Browse Definitions :

Presidential Policy Directive 21 (PPD-21)

Presidential Policy Directive 21 (PPD-21) is an infrastructure protection and resilience directive in the United States that aims to strengthen and secure the country's critical infrastructure. Former President Barack Obama issued PPD-21 in 2013 to foster greater integration and cooperation among public and private organizations. The goal of the directive is to reduce vulnerabilities, identify and disrupt threats, minimize consequences and hasten response and recovery efforts related to critical infrastructure.

PPD-21 and NIPP

PPD-21 called for an update to the National Infrastructure Protection Plan (NIPP). NIPP outlines how government and private sectors work together to manage risks to reach security and resilience goals. The proposed update was based on changes in the critical infrastructure risk, policy and operating environments, in addition to lessons learned since the previous version of NIPP in 2009. PPD-21 set national policy on critical infrastructure security and resilience. The directive referred to this as a shared responsibility among multiple groups, including federal, state, local, tribal and territorial entities, as well as public and private owners and operators of critical infrastructure.


The directive defines resilience as the ability to prepare for and adapt to changing conditions and disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. The directive also called for the federal government to engage with international partners to strengthen the security and resilience of domestic critical infrastructure, as well as critical infrastructure outside the United States on which the nation depends.

PPD-21 critical infrastructure sectors

PPD-21 points to 16 critical infrastructure sectors -- all of which have an impact on other sectors and require public-private cooperation:

  1. Chemical sector. It manufactures, stores, uses and transports potentially dangerous chemicals. These chemicals can include basic, specialty and agricultural chemicals, as well as pharmaceuticals and other consumer products. Some critical infrastructure sectors may include companies that are privately owned, so the Department of Homeland Security (DHS) must work cooperatively with these private entities and industry associations.
  2. Commercial facilities sector. It includes a range of sites that are open to the public and draw large crowds for shopping, business, entertainment or lodging. Subsectors of this group are entertainment and media, gaming, lodging, outdoor events, public assembly, real estate, retail and sports leagues.
  3. Communications sector. It includes satellite, wireless and wireline providers, which depend on each other to carry and terminate their traffic. Companies share facilities and technology to ensure interoperability. Communications are closely linked to other critical sectors, including energy, information technology (IT), financial services, emergency services and transportation systems.
  4. Critical manufacturing sector. It encompasses the production of primary metals; machinery; electrical equipment, appliances and components; and transportation equipment that may be susceptible to man-made and natural disasters.
  5. Dams sector. It delivers water retention and control services in the United States, including hydroelectric power generation, municipal and industrial water supplies, agricultural irrigation, sediment and flood control, river navigation for inland bulk shipping, industrial waste management and recreation. The sector is interdependent with the communications, energy, food and agriculture, transportation systems and water sectors.
  6. Defense industrial base sector. It encompasses research and development (R&D), as well as the design, production, delivery and maintenance of military weapons systems, subsystems and components to meet U.S. military requirements. The sector provides products and services for mobilizing, deploying and sustaining military operations. It does not include the commercial infrastructure of those who provide services such as power, communications, transportation or utilities, which are covered under other sectors.
  7. Emergency services sector. It includes law enforcement, fire and rescue services, emergency medical services, emergency management and public works. The sector focuses on saving lives, protecting property and the environment, helping disaster-affected communities and aiding recovery during emergencies.
  8. Energy sector. It is composed of three interrelated segments: electricity, oil and natural gas. The sector, which affects all critical infrastructure sectors, is voluntarily focusing on information sharing. Many sector owners and operators have extensive experience abroad with infrastructure protection and have more recently focused on cybersecurity.
  9. Financial services sector (formerly, the banking and finance sector). It includes depository institutions, providers of investment products, insurance companies, and other credit and financing organizations, as well as the providers of the critical financial utilities and services that support these functions.
  10. Food and agriculture sector. It includes an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing and storage facilities. This sector, which accounts for approximately 20% of the nation's economic activity, is primarily under private ownership.
  11. Government facilities sector. It includes general-use office buildings and special-use military installations, embassies, courthouses, national laboratories and structures. These buildings may house critical equipment, systems and networks. In addition to various buildings in the United States and overseas, the sector also includes cyber elements that contribute to the protection of sector assets.
  12. Healthcare and public health sector. It focuses on protecting all sectors of the economy from terrorism, infectious disease outbreaks and natural disasters. The sector's assets are primarily privately owned and operated, so collaboration and information sharing between the public and private sectors is crucial.
  13. IT sector. It covers hardware, software, and IT systems and services, along with the communications sector and the internet. The sector's dynamic and interconnected environment makes identifying threats and assessing vulnerabilities challenging. Therefore, this requires these tasks to be addressed collaboratively.
  14. Nuclear reactors, materials and waste sector. It encompasses most aspects of America's civilian nuclear infrastructure, such as nuclear facilities, materials and waste, as well as any cybersecurity related to these facilities.
  15. Transportation systems sector. It focuses on safely, securely and efficiently moving people and goods through the country and overseas. Subsectors include aviation, highway and motor carrier, maritime transport system, mass transit and passenger rail, pipeline systems, freight rail, postal and shipping.
  16. Water and wastewater systems sector. It concentrates on ensuring the supply of drinking water and wastewater treatment. This sector ensures these water-based services are not vulnerable to compromise from contamination with deadly agents, physical attacks, cyberattacks and natural disasters. Problems in this sector could affect firefighting and health care, as well as energy, food and agriculture, and transportation systems.
This was last updated in April 2020

Continue Reading About Presidential Policy Directive 21 (PPD-21)

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • private 5G

    Private 5G is a wireless network technology that delivers 5G cellular connectivity for private network use cases.

  • NFVi (network functions virtualization infrastructure)

    NFVi (network functions virtualization infrastructure) encompasses all of the networking hardware and software needed to support ...

  • cybersecurity

    Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats.

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified ...

  • operational risk

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems or events that disrupt business ...

  • Risk Management Framework (RMF)

    The Risk Management Framework (RMF) is a template and guideline used by companies to identify, eliminate and minimize risks.

  • robotic process automation (RPA)

    Robotic process automation (RPA) is a technology that mimics the way humans interact with software to perform high-volume, ...

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with three-dimensional (3D)...

  • OKRs (Objectives and Key Results)

    OKRs (Objectives and Key Results) encourage companies to set, communicate and monitor organizational goals and results in an ...

  • cognitive diversity

    Cognitive diversity is the inclusion of people who have different styles of problem-solving and can offer unique perspectives ...

  • reference checking software

    Reference checking software is programming that automates the process of contacting and questioning the references of job ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...