DHS Private Sector Information Sharing Plan

DHS Private Sector Information-
Sharing Working Plan
March 28, 2011

Table of Contents
Enhanced Information Sharing Working Plan.......................................................................... 1
Introduction................................................................................................................................. 1
Purpose and Scope of This Plan.................................................................................................. 2
A Common Understanding of “Private Sector Engagement”..................................................... 2
Developmental Approach............................................................................................................ 3
Implementation of Recommendations ........................................................................................ 3
Resources Required..................................................................................................................... 4
Conclusion................................................................................................................................... 4
Overview: Private Sector Information Sharing Integrated Project Team Timelines
andWork Plans.............................................................................................................................. 6
Focus Area I – Adopt “One DHS” Private Sector Information-Sharing Approach.................... 6
Focus Area II – Enhance Strategic Communications Coordination ........................................... 6
Focus Area III – Strengthen Regionally Focused Information-Sharing Efforts ......................... 7
Focus Area IV – Enhance Information Sharing and Accountability .......................................... 8
Attachment A: Recommendation Timelines and Work Plans.................................................. 9
Recommendation #1:................................................................................................................... 9
Recommendation #2:................................................................................................................. 12
Recommendation #3:................................................................................................................. 15
Recommendation #4:................................................................................................................. 19
Recommendation #5:................................................................................................................. 24
Recommendation #6:................................................................................................................. 28
Recommendation #7:................................................................................................................. 30
Recommendation #8:................................................................................................................. 33
Recommendation #9:................................................................................................................. 36
Recommendation #10:............................................................................................................... 40
Recommendation #11:............................................................................................................... 44
Recommendation #12:............................................................................................................... 49
Recommendation #13:............................................................................................................... 51
Recommendation #14:............................................................................................................... 56
Recommendation #15:............................................................................................................... 59
Recommendation #16 A:........................................................................................................... 63
Recommendation #16 B:........................................................................................................... 63
Attachment B: Private Sector Information-Sharing Working Group Participants – Private
Sector Companies and Trade Associations............................................................................... 66
List of Acronyms......................................................................................................................... 67

DRAFT // PRE-DECISIONAL // FOR DISCUSSION PURPOSES ONLY
1
The American People and the Private Sector: The
ideas, values, energy, creativity, and resilience of our
citizens are America’s greatest resource. We will
support the development of prepared, vigilant, and
engaged communities and underscore that our citizens
are the heart of a resilient country. And we must tap
the ingenuity outside government through strategic
partnerships with the private sector, non-governmental
organizations, foundations, and community-based
organizations. Such partnerships are critical to U.S.
success at home and abroad, and we will support them
through enhanced opportunities for engagement,
coordination, transparency, and information sharing.
- President Barack Obama’s National
Security Strategy, May 2010
Enhanced Information Sharing Working Plan1
Introduction2
The U.S. Department of Homeland Security (DHS) recognizes, as illustrated in the Quadrennial3
Homeland Security Review (QHSR) and the National Security Strategy (NSS), the vital role that4
the private sector plays in supporting efforts to secure the homeland and enhance the resilience5
of our communities. Many Department-wide initiatives—increasing cybersecurity awareness,6
fostering a national culture of preparedness, maximizing the effectiveness of the National7
Network of Fusion Centers and integrating them as per the NSS, and enhancing the security and8
resilience of the national critical infrastructure —require active engagement and coordination9
with the private sector. DHS has made strides in its efforts to effectively engage the private10
sector—which includes businesses of all sizes, academic institutions, and non-governmental11
groups—and has numerous tools and processes in place. However, challenges and areas of12
improvement remain in the Department’s approach to information sharing with the private13
sector.14
To address these challenges and gaps,15
the Secretary of Homeland Security16
(Secretary) tasked a group, under the17
leadership of the Under Secretary for18
the Office of Intelligence & Analysis19
(I&A), to meet with private sector20
representatives from across the country21
and identify specific actions the22
Department could take to improve two-23
way information sharing with the24
private sector. The DHS Private Sector25
Information-Sharing Working Plan26
(Plan) describes how the Department27
can implement 16 recommendations28
that resulted from these discussions29
with representatives from 51 Fortune30
500 companies. Implementation of the deliverables identified in this Plan demonstrates the31
commitment of DHS Headquarters and Operational Components to work with the private sector32
to build effective, transparent, and sustainable processes for information sharing in order to meet33
the public-private shared responsibility of homeland security.34
The Plan represents a comprehensive effort by DHS and offers executable options for improving35
DHS’s partnership with America’s private sector. The Plan recognizes the requirements that36
many DHS Headquarters and Operational Components have to engage the private sector, either37
through legislation or activities mandated by the executive branch. The recommendations are38
not intended to interfere with these components' responsibilities, prerogatives, or actions to39
perform aspects of their missions. Instead, this Plan is intended to enhance internal and external40
visibility of existing efforts and capabilities in order to strengthen cross-component collaboration41
on specific areas that impact the private sector.42
43

2
Purpose and Scope of This Plan44
Purpose—The Plan identifies how the Department will act on and implement 1645
recommendations focused on enhancing and aligning private sector engagement and46
information-sharing efforts across DHS. This Plan describes the key activities that will support47
DHS efforts to transition the existing information-sharing and collaboration processes to a more48
internally and externally transparent environment that will better support DHS in meeting its49
goals and objectives.50
Scope—Each of the recommendations and deliverables identified in the Plan have Department-51
wide implications that, when taken together, represent a significant step forward in achieving52
timely and coordinated information sharing among DHS Headquarters and Operational53
Components with private sector engagement responsibilities as well as with DHS’s private sector54
partners. The Plan recognizes the substantial progress that DHS and the National Network of55
Fusion Centers have already made in developing the processes required for internal and external56
information sharing and seeks to leverage these successes and expand existing capabilities. To57
this end, DHS Headquarters and Operational Components with private sector engagement roles58
and responsibilities used best practices and lessons learned from their respective components’59
efforts, as well as direct feedback from private sector stakeholders, to inform the development of60
the Plan.61
A Common Understanding of “Private Sector Engagement”62
• The private sector is complex and not a single monolithic entity. There are many63
elements that comprise the private sector, including countless groups, subgroups, elements,64
and stakeholders. DHS components must frequently communicate with various elements65
of the private sector in a targeted manner rather than attempting to engage the private sector66
as a single entity.67
• DHS recognizes the need to interface with certain elements of the private sector68
differently based on varying missions DHS shares with the private sector. Specific69
elements and subsets within the private sector require varying levels of information70
exchange that are distinct from the private sector at large.71
• Critical infrastructure owners and operators have specific threat and risk72
information requirements different from the non-critical infrastructure private73
sector. DHS offices share Sensitive But Unclassified (SBU) information and, in some74
cases, classified information with private sector entities in a targeted way that may not75
always be appropriate or authorized to share with other private sector entities. Information76
must be tailored for delivery to the appropriate element of the private sector.77
• Communication and information sharing occurs at various levels across all78
organizations. When DHS engages with the private sector, it must do so at multiple79
organizational levels and tailor the information appropriately to the various levels it seeks80
to share with.81
• This effort is intended to broadly improve, across the entire DHS enterprise, the82
consistency of information sharing with the private sector, and to ensure that the correct83

3
information is shared with the appropriate individuals and organizations in a timely,84
efficient, and sustainable manner.85
Developmental Approach86
Pursuant to a tasking from the Secretary of Homeland Security, I&A’s Principal Deputy Under87
Secretary Bart Johnson, the Private Sector Office (PSO), and the National Protection and88
Programs Directorate (NPPD) Office of Infrastructure Protection (IP)—in collaboration with89
I&A’s Information Sharing and Collaboration Branch (IS&C)—formed the Private Sector90
Information-Sharing Working Group (Working Group) to engage the Department’s private91
sector partners in order to identify challenges in two-way communications and to solicit92
suggestions for improving information sharing between the public and private sectors.93
94
Using the Critical Infrastructure Partnership Advisory Council (CIPAC) process, which is95
exempt from the Federal Advisory Committee Act (FACA), the Working Group held roundtable96
discussions with 79 representatives from 51 Fortune 500 companies. PSO and NPPD/IP97
conducted these discussions with private sector representatives from companies headquartered in98
four geographically dispersed cities: Minneapolis, MN; Chicago, IL; Washington, DC; and99
Santa Clara, CA. These cities were chosen based on the concentration of Fortune 500100
companies, differing levels of fusion center maturity, and existence of varying levels of local101
partnership in order to provide a diverse sample of security environments and perspectives. To102
best accomplish the communication necessary for private sector engagement, a strategy103
leveraging the centralized Department roles and the National Network of Fusion Centers is104
necessary.105
106
After substantial analysis of the data collected from the stakeholders, PSO and NPPD/IP107
developed 16 recommendations for improvement. These recommendations were subsequently108
briefed to DHS leadership in a number of components as well as the various staff and leaders of109
the Information Sharing Governance Board (ISGB).110
111
The ISGB approved the 16 recommendations at its August 5, 2010 quarterly meeting. The ISGB112
further directed its action body, the Information Sharing Coordinating Council (ISCC), to113
establish an Integrated Project Team (IPT) to develop a working plan to implement the 16114
recommendations. The IPT members, including representatives from across the Department’s115
Headquarters and Operational Components, collaboratively developed this Plan.116
117
Pursuant to the Secretary’s direction, this Plan will be delivered to the Secretary, so that the118
Secretary can provide private sector stakeholders an update on the Department’s initiatives and119
activities that were developed in direct response to their feedback.120
121
Implementation of Recommendations122
The 16 recommendations to improve two-way information sharing between DHS and the private123
sector fall into the following four focus areas:124
• Adopt “One DHS” Coordinated Private Sector Information-Sharing Approach—125
Formally align and synchronize Department-wide efforts to improve visibility and enable126

