Detailed Information on the
National Protection & Programs Division: Infrastructure Protection Assessment

Focusing resources and managerial attention to activities that do not duplicate federal or state and local efforts.

Implementing independent programmatic performance evaluations and deploy an interim method of reporting budget-performance integration that gives insight into programmatic performance.

Implement a formal performance tracking mechanism to track progress on annual and long-term performance goals to and ensure current activities align with and support strategic capabilities.

Establishing annual and long-term performance goals to track progress and ensure activities are coordinated towards developing future capabilities.

Measure: Percent of inspected high-risk chemical facilities in compliance with risk based performance standards. (New measure, added February 2008)

Explanation:The program conducts onsite inspections to provide regulatory oversight of the Nation's high-risk chemical facilities and verify compliance with the Chemical Facility Anti-terrorism Standards (CFATS). Inspections are conducted in intervals commensurate with the defined risk tiering of each facility. Compliance means that chemical facilities have been inspected to validate the facility's Site Security Plan (SSP) and that the SSP is in accordance with the Risk-Based Performance Standards set forth by DHS, or that the facility is seeking/will seek remedies to identified security gaps.

Measure: Percent of Critical Infrastructure and Key Resource (CIKR) sector specific protection implementation actions on track. (New measure, added February 2008)

Explanation:The National Infrastructure Protection Plan (NIPP) defines a set of 23 core metrics applied across the 17 CIKR sectors, for a total of 391 total metrics. These metrics track the success of actions taken to further protection and partnership building activities are being conducted within each sector. Specifically the metrics track the implementation of planned sector accomplishments in Sector Partnerships, Information Sharing, Security Goals, Asset Identification, Risk Assessments, Prioritization, Implement Protective Programs, and Effectiveness. Subject matter experts score each sector's responses to the 23 metrics; the program then employs an algorithm to determine overall scores and success for each metric. An action is initiated upon the allocation of resources toward that action or through an agreement, e.g. and MOU, MOA, etc. This measure evaluates annually the percent of the 391 total protection action metrics that were scored as being on track.

Measure: Percent of high priority CIKR where a vulnerability assessment has been conducted and enhancement(s) have been implemented. (New measure, added February 2008)

Explanation:This measure tracks the number of the Nation's high priority CIKR sites at which at least one vulnerability assessments (VA) has been conducted and a protective enhancement has been implemented. High-priority CIKR include assets categorized in Tier 1 (assets deemed to be at highest risk) and other CIKR assets IP plans to assess in the fiscal year. Vulnerability assessments are conducted to identify physical, cyber, and human-related vulnerabilities at an asset and dependencies/interdependencies on other assets and sectors. During vulnerability assessments the program's assessors identify suitable protective measures and enhancements needed to reduce or mitigate vulnerability of the asset and identify what enhancements have been implemented at the site (such as bollards, razor wire, closed-circuit television cameras, etc.). The assessments are also used to assist federal stakeholders and private sector owners in making optimal resource allocation decisions for future enhancements.

Measure: Average cost of a vulnerability assessment (VA). (New measure, added February 2008)

Explanation:Conducting vulnerability assessments (VA) of our Nation's Critical Infrastructure and Key Resources (CIKR) is critical to enhancing national security. The program is gaining efficiencies and cost savings in this project by incorporating the National Guard into the assessment process. Prior to January 2008, VAs were conducted by a national laboratory and commercial vendors. Expected efficiencies in the process are predicted from a reduction of overhead costs -internal and external to the DHS- from the switch to the National Guard, more streamlined methodologies and reporting processes, and the ongoing identification and incorporation of best practices. Achieving the aggressive targets is contingent upon the ability to complete and sustain agreements with the National Guard and the uninterrupted services and availability of the Guard to conduct these activities. The Department of Defense retains the right to reassign the Guard to address higher priority activities.

Is the program purpose clear?

