Browse Definitions:

Presidential Policy Directive 21 (PPD-21)

Contributor(s): Corinne Bernstein

Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Protection and Resilience is a United States directive that aims to strengthen and secure the country's critical infrastructure. Former President Barack Obama issued PPD-21 in 2013 to foster greater integration and cooperation among public and private organizations. The goal of the directive is to reduce vulnerabilities, identify and disrupt threats, minimize consequences and hasten response and recovery efforts related to critical infrastructure.

PPD-21 called for an update to the National Infrastructure Protection Plan (NIPP), based on changes in the critical infrastructure risk, policy and operating environments, as well as lessons learned since the previous version of the NIPP in 2009. PPD-21 set national policy on critical infrastructure security and resilience – which the directive referred to as a shared responsibility among federal, state, local, tribal and territorial entities, and public and private owners and operators of critical infrastructure. 

The directive defines resilience as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. The directive also called for the federal government to engage with international partners to strengthen the security and resilience of domestic critical infrastructure as well as critical infrastructure outside the United States on which the nation depends. 

PPD-21 points to 16 critical infrastructure sectors – all of which have an impact on other sectors and require public-private cooperation.

  • Chemical Sector - manufactures, stores, uses and transports potentially dangerous chemicals (including basic chemicals, specialty chemicals, agricultural chemicals, pharmaceuticals and consumer products) upon which other critical infrastructure sectors Most companies in this group are privately owned, so the Department of Homeland Security (DHS) must work cooperatively with these private entities and industry associations.
  •  Commercial Facilities Sector - includes a range of sites that are open to the public and draw large crowds for shopping, business, entertainment or lodging. Subsectors of this group are Entertainment and Media, Gaming, Lodging, Outdoor Events, Public Assembly, Real Estate, Retail and Sports Leagues.
  • Communications Sector - includes satellite, wireless and wireline providers – which depend on each other to carry and terminate their traffic -- and companies share facilities and technology to ensure interoperability. Communications is closely linked to other critical sectors, including Energy, IT, Financial Services, Emergency Services and Transportation Systems.
  • Critical Manufacturing Sector - encompasses the production of primary metals; machinery; electrical equipment, appliances and components; and transportation equipment, and may be susceptible to man-made and natural disasters.
  • Dams Sector - delivers water retention and control services in the United States, including hydroelectric power generation, municipal and industrial water supplies, agricultural irrigation, sediment and flood control, river navigation for inland bulk shipping, industrial waste management and recreation. The sector is interdependent with the Communications, Energy, Food and Agriculture, Transportation Systems and Water sectors.
  • Defense Industrial Base Sector - encompasses R&D, as well as the design, production, delivery and maintenance of military weapons systems, subsystems and components or parts to meet U.S. military requirements. The sector, which provides products and services for mobilizing, deploying and sustaining military operations, does not include the commercial infrastructure of providers of services such as power, communications, transportation or utilities (which are covered under other sectors).
  • Emergency Services Sector - includes law enforcement, fire and rescue services, emergency medical services, emergency management and public works. The sector focuses on saving lives, protecting property and the environment, helping disaster-affected communities and aiding recovery during emergencies.
  • Energy Sector - composed of three interrelated segments: electricity, oil and natural gas. The sector, which affects all critical infrastructure sectors, is voluntarily focusing on information-sharing. Many sector owners and operators have extensive experience abroad with infrastructure protection and have more recently focused on cybersecurity.
  • Financial Services Sector (formerly the Banking and Finance Sector) - includes depository institutions, providers of investment products, insurance companies, other credit and financing organizations, and the providers of the critical financial utilities and services that support these functions.
  • Food and Agriculture Sector - includes an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing and storage facilities. This sector, which accounts for approximately 20 percent of the nation's economic activity, is primarily under private ownership.
  • Government Facilities Sector - includes general-use office buildings and special-use military installations, embassies, courthouses, national laboratories and structures that may house critical equipment, systems and networks. In addition to various buildings in the United States and overseas that are owned or leased by federal, state, local and tribal governments, the sector also includes cyber elements that contribute to the protection of sector assets.
  • Healthcare and Public Health Sector -  focuses on protecting all sectors of the economy from terrorism, infectious disease outbreaks and natural disasters. The sector's assets are primarily privately owned and operated, so collaboration and information-sharing between the public and private sectors is crucial.
  • Information Technology Sector - covers hardware, software, and IT systems and services, and, along with the Communications Sector, the Internet. The sector's dynamic, interconnected environment makes identifying threats and assessing vulnerabilities challenging and requires that these tasks be addressed collaboratively.
  • Nuclear Reactors, Materials and Waste Sector - encompasses most aspects of America’s civilian nuclear infrastructure, such as nuclear facilities, materials and waste as well as cybersecurity related to these facilities.
  • Transportation Systems Sector - focuses on safely, securely and efficiently moving people and goods through the country and overseas. Subsectors include Aviation, Highway and Motor Carrier, Maritime Transport System, Mass Transit and Passenger Rail, Pipeline Systems, Freight Rail and Postal and Shipping.
  • Water and Wastewater Systems Sector - concentrates on ensuring the supply of drinking water and wastewater treatment and service, is vulnerable to compromise from contamination with deadly agents; physical attacks, such as the release of toxic gaseous chemicals; cyber attacks; and natural disasters. Problems in this sector could affect firefighting and health care, as well as Energy, Food and Agriculture and Transportation Systems.
This was last updated in February 2018 ???publishDate.suggestedBy???

Continue Reading About Presidential Policy Directive 21 (PPD-21)

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How would the loss of a critical infrastructure asset affect your organization?


File Extensions and File Formats

Powered by:


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • cloud ecosystem

    A cloud ecosystem is a complex system of interdependent components that all work together to enable cloud services.

  • cloud services

    Cloud services is an umbrella term that may refer to a variety of resources provided over the internet, or to professional ...

  • uncloud (de-cloud)

    The term uncloud describes the action or process of removing applications and data from a cloud computing platform.


  • cyberextortion

    Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in ...

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

  • National Security Agency (NSA)

    The National Security Agency is the official U.S. cryptologic organization of the United States Intelligence Community under the ...


  • Practice Fusion

    Practice Fusion Inc. is a San Francisco-based company that developed a free electronic health record (EHR) system available to ...

  • RHIA (Registered Health Information Administrator)

    An RHIA, or registered health information administrator, is a certified professional who oversees the creation and use of patient...

  • 21st Century Cures Act

    The 21st Century Cures Act is a wide-ranging healthcare bill that funds medical research and development, medical device ...



  • Random Access Memory (RAM)

    Random Access Memory (RAM) is the hardware in a computing device where the operating system (OS), application programs and data ...

  • floating gate transistor (FGT)

    A floating gate transistor (FGT) is a complementary metal-oxide semiconductor (CMOS) technology capable of holding an electrical ...

  • bad block

    A bad block is an area of storage media that is no longer reliable for storing and retrieving data because it has been physically...


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.