The Department of Homeland Security officially announced the release of Sector-Specific Plans on May 21. These plans provide important details to the National Infrastructure Protection Plan (NIPP) which was released last year. The Information Technology (IT) plan breaks important new ground. My advice: start reading. First, you can download the NIPP IT Sector Plan from the National Association of State Chief Information Officers (NASCIOs) Security Committee’s website. NASCIO’s security website also has links to the overall NIPP Plan as well as some helpful background information on the documents. So why is this important? Should you care? As I said in a blog at the beginning of the year, I think this is a big deal. (OK, so it was released a few months later than I thought.) This document addresses many essential topics that IT Sector professionals have been asking about for years – especially after September 11, 2001. There are chapters on key definitions, risk management, developing and implementing protective programs, information sharing, research and development, and implementing specific near term and long-term technology tasks. Over the coming weeks, I intend to blog about some of the items in the plan, so I won’t dive in too deep here. Needless to say, I think it is important. Yes, I must admit my bias. As the primary NASCIO representative to the IT-Government Coordinating Council (IT-GCC), I did help a little in writing the document. As you will see at the beginning of the plan, the majority of the contributors and buy-in came from the private sector. They really stepped up in developing this plan. On Thursday, May 31, NASCIO held a national call on this topic, where DHS and private-sector professions briefed state CIOs and CISOs from 34 states and Washington DC on the NIPP IT Sector Plan. More rollout briefings are planned around the country, and this is really just the beginning. Now we get to implement the plan. Yes, we need help, so stay tuned. Although media coverage has been sparse on this topic, there are a few articles out about this plan. Computerworld’s article summarized various components. “It’s not just a puff piece,” said John Sabo, president of the IT-Information Sharing and Analysis Center (IT-ISAC) and director of global government relations at CA Inc. “Planning is very, very important. But without effective implementation in an operational environment, such plans will have no value. We believe that operational capability is the end game,” he said.A very high level overview of the key NIPP terms and groups can also be found at this US-CERT site. Related content opinion 3 security career lessons from 'Back to the Future' You don't need to be able to predict the future to have a successful security career, but you had darned well better be able to learn from the past. By Dan Lohrmann Jan 12, 2021 6 mins Careers Security interview Secrets of industry-hopping CSOs Who says you can't change industries? Veteran security leaders Mark Weatherford and Cheri McGuire teach you how it’s done. By Dan Lohrmann Mar 02, 2020 12 mins Careers Security opinion Why security pros are addicted to FUD and what you can do about it Despite professing anti-FUD rhetoric, cyber experts fan the flames, breathlessly sharing the details of the latest data breaches. It's a risky addiction that can lead to security apathy in enterprises. Here's how to harness it. By Dan Lohrmann Sep 06, 2018 7 mins Security opinion Bridging the smart cities security divide There are plenty of organizations that seem to be working on answers to secure smart cities, but in many ways it's like the early days of cloud computing with everyone building their own solutions. By Dan Lohrmann Feb 01, 2018 6 mins Internet of Things Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe