This is the second article in a series exploring the intersection of mid-market companies, defined as those with annual revenue between $10 million and $1 Billion, and U.S. critical infrastructure, which is categorized into 16 different sectors that support the security, national public health and safety, and economic prosperity of the United States.
Understanding Critical Infrastructure
As discussed in the last article, many mid-market companies might not realize their significant role in the nation’s critical infrastructure network. Despite their size, their contributions to various sectors make them indispensable. To learn more about this intersection between mid-market companies and critical infrastructure, please take a few moments to check out the previous article, “Does Your Mid-Market Company Qualify as Critical Infrastructure?” found on the CrisisLead website.
In addition to not realizing the role they play in critical infrastructure, many companies also may not realize the kinds of free support available to help them ensure their operations remain secure from both a physical security and cybersecurity perspective.
Understanding the Homeland Security Enterprise
Researchers and academics use the term “homeland security enterprise” to describe the vast web of federal, state, territorial, tribal, and local government agencies, plus the private sector, non-government organizations, and even private citizens that work to ensure America’s security and economic prosperity. Often when people think about “Homeland Security” they automatically think of the Department of Homeland Security (DHS).
In truth, while DHS has a significant leadership role in shaping homeland security vision and policy, and some agencies under the DHS umbrella implement the vision and policy, the larger homeland security enterprise plays a major role. In the context of this article, it is important to understand that more than 85% of critical infrastructure is owned and operated by the private sector.
Understanding the nature of critical infrastructure, defined by DHS as, the 16 “sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof,” it makes sense that other parts of the homeland security enterprise would contribute to the safety and security of these sectors. One group of people who connect DHS to the larger homeland security enterprise is the Protective Security Advisors.
The Role of Protective Security Advisors
According to the DHS Cybersecurity and Critical Infrastructure Security Agency (CISA) website:
“Protective Security Advisors (PSAs) are trained subject matter experts in critical infrastructure protection and vulnerability mitigation. They facilitate local field activities in coordination with other DHS offices and federal agencies. They also advise and assist state, local, tribal, and territorial (SLTT) officials and critical infrastructure owners and operators, and provide coordination and support in times of threat, disruption, or attack.”[i]
To learn more about part of the role DHS plays in coordinating the homeland security enterprise to assist companies that contribute to critical infrastructure, I reached out to Bob Winters. Winters is the DHS/CISA Protective Security Advisor for Western Pennsylvania. Winters is based in Pittsburgh and covers 32 counties. He falls under DHS Region 3, which is headquartered in Philadelphia. Winters explained there are about 130 Protective Security Advisors across the country. They serve as vital liaisons between companies and government agencies, helping ensure the security and resilience of critical infrastructure.
Winters explained the size of a company is irrelevant when determining its importance within these sectors. A mid-market company (or even a small business) can be just as critical as a large corporation if it operates within one of these sectors.
Examples of the Protective Security Advisor Support
“Nobody is on their own,” Winters explained. Winters notes that in Western PA alone, approximately 200 members in the public gathering sector (such as schools, universities, houses of worship, stadiums, arenas) meet quarterly to discuss safety and security. Similar interactions occur in other sectors, such as the energy sector and the Central Business District Safety Meetings.
A key point Winters emphasizes is the importance of building relationships ahead of problems. The goal is to foster networks and partnerships with local, state, and federal service providers. These connections enable companies to access:
- Services
- Expertise
- Advisors
- Assessments
As the Protective Security Advisor, Winters will conduct assessments for some locations. When he does this, companies can rest assured that their proprietary and security information will remain confidential. In fact, these conversations are protected from disclosure under federal law.
Though Winters does deal directly with many companies, his real goal is to introduce companies to the broader homeland security enterprise network, especially state and local government response agencies and federal partners. He mentioned that the National Weather Service has very popular programs for many of the companies he deals with.
Winters coordinates and provides information about forums, like the public gathering sector meetings mentioned above. While Winters and his colleagues across the country cannot recommend specific security products or companies, these large forums are a great place to meet vendors and learn about what other companies are doing to secure their operations.
All of these events are at no cost and are a great chance for company representatives to meet each other with a focus on security.
Finding your Protective Security Advisor
Winters explained that the best way to get in touch with the Protective Security Advisor for your area is to send an email to central@cisa.gov with some information about your company and the location you are inquiring about. Make sure to include that you are seeking to get in touch with the Protective Security Advisor for your area.
Conclusion
Understanding your company’s role in U.S. critical infrastructure is key. It is also important to understand the recourse available to you to help prevent, prepare for, and respond to security threats you may face. DHS/CISA Protective Security Advisors are a tremendous asset and offer no-cost services to help you accomplish this.
In my next article on this topic, I’ll explore the roles of the DHS/CISA Cybersecurity Advisors
[i] CISA. (n.d.) Security Advisors. Available at: https://www.cisa.gov/about/regions/security-advisors. Accessed 30 January 30, 2025.
Note: The author published a version of this blog post as a LinkedIn Article. That version can be found here: https://www.linkedin.com/pulse/department-homeland-security-assistance-mid-market-christopher-mvqee/?trackingId=MZJQvLDZQ02nESJy9oeHFg%3D%3D
