• United States



DHS Releases NIPP IT Sector Plan: Start Reading

Jun 01, 20073 mins
Business ContinuityCareersData and Information Security

  The Department of Homeland Security officially announced the release of Sector-Specific Plans on May 21. These plans provide important details to the National Infrastructure Protection Plan (NIPP) which was released last year. The Information Technology (IT) plan breaks important new ground. My advice: start reading.

 First, you can download the NIPP IT Sector Plan from the National Association of State Chief Information Officers (NASCIOs) Security Committee’s website.  NASCIO’s security website also has links to the overall NIPP Plan as well as some helpful background information on the documents.

 So why is this important? Should you care? As I said in a blog at the beginning of the year, I think this is a big deal. (OK, so it was released a few months later than I thought.)

 This document addresses many essential topics that IT Sector professionals have been asking about for years – especially after September 11, 2001. There are chapters on key definitions, risk management, developing and implementing protective programs, information sharing, research and development, and implementing specific near term and long-term technology tasks.

 Over the coming weeks, I intend to blog about some of the items in the plan, so I won’t dive in too deep here. Needless to say, I think it is important. Yes, I must admit my bias. As the primary NASCIO representative to the IT-Government Coordinating Council (IT-GCC), I did help a little in writing the document. As you will see at the beginning of the plan, the majority of the contributors and buy-in came from the private sector. They really stepped up in developing this plan.

 On Thursday, May 31, NASCIO held a national call on this topic, where DHS and private-sector professions briefed state CIOs and CISOs from 34 states and Washington DC on the NIPP IT Sector Plan.  More rollout briefings are planned around the country, and this is really just the beginning. Now we get to implement the plan. Yes, we need help, so stay tuned.

 Although media coverage has been sparse on this topic, there are a few articles out about this plan. Computerworld’s article summarized various components.   

“It’s not just a puff piece,” said John Sabo, president of the IT-Information Sharing and Analysis Center (IT-ISAC) and director of global government relations at CA Inc. “Planning is very, very important. But without effective implementation in an operational environment, such plans will have no value. We believe that operational capability is the end game,” he said.

A very high level overview of the key NIPP terms and groups can also be found at this US-CERT site.


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author