Back to top

Critical Infrastructure

The reliable and uninterrupted functioning of our critical infrastructure is the foundation on which society operates. Defined by the Critical Infrastructure Protection Act of 2001 within the USA PATRIOT Act, critical infrastructure is,

“Systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

Iowa’s well-being relies upon a secure and resilient critical infrastructure. That is why HSEM remains committed to its mission to lead, coordinate, and support Iowa’s homeland security and emergency management functions, to include critical infrastructure protection, through the Threat Information and Infrastructure Protection Program (TIIPP).

Back to top

Threat Information & Infrastructure Protection Program

The strategic effort to build and sustain critical infrastructure security and resilience is driven by a common and nationally recognized vision from the National Infrastructure Protection Program (NIPP), U.S. Department of Homeland Security:

A Nation in which physical and cyber critical infrastructure remain secure and resilient, with vulnerabilities reduced, consequences minimized, threats identified and disrupted, and response and recovery hastened.

Established in 2006, the TIIPP prioritizes open communication and partner-to-partner collaboration with critical infrastructure stakeholders at all levels to advance, strengthen, and maintain a secure, functioning, and resilient critical infrastructure.

Using a holistic, all-hazards approach to risk management and critical infrastructure protection, the TIIPP has the capabilities to provide critical infrastructure stakeholders with guidance, resources, and opportunities that include:

  • Catastrophic planning and the consequences of natural disasters, targeted violence, terrorism, cyberattacks, and other hazards on critical infrastructure and stakeholder operations.
  • Securing and protecting soft targets and crowded places  such as schools, faith-based organizations/houses of worship, events, and/or venues with a large number of potential vulnerabilities or risks.
  • Targeted violence and terrorism prevention methodologies such as proactive measures that enhance protective capabilities for critical infrastructure stakeholders and empower Iowa’s communities so they may marginalize violent messaging, report suspicious activity, and utilize local and state resources when seeking support.
  • Collaboration and coordination opportunities with local, state, and federal public-private sector partners who have the knowledge, skills, or other resources that efficiently and effectively enhance asset protection, improve communications, and increase situational awareness.
  • Nonprofit Security Grant Program (NSGP) and other options to consider when assessing risks, protective actions, and security investments. Vulnerability assessments are required for NSGP applicants. Please see tab below for more details.
Back to top

Critical Infrastructure Sector Planning

The Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience identifies 16 Critical Infrastructure Sectors, four of which are designated as *lifeline functions per the NIPP.

The TIIPP and critical infrastructure stakeholders at the local, state, and federal level regularly collaborate to enhance the security and resiliency of sector-specific and cross-sector operations. Contact the Critical Infrastructure Protection Coordinator for additional information on guidance, opportunities, and resources or click on the link below to be taken to specific sector products published by DHS’s Cybersecurity & Infrastructure Security Agency (CISA).

*Lifeline functions contain capabilities that are essential for human health, safety, and security. Any disruption or loss to these functions will not only disrupt day-to-day functioning but will impact our critical infrastructure across numerous sectors.

Back to top

Public-Private Partnerships

“National preparedness is the shared responsibility of our whole community. Every member contributes, including individuals, communities, the private and nonprofit sectors, faith-based organizations, and Federal, state, and local governments.”

-National Preparedness Goal, U.S. Department of Homeland Security, 2013

As HSEM’s primary liaison for critical infrastructure protection, the TIIPP encourages partner-to-partner collaboration and coordination with businesses, communities, and government entities across all levels to ensure our whole community is more secure and resilient to threats and hazards.  This holistic, all-hazard approach to risk mitigation ensure critical infrastructure stakeholders are aware of the resources, tools, services, and information necessary to remain secure, reliable, functioning, and resilient before, during, and after an incident occurs.

Collaboration and coordination efforts includes, but are not limited to:

  • Frequently exchanging information with other critical infrastructure stakeholders and subject matter experts to provide or receive any knowledge or relevant material over current or potential threats, hazards, and vulnerabilities.
  • Participating in briefings, discussions, exercises, trainings, and planning work groups to facilitate structured concepts and mutually beneficial strategies for physical security, risk management, incident response, and continuity planning.
  • Offering resources, tools, and opportunities with other critical infrastructure stakeholders for the overall enhancement of critical infrastructure security and resiliency.
Back to top

Information Sharing and Situational Awareness

Sharing relevant and accurate critical infrastructure information and enhancing situational awareness of current and common threats is essential for developing risk management strategies. As HSEM’s primary liaison for critical infrastructure protection, the TIIPP’s HSEM personnel evaluate and disseminate accurate, time-sensitive, and relevant materials to local, state, and federal stakeholders.

