Number: RL32561
Title: Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences
Authors: John Moteff, Resources, Science, and Industry Division 
Abstract: The Homeland Security Act of 2002 and other Administration documents have assigned the Department of Homeland Security specific duties associated with coordinating the nation's efforts to protect its critical infrastructure. Many of these duties were delegated to the Information Analysis and Infrastructure Protection (IA/IP) Directorate. In particular, the IA/IP Directorate was charged with integrating threat assessments with vulnerability assessments in an effort to identify and manage the risk associated with possible terrorist attacks on the nation's critical infrastructure. By doing so, the Directorate is to help the nation set priorities and take cost-effective protective measures. This report is meant to support congressional oversight by discussing, in more detail, what this task entails and issues that need to be addressed. In particular, the report defines terms (e.g., threat, vulnerability, and risk), discusses how they fit together in a systematic analysis, describes processes and techniques that have been used to assess them, and discusses how the results of that analysis can inform resource allocation and policy. While the Directorate was given this task as one of its primary missions, similar activities are being undertaken by other agencies under other authorities and by the private sector and states and local governments. Therefore, this report also discusses to some extent the Directorate's role in coordinating and/or integrating these activities.
Pages: 26
Date: July 17, 2007