Explanation: The mission of the Office of Infrastructure Protection (OIP) is to lead a coordinated, nation-wide effort to reduce the risk to our critical infrastructures and resources posed by acts of terrorism, and to enable nation-wide preparedness, timely response and rapid recovery in the event of an attack, natural disaster or other emergency. The OIP has responsibility for assessing the national risk for critical infrastructures and key resources (CI/KR), and with the development and implementation of a comprehensive National Infrastructure Protection Plan (NIPP). The OIP program includes: ?? Critical Infrastructure Identification and Evaluation (CIIE) - identifies potentially critical assets, identifies and assesses protective risks, and prioritizes protective measures in order to reduce the vulnerability and consequences of attack to the Nation's infrastructure. ?? Protective Actions (PA) - identifies and develops protective programs, and facilitates the implementation of protective measures to secure and defend critical infrastructure assets. ?? Critical Infrastructure Outreach Program (CIOP) - serves as the focal point for critical infrastructure protection and information sharing for the Department of Homeland Security (DHS) and OIP. ?? National Infrastructure and Simulation Analysis Center (NISAC) - provides modeling and simulation capabilities to perform analyses of critical infrastructures, interdependencies, complexities, and the consequences of disturbances caused by a terrorist attack, natural disaster or other type of incident. ?? Radiological Emergency Preparedness (REP) Program - ensures that the public health and safety of citizens living around commercial nuclear power plants is adequately protected in the event of a nuclear power station accident.

Evidence: The Department of Homeland Security (DHS) national strategies and policy guidance for incident management, critical infrastructure protection, and national preparedness are cited below: ?? Homeland Security Presidential Directives (HSPD) 5- 9 ?? National Infrastructure Protection Plan (NIPP), Final Draft, Version 5.0 ?? Public Law 96-295 (1979, Sec. 109 ?? Executive Order 12127 ?? Executive Order 12148 ?? FEMA Rule 44 CFR, Parts 350-354 ?? 42 U.S.C. 5131 ?? 42 U.S.C. 5201 ?? 50 U.S.C. app. 2253(g) (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Does the program address a specific and existing problem, interest, or need?

Explanation: The Department of Homeland Security (DHS) is mandated by the Homeland Security Act (HSA) of 2002 as a result of the September 11, 2001 terrorist attack on the United States. The HSA established the OIP with the responsibility for assessing vulnerabilities of CI/KR and developing and implementing a comprehensive National Infrastructure Protection Plan (NIPP). Key success factors include development of the NIPP; national-level leadership in CI/KR protection expertise; a strategic risk management approach addresses acts of terrorism, natural disaster or other national emergency; unity across all levels of the private sector and government; integration and leverage of authorities, capacities, and resources; dissemination of best practices; and serving as a catalyst for national-level innovation and problem solving across the CI/KR sectors most at risk. OIP programs include the provision of capabilities and tools necessary to identify and catalog CI/KR, vulnerability assessment, identification of cross-sector dependencies, and the prioritization of assets to support decision analysis and the allocation of limited protective resources. Outreach efforts facilitate the enhanced coordination and communication with the private sector and government entities in devising and implementing protection strategies, programs, and best practices. Protection training is developed and provided to CI/KR owners, operators, and local law enforcement. Assessments of radiological emergency response plans and preparedness are performed in conjunction with state, local, and tribal entities. The assessments are primarily performed during biennial exercises and drills designed to establish practices that will ensure the health and safety of citizens living in the vicinity of commercial nuclear power plants in the event of an attack, natural disaster or other emergency. Assessment findings are communicated to the Nuclear Regulatory Commission (NRC) for consideration of overall onsite/offsite preparedness.

Evidence: President Bush explained in the Organization of the Department of Homeland Security (The Department of Homeland Security, June 2002) that DHS would coordinate a national effort to secure America's critical infratructure. National strategies for Homeland Security, Cyber Security, and Physical Protection of CI/KR further focused efforts in the areas of national preparedness and provided high level goals and priorities for OIP. ?? Homeland Security Presidential Directives (HSPD) 5- 9 ?? DHS Secretary Michael Chertoff reported on the results Second Stage Review (2SR), July 19, 2005 ?? Kemeny Commission (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Is the program designed so that it is not redundant or duplicative of any other Federal, state, local or private effort?

