Presidential Policy Directive on Critical Infrastructure Security and Resilience

The Presidential Policy Directive, PPD-21, released on February 12 supersedes the 2003 Homeland Security Presidential Directive (PPD-7). The intent of the Directive is to provide an “all hazards” approach to the risks facing critical infrastructure.

PPD-21 directs and encourages the participation of critical infrastructure owners and operators.

Department of Homeland Security (DHS)
The DHS has primary responsible for maintaining national critical infrastructure centers for situational awareness, coordinating Federal Government response to significant cyber or physical incidents and reporting annually on the status.

DHS will coordinate with sector specific agencies to:

  • Identify and prioritize critical infrastructure
  • Provide analysis, expertise and other technical assistance to critical infrastructure
  • Conduct comprehensive assessments of vulnerabilities
  • Map and sort critical infrastructure.

DHS will support the law enforcement agencies to investigate and prosecute threats.

In addition, DHS will run two national critical infrastructure centers. One will focus on cyber threats and the other will be on physical threats. They will be integrated and will perform analysis and situational awareness.
Sector Specific Agencies (SSAs)

The following are the SSAs:

  • Chemical : Department of Homeland Security
  • Commercial Facilities : Department of Homeland Security
  • Communications : Department of Homeland Security
  • Critical Manufacturing : Department of Homeland Security
  • Dams : Department of Homeland Security
  • Defense Industrial Base : Department of Defense
  • Emergency Services : Department of Homeland Security
  • Energy : Department of Energy
  • Financial Services : Department of the Treasury
  • Food and Agriculture : U.S. Department of Agriculture & Department of Health and Human Services
  • Government Facilities : Department of Homeland Security & General Services Administration
  • Healthcare and Public Health : Department of Health and Human Services
  • Information Technology : Department of Homeland Security
  • Nuclear Reactors, Materials, and Waste : Department of Homeland Security
  • Transportation Systems : Department of Homeland Security and Department of Transportation
  • Water and Wastewater Systems : Environmental Protection Agency

Each SSA has unique responsibilities for its corresponding sector, including:

  • Working with owners and operators to implement the directive
  • Serve as day-to-day interface for the coordination of sector activities
  • Carry out incident management responsibilities
  • Provide support or facilitate technical support for the sector
  • Annually provide sector-specific critical infrastructure information.
    Additional Responsibilities

In addition, several other federal departments are required to support the functions of critical infrastructure, including:

  • Engaging foreign governments (Department of State)
  • Counterterrorism and counterintelligence investigations (Department of Justice, including Federal Bureau of Investigation)
  • Resilience of national monuments (Department of the Interior)
  • Encourage research and development to improve security and technology (Department of Commerce)
  • Provide intelligence assessments (Director of National Intelligence)
  • Ensure audit rights for government contracts (General Services Administration)
  • Oversee protection of nuclear reactors (Nuclear Regulatory Commission)
  • Identify, prioritize and respond to vulnerabilities in communications infrastructure (Federal Communications Commission)
  • Inform the situation awareness (all Federal departments and agencies)

All agencies are directed to review and continue information sharing with an assurance that privacy requirements are met.


  • 120 days – DHS to develop a description of the functional relationships  within DHS and across the Federal Government
  • 150 days – DHS and SSAs evaluate existing public-private partnerships
  • 180 days – DHS and SSAs identify baseline data and system requirements for Federal government
  • 240 days – DHS develop a near-real time situational awareness capability
  • 240 days – DHS update National Infrastructure Protection Plan
  • 730 days (2 years) – DHS with OSTP, SSAs and DoC develop a research and development plan