4
the coordination of programs, policies, efforts, and initiatives that relate to the private127
sector while reducing duplication and improving efficiency.128
• Enhance Strategic Communications Coordination—Rapidly and effectively129
communicate with key companies, entities, and organizations in times of calm and when130
responding to crisis through the use of enhanced, standardized, repeatable, and formal131
communications processes.132
• Strengthen Regionally Focused Information-Sharing Efforts—Strengthen the ability of133
National Network of Fusion Centers and DHS field-level representatives to be the critical134
delivery vehicle and mission advocate for the two-way exchange of useful intelligence and135
information between the Federal Government and our State, local, tribal, territorial, and136
private sector partners, and non-profit communities and individual citizens.137
• Enhance Information Sharing and Accountability—Increase the accountability of DHS138
efforts to push products and services to the private sector to better ensure that the right139
information is getting to the right people in a timely manner. The recommendations here140
help enable the recognition of programmatic performance toward achieving and leveraging141
a successful information-sharing environment.142
The recommendations in each of the four categories and their accompanying deliverables143
represent an initial set of improvements which DHS, in collaboration with the private sector, has144
identified as necessary to enhance internal and external information sharing. Lead and145
supporting offices have been assigned to each recommendation and are responsible for working146
with other offices and components, as necessary, to implement their recommendations. When147
applicable, the National Network of Fusion Centers will be engaged to support communicating148
and tailoring the local information. As requested, the detailed work plans and timelines for the149
implementation of each recommendation are attached as an appendix.150
The Private Sector Information Sharing IPT, established through the ISCC and ISGB process,151
will track the progress of implementation and will update ISGB on the progress of152
implementation for each recommendation.153
Resources Required154
The IPT representatives anticipate that implementation of these recommendations can be155
accomplished according to the timelines outlined in Attachment A, should internal resources and156
personnel be aligned to this priority. To make tangible and cost-effective improvements, when157
appropriate, this Plan relies on existing capabilities and ongoing initiatives both within and158
external to DHS. However, implementing large-scale changes of the types recommended herein159
is a complex endeavor and, to be successful, the Plan does identify the need for increased160
resources in a few areas in order to implement some of the recommendations successfully.161
Conclusion162
The outcome of this effort we envisioned will be enhanced public-private sector engagement that163
incorporates shared public-private responsibility for economic and national security and is164
timely, transparent, and appropriate. With existing DHS relationships, private sector165

5
commitment, and these new strategies, DHS is poised to capitalize on enhanced engagement and166
coordination with the private sector.167
168

6
Overview: Private Sector Information Sharing Integrated Project169
Team Timelines and Work Plans170
Focus Area I – Adopt “One DHS” Private Sector Information-Sharing Approach171
To enhance and maintain meaningful and strategic partnerships with private sector entities, DHS172
needs to enhance internal and external visibility on existing programs, policies, efforts, and173
initiatives that relate to the private sector. Increased internal visibility will allow for174
strengthened component collaboration in mission-specific areas that impact the private sector175
and will enhance the ability of the private sector to leverage their resources and capabilities in176
partnership with DHS. DHS should also increase visibility of and coordination with interagency177
private sector information-sharing efforts to further support the broader national information-178
sharing landscape or the “whole of government” approach, as called for in the NSS.179
Table 1. Focus Area I Recommendations
1
Clearly define the roles and responsibilities of DHS offices that engage in private sector
information sharing
2
Establish an intra-DHS Homeland Security Information Network (HSIN) Private Sector
Shared Community to ensure Department-wide transparency and synchronization of
efforts
3 Increase DHS coordination with interagency private sector information-sharing efforts.
4
Formalize a process for including private sector participation in DHS all-hazards
operational planning, exercise, and evaluation activities.
180
Focus Area II – Enhance Strategic Communications Coordination181
Rapid and effective communication with key companies, entities, and organizations in times of182
calm and when responding to crisis requires enhanced, standardized, repeatable, and formal183
communications processes. DHS Headquarters and Operational Components and the National184
Network of Fusion Centers need to understand how and when their colleagues engage with the185
private sector so they can leverage existing communication tools and ensure that relevant, timely,186
accurate, and consistent information is clearly communicated to the intended audience. In187
addition, to improve synergy of effort between internal and external stakeholders, the188
information that each Critical Infrastructure and Key Resources (CIKR) Sector possesses should189
be better shared across sectors. The nature of the global marketplace necessitates that many190
stakeholders operate in multiple sectors as trusted partners and need to collaborate across the191
sector partnership. Improving the synchronization of intra-DHS and cross-sector strategic192
communications will provide stakeholders with access to a greater range of resources and193
information products and add to their abilities to contribute to collective homeland security194
efforts.195
196

7
Table 2. Focus Area II Recommendations
5
Establish a DHS-wide Standard Operating Procedure (SOP) for private sector
communications related to incident management.
6
Develop an ‘education toolkit’ to ensure that public and private sectors can
communicate rapidly and effectively.
7
Evaluate and enhance existing processes and methods of information sharing with
critical infrastructure owners and operators.
8
Enhance cross-sector information visibility and collaboration within the Critical
Infrastructure Key Resources Information Sharing Environment (CIKR ISE).
197
Focus Area III – Strengthen Regionally Focused Information-Sharing Efforts198
Field-level relationships have proven to be a successful means to establish and maintain strong199
partnerships with our private sector partners. DHS must actively support these regional200
information-sharing efforts and ensure that regional- and local-level representatives continue to201
be a viable delivery vehicle and mission advocate for the two-way exchange of information. The202
objective is to jointly construct shared knowledge, context, and mutual understanding, enabling203
unified public and private collaborative action by: (i) improving delivery of regional and local204
threat and risk briefings through formal scheduling, and (ii) developing a headquarters-level,205
cross-cutting analysis effort that prioritizes the information needs of public and private CIKR206
owners and operators and other private sector partners. This will enable field-level207
representatives to more rapidly and consistently provide private sector partners with the208
information they need to help protect their employees, their property, and the national economy209
within the all-hazards framework. When applicable, the National Network of Fusion Centers210
will be leveraged to outreach, disseminate, tailor, and support targeted homeland security211
information related to the private sector.212
Table 3. Focus Area III Recommendations
9
Develop a fusion center Best Practices Guide to provide fusion centers with vetted
models of successful information sharing with private sector partners.
10
Enhance coordination and communication between field-level personnel and regional
and national coordination efforts.
11
Increase critical infrastructure owners and operators and other private sector entities’
awareness of the threats and risks applicable to their region and sector.
12
Expand the Cybersecurity Partner Local Access Plan (CPLAP) pilot program to enable
more classified cybersecurity information sharing and discussions.
213
214

8
Focus Area IV – Enhance Information Sharing and Accountability215
To ensure that the right information is getting to the right people, and that it is having the desired216
impact, DHS must increase accountability of efforts to provide information to private sector217
partners. In order to identify private sector information needs, DHS Headquarters and218
Operational Components and the National Network of Fusion Centers should more actively219
engage private sector partners and solicit feedback on a continuous basis. In addition, to ensure220
sustainable two-way information sharing, DHS should: (i) provide clear guidance to the private221
sector on how to recognize, handle, and share information provided by DHS, and (ii) increase222
educational outreach to assure private sector partners that information provided to DHS will be223
protected from public disclosure or misuse. Finally, DHS must increase private sector awareness224
of how they can participate with DHS in the shared responsibility of homeland security and225
provide expanded opportunities for private sector involvement in existing and maturing DHS226
public-private partnerships activities. This will enable the development of more effective227
processes for information sharing needed to reduce and mitigate risks to the Nation’s critical228
infrastructure and the national economy.229
Table 4. Focus Area IV Recommendations
13
Provide more useful information to the private sector and engage private sector entities
in the Standing Information Needs (SINs) process.
14
Provide clear guidance to the private sector for handling and dissemination For Official
Use Only (FOUO) information or Controlled Unclassified Information (CUI).
15
Increase information to critical infrastructure owners and operators on methods to
become more involved in public-private partnerships.
16
Increase educational outreach to private sector partners regarding Protected Critical
Infrastructure Information (PCII) and Chemical-terrorism Vulnerability Information
(CVI) to ensure partners that information provided to DHS will be protected from public
disclosure or misuse.
230
231
232

