Editor-in-Chief
GAO releases a report, which by a press release, seems like a simple 'turn in your homework' admonition regarding the U.S. federal program that prioritizes sites in the U.S. where we really don't want bad things to happen. But, as Keith White shows, when the report it read, you might be a little worried about how well DHS is handling this list, and the resulting federal funds and programs that accompany it. And yes, Canada factors in too.
GAO releases a report on the National Critical Infrastructure Prioritization Program (NCIPP). This report lists places where the U.S. government would really not want bad things to happen.
I got the report through a third-party information gatherer I'll keep unnamed, who summarized it as such:
“In a new report, GAO finds that the Department of Homeland Security (DHS) has not sufficiently met statutory requirements to report annually to congressional committees. Specifically, DHS needs to work on how it identifies critical infrastructure such that it is consistent with the National Infrastructure Protection Plan (NIPP). GAO recommends the DHS commission an external peer review to develop an approach to verify the quality and timing of annual reports.”Sounds like a not too consequential, and likely dull, report.
Then I read the report.
DHS has made several changes to its criteria for including assets on the NCIPP list. These changes initially focused on introducing criteria to make the lists entirely consequence based, with subsequent changes intended to introduce specialized criteria for some sectors and assets. DHS’s changes to the NCIPP criteria have changed the composition of the NCIPP list, which has had an impact on users of the list. However, DHS does not have a process to identify the impact of these changes on users nor has it validated its approach for developing the list.
And who are these affected users?
Oh, just FEMA when it’s doling out Urban Area Security Initiative grants. And the Protective Security Advisor Program, you know the department that conducts actual site visits and vulnerability assessments to owners of critical infrastructure.
Our analysis shows that changes to the NCIPP list can have an impact on users of the list, specifically, FEMA’s allocation of UASI grant funds and PSAs’ ability to prioritize outreach and conduct site visits for its protection programs. Our analysis of the FEMA risk formula shows that a change in the number of NCIPP-listed assets located in a city has an impact on a city’s relative risk score. Our analysis also shows that current UASI grant allocations are strongly associated with a city’s current relative risk score. Therefore, a change in the number of NCIPP-listed assets located in a city can have an impact on the level of grant funding it receives. For example, in fiscal year 2012, FEMA allocated approximately $490 million in UASI grant funds to the 31 cities with the highest relative risk scores out of 102 eligible cities nationwide. Our analysis of FEMA’s risk formula showed that, at the minimum, if the number of level 2 assets is increased or decreased by as few as two for each city, it would change the relative risk score for 5 of the 31 cities that received fiscal year 2012 UASI grant funding. Such a change could result in increased or decreased grant funding allocations for the affected cities. The changes in the relative risk scores tend to affect cities in the middle to the bottom of the top 31 list because there is generally a larger gap between the relative risk scores of those cities at the top of the list than those in the middle to bottom of the list. However, even a small change in grant funding could have an impact on a city, especially if that city does not traditionally receive other federal assistance as compared with cities with higher risk scores.And yeah, this might have a significant impact:
While the change to an entirely consequence-based list created a common approach to identify infrastructure and align the program with the statute and NIPP, recent and planned criteria changes to accommodate certain sectors and assets represent a departure from this common approach, which could hinder DHS’s ability to compare infrastructure across sectors.Go intra-agency coordination! NCIPP, FEMA, and PSA are all housed in one federal department, the Dept. of Homeland Security, and information-sharing problems seem to linger.
But let's not get too snarky. DHS is taking on the arduous task of changing the, at times politicized, NCIPP list. Getting more Congressional oversight on this hot-bottom item will bring, whatever its numerous benefits, will bring increased political pressures on a program--especially in the lean (or not so lean) times of sequestration.
No comments:
Post a Comment