Explanation: Depsite being the national manager for infrastructure protection efforts, some of OIP's efforts are duplicative of or poorly coordinated with the efforts of other DHS offices and state and local efforts. This is most evident in the area of risk or vulnerability assessments. For example, Coast Guard performs assessments under the MTSA and TSA assesses transportation assets under the ATSA. State and local efforts continue with little evidence of coordination. While activities such as the NICC or NISAC are unique, the program design has yet de-conflict many the redundant activities performed elsewhere. Oversight of state and local efforts does not necessarily mean there is do duplication.

Evidence: OIP focus includes the following areas: ?? Primary contact for designated federal, state, local and private entities for coordinating protection activities within the Federal government - Organization of the Department of Homeland Security (The Department of Homeland Security, June 2002) ?? Development and implementation of the NIPP ?? National Asset Data Base (NADB) ?? Program management reviews to identify potential duplication of effort (e.g. 2nd Qtr FY06 Review) ?? FEMA Rule 44 CFR, Part 351, Radiological Emergency Planning and Preparedness ?? Appendix A to FEMA Rule 44 CFR, Part 353, Memorandum of Understanding (MOU) between FEMA and the NRC ?? Congressional briefing for FY 2006 proposed budget ?? IPD proposed budget ?? Mission Area Analysis (MAA) process (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Is the program design free of major flaws that would limit the program's effectiveness or efficiency?

Explanation: The NIPP provides a coordinated approach for OIP activities. OIP provides coordination for CI/KR protection at all levels of government, as well as within and across sectors. The coordination effort is unique to OIP. Sector-specific planning and coordination are addressed through a Private Sector Coordinating Council (PSCC) and a Government Coordinating Council (GCC) for each sector. These councils create a structure through which representative groups from all levels of government and the private sector can collaborate and develop consensus approaches to CI/KR protection, and ensure the proper design for a national infrastructure protection effort. To ensure an effective, efficient CI/KR protection program over the long term, the NIPP relies on the following mechanisms: ?? Building national awareness ?? Enabling education, training, and exercise programs ?? Conducting R&D and using technology ?? Developing, protecting, and maintaining data systems and simulations ?? Continuously improving the NIPP ?? Continuous comprehensive coordination All OIP sub-programs are focused on the implementation of these mechanisms.

Evidence: The OIP integrated operational framework is centered on the following guidance: ?? National Infrastructure Protection Plan (NIPP), Final Draft, Version 5.0 ?? Sector-Specific Plans (as described in the NIPP) ?? Governance for the Office of Infrastructure Protection (OIP), Version 1, February 2006 ?? FEMA Rule 44 CFR, Part 354 (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Is the program design effectively targeted so that resources will address the program's purpose directly and will reach intended beneficiaries?

Explanation: With finite federal resources available to support protection of the Nation's CI/KR, the NIPP establishes priorities, based on risk, to achieve the DHS mission and ensure continuity of the essential infrastructure and services that support the American people, its government, economy, and way of life. OIP maximizes the efficient use of resources for CI/KR protection nationwide through a coordinated and integrated process for program implementation. This process: ?? Supports prioritization of protective actions within and across sectors. ?? Informs the annual federal process regarding planning, programming, and budgeting for national-level protection activities. ?? Helps to align the resources of the federal budget to the CI/KR protection mission ?? Takes into account state and local government and private sector considerations related to planning, programming, and budgeting. ?? Draws on expertise across organizational and national boundaries. ?? Shares expertise and speeds implementation of best practices. ?? Recognizes the need to build a business case based on the value proposition for further private sector CI/KR protection investments. ?? Identifies potential incentives for security-related activities where they do not naturally exist in the marketplace. OIP sub-programs and resources support the integrated review process through the following activities: ?? Develop and maintain methodologies for conducting asset prioritization - both within and across sectors. ?? Perform asset prioritizations using the asset prioritization methodologies. ?? Obtain the data and information needed to support the asset prioritizations. ?? Provide data and information modeling and analysis concerning the nation's critical infrastructure, interdependencies, risks, and risk mitigation strategies.

