The Homeland Security Act of 2002 made the Department of Homeland Security's Information Analysis and Infrastructure Protection Directorate (IA&IP) responsible for CIP functions with a lead role for information sharing within DHS and the federal government. It brought together:
- Critical Infrastructure Assurance Office (Commerce)
- Federal Computer Incident Response Center (GSA)
- National Communications System (Defense)
- National Infrastructure Protection Center (FBI)
- Energy Security and Assurance Program (Energy)
IAIP's responsibilities include:
- accessing, receiving, and analyzing law enforcement information, intelligence information, and other threat and incident information from respective agencies of federal, state, and local governments and the private sector;
- combining and analyzing such information to identify and assess the nature and scope of terrorist threats; and
- disseminating, as appropriate, information analyzed by DHS, within the department, to other federal agencies, state and local government agencies, and private-sector entities.
As also required by the Homeland Security Act, IAIP is responsible for (1) developing a comprehensive national plan for securing the key resources and critical infrastructure of the United States and (2) recommending measures to protect the key resources and critical infrastructure of the United States in coordination with other federal agencies and in cooperation with state and local government agencies and authorities, the private sector, and other entities.
The statute is explicit that, except as otherwise directed by the President, the DHS is to have access from any federal agency to all information and intelligence — including raw intelligence — about terrorist threats and vulnerabilities of the U.S. to terrorism. The Directorate does not have authority to collect intelligence.