Critical Infrastructure Protection Program

[Reference: DoDM 3020.45, Volume 1]
The United States Critical Infrastructure Protection (CIP) is a national program to ensure the security of vulnerable and interconnected infrastructures of the United States. The federal government has developed a standardized description of critical infrastructure, in order to facilitate monitoring and preparation for disabling events. The government requires private industry in each critical economic sector to:

• Assess its vulnerabilities to both physical or cyber attacks
• Plan to eliminate significant vulnerabilities
• Develop systems to identify and prevent attempted attacks
• Alert, contain, and rebuff attacks and then, with the Federal Emergency Management
• Agency (FEMA), to rebuild essential capabilities in the aftermath

Critical Asset Identification Program (CAIP) consist of a nine-step process:

The CAIP is a process utilized by RISC to assist organizations (National, State, and Local Governments-as well as the Private Sector and Not For Profit organizations) to identify their critical assets and to clearly identify threats, hazards, and vulnerabilities that may preclude their required function in a contested environment.

1. Mission Decomposition and Required Capability Identification
2. Task Asset (TA) Identification
3. TCA Nomination and Submission
4. TCA Validation
5. Validated Component and TCA Lists Submitted to the appropriate organizational authority
6. Competent Authority Compilation and Release of the organization-wide TCA List
7. Organization Infrastructure Sector Interdependency Analysis Support to TCAs
8. Competent Authority Nomination of Potential DCAs to Organizational Approval Authority
9. Organizational Approval Authority Review and Approval of Nominated OCAs