WikiLeaks Document Release http://wikileaks.org/wiki/CRS-RS22674 February 2, 2009 Congressional Research Service Report RS22674 National Continuity Policy: A Brief Overview R. Eric Petersen, Government and Finance Division October 12, 2007 Abstract. On May 9, 2007, President George W. Bush issued National Security Presidential Directive (NSPD) 51, which is also identified as Homeland Security Presidential Directive (HSPD) 20, on National Continuity Policy. The directive updates longstanding continuity directives designed to assure that governing entities are able to recover from a wide range of potential operational interruptions. Executive branch efforts to assure essential operations are similar to those that are broadly integrated into many private sector industries. Government continuity planning also incorporates efforts to maintain and preserve constitutional government, based on the assumption that certain essential activities typically provided by government must be carried out with little or no interruption under all circumstances. ¢ ¢ ¢ http://wikileaks.org/wiki/CRS-RS22674 Prepared for Members and Committees of Congress ¢ ¢ ¢ On May 9, 2007, President George W. Bush issued National Security Presidential Directive (NSPD) 51, which is also identified as Homeland Security Presidential Directive (HSPD) 20, on National Continuity Policy. The directive updates longstanding continuity directives designed to assure that governing entities are able to recover from a wide range of potential operational interruptions. Executive branch efforts to assure essential operations are similar to those that are broadly integrated into many private sector industries. Government continuity planning also incorporates efforts to maintain and preserve constitutional government, based on the assumption that certain essential activities typically provided by government must be carried out with little or no interruption under all circumstances. http://wikileaks.org/wiki/CRS-RS22674 ¢ ¢ Introduction ..................................................................................................................................... 1 Managing National Continuity Policy............................................................................................. 3 Author Contact Information ............................................................................................................ 4 http://wikileaks.org/wiki/CRS-RS22674 ¢ ¢ On May 9, 2007, President George W. Bush issued National Security Presidential Directive (NSPD) 51, which is also identified as Homeland Security Presidential Directive (HSPD) 20 (NSPD 51/HSPD 20), on National Continuity Policy.1 NSPD 51/HSPD 20 updates longstanding continuity policy expressed in various directives issued by previous administrations2 to assure that governing entities are able to recover from a wide range of potential operational interruptions. Interruptions for which contingency plans might be activated include localized acts of nature, accidents, technological emergencies, and military or terrorist attack-related incidents. Continuity planning is not unique to government; efforts to assure essential operations are broadly integrated into many private sector industries.3 As with the private sector, government continuity planning is regarded by some observers as a "good business practice," and part of the fundamental mission of agencies as responsible and reliable public institutions.4 In the public and private sectors, continuity planning may be viewed as a process that incorporates preparedness capacities ranging from basic emergency preparedness5 to recovery plans and the resumption of http://wikileaks.org/wiki/CRS-RS22674 normal operations. Unlike the private sector, however, federal continuity planning also 1 White House, Office of the Press Secretary, National Security and Homeland Security Presidential Directive, May 9, 2007, available at http://www.whitehouse.gov/news/releases/2007/05/20070509-12.html. The press release provides the text of the directive. Quotes in this report are taken from NSPD 51/HSPD 20, unless an alternate source is identified. 2 NSPD 51/HSPD 20 revokes Presidential Decision Directive (PDD) 67, Enduring Constitutional Government and Continuity of Government Operations, which was issued by the Clinton Administration on October 21, 1998. PDD 67 replaced National Security Directive (NSD) 69, "Enduring Constitutional Government," issued by President George H. W. Bush, June 2, 1992, which in turn succeeded NSD 37, "Enduring Constitutional Government," issued April 18, 1990. National Security Decision Directive (NSDD) 47, "Emergency Mobilization Preparedness," issued July 22, 1982, and NSDD 55, "Enduring National Leadership," issued September 14, 1982, by President Ronald Reagan, reportedly included consideration of continued government operations planning. See Christopher Simpson, National Security Directives of the Reagan and Bush Administrations: The Declassified History of U.S. Political and Military Policy, 1981-1991 (Boulder, CO: Westview Press), pp. 59, 71, 102-104, and 158-178. Earlier national security directives relating to continuity of government include Presidential Directive (PD) 58, "Continuity of Government,"issued June 30, 1980, by President Jimmy Carter; two National Security Decision Memoranda (NSDM) issued by President Richard Nixon, NSDM 201, "Contingency Planning," issued January 5, 1973, and NSDM 8, "Crisis Anticipation and Management," issued March 21, 1969; and two National Security Action Memoranda (NSAM) issued by President John F. Kennedy, NSAM 166, "Report on Emergency Plans and Continuity of the Government," issued June 25, 1962, and NSAM 127, "Emergency Planning for Continuity of Government," issued February 14, 1962. The initial national security document establishing continuity programs appears to be NSC 5521, "NSC Relocation Plan," issued during 1955, by President Dwight D. Eisenhower. 