first update to the plan in three years, and it is now the Obama administration's job to put it into practice.
The administration has advanced the ball in critical infrastructure protection in a number of areas, Clancy said.
In Homeland Security's annual budget, the line item for Infrastructure Protection and Information Security has grown from nearly $807 million in fiscal year 2009 to $899 million for fiscal year 2010. That's less than the $918 million requested by the Obama administration, but still a healthy increase of about 11 percent over the prior year's amount.
The final appropriations bill did specify that $20 million be spent on the National Infrastructure Simulation and Analysis Center, whose congressionally mandated mission -- to be a "source of national expertise to address critical infrastructure protection” research and analysis -- is in tune with the president's promise.
In addition, Homeland Security Secretary Janet Napolitano announced Infrastructure Protection Program grants in excess of $1 billion in fiscal year 2009 and deployed 93 "protective security advisers" to assist with efforts by states and localities to protect critical infrastructure.
Clancy added that the economic stimulus bill passed in February 2009 provided funding through the Energy Department to advance a new "smart grid” that would eventually become a next-generation North American electrical grid, including improved security features. "I think the administration should get credit for that," Clancy said. "It"s going to take many years to evolve to a smart grid, but in year one, the administration demonstrated they would follow through."
On the cyber infrastructure side, the administration undertook a Cyber Policy Review before encountering a delay over an appointment of a permanent cybersecurity "czar,” Clancy said.
All this adds up to a lot of activity on critical infrastructure protection, though with few details yet on how improvements will specifically be "built into the design of new infrastructure." Still, it's enough to call this promise In the Works.