UPDATED: COVID-19 Essential Services” or Critical Infrastructure” and Navigating Compliance with State Stay-at-Home Orders

Kelley Drye Client Advisory

Originally published on March 21, 2020

As more states and localities order businesses to close to stem the spread of COVID-19, government contractors and commercial businesses face pressing questions regarding whether they qualify as essential businesses that may remain operational outside of employee telecommuting from individual homes. There is no single definition of essential” businesses that states and local jurisdictions are required to follow.  However, the strategic guidance issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“DHS CISA”) on critical infrastructure is likely to frame the analysis, and some states (California and Connecticut) have adopted this guidance to make determinations regarding essential businesses.  Government contractors and businesses should consult this guidance to determine whether they may qualify for exceptions to stay-at-home orders.

Stay-at-Home Orders

As COVID-19 spreads an increasing number of jurisdictions are requiring residents to stay at home and non-essential businesses to cease operations outside of their residents’ homes.  These orders have primarily been issued pursuant to state laws governing health and safety and emergency management and similar city code provisions.  Below is a non-exhaustive list of recent orders, but businesses should consult the governor or mayor’s website in the jurisdictions where their offices are located for the latest requirements:

    
  • Kentucky: Governor Andy Beshear ordered nonessential businesses to close effective 8pm Monday, March 22nd.
       

Federal Laws Invoked in Response to COVID-19

Federal laws invoked in the COVID-19 response, including the Robert T. Stafford Disaster Relief and Emergency Assistance Act, the Cybersecurity and Infrastructure Security Agency (“CISA”) Act, and the Defense Production Act, do not preempt a state or local jurisdiction’s authority to issue a stay-at-home order in these circumstances. Similarly, the Public Health Service Act and National Emergencies Act do not preempt state law in this particular area. At least for the time being, the identification of essential”, critical” or life-sustaining” businesses will occur on a state-by-state and entity-by-entity basis.  As stated by the White House, the response will be locally executed, state managed, and federally supported.”

However, businesses should consult the federal critical infrastructure determinations by DHS, which may support a determination that they are critical or essential, in addition to the definitions provided in their state or locality’s order or the guidance issued by the agency with jurisdiction.

Federal Critical Infrastructure Designations

The USA Patriot Act of 2001 defined critical infrastructure as assets, systems, and networks so vital to the nation that their incapacitation or destruction would have a debilitating effect on security, national economic security, and public health or safety.  In 2013, Presidential Policy Directive 21 (“PPD-21”) identified a national policy to strength the United States’ critical infrastructure security and designated 16 critical infrastructure sectors, which are described at the following link:  https://​www​.cisa​.gov/​c​r​i​t​i​c​a​l​-​i​n​f​r​a​s​t​r​u​c​t​u​r​e​-​s​e​ctors.

To cite one example, PPD-21 designated Critical Manufacturing as one of the 16 critical infrastructure sectors.  DHS has undertaken an analysis of the Critical Manufacturing Sector and determined that this Sector is crucial to the economic prosperity and continuity of the United States. A direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.”  There are several industries at the core of this Sector, including Primary Metals Manufacturing; Machinery Manufacturing; Electrical Equipment, Appliance and Component Manufacturing; and Transportation Equipment Manufacturing.  Like all critical infrastructure sectors, the Critical Manufacturing Sector operates as a partnership structure, which encourages participation from the private sector; government partners at Federal, State, local, tribal, and territorial levels; and academic and nongovernmental organizations that support sector security and resilience.

PPD-21 designated specific federal agencies as Sector-Specific Agencies (“SSAs”) to lead each sector.  The SSAs are responsible for developing a Sector-Specific Plan that details how a risk management framework and approach to critical infrastructure security is implemented within that sector.  SSAs are non-regulatory entities that provide guidance and coordination rather than enforcement functions. The National Infrastructure Coordinating Center (“NICC”) is assigned the responsibility within DHS to coordinate issues among the critical infrastructure community— i.e., between owners and operators; federal partners; regional consortia; and state, local, tribal, and territorial governments.