9
Attachment A: Recommendation Timelines and Work Plans233
Recommendation #1:234
Clearly define the roles and responsibilities of DHS Headquarters and Operational Components235
that regularly engage in private sector information sharing to ensure coordination of mission and236
to reduce duplication of effort.237
Discussion:238
An organization’s internal and external transparency plays a significant role in any successful239
information-sharing environment. To better form and maintain meaningful and strategic240
partnerships with private sector entities, DHS needs to enhance internal and external241
transparency of existing programs, policies, efforts, and initiatives that relate to the private242
sector. Increased transparency will allow for the: (i) identification of any gaps or unnecessary243
areas of overlap (some overlap/redundancy should and always will exist), (ii) development of244
recommended strategies to strengthen component collaboration in mission-specific areas that245
impact the private sector, and (iii) increased opportunities to leverage existing programs, efforts,246
and partnerships for the benefit of the whole Department.247
Deliverables:248
• A “One DHS” Private Sector Information-Sharing Matrix internal data call that details249
items such as authorities, mission requirements, types of information, stakeholders, and250
capabilities of offices throughout DHS (for internal use only)251
• An options paper to the ISGB, through the ISCC, that provides options to highlight mission252
focus areas, reduce redundancies, close gaps, leverage DHS internal core competencies and253
capabilities, and align resources with respect to private sector communications254
• Drawing from the data gathered from the Task 1 Matrix, the options paper will also255
potentially discuss whether there is a need to develop a shared mission community or a256
long term IPT to enhance transparency on an ongoing basis257
• A “One DHS” Private Sector Information-Sharing Matrix coordinated with the National258
Network of Fusion Centers for distribution to external homeland security stakeholders259
• An updated, more extensive, digitized Private Sector Resources Catalog with a regular260
update mechanism and an office charged with maintaining its currency261
• A list that identifies component program managers with private sector information-sharing262
roles and responsibilities263
• A coordinating mechanism (to be identified in the options paper) that provide forums for264
component representatives to update the larger DHS private sector information-sharing265
community on their efforts266
Component Support Activities:267
DHS Headquarters and Operational Components and the National Network of Fusion Centers268
across DHS have developed processes to improve intra-component transparency in order to269
enhance information sharing with their private sector partners. However, there are very few270
established processes to strengthen collaboration across components, making it difficult to271

10
increase opportunities to leverage existing programs, efforts, and partnerships for the benefit of272
the whole Department and, in the end, for private sector partners.273
Metrics of Success:274
Developing the appropriate performance metrics that capture the intended outcome of a more275
transparent internal effort of private sector engagement requires close analysis of the results of276
the intended internal data call. The intended metrics will be focused on achieving ongoing277
internal coordination and information sharing, not on programmatic impact or effectiveness.278
Metrics will more closely resemble activities such as “participation” in the to-be-determined279
governance mechanism; or “documents/products shared and posted” on the future internal280
Homeland Security Information Network (HSIN) private sector coordination portal.281
Timeline for Completion1
:282
Form the “One DHS” Private Sector Information-Sharing
Working Group and begin development of the matrix for
the data call.
Day 1 – 15
Disseminate the “One DHS” Private Sector Information-
Sharing Matrix that requires input on the mission
requirements, types of information, stakeholders, and
capabilities of offices throughout DHS and send out
through ISCC channels and the Executive Secretariat.
Day 15
Receive input from the matrix data collection effort from
offices throughout DHS.
Day 45
Analyze the data acquired from the matrix and share the
data with the other Tiger Team leads.
Day 45 – 75
Update the Private Sector Resources Catalog using the
matrix and the Executive Secretariat data calls.
Day 60
Develop a list that identifies component program
managers (necessary data gathered from the matrix) with
private sector information-sharing roles and
responsibilities. Require these component
representatives to participate in coordinating mechanisms
to update the larger DHS private sector information-
sharing community on their efforts.
Day 60
Digitize the Private Sector Resources Catalog to increase
the utility and make the information more accessible for
private sector partners.
Day 75
1
Unless indicated otherwise, ‘Day 1’ for all of the following timelines occurs when the Secretary of the Department
of Homeland Security approves this DHS Private Sector Information Sharing Working Plan.

11
Develop a user friendly and accessible Private Sector
Information-Sharing Matrix for distribution to homeland
security stakeholders, both within and external to DHS.
Day 90
Use the data from the matrix to develop an options paper
to the ISGB that provides options to close gaps, leverage
DHS internal core competencies and capabilities, and
align resources.
Day 120
Develop performance metrics that adequately capture,
measure, and encourage accountability of efforts to
increase internal transparency and coordination of private
sector engagement.
Day 135
Solicit feedback from relevant public and private sector
stakeholders on the usefulness of the Private Sector
Information-Sharing Matrix, the Private Sector
Resources Catalog, and other efforts to increase
transparency.
Appropriate targeted times
Brief the ISCC/ISGB on progress of increasing
transparency on a quarterly basis.
As requested
283
Lead Component (Office of Primary Responsibility):284
PSO285
Supporting Components/Subcomponents:286
Office of the Chief Information Officer (OCIO), National Protection and Programs Directorate287
(NPPD), NPPD/IP, NPPD/Office of Cybersecurity and Communications (CS&C), Science and288
Technology Directorate (S&T), U.S. Coast Guard (USCG), Customs and Border Protection289
(CBP), Immigration and Customs Enforcement (ICE), U.S. Citizenship and Immigration290
Services (USCIS), Federal Emergency Management Agency (FEMA), Office of Public Affairs291
(OPA), Office of Intergovernmental Affairs (IGA), Office of Operations Coordination (OPS),292
I&A, FEMA State and Local Program Office (SLPO), Transportation Security Administration293
(TSA), U.S. Secret Service (USSS), Office of Privacy (PRIV), Office for Civil Rights and Civil294
Liberties (CRCL), Office of the General Counsel (OGC)295
296

12
Establish an intra-DHS HSIN Private Sector Shared Community and afford offices throughout298
DHS the opportunity to post communications and information disseminated to the private sector299
to ensure transparency and synchronization.300
Discussion:301
An important aspect of DHS’s ability to successfully collect and disseminate useful and302
actionable information to our private sector partners lies in our ability to coordinate internally.303
The private sector is better able to leverage their capabilities in partnership with DHS if304
opportunities for collaboration and information sharing are better coordinated internally—within305
DHS—before engaging externally with private sector stakeholders. Given the various entities306
housed within DHS, it becomes difficult to track the types and categories of information,307
communications, and activities relevant to private sector engagement that are underway at every308
point throughout DHS. Against this backdrop, there exists a need for an internal HSIN portal309
where all DHS offices and components can openly and freely share information and knowledge310
relevant to enhancing the Department’s partnerships with private sector entities.311
This portal will increase the ability for offices and programs across DHS to share information312
about existing private sector engagement activities in order to (i) allow other programs at DHS to313
gain from stakeholder interactions, (ii) reduce redundancy and gaps in outreach efforts while314
increasing the impact of the efforts, (iii) deliver more effective communications to private sector315
stakeholders, and (iv) establish terms of use that adequately protect civil rights, civil liberties,316
and privacy. Participation and use of the portal by DHS components, offices, and programs317
provides an essential organizing space where DHS can better ensure that barriers to effective318
two-way information sharing and collaboration can be identified, assessed, and mitigated while319
opportunities can be seized in a coordinated manner.320
Deliverables:321
• A list of representatives from all headquarters elements and operational components that322
have private sector information-sharing roles and responsibilities to serve as the323
components’ HSIN Private Sector Shared Community Administrators. Each Administrator324
will ensure that relevant and timely information regarding their respective component’s325
private sector engagement is shared on the portal.326
• A list of personnel from DHS Headquarters and Operational Components that, due to the327
nature of their programs’ engagement with the private sector, would benefit from328
participation in the HSIN portal329
• An SOP for an intra-DHS HSIN Private Sector Shared Community outlining who will330
manage the platform, the taxonomy for what information will be included, portal331
nomination and validation processes to ensure proper membership vetting, the process for332
updating the intra-DHS HSIN Private Sector Shared Community, and metrics that ensure333
participation334

13
• A recommendation for a performance goal requirement for externally focused program335
managers promoting internal collaboration on private sector engagement336
• An operational intra-DHS HSIN Private Sector Shared Community platform337
Headquarters elements and operational components DHS-wide have developed technology339
platforms to improve intra-component transparency and to provide information to their private340
sector partners. However, no platform currently exists to strengthen component collaboration in341
regards to private sector engagement, making it difficult to increase opportunities to leverage342
existing programs, efforts, and partnerships for the benefit of the whole Department.343
• User or membership statistics gathered by the platform itself345
• Level of activity or traffic being passed on the platform (platform administrator will have346
visibility into this)347
• Quantity and quality of discussion generated on platform’s discussion board (number of348
threads, replies, comments)349
• Quantity and quality of application use encountered on platform (document and media350
sharing, Webinars and conference calls originated from platform351
Timeline for Completion:352
Through the ISCC/ISCG, request a representative
from each Headquarters and Operational Component
to serve as the HSIN Administrator for the respective
component.
(Preferably, the representative will have private sector
information-sharing roles and responsibilities.)
Day 1
Form the HSIN Private Sector Shared Community
Working Group.
Day 15
Discuss, gather, and analyze components’
requirements and internal needs.
Discuss portal membership and desired data
management and collaboration tools.
Note: Data collection effort from Rec. 1 will be a
primary source for development of this milestone.
Day 15 – 60
Submit requirements to technical team for portal
development.
Day 60
353