Evidence: OIP uses an integrated risk-based approach to allocating resources for the national CI/KR protection program that informs the overall federal appropriations. The approach is described and supported by the following: ?? National Infrastructure Protection Plan (NIPP), Final Draft, Version 5.0 ?? Sector-Specific Plans (as described in the NIPP) ?? Nuclear Power Plant (NPP) Comprehensive Reviews (CR) ?? Integrated Protective Measures Analysis (IPMA) ?? Buffer Zone Protection (BZP) Plans ?? FEMA Rule 44 CFR, Part 354, Fee for Services to Support FEMA's Offsite REP Program (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Does the program have a limited number of specific long-term performance measures that focus on outcomes and meaningfully reflect the purpose of the program?

Explanation: No measures were provided in the PART.

Evidence: No measures were provided in the PART.

Does the program have ambitious targets and timeframes for its long-term measures?

Explanation: No targets or timeframes were provided to the PART.

Evidence: No evidence was provided.

Does the program have a limited number of specific annual performance measures that can demonstrate progress toward achieving the program's long-term goals?

Explanation: No specific annual performance measures were provided.

Evidence: No evidence has been provided.

Does the program have baselines and ambitious targets for its annual measures?

Explanation: No measures provided.

Evidence: No evidence provided.

Do all partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) commit to and work toward the annual and/or long-term goals of the program?

Explanation: No goals or performance measures were provided.

Evidence: No evidence was provided.

Are independent evaluations of sufficient scope and quality conducted on a regular basis or as needed to support program improvements and evaluate effectiveness and relevance to the problem, interest, or need?

Explanation: The Under Secretary for Preparedness has instituted a governance framework and a quarterly program review process to monitor program progress and ensure adequate oversight of program activities. Because the organization is relatively new (OIP was established in July 2006), the program has not evolved to the point where external evaluations are part of the business process for all sub-programs. However, when weaknesses are identified during program and sub-program reviews, procedures are being implemented to address them. Some OIP sub-programs have been independently evaluated by GAO, OMB, and contractor organizations contracted to perform the reviews. The REP sub-program is monitored by the NRC and the industry sector it represents. OIP strategic planning recognizes the need for and will implement additional independent performance evaluations followed by timely corrective action.

Evidence: Sub-program evaluations include: ?? Mission Area Analysis (MAA) ?? Monthly Performance Briefs and Metric Scorecards ?? NRC monitoring of REP activities ?? GAO audits of the REP sub-program ?? Establishing Effective Information Sharing with Infrastructure Sectors, Statement by Robert F. Dacey, Director - Information Security Issues (GAO-04-699T, April 2004) ?? Improving Information Sharing with Infrastructure Sectors, Report to Congressional Requestors (GAO-04-780, July 2004) (Reference OIP Consolidation PART References for web links or soft/hardcopy)

Are Budget requests explicitly tied to accomplishment of the annual and long-term performance goals, and are the resource needs presented in a complete and transparent manner in the program's budget?

Explanation: OIP's current budget structure makes it difficult to tie requests to performance or make resource needs transparent. Requests are tied to high-level goal such as funding the National Infrastructure Protection Plan, but do not come with much detail.

Evidence: No evidence is provided.

Has the program taken meaningful steps to correct its strategic planning deficiencies?

Explanation: OIP has taken significant steps to improve the strategic planning process. The program is developing a new strategic plan for OIP based on the reorganization resulting from the Secretary's Second Stage Review (2SR). All major organizational units are creating individual Program Plans that link to the OIP and the DHS strategic plans, and to the budget cycle. OIP strategic planning sessions are conducted to discuss scheduled versus actual results for current activities as well as prioritization and plans for future projects, and activities. Scorecards are used to support these sessions. Many of the activities occurring within the sub-programs are interdependent with other sub-program activities; therefore, close and continual coordination is conducted to ensure effective and proactive response. These regular strategic planning sessions enable planning adjustments to ensure conformity of the strategy within the dynamic DHS (operational) environment. The results of these efforts should be seen in future budget years.

