Critical Infrastructure Protection Division
HHS/ASPR/ICC Office of Security, Intelligence, and Information Management
The Critical Infrastructure Protection (CIP) Division promotes resilience of the nation’s health infrastructure by building and leading dynamic public-private partnerships, which draw from all aspects of the
Healthcare and Public Health (HPH) Sector, to manage risk and coordinate effective response to 21st century threats. CIP leads HHS as the Sector Specific Agency (SSA) for the Healthcare and Public Health (HPH) Sector—one of the
16 critical infrastructure sectors identified
in Presidential Policy Directive 21 (PPD-21)—and works closely with the Government and Sector Coordinating Councils to contribute to policy development, coordinate activities during response, and develop best practices.
CIP has two branches: the Infrastructure Analysis and Partnerships Branch and the Health Sector Preparedness and Response (HSPR) Branch. In addition to the branches, CIP has a cybersecurity advisor/subject matter expert to support division-level activities.
Infrastructure Analysis and Partnerships Branch—The Infrastructure Analysis and Partnerships Branch coordinates identification and analysis of current and emerging risks to the HPH Sector and ensures appropriate expertise and resources are available through the HPH Sector partnership to support all activities. Engagement with internal ASPR partners and relevant federal, state, local, tribal, and territorial (FSLTT) and private sector members is a primary function. These engagements include, but are not limited to supply chain coordination, risk identification and mitigation, strategic communications, and policy impacts. The work of the Infrastructure Analysis and Partnerships Branch directly supports the
ASPR priority areas to improve situational awareness and promote a resilient medical supply chain in addition to supporting forecasting of emerging threats to the HPH community and leveraging partnerships and resources within FSLTT and private sector partners.
Health Sector Preparedness and Response Branch—The HSPR Branch coordinates internal and external activities to impact policy, decision support, and outreach among FSLTT and private sector stakeholders to ensure all-hazards preparedness and response. Health Sector Preparedness and Response Branch ensures that CIP and the HPH Sector are capable of effectively responding to all-hazards through work coordinated during steady-state, response, and recovery. HSPR is also responsible for leading response activities related to private sector coordination for Emergency Support Function (ESF) 8 and ESF 14. To ensure ability to communicate critical classified information with FSLTT and private sector partners, the Health Sector Preparedness and Response Branch coordinates with DHS to offer clearances to key partners, develop opportunities to use their expertise to contribute to classified products developed by the Intelligence Community, and offer briefings to partners. Finally, HSPR coordinates with Federal and private sector partners to ensure full participation in appropriate exercises, including development of after-action reports and lessons learned.
HPH Sector Cybersecurity support—CIP leads cybersecurity efforts across the HPH sector via the Joint Cybersecurity Working Group. Our cybersecurity work aligns security approaches to manage threats and protect patients. In partnership with government and private sector, we also develop work products and analyze risk to identify best practices, share information, and respond to cyber incidents.
Pandemic and All-Hazards Preparedness and Advancing Innovation Act (PAHPAIA) designates ASPR as the federal authority responsible for managing relevant critical infrastructure protection activities. CIP connects and coordinates public and private partners, conveying information and escalating needs to appropriate stakeholders during emergency response, and directing organizations to technical resources. ASPR CIP provides awareness of challenges impacting the HPH sector enables information sharing and collaboration among stakeholders, and supports emergency response and recovery efforts. Some of these efforts include cybersecurity preparedness and response, supply chain coordination, and building or compiling resources and tools.