To ensure sensitive and classified information is protected, some products and platforms are restricted to those with a valid need to know.

Information shared by stakeholders to personnel at HSEM is protected by Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Homeland Security Information Network (HSIN) is the nation’s official platform for sharing sensitive but unclassified information among critical infrastructure stakeholders. This platform contains various communities and services that enable secure, efficient, and effective partner-to-partner collaboration. Products and communications on this platform provide stakeholders with timely and accurate information pertaining to threats, vulnerabilities, security, and response and recovery activities affecting sector and cross-sector operations.

Critical infrastructure stakeholders seeking access to HSIN must be nominated and validated by HSEM’s subject matter experts. 

Back to top

Iowa's Critical Infrastructure: Critical Asset Protection

A critical asset is a structure, facility, information, material, or process that is of such extraordinary importance that its incapacitation or destruction would have a very serious debilitating effect on a system’s ability to function effectively and or provide service(s).

Managing the risks to critical assets and infrastructure requires an integrated approach from all critical infrastructure stakeholders. The success of critical infrastructure and asset protection efforts relies upon the voluntary disclosure of critical assets, capabilities, expertise, and experience across the critical infrastructure community and associated stakeholders. Inappropriate disclosure of these elements, however, can pose a significant threat to Iowa’s critical infrastructure.

Iowa’s Critical Asset Protection Plan

Per Iowa Code 29c.8-3e, HSEM is required to prepare, maintain, and assess an inventory of Iowa’s critical assets and any information pertaining to the mobilization, deployment, and tactical operations involved in responding to or protecting Iowa’s critical assets. This critical asset protection plan (CAPP) is prepared, maintained, and regularly updated by HSEM’s appointed protected critical infrastructure information (PCII) officers through the PCII Program.

Information shared by stakeholders to personnel at HSEM is protected by Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Protected Critical Infrastructure Information Program

The PCII Program protects critical infrastructure information, and is obtained through the voluntary submission of information to be shared with the federal government for the purpose of enhancing homeland security functions. HSEM’s appointed PCII officers are Iowa’s primary liaison for the PCII program.

Back to top

Iowa's Critical Infrastructure: Vulnerability and Threat Assessments

Through the TIIPP, HSEM conducts vulnerability and threat assessments on infrastructure owned by the public and private sectors. These assessments provide critical infrastructure stakeholders with insight to the current and common threats and hazards that leave Iowa’s critical infrastructure stakeholder’s assets, functions, and operations vulnerable to disruption or destruction.

Following an assessment, participating organizations may request a comprehensive evaluation containing key discussion points and options for owners and operators to consider when moving forward with assessing risks, making security investments, developing strategic plans, and any other protective actions that enhance the security and resiliency of Iowa’s critical infrastructure.

Vulnerability and threat assessments are voluntary, non-regulatory, and are conducted at the request of Iowa’s critical infrastructure owners and operators. They are conducted at no cost to the organization, and information shared by stakeholders to HSEM personnel is protected by Iowa Code Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure

Infrastructure Protection (IP) Gateway is a web-based portal that supports the collection, analysis, and dissemination of critical infrastructure information, and can be utilized to identify, assess, and maintain a list of Iowa’s critical infrastructure and assets. Access to the IP Gateway is restricted to only federal, state, and local government critical infrastructure mission partners that possess homeland security responsibilities, have a valid need to know, and have completed Protected Critical Infrastructure Information (PCII) authorized user training.

HSEM’s appointed PCII officers are Iowa’s primary liaisons for the IP Gateway, and can conduct IP Gateway assessments for interested critical infrastructure stakeholders. Assessments with the IP Gateway are voluntary, non-regulatory, and conducted at the request of Iowa’s critical infrastructure owners and operators. They are conducted at no cost to the organization, and information shared by stakeholders to HSEM personnel is protected by Iowa Code Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Critical infrastructure stakeholders seeking additional information or who would like to schedule an appointment for an assessment should contact HSEM’s Critical Infrastructure Protection Coordinator.

Back to top