Evidence: The OIP Strategic Plan is currently under development with a Draft planned for May 2006. The OIP sub-programs initiated development of strategic goals and identified specific strategies needed to align with OIP goals. The plans include a schedule, list of actions to be accomplished, and a summary of actions to be taken in the future. Specific references include: ?? CIOP Strategic Plan (FY04) ?? FEMA Rule 44 CFR, Parts 350, 351, 352, and Appendix A of 353. Part 354 supersedes user fee rules described in 353.

Are all regulations issued by the program/agency necessary to meet the stated goals of the program, and do all regulations clearly indicate how the rules contribute to achievement of the goals?

Explanation: By regulation, the REP sub-program assists state, tribal, and local governments in guiding the commercial nuclear sector in order to protect the safety of the public.

Evidence: FEMA Rule 44 CFR, Parts 350-354 explains how the rules contribute to achievement of the REP sub-program goals. (See FEMA REPP homepage for 350, 351, 352, and Appendix A of 353.)

Does the agency regularly collect timely and credible performance information, including information from key program partners, and use it to manage the program and improve performance?

Explanation: OIP and its sub-programs collect information on their performance including internal and external partners where appropriate. Sub-program status is provided directly from responsible task owners; other sources include contractor status reports, Sector-Specific Agency (SSA) reports, and Protective Security Advisor (PSA) activity reports. Collected information is analyzed to provide OIP leadership with a quantitative or qualitative measure of task progress as compared to planned performance. This process enables the leadership to identify where progress is deviating from the performance baseline thus enabling prompt corrective action when required. Additionally, each SSA provides DHS with an Annual Protection Report on their efforts to identify, prioritize, and coordinate the protection of CI/KR in their respective sectors. Annual Protection Reports address overall progress for the CI/KR sector and track status against the national CI/KR protection goals for that sector. Quarterly Performance Reviews assess planned activity performance against actual performance.

Evidence: OIP has implemented the following initiatives in order to enhance monitoring and management of the program and its components: ?? Governance for the Office of Infrastructure Protection (OIP), Version 1, February 2006 ?? OIP Quarterly Performance Reviews and metric scorecards ?? Government Coordinating Councils (GCC) ?? Sector Coordinating Councils (SCC) ?? Sector specific reports and cross-sector reports ?? Future Year Homeland Security Plan (FYHSP) quarterly and end-of-year performance reports (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Are Federal managers and program partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) held accountable for cost, schedule and performance results?

Explanation: OIP has implemented a governance process by which Program Plans are developed and maintained for each sub-program key project, initiative and activity. Management ensures that individual program managers, partner agencies and contractors are held accountable for achieving agreed upon program results. Program Plans define the objectives of the organization, key milestones and accomplishments (output and outcome), and performance level targets necessary for mission success. The Plans are reviewed to ensure that they support higher-level strategic goals and objectives and that they are properly integrated with related project plans. Cost estimates are developed by each program team to support project budget development. As the annual budgets are finalized, the program plans are adjusted to ensure alignment of planned level of effort to actual level of funding. On-going reviews provide the basis for cost, schedule and performance accountability. Program Plans also provide input to the Procurement Requisition (PR) packages, and the Scope of Work (SOW) that define contractor requirements, deliverables, and quality standards. Contract payments are directly correlated to performance per contract terms.

Evidence: All OIP sub-programs have at least one annual performance metric and milestone measure. Metrics and milestones are assigned to specific individuals who are accountable for meeting their targeted events and due dates. The reviews are conducted by OIP leadership and are used for management decision-making. Examples include: ?? Monthly Performance brief and metric scorecards ?? OIP Quarterly Performance Reviews and metric scorecards ?? REP performance summary submitted to the NRC (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Are funds (Federal and partners') obligated in a timely manner, spent for the intended purpose and accurately reported?