3 See for example, CRS Report RL31873, Banking and Financial Infrastructure Continuity, by N. Eric Weiss; Cole Emerson, Planning for Manufacturing Operations, Disaster Resource.com website, at http://www.disaster- resource.com/cgi-bin/article_search.cgi?id=%27146%27; Buffy Rojas, "Constellation Energy Exemplifies Panning Excellence," Continuity Insights, September/October 2006, pp.13-16; Buffy Rojas, "Wal-Mart: Looking Beyond BCP Basics," Continuity Insights, March/April 2006, pp. 10-13. Securities Industry and Financial Markets Association (SIFMA) website, Business Continuity Planning Rules, available at http://www.sifma.org/services/business_continuity/ html/rules.html; and AXA UK website, Business Continuity Guide for Small Businesses, available at http://www.axa4business.co.uk/resources/files/BizContinuityGuideT1404.pdf 4 Department of Homeland Security, Federal Emergency Management Agency, Office of National Security Coordination, Federal Preparedness Circular 65, "Federal Executive Branch Continuity of Operations (COOP)," June 15, 2004, available at https://www.fema.org/txt/government/coop/fpc65_0604.txt. 5 Basic emergency preparedness might include agency evacuation or sheltering plans, employee training, or alert and notification protocols. ¢ ¢ incorporates efforts to maintain and preserve constitutional government, on the assumption that certain essential activities typically provided by government must be carried out with little or no interruption under all circumstances. Examples of those activities include the maintenance of civil authority, support for individuals and firms affected by an incident, infrastructure repair, or other action in support of recovery. Such a response presumes the existence of an ongoing, functional government to fund, support, and oversee recovery efforts. To support the provision of essential government activities, NSPD 51/HSPD 20 sets out a policy "to maintain a comprehensive and effective continuity capability composed of continuity of operations6 and continuity of government7 programs in order to ensure the preservation of our form of government under the Constitution and the continuing performance of national essential functions (NEF) under all conditions." The directive identifies eight NEFs that "are the foundation for all continuity programs and capabilities and represent the overarching responsibilities of the federal government to lead and sustain the Nation during a crisis." These are as follows: · "Ensuring the continued functioning of government under the Constitution, including the functioning of the three separate branches of government;8 http://wikileaks.org/wiki/CRS-RS22674 · "Providing leadership visible to the Nation and the world and maintaining the trust and confidence of the American people; · "Defending the Constitution of the United States against all enemies, foreign and domestic, and preventing or interdicting attacks against the United States or its people, property, or interests; · "Maintaining and fostering effective relationships with foreign nations; · "Protecting against threats to the homeland and bringing to justice perpetrators of crimes or attacks against the United States or its people, property, or interests; · "Providing rapid and effective response to and recovery from the domestic consequences of an attack or other incident; · "Protecting and stabilizing the Nation's economy and ensuring public confidence in its financial systems; and 6 NSPD 51/HSPD 20 identifies continuity of operations (COOP) as "an effort within individual executive departments and agencies to ensure that Primary Mission-Essential Functions continue to be performed during a wide range of emergencies, including localized acts of nature, accidents, and technological or attack-related emergencies." 7 NSPD 51/HSPD 20 identifies continuity of government (COG) as "a coordinated effort within the federal government's executive branch to ensure that national essential functions continue to be performed during a catastrophic emergency." A catastrophic emergency is defined as "any incident, regardless of location, that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the U.S. population, infrastructure, environment, economy, or government functions." 8 The directive notes "that each branch of the federal government is responsible for its own continuity programs," and requires an official designated by the Chief of Staff to the President to "ensure that the executive branch's COOP and COG policies ... are appropriately coordinated with those of the legislative and judicial branches in order to ensure interoperability and allocate national assets efficiently to maintain a functioning federal government." The legislative branch and the federal judiciary maintain continuity programs consonant with their positions as coequal branches of government. NSPD 51/HSPD 20 does not specify the nature of appropriate coordination with continuity planners in the legislative and judicial branch. ¢ ¢ · "Providing for critical Federal Government services that address the national health, safety, and welfare needs of the United States." Since operations may be interrupted without warning, NSPD 51/HSPD 20 requires that continuity planning be incorporated into the daily operations of all executive departments and agencies. Executive branch continuity planning emphasizes "geographic dispersion of leadership, staff, and infrastructure to alternate facilities to increase survivability and maintain uninterrupted Government Functions." The directive requires the application of risk management principles "to ensure that appropriate operational readiness