{
  "id": "RL32561",
  "type": "CRS Report",
  "typeId": "REPORTS",
  "number": "RL32561",
  "active": false,
  "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department",
  "versions": [
    {
      "source": "EveryCRSReport.com",
      "id": 347864,
      "date": "2007-07-17",
      "retrieved": "2016-04-07T18:00:20.024029",
      "title": "Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences",
      "summary": "The Homeland Security Act of 2002 (P.L. 107-296) and other Administration documents have assigned the Department of Homeland Security specific duties associated with coordinating the nation\u2019s efforts to protect its critical infrastructure, including using a risk management approach to set priorities. Many of these duties have been delegated to what is now called the National Protection and Programs Directorate.\nRisk assessment involves the integration of threat, vulnerability, and consequence information. Risk management involves deciding which risk reduction measures to take based on an agreed upon risk reduction strategy. Many models/methodologies have been developed by which threats, vulnerabilities, and consequences are integrated to determine risks and then used to inform the allocation of resources to reduce those risks. For the most part, these methodologies consist of the following elements, performed, more or less, in the following order.\nidentify assets and identify which are most critical\nidentify, characterize, and assess threats\nassess the vulnerability of critical assets to specific threats\ndetermine the risk (i.e., the expected consequences of specific types of attacks on specific assets)\nidentify ways to reduce those risks\nprioritize risk reduction measures based on a strategy\nBeginning in 2003, the Department of Homeland Security has been accumulating a list of infrastructure assets (specific sites and facilities). From this list the Department selects high-priority assets that it judges to be critical from a national point of view, based on the potential consequences associated with their loss. The Department intends to assess the vulnerability of all the high-priority assets it has identified. Department officials have described, in very general terms, that these vulnerability and consequence assessments are used to determine the risk each asset poses to the nation. This risk assessment is then used to prioritize subsequent additional protection activities. While these statements allude to some of the steps mentioned above, they do so only in a most general way. With its release of the National Infrastructure Protection Plan in June 2006, the Department has laid out a much more detailed discussion of the risk management methodology it intends to use (or is using). The Department\u2019s efforts, to date, still raise several questions, ranging from the process and criteria used to populate its lists of assets, its prioritization strategy, and the extent to which the Department is coordinating its efforts with the intelligence community and other agencies both internal and external to the Department. This report will be updated as needed.",
      "type": "CRS Report",
      "typeId": "REPORTS",
      "active": false,
      "formats": [
        {
          "format": "HTML",
          "encoding": "utf-8",
          "url": "http://www.crs.gov/Reports/RL32561",
          "sha1": "5622358a80096b7943065e482927e9a0f552bf5b",
          "filename": "files/20070717_RL32561_5622358a80096b7943065e482927e9a0f552bf5b.html",
          "images": null
        },
        {
          "format": "PDF",
          "encoding": null,
          "url": "http://www.crs.gov/Reports/pdf/RL32561",
          "sha1": "f757de8a03760382aea6c95be7e5da64e015a18b",
          "filename": "files/20070717_RL32561_f757de8a03760382aea6c95be7e5da64e015a18b.pdf",
          "images": null
        }
      ],
      "topics": []
    },
    {
      "source": "University of North Texas Libraries Government Documents Department",
      "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc812925/",
      "id": "RL32561_2007Jan19",
      "date": "2007-01-19",
      "retrieved": "2016-03-19T13:57:26",
      "title": "Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences",
      "summary": null,
      "type": "CRS Report",
      "typeId": "REPORT",
      "active": false,
      "formats": [
        {
          "format": "PDF",
          "filename": "files/20070119_RL32561_c513ee62cdf92121715e6f7c278dea54c63dcf2e.pdf"
        },
        {
          "format": "HTML",
          "filename": "files/20070119_RL32561_c513ee62cdf92121715e6f7c278dea54c63dcf2e.html"
        }
      ],
      "topics": []
    },
    {
      "source": "University of North Texas Libraries Government Documents Department",
      "sourceLink": "https://digital.library.unt.edu/ark:/67531/metadc818937/",
      "id": "RL32561_2005Feb04",
      "date": "2005-02-04",
      "retrieved": "2016-03-19T13:57:26",
      "title": "Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences",
      "summary": null,
      "type": "CRS Report",
      "typeId": "REPORT",
      "active": false,
      "formats": [
        {
          "format": "PDF",
          "filename": "files/20050204_RL32561_57e1db09cf6eceb36b35bec9dd98028bd530f25d.pdf"
        },
        {
          "format": "HTML",
          "filename": "files/20050204_RL32561_57e1db09cf6eceb36b35bec9dd98028bd530f25d.html"
        }
      ],
      "topics": []
    },
    {
      "source": "University of North Texas Libraries Government Documents Department",
      "sourceLink": "https://digital.library.unt.edu/ark:/67531/metacrs6033/",
      "id": "RL32561 2004-09-02",
      "date": "2004-09-02",
      "retrieved": "2005-06-12T03:55:09",
      "title": "Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences",
      "summary": null,
      "type": "CRS Report",
      "typeId": "REPORT",
      "active": false,
      "formats": [
        {
          "format": "PDF",
          "filename": "files/20040902_RL32561_ba475f2526279aa080f4aa2ee2a91fd785b0d942.pdf"
        },
        {
          "format": "HTML",
          "filename": "files/20040902_RL32561_ba475f2526279aa080f4aa2ee2a91fd785b0d942.html"
        }
      ],
      "topics": [
        {
          "source": "LIV",
          "id": "Science policy",
          "name": "Science policy"
        },
        {
          "source": "LIV",
          "id": "Infrastructure (Economics)",
          "name": "Infrastructure (Economics)"
        },
        {
          "source": "LIV",
          "id": "Risk management",
          "name": "Risk management"
        },
        {
          "source": "LIV",
          "id": "Risk assessment",
          "name": "Risk assessment"
        },
        {
          "source": "LIV",
          "id": "Infrastructure",
          "name": "Infrastructure"
        },
        {
          "source": "LIV",
          "id": "Finance",
          "name": "Finance"
        }
      ]
    }
  ],
  "topics": [
    "Foreign Affairs",
    "Intelligence and National Security"
  ]
}