Explanation: OIP continues to improve its process for obligating funds to ensure they are used for the intended purpose. Howeverm OIP has demonstrated lack of ability to execute funds. OIP has adopted an aggressive schedule for developing the annual FY Strategic Plan and the Program Plans. Plan coordination facilitates timely preparation of the Advanced Acquisition Plan (AAP) and expenditure plan. When the AAP is finalized, procurement packages are prepared for those programs with approved funding. Procurement packages must be processed and approved by the Preparedness Directorate before funds are obligated. Unlike the other sub-programs, REP is funded by the NRC licensees of the commercial nuclear power plans through the collection of user fees. Fees are collected in the current FY for use in the upcoming FY.

Evidence: OIP periodic reporting, performance reviews, program management controls, and an annual reconciliation process are used to monitor sub-program funds. References include: ?? Successes and Challenges in DHS Efforts to Create an Effective Acquisition Organization (GAO-05-179) ?? Mid-year Program Review ?? FEMA Rule 44 CFR, Part 354, Fee for Services to Support FEMA's Offsite Radiological Emergency Preparedness Program (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Does the program have procedures (e.g. competitive sourcing/cost comparisons, IT improvements, appropriate incentives) to measure and achieve efficiencies and cost effectiveness in program execution?

Explanation: The Preparedness Directorate and OIP policy promote open competition in the acquisition process. A sole-source acquisition meets with intense scrutiny and must be justified based on the requirements identified in the Federal Acquisition Regulations (FAR). However, regular procedures to achieve efficiencies or cost-effectiveness have not been implemented.

Evidence: No evidence provided.

Does the program collaborate and coordinate effectively with related programs?

Explanation: Protection of the nation's infrastructure is inherently a collaborative activity. In working to achieve this, OIP facilitates the overall development of the NIPP and Sector Security Plans, provides overarching guidance, and monitors a full range of associated coordination activities and performance metrics. The program facilitates protection efforts through internal DHS communication, private and public sector communication, strategic planning, and analysis of multi-sector effects of emergencies.

Evidence: OIP collaboration with related programs includes: ?? Federal Interagency Incident Management Group ?? Hosting of the March 10, 2006 Post-Katrina Conference ?? Work with Sector Specific Agencies (SSA) through the Government Coordinating Councils (GCC) and Sector Coordinating Councils (SCC) for each sector (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Does the program use strong financial management practices?

Explanation: Fiduciary compliance requires practices to ensure that funds are used in accordance with the Federal Financial Management Integrity Act (FFMIA). OIP has developed and implemented standard operating procedures to facilitate effective financial management communications, both to and from OIP and the Preparedness Directorate. These procedures, although still evolving, also enable integration of sub-program management processes with existing OIP and Directorate financial management processes. OIP financial management procedures are intended to be compliant with applicable federal and DHS financial management regulations and guidelines, and with sound financial management practices. REP interacts with the commercial sector, and as a result, has a fee-based/non-appropriations source of revenue and expenditure practices. The FEMA budget office currently manages the financial activities for the REP sub-program.

Evidence: The Federal Financial Management System (FFMS) manages the financial status (commitments, obligations, and expenditures) of the OIP sub-programs. OIP also uses information from FFMS Reports to validate and supplement internally generated cost data. Documentation supporting OIP financial management practices include: ?? FFMS reports ?? DHS Strategic Plan ?? Draft IP Strategic Plan ?? DHS Integrated Planning Guidance ?? IPD Strategic Plan ?? Congressional Budget Submission ?? Annual Performance Plans and Reports ?? Future Years Homeland Security Program (FYHSP) 2006 ?? FEMA Rule 44 CFR, Part 354 (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Has the program taken meaningful steps to address its management deficiencies?