14
Draft process SOPs for the HSIN portal. Day 90
Test the HSIN portal, using the Working Group, to
identify further requirements and necessary
collaboration tools.
Day 105 – 135
Open access to the HSIN portal to previously defined
membership.
Day 135
Provide outreach, education, and training for portal
members.
Develop a performance goal requirement for
externally focused program managers promoting
internal collaboration on private sector engagement.
Day 135 – 165
Brief the ISCC/ISGB on progress of implementation
and use of the portal.
Day 165
Monitor, update, and refine the site. Ongoing process
354
Lead Component:355
PSO356
OCIO, NPPD, NPPD/IP, NPPD/CS&C, S&T, USCG, CBP, USCIS, ICE, FEMA, OPA, OPS,358
I&A, TSA, USSS, PRIV, CRCL, OGC359

15
Increase DHS coordination with interagency private sector information-sharing efforts, such as361
the Overseas Security Advisory Council (OSAC), the Domestic Security Alliance Council362
(DSAC), and InfraGard.363
Discussion:364
Increasing coordination between DHS and interagency private sector information-sharing efforts365
will reduce duplication of effort and enhance two-way, sustainable, and coordinated information366
sharing between the U.S. Government and private sector partners. DHS support for and367
coordination with external information-sharing efforts demonstrates commitment to leveraging368
resources, coordinating messages, and consolidating points of contact for the information needs369
of private sector partners.370
Deliverables:371
• An agreement, jointly signed by DHS and DOJ senior leadership, expressing a shared372
commitment to improved coordination/participation of activities/events between DHS and373
DOJ nationally, regionally, and locally.374
• A Memorandum of Understanding between DHS and OSAC that (i) clarifies information-375
sharing expectations and responsibilities with respect to transnational threats, and (ii)376
identifies the roles and responsibilities of DHS technical advisors to OSAC.377
• An increased amount of I&A products posted to the DSAC and InfraGard portals.378
• Educational briefings on Homeport, Electronic Crimes Task Forces (ECTFs), Financial379
Crimes Task Forces (FCTFs), OSAC, DSAC, and InfraGard programs, resources, and380
capabilities to increase awareness and education for DHS Headquarters and Operational381
Components on existing U.S. Government and private sector partnerships. These briefings382
will allow DHS components to leverage and build upon existing interagency efforts and383
areas of expertise.384
• Educational briefings on sector partnerships, the National Maritime Security Advisory385
Committee (NMSAC), and Area Maritime Security Committees (AMSCs) to increase386
awareness and education of interagency-led programs and personnel on DHS programs and387
capabilities. See above.388
• Re-chartering of the NMSAC (charter expired on September 30, 2010).389
• OSAC is a Federal Advisory Committee with a U.S. Government charter to promote391
security cooperation between American business and private sector interests worldwide and392
the U.S. Department of State. Currently, DHS has four technical advisors assigned to the393
OSAC (TSA, I&A, USSS, USCG).394

16
• The DSAC, (which is not a formal Federal Advisory Committee), was originally395
established by the FBI to provide a strategic partnership between the U.S. Government and396
the U.S. private sector in order to enhance communication and to promote the timely and397
effective exchange of domestic security information. DHS was offered, and I&A accepted,398
a co-chair position in DSAC in June 2010, which is currently filled by I&A’s Deputy399
Under Secretary for Analysis. A revised charter, reflecting the inclusion of DHS and400
emphasizing information sharing and partnership, was drafted and is in review within I&A.401
I&A has had two full-time equivalents embedded in the DSAC Program Office for two402
years.403
• The Public/Private Alliance Unit (PPAU) in the Strategic Outreach and Initiatives Section404
of the FBI’s Cyber Division is responsible for program management of the InfraGard405
program. InfraGard is an association of businesses, academic institutions, State and local406
law enforcement agencies, and other participants dedicated to sharing information and407
intelligence to prevent hostile acts against the United States. The 86 InfraGard chapters408
meet in cities across the United States. Funds provided by NPPD/IP to the FBI were409
dispersed to individual InfraGard Chapters demonstrating the ability to organize and host410
specific activities to implement the National Infrastructure Protection Plan (NIPP) at the411
community level and to expand outreach and communication to a diverse group of critical412
infrastructure owners and operators. I&A sends FBI/PPAU finished intelligence to post to413
the InfraGard portal, participates in InfraGard meetings with private sector partners, briefs414
at the Annual InfraGard Coordinators Conference, and is active in local chapters.415
• NMSAC is a Federal Advisory Committee established under the Maritime Transportation416
Security Act (MTSA) of 2002 and chartered to advise, consult with, and make417
recommendations to the Secretary of Homeland Security, via the Commandant of the Coast418
Guard, on matters affecting national maritime security. To most effectively deal with the419
diversity of complex challenges that maritime security presents, members reflect a cross420
section of maritime industries and port and waterway stakeholders, including but not421
limited to: shippers, carriers, port authorities, and facility operators. At the port level,422
MTSA established AMSCs to provide a vital regional link for contingency planning, and423
development, review, and update of Area Maritime Security Plans (AMSPs). The AMSCs424
serve as discussion forums for maritime security issues and incorporate key port425
stakeholders and maritime industry, as well as Federal, State, and local law enforcement.426
• The USSS currently collaborates with interagency partners, including the Department of427
Treasury, through the 31 ECTFs and 38 FCTFs to include ECTFs in London, England and428
Rome, Italy that bring together not only Federal, State, and local law enforcement, but also429
prosecutors, private industry, and academia. The common purpose is the prevention,430
detection, mitigation, and aggressive investigation of attacks on the Nation’s financial and431
critical infrastructures. The ECTFs also organize and host quarterly meetings and other432
meetings as needed to expand outreach and communication to a diverse group of critical433
infrastructure owners and operators. Critical infrastructure owners and operators within the434
Financial Services Sector are encouraged to partner with the ECTF or FCTF in their region.435
436

17
• Regular senior level (Under Secretary-level) engagement among DHS components and438
leadership of other agency councils439
• Increased amount of DHS analytical products posted to Homeport, DSAC, and InfraGard440
portals441
• Quarterly interaction between DHS personnel at the local and regional levels and442
FBI/InfraGard Coordinators443
• The addition of DHS technical advisors, at the Senior Executive Service level, from other444
components of DHS to OSAC445
• An increased number of completed exchanges, site visits, and mission briefs between DHS446
and OSAC managers and personnel; DHS and DSAC managers and personnel; and DHS447
and InfraGard managers and personnel448
• The continuation of the DHS/FBI Interagency Agreement that outlines a shared449
commitment to sustained and enhanced coordination of educational, information-sharing,450
and outreach efforts with InfraGard451
• Enhanced exchanges with AMSCs on maritime and cross–sector issues including supply452
chain security453
• Increased participation of DOJ and State Department representatives in DHS programs and454
activities (e.g., sector council meetings, joint briefings for the private sector)455
• Re-chartering of NMSAC as a Federal Advisory Committee456
Develop a strategy for DHS participation in, and
support of, interagency councils at the national and
local levels, including an organizational
framework and roles and responsibilities.
Send out for DHS senior leadership approval.
Day 1 – 30
Receive a commitment from I&A to post more
products to DSAC and InfraGard portals.
Day 30
Draft an agreement, to be jointly signed by DHS
and DOJ senior leadership, expressing a shared
commitment to improved
coordination/participation of activities/events
between DHS and DOJ components, nationally,
regionally, and locally.
Day 45
458

18
Draft a Memorandum of Understanding between
DHS and OSAC that (i) clarifies information
sharing expectations and responsibilities with
respect to transnational threats, and (ii) identifies
and expands the roles and responsibilities of DHS
technical advisors to OSAC.
Provide to DHS and Diplomatic Security senior
leadership for signature.
Day 60
Develop educational briefings on Homeport,
OSAC, DSAC, ECTF, FCTF, and InfraGard
programs, resources, and capabilities to increase
awareness/education of DHS headquarters
elements and components on existing U.S.
Government and private sector partnerships.
Provide these briefings to relevant component
representatives throughout DHS.
Day 90 – 135
Develop educational briefings on the Sector
Partnership, NMSAC, and AMSCs to increase
awareness/education of interagency-led programs
and personnel on DHS programs and capabilities.
Provide these briefings to relevant interagency
personnel.
Day 135 – 180
Brief the ISCC/ISGB on progress/success in
increasing DHS coordination with interagency
private sector information-sharing efforts, such as
the OSAC, DSAC, and InfraGard.
Day 180
I&A and NPPD/IP co-lead this recommendation460
PSO, USCIS, USSS, USCG, TSA, CBP, ICE, FEMA, S&T, OGC462
463

