Threat Information and Infrastructure Protection Program

“National preparedness is the shared responsibility of our whole community. Every member contributes, including individuals, communities, the private and nonprofit sectors, faith-based organizations, and Federal, state, and local governments.”

National Preparedness Goal
U.S. Department of Homeland Security, 2013

As HSEMD’s primary liaison for critical infrastructure protection, the TIIPP encourages partner-to-partner collaboration and coordination with businesses, communities, and government entities across all levels to ensure our whole community is more secure and resilient to threats and hazards.  This holistic, all-hazard approach to risk mitigation ensure critical infrastructure stakeholders are aware of the resources, tools, services, and information necessary to remain secure, reliable, functioning, and resilient before, during, and after an incident occurs.

Collaboration and coordination efforts includes, but are not limited to:

• Frequently exchanging information with other critical infrastructure stakeholders and subject matter experts to provide or receive any knowledge or relevant material over current or potential threats, hazards, and vulnerabilities.
• Participating in briefings, discussions, exercises, trainings, and planning work groups to facilitate structured concepts and mutually beneficial strategies for physical security, risk management, incident response, and continuity planning.
• Offering resources, tools, and opportunities with other critical infrastructure stakeholders for the overall enhancement of critical infrastructure security and resiliency.

Sharing relevant and accurate critical infrastructure information and enhancing situational awareness of current and common threats is essential for developing risk management strategies. As HSEMD’s primary liaison for critical infrastructure protection, the TIIPP’s HSEMD personnel evaluate and disseminate accurate, time-sensitive, and relevant materials to local, state, and federal stakeholders.

To ensure sensitive and classified information is protected, some products and platforms are restricted to those with a valid need to know.

Information shared by stakeholders to personnel at HSEMD is protected by Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Homeland Security Information Network (HSIN) is the nation’s official platform for sharing sensitive but unclassified information among critical infrastructure stakeholders. This platform contains various communities and services that enable secure, efficient, and effective partner-to-partner collaboration. Products and communications on this platform provide stakeholders with timely and accurate information pertaining to threats, vulnerabilities, security, and response and recovery activities affecting sector and cross-sector operations.

Critical infrastructure stakeholders seeking access to HSIN must be nominated and validated by HSEMD’s subject matter experts. Please contact the Critical Infrastructure Protection Coordinator for additional information.

A critical asset is a structure, facility, information, material, or process that is of such extraordinary importance that its incapacitation or destruction would have a very serious debilitating effect on a system’s ability to function effectively and or provide service(s).

Managing the risks to critical assets and infrastructure requires an integrated approach from all critical infrastructure stakeholders. The success of critical infrastructure and asset protection efforts relies upon the voluntary disclosure of critical assets, capabilities, expertise, and experience across the critical infrastructure community and associated stakeholders. Inappropriate disclosure of these elements, however, can pose a significant threat to Iowa’s critical infrastructure.

Iowa’s Critical Asset Protection Plan

Per Iowa Code 29c.8-3e, HSEMD is required to prepare, maintain, and assess an inventory of Iowa’s critical assets and any information pertaining to the mobilization, deployment, and tactical operations involved in responding to or protecting Iowa’s critical assets. This critical asset protection plan (CAPP) is prepared, maintained, and regularly updated by HSEMD’s appointed protected critical infrastructure information (PCII) officers through the PCII Program.

Information shared by stakeholders to personnel at HSEMD is protected by Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Protected Critical Infrastructure Information Program

The PCII Program protects critical infrastructure information, and is obtained through the voluntary submission of information to be shared with the federal government for the purpose of enhancing homeland security functions. HSEMD’s appointed PCII officers are Iowa’s primary liaison for the PCII program.

For additional information or guidance, please contact HSEMD’s Critical Infrastructure Protection Coordinator.

Through the TIIPP, HSEMD conducts vulnerability and threat assessments on infrastructure owned by the public and private sectors. These assessments provide critical infrastructure stakeholders with insight to the current and common threats and hazards that leave Iowa’s critical infrastructure stakeholder’s assets, functions, and operations vulnerable to disruption or destruction.

Following an assessment, participating organizations may request a comprehensive evaluation containing key discussion points and options for owners and operators to consider when moving forward with assessing risks, making security investments, developing strategic plans, and any other protective actions that enhance the security and resiliency of Iowa’s critical infrastructure.

Vulnerability and threat assessments are voluntary, non-regulatory, and are conducted at the request of Iowa’s critical infrastructure owners and operators. They are conducted at no cost to the organization, and information shared by stakeholders to HSEMD personnel is protected by Iowa Code Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure

Infrastructure Protection (IP) Gateway is a web-based portal that supports the collection, analysis, and dissemination of critical infrastructure information, and can be utilized to identify, assess, and maintain a list of Iowa’s critical infrastructure and assets. Access to the IP Gateway is restricted to only federal, state, and local government critical infrastructure mission partners that possess homeland security responsibilities, have a valid need to know, and have completed Protected Critical Infrastructure Information (PCII) authorized user training.

HSEMD’s appointed PCII officers are Iowa’s primary liaisons for the IP Gateway, and can conduct IP Gateway assessments for interested critical infrastructure stakeholders. Assessments with the IP Gateway are voluntary, non-regulatory, and conducted at the request of Iowa’s critical infrastructure owners and operators. They are conducted at no cost to the organization, and information shared by stakeholders to HSEMD personnel is protected by Iowa Code Iowa Code §22.7(45), §22.7(50), and §22.7(71) as confidential and not subject to public disclosure.

Critical infrastructure stakeholders seeking additional information or who would like to schedule an appointment for an assessment should contact HSEMD’s Critical Infrastructure Protection Coordinator.