Explanation: OIP continues to review, adjust, and integrate its management processes with those of the Preparedness Directorate and DHS. As the higher-level processes, policies, shared services and systems evolve, the OIP management processes, particularly as they relate to program management, will change, not only to maintain alignment, but to also take advantage of process improvements and available shared services. This is an on-going effort and is made possible through effective communications and information sharing within OIP. However, management has not made visible progress in basic areas such as managing resources and obligating funds in a timely manner.

Evidence: OIP has published and implemented a governance framework, and it is developing and implementing standard operating procedures (SOPs) that address integration of internal financial management processes and procedures promulgated at the Directorate level. These processes continue to evolve as the Directorate-level procedures themselves evolve. References include: ?? Governance for the Office of Infrastructure Protection (OIP), Version 1, February 2006 ?? CIOP Strategic Management Plan ?? RMD Standard Operating Procedures ?? FEMA Rule 44 CFR, Part 350.14 (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Did the program seek and take into account the views of all affected parties (e.g., consumers; large and small businesses; State, local and tribal governments; beneficiaries; and the general public) when developing significant regulations?

Explanation: The REP sub-program regulations provide for stakeholder comment, hearings, atomic safety and licensing.

Evidence: FEMA Rule 44 CFR, Parts 350.3 and 350.4 provides for stakeholder feedback on regulatory change, policies, etc. for the REP sub-program. All FEMA Rule 44 CFR, Parts 350-354 went out in draft for comment, hearings, atomic safety and licensing. References include: ?? FEMA Rule 44 CFR, Parts 350-354

Did the program prepare adequate regulatory impact analyses if required by Executive Order 12866, regulatory flexibility analyses if required by the Regulatory Flexibility Act and SBREFA, and cost-benefit analyses if required under the Unfunded Mandates Reform Act; and did those analyses comply with OMB guidelines?

Explanation: All regulatory updates and policy and guidance revisions within the REP sub-program have provided ample opportunity for review and involvement of stakeholders (at the Federal, State, tribal, and local levels), and alternative justification for the regulatory adoption. The REP sub-program has provided oversight to ensure that changes are truly required and causal factors are identified in all regulatory improvements.

Evidence: The original REP sub-program regulation predates Executive Order 12866. FEMA Rule 44 CFR, Part 354 (1995) design was included in the consideration of alternatives in several areas of the regulation. The process for stakeholder review of the sub-program is done primarily through the issuance of Federal Register Notices soliciting comments. A review of the REP sub-program is currently underway to update policies, guidance, regulations, and to reflect the organizational change from FEMA to DHS. References include: ?? Executive Order 12866 ?? FEMA Rule 44 CFR, Part 354 ?? Federal Register Notices

Are the regulations designed to achieve program goals, to the extent practicable, by maximizing the net benefits of its regulatory activity?

Explanation: All regulatory elements of the REP sub-program provide value to the sub-program goals and community goals. Inability to achieve sub-program goals would result in alteration of the regulations. As an example, FEMA Rule CFR 44, Part 354, was a revision to the user fee methodology contained in FEMA Rule 44 CFR, Part 353. Changes to the regulations addressed weakness in the REP sub-program's fees.

Evidence: References include: ?? FEMA Rule 44 CFR, Part 353 ?? FEMA Rule 44 CFR, Part 354

Has the program demonstrated adequate progress in achieving its long-term performance goals?

Explanation: Despite being the national manager, OIP has struggled to develop and implement the NIPP. OIP has developed RAMCAP and the NADB. However, OIP needs to do more in the areas of SSPs, chemical site security guidelines, and other infrastructure protection priorities to demonstrate progress.

Evidence: OIP is meeting the majority of its long-term performance goals. Supporting evidence includes: ?? DHS Strategic Plan ?? DHS Integrated Planning Guidance ?? Draft IP Strategic Plan ?? IPD Strategic Plan ?? Congressional Budget Submission ?? Annual Performance Plans and Reports ?? Future Years Homeland Security Program (FYHSP) 2006 ?? Federal Financial Management System (FFMS) reports ?? IP Acquisition Process Improvement Team ?? IP Finance Process Improvement Team ?? IP Human Capital Process Improvement Team ?? IP Strategic Management System Integration Team ?? NUREG-0654/FEMA-REP-1, Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants ?? FEMA-REP-14, REP Exercise Manual ?? FEMA-REP-15, REP Exercise Evaluation Methodology ?? NUREG-0654 to 33 (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Does the program (including program partners) achieve its annual performance goals?