19
Describe the process that allows for the inclusion of private sector participation, as appropriate,465
in DHS all-hazards operational planning, exercise, and evaluation activities.466
Discussion:467
Having a process in place to allow and encourage private sector entities to participate in DHS all-468
hazards operational planning, exercises, and evaluation activities is imperative. At the non-469
Federal level, a number of State and local emergency operations centers have engaged the470
private sector in those areas to help maintain operational awareness on issues impacting a speedy471
recovery after a disaster and to more fully align and leverage private sector resources and472
capabilities. Although each DHS component has crucial capabilities and assets for addressing473
the potential crises facing our Nation, the ability to integrate and coordinate our actions with our474
partners across the homeland security enterprise, including private sector entities, is the crucial475
factor for our success. Combining stakeholders’ resources and capabilities ensures that efforts476
are not duplicated, encourages the blending of expertise, and provides another avenue for477
information sharing.478
All-hazards operational plans are the primary tools used to prepare for and address the potential479
crises facing our Nation, and exercises enable the Department to evaluate its capability to480
perform in a threat, event, or incident. The lack of a formal framework and process for including481
the private sector in all-hazards operational planning has diminished the utility of exercises and482
evaluation activities because relevant partners have not been allowed to participate fully in the483
first step of a three-stage process. Several DHS components and program offices have484
successfully included the private sector in all-hazards operational planning, but a lot of this485
inclusion happens on an ad hoc, or as needed, basis. Consequently, there remain numerous gaps486
in the ability for the Department to engage the private sector in regards to all-hazards operational487
planning activities and this has resulted in the inability to fully coordinate, communicate, and488
collaborate with private sector partners during an emergency.489
Deliverables:490
• An informational memo that clearly discusses methods for DHS Headquarters and491
Operational Components to engage the private sector in DHS operational planning,492
exercises, and evaluation activities. This memo will be developed in coordination with the493
Office of the General Counsel (OGC).494
• A formal framework and process for including the private sector in all-hazards operational495
planning that is consistent with the guidelines developed by FEMA Office of Chief496
Counsel (OCC) and DHS OGC. This framework will be developed in coordination with497
relevant public and private sector partners and will describe the process to fully leverage498
and align private sector resources and capabilities by including relevant partners in499
operational planning activities.500
• An action memorandum, codifying the requirements and fundamental roles for the501
establishment of a National Private Sector Working Group for all Tier I and Tier II502
National Exercise Program (NEP) exercise events. This Working Group should include503

20
FEMA National Exercise Division (NED) and Private Sector Division (PSD), NPPD/IP,504
PSO, and representative partners from the private sector. In addition, participation of other505
government partners with private sector relationships (both voluntary and regulatory506
entities) will be considered.507
• A strategic plan, developed by NPPD/IP, to coordinate inclusion of PSO, FEMA PSD,508
Office of the Director of National Intelligence Private Sector Office (ODNI PSO), Sector-509
Specific Agencies (SSAs), and other private sector stakeholders in efforts to plan, execute,510
and evaluate NIPP partnership exercises at an agreed-to frequency.511
• A framework for developing a coordinated approach between DHS, DoD, and other512
relevant agencies to increase private sector participation in planning, exercises, and513
evaluation activities. This framework will be developed using existing coordination514
mechanisms, including After-Action conferences, to capture the lessons learned from past515
disasters to inform future U.S. Government efforts to more effectively align and leverage516
private sector resources and capabilities.517
• A lessons learned/best practices guide, developed in coordination with public and private518
sector partners that have previously contributed to DHS all-hazards planning efforts and519
exercises, to inform future efforts to better align public and private sector resources and520
capabilities.521
• An action memo that develops a requirement for DHS Headquarters and Operational522
Components to submit a document every quarter that highlights private sector engagement523
in their respective component-sponsored operational planning, exercises, and evaluation524
activities.525
• Briefings, provided to relevant private sector partners, to educate on the process to become526
involved with DHS all-hazards operational planning, exercise, and evaluation activities and527
to encourage increased participation.528
Since the 2007 Top Officials 4 exercise, NPPD/IP, PSO, and FEMA PSD have worked together530
to integrate the critical infrastructure private sector community as an extension of the NIPP531
framework. Private sector integration has increased in subsequent exercises, and increased532
coordination has also been taking place among NPPD/IP, PSO, FEMA PSD, and FEMA NED, as533
well as DHS, other SSAs, and other key stakeholders (ODNI, the Department of State (OSAC534
and Consular Affairs), the FBI, and others) through integrated National Level and Sector-535
Specific Exercises.536
FEMA is currently engaging the private sector in numerous ways to include having them537
participate in internal disaster planning exercises called Thunderbolts. Thunderbolt planning538
exercises are intended to test readiness and discover areas where improvement is needed.539
Exercises, especially no-notice exercises such as Thunderbolt, give FEMA the opportunity to540
identify shortfalls and work toward a more effective and efficient delivery of services during541
actual emergency and disaster events. Exercises such as these could be implemented DHS-wide542
to include all components along with the private sector. FEMA is also working with PSO and543

21
NPPD/IP to establish a more defined channel of communication between the private sector and544
DHS on retail operational status reports during disasters. In addition, the Agency is working to545
bring in the actual private sector in the National Response Coordination Center in the coming546
months. All of these initiatives will improve information sharing between DHS and the private547
sector. FEMA can provide substantive information on these initiatives to support an action548
memorandum.549
FEMA NED, NPPD/IP, PSO, and FEMA PSD have improved the coordination and unity of550
efforts for private sector integration and coordination into National Level Exercises (NLEs).551
There have been considerable voluntary improvements to the process, outreach, and support of552
private sector partners in the NLEs, through close government and industry collaboration and553
leveraging of existing partnerships and relationships. NLE 11 has brought these stakeholders554
into the closest working relationship of any NLE to date and elevated the integration and555
coordination of the private sector into the annual Tier I exercise. Lessons learned and best556
practices from NLE 11 collaboration should be deliberately developed and documented and used557
as a basis to inform the development of the recommended deliverables noted above.558
Further, through the SSAs and their private sector Sector Coordinating Councils (SCCs),559
NPPD/IP has been executing sector- or subsector-level exercises focused on improving the560
information-sharing processes and coordination between government and industry, at all levels,561
among one another and within their respective communities. This effort began with the Retail562
and Lodging Subsectors exercise in December 2009 and has continued through exercises with563
the professional sports leagues, the food service industry, the real estate community, and the oil564
and natural gas community. Related efforts have also included the development of exercise565
materials for the Chemical Sector and the Dams Sector through the NPPD/IP Sector-Specific566
Tabletop Exercise Program. These efforts are planned to continue and NPPD/IP is currently567
planning similar efforts for Fiscal Year 2011. These exercises have been planned and executed568
with PSO, FEMA PSD, the SSAs, critical infrastructure private sector partners and other569
pertinent government partners at the Federal, State, and local levels. Additionally,570
NPPD/CS&C, through the Cyber Exercise Program, executes the Cyber Storm national exercise571
on a bi-annual basis. CEP also works with Federal, State, local, international, and private sector572
partners to design regional, sector-specific, and table top exercises.573
The metrics of success will be shown in the increased participation captured by a quarterly575
memo from DHS components highlighting private sector engagement in operational planning,576
exercises, and evaluation activities.577
578
Establish a Working Group (including Tiger Team
participants and other relevant representatives from
DHS Headquarters and Operational Components).
Day 1
Complete an informational memo that clearly
discusses methods for DHS Headquarters and
Operational Components to engage the private sector
Day 30

22
in DHS operational planning, exercises, and
evaluation activities. This memo will be developed in
coordination with OGC.
Develop a lessons learned/best practices guide, in
coordination with public and private sector partners
that have previously contributed to DHS all-hazards
planning efforts and exercises, to inform future efforts
to better align public and private sector resources and
capabilities
Day 60
Develop a formal framework and process for
including the private sector in all-hazards operational
planning that is consistent with the guidelines
developed by OGC. This framework will be
developed in coordination with relevant public and
private sector partners, as appropriate, and will
describe the process to fully leverage and align private
sector resources and capabilities through including
relevant partners in planning activities.
Day 90
Develop an action memorandum, codifying the
requirements and fundamental role for the
establishment of a National Private Sector Working
Group for all Level I and Level II NEP exercise
events. This Working Group should include FEMA
NED, NPPD/IP, PSO, FEMA PSD, and representative
partners from the private sector, as appropriate. I n
addition, participation of other government partners
with private sector relationships (both voluntary and
regulatory entities) will be considered.
Day 105
Complete strategic plan, developed by NPPD/IP, to
coordinate inclusion of PSO, FEMA PSD, ODNI
PSO, SSAs, and other private sector stakeholders in
efforts to plan, execute, and evaluate NIPP partnership
exercises at an agreed-to frequency.
Day 120
Create framework for developing a coordinated
approach between DHS, DoD, and other relevant
agencies to increase private sector participation in
planning, exercises, and evaluation activities. This
framework will be developed using existing
coordination mechanisms, including After-Action
conferences, to capture the lessons learned from past
disasters to inform future U.S. Government efforts to
more effectively align and leverage private sector
resources and capabilities.
Day 135

23
Brief relevant private sector partners to educate on the
process to become involved with DHS all-hazards
operational planning, exercise, and evaluation
activities and to encourage increased participation.
Day 135 – 180
Brief the ISCC and ISGB on progress of
implementation and discuss methods to address
remaining gaps.
Day 180
Track the progress of implementation through
reviewing the quarterly document submitted by
components that highlights private sector engagement
in their respective component-sponsored operational
planning, exercises, and evaluation activities.
Ongoing
580
National Protection and Programs Directorate (NPPD) NPPD/Office of Infrastructure Protection582
(IP), Private Sector Office (PSO), and FEMA/NED583
TSA, OPS, NPPD, PSO, FEMA/PSD, I&A, OGC585
Sector-Specific Exercises: NPPD/IP, PSO, FEMA PSD586
587
588

