The Bush Administration policy and approach regarding critical infrastructure protection can be described as an evolutionary expansion of the policies and approaches laid out in PDD-63.
One major difference between PDD-63 and the current Administration's efforts is a shift in focus.
The number and breakdown of sectors and lead, or sector specific agencies, have expanded and changed since the assignments made by PDD-63 (and noted in Table 1 of this report).
The following discusses the implementation of major elements of PDD-63 still relevant to current policy.
The National Strategy for Homeland Security, released by the Bush Administration in July 2002, maintained the role of lead agencies as outlined in PDD-63, with the newly proposed Department of Homeland Security acting as coordinator of their efforts.
PDD-63 directed every agency to develop and implement such a plan.
One of the issues associated with PDD-63 was whether it duplicated, superseded, or overturned existing information security responsibilities.
But, PDD-63 stated and the National Plan, Version 1.
There was another bureaucratic issued raised by PDD-63.
Although not specifically identified in the Directive, the Clinton Administration proposed establishing a Federal Instruction Detection Network (FIDNET), that would, together with the Federal Computer Intrusion Response Capability (FedCIRC) effort begun just prior to PDD-63, meet this goal.
For the most part, the sector coordinators selected to date have undertaken awareness and education activities not only to acquaint their constituents with the threats and risks of cyber attack on their systems (which in many cases is already known) but also about the efforts and goals of PDD-63.
All of the lead and primary agencies designated in PDD-63 met the initial deadline for submitting their internal plans for protecting their own critical infrastructures from attacks and for responding to intrusions.