Explanation: The lack of performance measures makes it difficult to measure OIP's progress in this area.

Evidence: No evidence was provided.

Does the program demonstrate improved efficiencies or cost effectiveness in achieving program goals each year?

Explanation:

Evidence:

Does the performance of this program compare favorably to other programs, including government, private, etc., with similar purpose and goals?

Explanation: The mission of OIP is to lead a national effort to coordinate and implement initiatives that build a safer, more secure, and more resilient America. This is a unique problem without duplication. No other programs exist that provide a meaningful comparison.

Evidence: No other programs exist that are similar in function to OIP for comparison purposes. Supporting documentation includes: ?? DHS Strategic Plan ?? DHS Integrated Planning Guidance ?? Draft IP Strategic Plan ?? IPD Strategic Plan ?? Congressional Budget Submission ?? Annual Performance Plans and Reports ?? Future Years Homeland Security Program (FYHSP) 2006 (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Do independent evaluations of sufficient scope and quality indicate that the program is effective and achieving results?

Explanation: Some external independent assessments have been performed. Additionally, to facilitate objective evaluation of program effectiveness, the Under Secretary for Preparedness has instituted a Quarterly Program Review process intended to monitor program progress and ensure adequate oversight of program activities. Because the organization is relatively new, the program has not evolved to the point where external evaluations are part of the business process for all sub-programs. When weaknesses are identified during program and sub-program reviews, policies and procedures are being implemented to address them. .

Evidence: Independent assessments of OIP sub-programs address areas such as: ?? GAO-04-699T, April 2004 - Establishing Effective Information Sharing with Infrastructure Sectors (statement by Robert F. Dacey, Director - Information Security Issues) ?? GAO-04-780, July 2004) - Improving Information Sharing with Infrastructure Sectors (report to congressional requesters) ?? GAO-01-15, March 2001) - user-fee procedures. ?? NUREG-0654, FEMA-REP-1, Rev. 1 Addenda ?? GAO audited the user fee procedures/practices of the REP sub-program when FEMA Rule 44 CFR, Part 354 was established. GAO audits conducted from 1991-1996 found no deficiencies. GAO has not audited REP since that time. (Reference OIP Consolidation PART references for web links or soft/hardcopy)

Were programmatic goals (and benefits) achieved at the least incremental societal cost and did the program maximize net benefits?

Explanation: The REP sub-program provides a layer of safety in emergency planning and related guidelines that mitigate the incidence and associated costs of a nuclear power plant disaster. In an industry in which the regulated liability of the industry owners is capped by the Price Anderson Act (of 1957, which has been renewed), the potential losses from a nuclear power plant disaster far exceed the funds that have been under-written on the industry's behalf. The delta between potential damage of a single nuclear power plant disaster and the total funds the industry is prepared to commit to accident recovery, is staggering compared to the public and private costs of REP sub-program participation and compliance.

Evidence: The estimated total social marginal costs of a single disaster could exceed $500B (Sandia Labs, 1982) in year 2000 dollars. The Price Anderson Act requires the nuclear power plant industry to privately insure for an accident, but the total liability required for the industry as a whole is less than $50B. As such, risks that can be mitigated for a single plant are worth up to $450B. The REP sub-program has a direct governmental cost of approximately $25M-$30M dollars per year, which is funded through industry user fees. In addition, private cost to the Industry for REPP participation and compliance, which is not documented officially, is approximately $1M-$2M per year. Costs to the private sector for the REP sub-program range from $90-$150M per year to mitigate the incidence of a NPP accident and the associated societal costs of up to $450B. (See also GAO-04-654.)