24
Develop an incident communications SOP that outlines existing DHS capabilities, methods,590
target audiences, and purposes for communicating with various private sector stakeholders591
during incidents.592
Recommendation #5 proposes to establish a DHS-wide SOP that documents processes and tools593
used by public affairs and operational components to communicate with the private sector during594
incident management.595
To implement this recommendation, questions included in the Department-wide data call will be596
designed to gather information from all components on the processes used for communicating597
with the private sector via online tools; informal and formal phone calls and email distributions598
sent to specific stakeholder lists; and live interactions. Questions will also seek information on599
how and when these communications take place. Examples we expect to document600
include portals on HSIN; CBP’s Automated Commercial Environment Cargo Systems601
Messaging Service; TSA communication with various transportation industries; and a DHS602
Office of Public Affairs Private Sector Incident Communications Conference Line distribution603
list consisting of corporate communicators. In addition, there are many other program-specific604
alerts, stakeholder calls, and other conduits for communication and information sharing.605
Discussion:606
Overview:607
The hazards that threaten the United States and its private sector interests encompass everything608
from severe weather, pandemic health issues, illicit narcotics, geological and other natural events609
that impact entire communities to human-caused accidents or attacks that target specific610
infrastructure systems, processes, and people.611
Depending on variables such as the size, type, potential impact, and location of an incident, DHS612
and its components work with private sector stakeholders spanning large and small business,613
industry, critical infrastructure, voluntary, non-profit, faith-based, academic, think tank, and614
other non-governmental organizations or their association representatives.615
Current Situation:616
Numerous communication mechanisms with varying levels of security currently exist in617
programs across the Department, for both day-to-day and incident-specific communications.618
To ensure appropriate actions are taken and to minimize the possibility of confusion among619
internal and external stakeholders, there should be a DHS-wide SOP clearly laying out how,620
when, and with whom DHS communicates during incidents. This SOP is not intended to change621
existing tools and processes, but rather to improve coordination, transparency, and efficiency.622
The Emergency Support Function (ESF) 15 SOP, which was released in 2009, contains an623
updated private sector external communications section which provides the current basis for624
Federal incident communications with the private sector during incidents. This ESF 15 SOP for625

25
private sector communications will be enhanced by additional detail and guidance developed for626
the ISCC program SOP.627
The Requirement:628
During an incident, information is one of the most critical requirements for prompt, successful629
response and recovery. Specifically, this information must be clearly communicated to its630
intended audience, and it must be relevant, accurate and consistent with other messages on the631
issue.632
This SOP focuses on private sector stakeholders that DHS components work with on a regular or633
intermittent basis, rather than general public messaging provided through the media and other634
open sources.635
DHS components need to understand how and when their colleagues reach out to the private636
sector before/during/after incidents so they can leverage existing communication tools as needed637
and reduce the likelihood of similar communications going to the same recipients from different638
programs.639
Moreover, when various outreach efforts do impact the same recipients, it is crucial that the640
messaging be consistent. This increased internal coordination and transparency will increase641
stakeholder confidence and Department credibility as a unified team.642
Deliverables:643
• A DHS-wide private sector communications SOP that will make it easier for internal and644
private sector stakeholders to navigate the many methods the Department uses to send and645
receive information related to the private sector646
• Concurrent updates to the National Response Framework ESF 15 (External Affairs) SOP647
for the private sector to reflect any changes or new information resulting from the SOP648
development649
650
• Provide staff for Working Group and information for data calls.652
• Provide access to current tools and stakeholder lists for review by implementation team.653
654
• Readily measurable outreach for each incident, by stakeholder group, measured after each656
incident657
• Enhanced situational awareness, measured by the addition of relevant information in658
National Operations Center (NOC) and National Response Coordination Center (NRCC)659
situation reports from non-traditional sources660
• Ability to share information in real time (long-term goal)661

26
• Transparency and easier navigation of DHS tools and processes for communication with662
the private sector, measured by formal and informal feedback from internal and private663
sector stakeholders664
• Synchronized messaging and ability to leverage existing delivery systems, measured by665
increased component coordination666
• Greater stakeholder comprehension and participation (long-term measurement)667
Identify Working Group chair(s) and members Day 1
Establish and charter Working Group Day 1 – 15
Develop data call questions Day 15 – 30
Provide informational update to all DHS, with
consolidated data call for existing information-sharing
tools and mechanisms
Send request for stakeholder feedback to current DHS
private sector stakeholders
Day 30
Complete review of the data call Day 90
Review, concurrently, ESF 15 and the current SOP for
incident communications
Day 90
Develop a summary of findings Day 120
Brief DHS internal and external stakeholder
components to socialize concept, alert them to coming
change, and gain buy in
Day 125
Begin drafting SOP and/or update ESF 15 private
sector SOP, based on findings
Day 125
Update or send a reminder communication to DHS
internal and external stakeholders
Day 130
Draft SOP for review by DHS components through
the Executive Secretariat
Day 175
Comment on draft SOP to Working Group Day 205
Adjudicate draft comments, to be completed by
Working Group.
Day 235
Revise SOP for routing through leadership via the
Executive Secretariat
Day 245
669

27
Send overview highlighting key changes to the ESF
15 SOP for private sector to DHS internal
stakeholders.
Send highlights of the new DHS-wide private sector
communication SOP to all internal stakeholders.
Day 255
Brief final SOP to ISCC and ISGB. Day 265
Disseminate directive on SOP/Updated ESF 15 DHS-
wide.
Day 270
Post new SOP to www.DHS.gov and communicate to
all stakeholders.
Day 285
Post updated ESF 15 Private Sector SOP to
www.fema.gov/nrf
Day 285
Roll out new SOP to private sector stakeholders, with
support from Public Affairs on the rollout plan.
Day 285
670
Office of Policy672
673
CBP, PSO, FEMA/External Affairs, I&A, ICE, IGA, NPPD/IP, NPPD/CS&C, OPA, OPS, TSA,675
USCG, OGC676
677
678

28
Develop an “education toolkit” for private sector stakeholders to ensure that public and private680
sectors can communicate rapidly and effectively during emerging situations.681
Discussion:682
The toolkit would include DHS component resources and contact information specifically for683
emerging situations.684
In emerging situations that threaten the United States, DHS works closely as a team with private685
sector organizations to achieve the most effective protection and response.686
DHS can strengthen the team by publishing a clear and concise toolkit and contact list guiding687
private sector organizations on contacting or teaming with DHS in emerging situations. This688
toolkit will help private sector organizations understand the DHS approach to and appropriate689
contacts for emerging situations.690
Deliverables:691
A toolkit or fact sheet listing all publicly provided resources that DHS can make available to692
private sector partners in emerging situations and a list of DHS entities, and/or private sector693
groups representing DHS, to contact will be developed and published. This toolkit could be694
compiled largely by pulling relevant information from DHS’s Private Sector Resources Catalog695
and by using relevant contact information currently published on DHS.gov and component Web696
sites.697
DHS Headquarters and Operational Components would contribute to the compiling and editing699
of the toolkit. Components with a stake or equity in this product include FEMA, U.S.700
Citizenship and Immigration Services (USCIS), DHS Office of Public Affairs (OPA),701
Transportation Security Administration (TSA), Customs and Border Patrol (CBP), NPPD CS&C,702
and the United States Secret Service (USSS).703
DHS may track the following:705
• Number of requests for the toolkit706
• Number of toolkits distributed707
• Traffic to links and emails generated by the toolkit708
• Calls/requests for information generated by the toolkit709
• Feedback through customer surveys and direct inquiry710
• Case studies and success stories where available711

29
Develop draft of the toolkit, using the data from the
‘One DHS Private Sector Information-Sharing Matrix’
(see deliverable #1).
Day 1 – Day 30 (Day 1 begins after the
data has been received from the ‘One
DHS Private Sector Information-
Sharing Matrix’)
Submit toolkit to internal DHS stakeholders for review
and comments.
Day 30
Make edits and incorporate recommended changes. Day 30 – 60
Publish toolkit. Day 75
Place a version of the toolkit on DHS.gov and
Ready.gov; DHS Headquarters and Operational
Components will distribute toolkits to their respective
stakeholders.
Day 75 – Ongoing
Private Sector Office714
CBP, OPA, NPPD/IP/NICC, PLCY, FEMA/NCP, FEMA/External Affairs, NPPD/CS&C, TSA,716
USCIS, USSS, PSO, OGC717
718