decisions are based on the probability of an attack or other incident and its consequences." By mandating planning based on risk analysis, incorporating continuity activities in day-to-day operations, and mandating the utilization of alternate facilities and staffing, the directive appears to incorporate planning assumptions and approaches used widely in the private sector.9 ¢ ¢ http://wikileaks.org/wiki/CRS-RS22674 NSPD 51/HSPD 20 designates the President to lead the activities of the federal government for ensuring constitutional government, and designates the Assistant to the President for Homeland Security and Counterterrorism as the National Continuity Coordinator (NCC). In coordination with the Assistant to the President for National Security Affairs, and without exercising directive authority, the NCC coordinates the development and implementation of continuity policy for executive branch departments and agencies. In consultation with the heads of appropriate executive departments and agencies, the NCC was required to lead the development of a National Continuity Implementation Plan for submission to the President.10 NSPD 51/HSPD 20 does not explicitly specify the appropriate departments and agencies. The directive specifies a "Continuity Policy Coordination Committee (CPCC), chaired by a Senior Director from the Homeland Security Council (HSC) staff" appointed by the NCC, and designated as the main day-to-day forum for continuity policy coordination, but also indicates that the NCC will coordinate with the Assistant to the President for National Security Affairs. The directive designates the Secretary of Homeland Security "as the President's lead agent for coordinating overall continuity operations and activities of executive departments and agencies." Other than explicitly denying the NCC the capacity to exercise directive authority, the extent to which any official charged with continuity coordinating responsibilities can enjoin executive branch agencies to comply with their guidance or recommendations is unclear.11 9 See The Business Continuity Institute, Good Practice Guidelines (2005): A Framework for Business Continuity Management, available at http://www.thebci.org/goodpracticeguidetoBCM.pdf, pp. 21-28, and 30-34; and Disaster Recovery Journal and DRI International, Generally Accepted Practices For Business Continuity Practitioners, available at http://www.drj.com/GAP/gap.pdf, pp. 15-53. This document is identified as a draft, dated January 2007, subject to practitioner comment and revision. 10 See Homeland Security Council, National Continuity Policy Implementation Plan, August 2007. 11 In addition to to NSPD 51/HSPD 20, Executive Order (E.O.) 12656, Assignment of Emergency Preparedness Responsibilities, which was issued November 18, 1988, by President Ronald Reagan (53 FR 47491; November 23, 1988), assigns national security emergency preparedness responsibilities to federal departments and agencies. E.O.12656 defines a national security emergency as "any occurrence, including natural disaster, military attack, technological emergency, or other emergency, that seriously degrades or seriously threatens the national security of the United States." E.O. 12656, which appears to remain in force and binding on executive branch departments and agencies, requires agencies to have capabilities to meet essential defense and civilian needs in the event of a national (continued...) ¢ ¢ NSPD 51/HSPD 20 provides that federal executive branch departments and agencies are "assigned to a category in accordance with the nature and characteristics of its national security roles and responsibilities in support" of the NEFs. Agency leaders are required to execute their respective department or agency COOP plans in response to emergencies that affect their operations. In addition, each agency head is required to appoint a senior accountable official, at the assistant secretary level, as the continuity coordinator for the department or agency; identify and submit to the NCC agency mission essential functions and "develop continuity plans in support of the NEFs and the continuation of essential functions under all conditions;" plan, program, and budget for continuity capabilities; plan, conduct, and support annual tests and training, to evaluate program readiness and ensure the adequacy and viability of continuity plans and communications systems; and support other continuity requirements, "in accordance with the nature and characteristics of the agency's national security roles and responsibilities." In addition to efforts within the federal executive branch, NSPD 51/HSPD 20 requires the integration of continuity planning with the "emergency plans and capabilities of state, local, territorial, and tribal governments, and private sector owners and operators of critical infrastructure, as appropriate, in order to promote interoperability and to prevent redundancies and conflicting lines of authority," and requires the Secretary of Homeland Security to coordinate http://wikileaks.org/wiki/CRS-RS22674 that integration "to provide for the delivery of essential services during an emergency." R. Eric Petersen Analyst in American National Government epetersen@crs.loc.gov, 7-0643 (...continued) security emergency. Section 202 of E.O. 12656 requires the head of each federal department and agency to "ensure the continuity of essential functions in any national security emergency by providing for: succession to office and emergency delegation of authority in accordance with applicable law; safekeeping of essential resources, facilities, and records; and establishment of emergency operating capabilities." Subsequent sections require each department to carry out specific contingency planning activities in its areas of policy responsibility.