(IT)/Cyber Sector As required by Presidential Policy Directive 21 (PPD-21), the current version of the National Infrastructure Protection Plan (NIPP 2013—also referred to as the National Plan) provides a unifying structure to define a single program for integrating critical infrastructure and key resources (CI/KR) protection. PPD-21 also assigned a federal agency as the lead Sector-Specific Agency (SAA) for each of the 16 critical infrastructures identified in PPD-21. Each SSA is responsible for developing and implementing an updated Sector-Specific Plan (SSP) for its sector. The original SSPs were published in 2010 based on a Letter of Agreement in the 2009 version of the NIPP, but were updated in 2015. The SSPs detail the application of the NIPP concepts to the unique characteristics and conditions of each sector. A growing number of hacking incidents or cyber attacks in recent years has raised concerns about the adequacy of the SSP to address major threats or hazards in our IT sector and cyber space. This includes major hacking into credit card records or other IT/data systems at Lockheed Martin (a major defense contractor), RSA the security division of a major data storage company for financial institutions), SONY, major banking institutions, Target Stores, and the even the U.S. State Department. In fact, in 2010 alone, the U.S. government was subject to over 300,000 cyber attacks on its infrastructure. There were also suspicions that hacking into Google e-mail (gmail) accounts for high-ranking U.S. officials could be traced to China, and the CIA Web site was hacked. Many other incidents have occurred since then. There are also ongoing investigations about Russian hacking into the 2016 Presidential election process. The IT sector is inextricably linked with the Communications sector, and interdependencies exist with all other CI/KR sectors. Technological advances and rapid development or modernization of a wide variety of systems and processes that depend on a secure IT system, including the Internet and the “cloud,” ensure that IT/cyber security will demand increasing attention in the future. Ensuring IT and cybersecurity is incredibly complex and challenging due to technological complexities and our global interconnectedness, which make it very difficult to detect, deter, trace, defend against, prosecute or counter cyber attacks and hacking. You and the members of your team should assume the role of senior government officials representing DHS and other federal agencies and entities with responsibilities for ensuring the security of the U.S. IT sector and cyber space. Threats and hazards in this vital CI/KR sector carry potentially enormous consequences to our national economy, to national security and defense, to privacy, and to confidence in our government. President Trump has asked about the security of our IT sector and cyber space and protection from intentional terrorist or espionage attacks, criminal or malicious hackers ...