30
Evaluate existing processes and methods for information sharing with critical infrastructure720
owners and operators and develop and implement enhancements for broader sector penetration.721
Discussion:722
Improving the ability to communicate and share information with critical infrastructure owners723
and operators is essential in enhancing the security and resilience of these vital assets, systems,724
and networks. These communications include day-to-day information exchanges, distributions725
of threat and warning information, and incident management-related activities.726
Improved processes are needed to properly share with those who have a need to know at the727
owner/operator level. Improving the effectiveness and efficacy of existing sector information728
sharing-mechanisms is central to this recommendation. New and improved information-sharing729
efforts, tools, and processes—including fusion centers, Homeland Security Information730
Network-Critical Sectors (HSIN-CS), and the Protective Security Advisor (PSA) Program—offer731
opportunities that should be leveraged. Existing DHS Headquarters and Operational Component732
activities for sharing information with critical infrastructure owners and operators should be733
synchronized to eliminate gaps and redundancies to improve synergy of effort as needed. New734
processes, tools, and methods should be considered.735
NPPD/IP, as the manager for the NIPP partnership, is responsible for ensuring effective736
communication and information sharing to CIKR Sector partners.737
Deliverables:738
• Formation of working group to perform the actions required to fulfill this recommendation739
• A map of current activities, methods, and processes across the DHS enterprise to740
communicate and share information with critical infrastructure owners and operators741
• An evaluation and gap analysis of the ability of current capabilities to reach critical742
infrastructure stakeholders, with a focus on owners and operators743
• Recommendations for modifications to improve existing activities, methods, and processes744
to communicate and share information with critical infrastructure owners and operators745
• Development of new activities, methods, processes, and tools for communicating and746
sharing information with critical infrastructure owners and operators747
• Develop an enhanced communication strategy that incorporates requirements of all DHS748
components with equities in information sharing with CIKR stakeholders. This framework749
will illustrate to all components the processes for providing agile, flexible information750
sharing across the critical infrastructure enterprise and enable tailored information sharing,751
as appropriate, for specific Sectors, regions, and types of contacts.752
753
754

31
NPPD/IP has a core mission to enhance protection of critical infrastructure. DHS entities756
including NPPD/IP, NPPD/CS&C, TSA, and USCG have responsibilities as SSAs for CIKR757
Sectors under the NIPP. These components have developed and implemented processes¸758
procedures, and tools for information sharing with stakeholders. Other DHS entities including759
FEMA, I&A, USSS, and the PSO have responsibilities and requirements for information sharing760
with various critical infrastructure stakeholders. Information-sharing processes of the non-DHS761
SSAs must also be included in this effort. Communication with the critical infrastructure762
stakeholder community must be consistent with the sector partnership framework of the NIPP.763
DHS components have made significant progress in establishing points of contact and building764
relationships throughout the critical infrastructure community. Many of the ongoing activities,765
processes, and messaging are tailored to specific audiences. Efforts to improve information766
sharing must recognize—and not impede—the mission requirements of DHS components to767
swiftly communicate with their stakeholders. Improvements should enhance the ability to768
expand the reach of information sharing to a wider audience of critical infrastructure owners and769
operators, as appropriate for each situation.770
The working group requires participation by the DHS components that serve as SSAs. In771
addition, the working group will identify complementary activities in other DHS components772
that intersect or support critical infrastructure owner/operator focused efforts in order to come to773
an agreement on coordinated mechanisms and structures to share information with the private774
sector.775
• Full participation of all applicable DHS components with critical infrastructure777
information-sharing equities, to include all components serving as SSAs778
• Expanded usage of existing tools and membership of HSIN-CS against baseline779
• Expanded participation in sector partnership activities against baseline780
• User feedback on functionality and usefulness of processes and systems781
Establish working group Day 1
Develop project plan Day 1 – 30
Map current activities, analyze gaps, and provide
recommendations for improvement
Day 45 – 75 (if resources provided)
Develop enhanced strategy and associated framework Day 105
Develop enhanced communications processes (as
needed)
Day 135

32
Implement enhanced communications processes Day 195
National Protection and Programs Directorate/Office of Infrastructure Protection784
TSA, USCG, NPPD/CS&C, FEMA, I&A, PSO, USSS, S&T, OGC786
787
788

33
Address policy and procedural issues with the CIKR ISE to enhance cross-sector information790
visibility and collaboration through the recommendations acquired by the partnership.791
Discussion:792
Increased cross-sector visibility and collaboration among the CIKR Sectors depends on public793
and private stakeholders within each of the sectors first mastering intra-sector information-794
sharing processes. Once stakeholders have developed competency with internal795
communications, current information-sharing processes can be assessed and cross-sector796
connections fostered.797
Each CIKR Sector has information that would strengthen national security if shared across798
sectors among a broader base of trusted public and private sector stakeholders. Improving cross-799
sector collaboration and information sharing is especially important at a regional level, as it will800
provide stakeholders with access to a greater range of resources and information products. It will801
also help limit duplication of critical infrastructure protection efforts across sectors and across802
Federal and regional levels.803
To enhance cross-sector communication among public and private stakeholders within sectors804
that have reached an adequate internal information-sharing level of maturity, standardized805
processes and procedures within each sector must be evaluated against those of other sectors806
targeted for cross-sector information sharing. Through this comparison, cross-sector807
requirements will become easily defined, reducing redundant private sector engagement work808
and policy ambiguity. The resulting behavioral consistencies will enhance predictability809
between CIKR Sectors and smooth the progress of collaboration efforts regardless of the level of810
operation (Federal, State, regional, and local) and specific information-sharing environment811
being used.812
The group will work with existing sanctioned governance authorities to get recommendations,813
obtain information, and implement solutions. Authorities include Sector Coordinating Council814
(SCCs), Government Coordinating Council (GCCs), the Federal Senior Leadership Council815
(FSLC), and the sanctioned Cross-Sector Leadership Council.816
Deliverables (all documents will be coordinated among DHS components, allowing for817
private sector input):818
• Develop a method with the CIKR ISE to improve existing cross-sector tools and policies819
for enhancing cross-sector visibility and collaboration—this update must be leveraged820
through the sector partnership.821
• Provide best practice guidance for sectors to use when reaching out to other sectors on a822
national level. This could include how to make sure the right point of contact is tapped,823
how one sector can demonstrate the value of their information products to another, how the824
process can be accomplished expeditiously, and Memorandum of Understanding templates.825
It could be based on specific tools available through shared use of a single platform (i.e.826
HSIN-CS), or it could have application in other channels (personal networks, industry827

34
forums, etc). The guidance will need to account for the fact that not all sectors have elected828
to use HSIN-CS for their information-sharing needs.829
• Assess current procedures that would relate to information sharing.831
• Assess the need for policy, or amendments to existing policy, if applicable, including832
definitions for handling Sensitive But Unclassifed (SBU) including FOUO, information833
with and among private sector stakeholders.834
• Recommendation # 14 addresses the need for clear guidance regarding the handling and835
dissemination of SBU, including FOUO. Resulting guidelines must be disseminated to836
private sector stakeholders via methods proposed by the Recommendation #14837
implementation plan, consistent with forthcoming Executive- and Department-level838
guidance implementing Executive Order 13556 of November 4, 2010, to ensure the839
security of information shared across sectors.840
• Develop a procedural document (e.g., a Concept of Operations) to accomplish the841
recommendation and ensure that information is shared across CIKR Sectors without842
violating trust or protocols. Public and private leadership within all 18 sectors must define843
key areas in which improved information is required, what other sectors can provide that844
information, and how that information can improve critical infrastructure protection efforts.845
• Positive user feedback regarding functionality and usefulness of cross-sector information-847
sharing efforts.848
• Usage of the processes and procedures, including technology systems, to facilitate the849
exchange of information that enables informed decision-making.850
• The timeline will be based on the Tiger Team’s determination as to whether the852
recommendation should be addressed at a national or regional level. The following853
timeline is based on a national-level recommendation.854
Mobilize cross-sector initiative working group:
• Identify the appropriate public and
private representatives of CIKR Sectors.
• Educate public and private components
of CIKR Sectors (using Information-
Sharing Working Groups, where
possible) about DHS cross-sector
communication initiative.
Day 1 – 60

35
Determine Process of Engagement:
• Identify and assess current cross-sector
information sharing policies and
procedures, tools, metrics and
stakeholder relations.
• Create a summary of findings for
individual sector maturity levels,
capacity, and interest for cross-sector
communication.
• Brief DHS internal and external
stakeholder components to socialize
concept, alert them to coming change,
and gain buy in.
Day 60 – 90
Develop Engagement Plan:
• Develop draft engagement plan and
distribute for review by DHS
components.
• Comments on draft engagement plan are
due to working group.
• Adjudication of comments by working
group.
• Revise engagement plan.
• Submit revised plan to leadership for
review, via the Executive Secretariat.
Day 90 – 120
Brief ISCC and ISGB. Day 160
Approve final implementation plan. Day 175
855
National Protection and Programs Directorate, Office of Infrastructure Protection857
All DHS Headquarters and Operational Components859
860