On March 19, 2020, CISA issued a memorandum providing strategic guidance and an initial list of Essential Critical Infrastructure Workers” to help state and local officials as they work to slow the spread of COVID-19 while ensuring continuity of functions critical to public health and safety, as well as economic and national security. See https://​www​.cisa​.gov/​p​u​b​l​i​c​a​t​i​o​n​/​g​u​i​d​a​n​c​e​-​e​s​s​e​n​t​i​a​l​-​c​r​i​t​i​c​a​l​-​i​n​f​r​a​s​t​r​u​c​t​u​r​e​-​w​o​r​k​force. The list is intended to inform critical infrastructure community decision-making to determine the sectors, sub-sectors, segments, or critical functions that should continue normal operations, appropriately modified to account for Centers for Disease Control workforce and customer protection guidance. The list identifies workers who conduct a range of operations and services that are essential to continued critical infrastructure viability, including staffing operations centers, maintaining and repairing critical infrastructure, operating call centers, working construction, and performing management functions, among others. The industries they support represent, but are not necessarily limited to, medical and healthcare, telecommunications, information technology systems, defense, food and agriculture, transportation and logistics, energy, water and wastewater, law enforcement, and public works.

Critically, CISA’s guidance is not mandatory for state and local jurisdictions, and the March 19th CISA Memorandum explicitly states that it is not a federal directive.  However, businesses providing support for critical infrastructure may consider using this guidance to support requests for exceptions to stay-at-home orders.

Department of Homeland Security

DHS / Cybersecurity and Infrastructure Security Agency (CISA)

  • UPDATED Guidance on the Essential Critical Infrastructure Workforce, March 23, 2020; March 19 cover memo has not changed, but guidance has been updated. Changes of note: (1) Updates guidance for Critical Manufacturing” to cover workers needed to maintain the continuity of these manufacturing functions and associated supply chains;” and (2) Adds language to reflect the necessary movement of critical infrastructure workers within and between jurisdictions” 

DHS / Federal Emergency Management Agency

How Kelley Drye Can Help

Stay-at home orders will have a significant impact on businesses across the country.  Government contractors and commercial businesses should not hesitate to speak with counsel to ensure they have a strategy in place to address these restrictions.  Kelley Drye is closely monitoring the stay-at-home orders and provides counseling on these issues, including analyzing local and state stay-at-home orders in your jurisdiction, assessing the scope of available exemptions for critical” or essential” businesses, crafting requests and petitions for exemptions, and coordinating as necessary with state and federal officials.  Specifically, we can assist Government contractors and businesses in taking the following steps to respond to or prepare for stay-at-home orders:
  1. Conduct an analysis of whether they meet the applicable definition of critical” or essential” businesses by examining CISA guidance and their applicable jurisdiction’s stay-at-home order or, if no order has been issued yet, consult the orders issued by the governors of California, Connecticut, Delware, Illinois, Louisiana, New Jersey, New York, Ohio and Pennsylvania, which are likely being reviewed by other jurisdictions considering imposing similar restrictions.
  2. Apply that analysis at the organizational or personnel level (e.g. company-wide, by operating entity, by facility, or by employee) and support analysis in writing.
  3. Review and continuously monitor state and local guidance on requesting exemptions to stay-at-home orders (if any).  For instance, New York has created an online request form for businesses seeking essential designation for purposes of the PAUSE” Executive Order: https://esd.ny.gov/sites/default/files/Request%20for%20Designation%20Form_0.pdf.
  4. If applicable, coordinate a response with trade associations, industry groups, or other coalitions of businesses in the same industry.
  5. Communicate with state and local authorities, including the governor’s office, local and state public health authorities, and/or enforcement personnel.
  6. Contact DHS CISA’s National Risk Management Center, which is responsible for coordinating the private sector, government agencies, and other stakeholders to manage risks to critical infrastructure.  See https://​www​.cisa​.gov/nrmc.
  7. Reach out to elected representatives, including congressional representatives for the districts in which offices are located, to involve them in advocacy efforts.