Doing business with: Information Analysis and Infrastructure Protection Directorate

Information Analysis and Infrastructure Protection Directorate

935 Pennsylvania Ave. NW

Washington, DC 20528

(202) 323-3205

www.nipc.gov

Founded: 2003

Undersecretary: Frank Libutti

Assistant secretary of Homeland Security for infrastructure protection:

Robert Liscouski

Employees: 737

What it does: Information Analysis and Infrastructure Protection identifies and assesses threats and then maps them against vulnerabilities in our critical infrastructure, such as telecommunications, food and water supplies and energy sources. It analyzes intelligence from other agencies, such as the CIA, FBI and National Security Agency, and then coordinates preventative actions that need to be taken.

IAIP is an amalgamation of the Critical Infrastructure Assurance Office, the Federal Computer Incident Response Center, National Communications System, National Infrastructure Protection Center and the Energy Security and Assurance Program.

Major subagencies: IAIP is part of the Homeland Security Department. It runs the Protected Critical Infrastructure Information (PCII) Program, which started in February.

The program encourages private industry and others to volunteer confidential, proprietary and business-sensitive information about critical infrastructure to the federal government. This information is used for threat analysis and warnings to identify terrorist threats and to reduce vulnerability to attacks.

The National Cyber Security Division, founded in June 2003, also comes under IAIP's auspices. The division offers round-the-clock support to identify, analyze and reduce cyberthreats and vulnerabilities, release information, coordinate incident response and assist in continuity of operations and recovery planning.

Title: Chief information officer

Took the Job: October 2003

Hometown: Vienna, Va. since 1996. Attended Fort Hunt High School in Alexandria, Va.

Hobbies: Fishing, swimming, reading and traveling

Last book read: "Homeland Security: Techniques and Technologies," by Jesus Mena

Alma Mater: Bachelor's degree from U.S. Naval Academy, master's degree in systems technology from U.S. Postgraduate School

Past life: Church was a submarine officer for 15 years. He spent six years in leadership roles at America Online (now Time Warner), UUNET (now MCI), Powersim and Onesoft.


WT: What are your main technology concerns? Security? Wireless? Patch management?

Church: The greatest challenge facing IAIP is the correct management of the information used within the directorate. IAIP is unique in the federal government in the types of information that is used and aggregated.

IAIP will hold intelligence, information derived from open-source material, information purchased from commercial services, information provided by private companies under exemptions from the Freedom of Information Act established within the Homeland Security Act of 2002, and information provided by other federal agencies relating to U.S. citizens.

Information sharing with others depends upon carefully managing information and a clear procedure on how to share it within the guidelines of security, privacy, the Freedom of Information Act and other laws.

WT: What protections are in place now for infrastructure protection that were not before the founding of DHS?

Church: Our first key success was the standup of our headquarters for the directorate at the Nebraska Avenue Complex; it now houses 250 IAIP employees and is rapidly growing. The effort included design and implementation of three data networks, two voice networks, a message handling system and a classified videoconferencing capability.

We recently upgraded the facilities for the Homeland Security Operations Center (HSOC) to increase the collaboration work environment with innovative display systems. HSOC's mission is to collect and fuse information from law enforcement and intelligence sources to help deter, detect and prevent terrorist incidents by maintaining and sharing the daily domestic situational awareness.

Our second key success was the development by the Science and Technology Directorate for IAIP of a product that maps the threats. This new capability allows our team to analyze threat information and ultimately use it to take specific targeted steps to protect key infrastructures.

By matching threat information with potential targets, we are better able to ensure that the right protections are put in place to reduce vulnerability.

Our third key success occurred with the standup of HSOC through the implementation of the most comprehensive, 24/7 warning system in the United States. This system brings 26 federal and local law enforcement agencies and intelligence community members onto the same system.

The Homeland Security Information Network, an information sharing and collaboration program that provides real-time information flow and situational awareness to DHS and its partner communities, launched in February.

The strong network created via HSIN results in a more efficient communication and more efficient responses to deter, detect, prevent and respond to terrorist actions. The country's people and critical infrastructures will be better secured with this network in place.

WT: What do you look for in companies with which you are thinking of doing business?

Church: An organization that understands government business, such as policies and procedures; a strong technology and business leadership in the marketplace; proven technology; and past business relationships with the federal government.

WT: For a company that is new to working with the IAIP and has something to offer you, where is a good place to start?

Church: Understand IAIP's mission and objectives. Learn the organization and how it is structured. Make sure the value proposition you are bringing to IAIP can really create value for the organization, such as meeting our mission or one of our objectives.

WT: A year from now, where do you see IAIP's technology capabilities?

Church: Priority No. 1 is a robust information sharing and infrastructure protection capability for the nation. Critical to DHS' mission is the ability to effectively share information with homeland-security partners across the country to better protect the nation's critical infrastructure.

Within the next year, IAIP and DHS will dramatically expand the department's vertical information sharing capability and its ability to identify critical infrastructure throughout the country, as well as additional protective measures that may be needed to increase protections of critical infrastructures. The directorate is taking a systemized, risk-based approach to this important challenge.