36
Develop a fusion center Best Practices Guide to provide fusion centers with a number of vetted862
models that have been successful in meeting baseline capability requirements for information863
sharing with critical infrastructure owners and operators and other private sector partners.864
Discussion:865
Numerous national-level policies, including the National Strategy for Information Sharing and866
the National Infrastructure Protection Plan, recognize the important role that public-private867
partnerships play in overarching national efforts to protect and secure the homeland. DHS, as868
the lead Federal agency responsible for planning and managing private sector outreach and869
engagement related to infrastructure protection and resilience, as well as the lead for870
coordinating all Federal interaction with State and major urban area fusion centers, is well-871
positioned to lead efforts to bridge the information-sharing gap between the private sector and872
State and major urban area fusion centers. In addition, developing a fusion center Best Practices873
Guide for critical infrastructure and private sector engagement, is a natural extension of existing874
departmental priorities related to the Nationwide Suspicious Activity Report (SAR) Initiative and875
the “See Something, Say Something” campaign, as well as ongoing efforts to develop fusion876
center guidance through the Critical Infrastructure and Key Resources Capabilities for Fusion877
Center Appendix to the Baseline Capabilities for State and Major Urban Area Fusion Centers.878
DHS will leverage, tie together, and build upon all of these efforts as it works toward879
development of the Best Practices Guide.880
Deliverables:881
Produce a Best Practices Guide for fusion center information sharing with critical infrastructure882
owners and operators and other private sector partners.883
I&A, State and Local Program Office (SLPO), as the lead for managing both departmental and885
overall Federal coordination and interaction with State and major urban area fusion centers, will886
oversee the development of the Best Practices Guide.887
I&A/SLPO will oversee engagement with State and major urban area fusion centers to research,888
survey, and collect best practice examples for inclusion in the Guide.889
I&A/SLPO will leverage the Federal Emergency Management Agency (FEMA) to identify best890
practice examples given previous, current, and ongoing FEMA efforts to capture data to measure891
the effectiveness of technical assistance and grant funding.892
I&A/SLPO will engage directly and extensively with NPPD/IP to capture best practices. FEMA,893
through the joint DHS/Department of Justice Fusion Process Technical Assistance Program, and894
in coordination with NPPD/IP and I&A, has conducted outreach, research, and product895
development of a guidebook similar to the one called for by this recommendation. Leveraging896
that work will speed the timeline for completion of the Guide. I&A/SLPO will also engage with897
the NPPD/IP PCII Program Office to ensure that best practices examples and implementation898

37
properly account for PCII regulations regarding the proper management and safekeeping of899
private sector information.900
I&A/SLPO and NPPD/IP will engage the Regional Consortium Coordinating Council; the State,901
Local, Tribal, Territorial Government Coordinating Council (SLTTGCC); FBI’s InfraGard902
National Program Office; and private sector stakeholders as appropriate to capture their input903
and best practices.904
I&A/SLPO will engage with DHS components currently supporting the Nationwide SAR905
Initiative (NSI) to determine how NSI plans and activities related to fusion centers and private906
sector partners can be integrated in the Guidebook.907
I&A/SLPO will engage directly with the DHS Privacy Office (Privacy), the Office for Civil908
Rights and Civil Liberties (CRCL), and the Office of General Counsel (OGC) to ensure that best909
practices included in the Guide properly account for private sector privacy, civil rights and civil910
liberties, and other legal concerns and are consistent with DHS and fusion center privacy, civil911
rights and civil liberties, and legal policies and guidelines. I&A/SLPO understands that there is912
an interagency effort in development to address the unique issues inherent in extending the913
requirements in the Information Sharing Environment’s Privacy Guidelines (which includes civil914
rights, civil liberties and other legal issues) to the Private Sector. I&A/SLPO will work with915
CRCL, Privacy, and OGC to ensure implementation of any best practices or other guidance that916
result from those efforts.917
I&A/SLPO will engage TSA to enhance coordination with TSA’s Field Intelligence Officers and918
discuss best practices and lessons learned in building regional- and local-level partnerships with919
private sector entities.920
I&A/SLPO will engage USCG to better understand best practices learned through interaction921
with ports and other private sector maritime partners under the auspices of the Port Security922
Grant Program and other USCG maritime safety, security, and regulatory responsibilities.923
I&A/SLPO will engage with other DHS components as appropriate to gather insights and924
examples of successful private sector coordination and information-sharing activities.925
Process/Policy Metrics927
• Progress towards completion of the Best Practices Guide (measured as a percentage928
completed over time)929
• Number of CIKR and private sector information-sharing best practices implemented at930
fusion centers and reflected in fusion center policy or standard operating procedures931
(measured in increase over time across the National Network of Fusion Centers)932
933
934

38
Transactional Metrics935
• Increase in the number of threat briefings to the private sector (measured in number of936
individuals, companies, sectors briefed)937
• Increase in the amount of positive feedback from private sector partners resulting from938
information sharing between private sector and State and major urban area fusion centers939
(measured in number of comments received and increases over time)940
• Increase in the number of individual reports shared with private sector partners (measured941
as an increase in reports over time)942
• Increase in the number of suspicious activity reports generated by the private sector943
(measured in numerical values)944
• Increase in the number of suspicious activity reports generated by the private sector that945
lead to the opening of investigations (measured in numerical values and in percentage946
increase over time)947
Outcome Metric948
• Increase in the number of investigations started as a result of private sector reporting that949
result in thwarted crimes or attacks (measured as an increase over time)950
Conduct research and gather existing data and
materials from FEMA, I&A, and NPPD/IP on
fusion center best practices for private sector
and critical infrastructure owner/operator
engagement.
Ongoing
Conduct limited outreach to State and major
urban area fusion centers, through I&A/SLPO,
to conduct interviews and data gathering on
best practices for private sector and critical
infrastructure owner/operator engagement.
Ongoing
Develop first draft of Best Practices Guide. Day 1 – 15
Staff first draft of Guide among internal DHS
stakeholders for review and comments.
Day 15 – 30
Make edits and incorporate recommended
changes.
Day 30 – 45
Staff second draft of Guide among internal
DHS stakeholders, State and major urban area
fusion centers, and private sector and critical
infrastructure stakeholders.
Day 45 – 75

39
Make edits and incorporate recommended
changes.
Day 75 – 90
Develop strategic communications and
marketing plan, including technical assistance
implementation options, to familiarize
stakeholders with the Guide.
Day 90 – 105
Distribute Guide and begin executing
marketing plan and providing technical
assistance.
Day 130
Track progress of technical assistance and best
practice implementation.
Day 130 – 190
Brief Information-Sharing Coordinating
Council, Information-Sharing Governance
Board, Homeland Security Information Center,
NSI Program Management Office, Criminal
Intelligence Coordinating Council, National
Fusion Center Association, and Information
Sharing and Access Interagency Policy
Committee on implementation results.
Day 190
952
I&A, I&A/SLPO954
Supporting Components:955
NPPD/IP, NPPD/CS&C, FEMA, PSO, TSA, USCG, PRIV, CRCL, OGC956
957

40
Build on existing relationships through field-level personnel, including I&A Fusion Center959
Intelligence Officers, NPPD/Infrastructure Security Specialists, and FEMA Regional960
Representatives to connect local-level groups with regional and national coordination efforts.961
Discussion:962
Numerous national-level policies, including the NIPP, recognize the important role that DHS field-963
level personnel play in building and maintaining relationships such that local-level groups remain964
engaged and active with regional and national coordination efforts. The goal described in965
Recommendation #10 can be achieved based on the following initiatives, which are currently966
underway:967
• Executing the planned deployment of Protection Security Specialists (ISS) to fusion centers968
nationwide969
• Establishing working relationships and communication protocols between local fusion970
centers, I&A fusion center Intelligence Officers, NPPD/IP PSAs, and FEMA’s Federal971
Preparedness Coordinators972
• Enhancing NPPD/IP regional capacity by placing additional PSAs in regions with973
significant concentrations of assets in high-consequence CIKR Sectors974
• Creating a new, permanent, full-time position in each of FEMA’s 10 regional Offices of975
External Affairs to focus on private sector and tribal engagement (a combined position)976
• Developing methods to enhance engagement between I&A’s fusion center analysts,977
NPPD/Infrastructure Analysts, FEMA’s FPCs, and all other DHS field-level personnel978
including, but not limited to, TSA’s Field Intelligence Officers, representatives from the979
United States Secret Service’s Electronic Crimes Task Forces, and USCG’s AMSC980
NPPD/IP is dedicated to supporting the national network of fusion centers, in coordination with I&A,981
the Department lead for fusion center integration. As part of this coordination with I&A, NPPD/IP is982
in the beginning stages of planning the deployment of ISSs to State and major urban area fusion983
centers throughout the country. The ISSs will serve as important resources in the exchange of984
information between Federal, State, and local government entities; critical infrastructure owners and985
operators; and private sector partners. Incorporating critical infrastructure subject matter expertise into986
the intelligence fusion process will improve two-way communication by facilitating timely incident987
response and reconstitution efforts as well as enable fusion centers to better analyze risks, trends, and988
targets in light of current intelligence information within an all-crimes and an all-hazards environment.989
One of the most important benefits of this process will be to alert critical infrastructure owners and990
operators of impending attacks and assist them in effort s to prevent, interdict, mitigate, or harden991
targets against probable attack methods.992
NPPD/IP’s PSA Program is also establishing regional ties with FEMA’s FPCs through FEMA’s993
Office of Preparedness Integration and Coordination (OPIC). As part of FEMA’s “Regional994
Empowerment” principle and the “One IP” and “One DHS” concepts, the 10 regional FPCs, working995

DHS Private Sector Information Sharing Plan

DHS Private Sector Information Sharing Plan

Recommandé

Recommandé

Contenu connexe

Similaire à DHS Private Sector Information Sharing Plan

Similaire à DHS Private Sector Information Sharing Plan (20)

Plus de DeepDude

Plus de DeepDude (20)

DHS Private Sector Information Sharing Plan