On February 12, 2013, the White House released an executive order intended to improve the cybersecurity of critical infrastructure. The executive order calls for swift action to identify and protect critical infrastructure that is at greatest risk and improve information sharing with the private sector. Several recently completed and ongoing Homeland Security Studies and Analysis Institute (HSSAI) studies are directly relevant to these efforts. Since the executive order outlines an aggressive time line, HSSAI’s analyses may provide timely and useful insights.

Identifying and Protecting Critical Infrastructure

One HSSAI effort currently underway seeks to define what "criticality" means in a networked world. This study examines the implications, to critical infrastructure protection, of the use of information and communications technology in infrastructure and the manner in which that use is changing.

In a related effort, HSSAI is embedded with the DHS task force that focuses on the convergence of the cyber and physical domains. As implementation of the executive order proceeds, this relationship will ensure DHS has ready access to HSSAI analytical resources.

Cyber Information Sharing

The executive order calls for expanding a voluntary information sharing program for critical infrastructure owners and operators. In 2012, HSSAI published a report on developing metrics to measure cybersecurity information sharing efforts among critical infrastructure owners and operators. That report's findings will be directly relevant as DHS expands cybersecurity information sharing more broadly.

HSSAI has also completed two separate analyses of DHS's authorities to pursue its cybersecurity mission. One of these analyses focuses specifically on DHS authorities related to information sharing for critical infrastructure protection. The findings of this study are applicable to DHS’s efforts to implement the executive order.