PERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016
|
|
- Brook Harrell
- 6 years ago
- Views:
Transcription
1 PERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016 Mr. Glen Gerads, Director of Minneapolis Water Mr. Andrew Ohrt, PE, Arcadis Agenda What is Resilience? What is a J100 Vulnerability Assessment? Who is Minneapolis Water? Why did Minneapolis Water decide to complete a J100 Vulnerability Assessment? What was the project approach? What are the lessons learned and conclusions? How does this effort fit within Minneapolis Arcadis Water s 2016 overall risk management program? 2 1
2 Resilience: One Definition Resilience is the capacity of individuals, communities, institutions, businesses, and systems within a city to survive, adapt, and grow no matter what kinds of chronic stresses and acute shocks they experience. 3 Rockefeller Foundation Resilience Cities Framework 4 2
3 The Many Facets of Resilience Cyber security Asset management Supply chain management Climate change/drought planning All hazards risk assessments Flood protection Emergency response planning and exercising Physical security design Green Infrastructure And more 5 Common Utility Risk Questions How many critical assets do I have? What is the most likely threat for my assets? Which threats have the biggest consequences? Do I need to worry about cyber-attacks? Should I protect my assets against a bomb? How do I set my utility up for compliance with future rules and laws? August 30,
4 Questions on Quantifying Risk How do I measure the risk associated with threats? What are the means to track risk reduction? How do I prioritize projects to increase resilience? What is the definition of resilience for my utility? August 30, What is a J100 Vulnerability Assessment? 4
5 What is J100? Historical Context Bioterrorism Act of 2002 Vulnerability Assessments Emergency Response Plans 2002: Department of Homeland Security (DHS) Established 2003: Homeland Security Presidential Directive 7 (HSPD-7) 17 (now 16) Critical Infrastructure Sectors established 9 What is J100? Historical Context Guns Guards Gates All Hazards Approach Response Recovery Resilience 10 5
6 Takes an All Hazards Approach 11 Who is using the J100 methodology? 12 6
7 What is the AWWA J100 Standard? AWWA J100 Standard (Risk and Resilience Management of Water and Wastewater Systems J100 ) Methodology to quantify risk ($) Down to the individual asset level Analyzing multiple threat types A way to compare apples to oranges August 30, J100 What Can J100 do? An All Hazards VA is a broad, holistic process that can address: Security and Safety Natural Hazards threats Cyber Security Operational and Financial Resilience Emergency Response Business Continuity Outcomes are not isolated but tied to organization s objectives: Dovetails with asset management Supports planning for population growth, maintaining water quality and quantity Inform capital expenditures across the organization 14 7
8 What is the J100 Process? 1) Asset Characterization 2) Threat Characterization 3) Consequence Analysis 4) Vulnerability Analysis 5) Threat Likelihood Analysis 6) Risk/Resilience Analysis Risk = C x V x T C V T = Consequences = Vulnerability = Threat Likelihood 7) Risk/Resilience Management August 30, Who is Minneapolis Water? 8
9 City of Minneapolis Water Treatment & Distribution Services Established in 1867 Provides drinking water and firefighting capabilities Sole water source is the Mississippi River Withdraws 21 billion gallons of water per year Produces an average of 57 MGD Softens water prior to distribution 1,000 miles of water mains 17 Customers ~38% is for institutional, commercial and industrial use ~22% goes to suburban customers 18 9
10 Why did Minneapolis Water Conduct a J100 Vulnerability Assessment? Better Understand Risks 20 10
11 Project Objectives Improve Minneapolis Water s ability to achieve its mission Improve Minneapolis Water s emergency preparedness posture & resilience Validate current actions Fine tune operations and performance 21 Expected Outcomes The final Vulnerability Assessment would: Improve resilience Reduce risks Outline concrete risk reduction projects Risk reduction projects would: Be phased Have associated estimated costs Prioritization based on risk distribution Integrate easily with capital planning Right-sizing of current physical security Validation of current actions 22 11
12 Project Approach Project Phasing J100 Phase 1 Scoping J100 VA Phase 2 Implementation Additional VA Focus Areas
13 J100 VA Phase I Scoping Facilitated workshops to focus scope and build consensus: Where Minneapolis Water wanted to focus the VA Where Minneapolis Water already had risk mitigation measures in place 25 J100 VA Phase I Conclusions Identified natural hazards for evaluation Floods Tornadoes Blizzards/ice storms Identified focal points for malicious adversary and cyber threats Identified relevant dependency hazards Identified additional focus areas 26 13
14 Additional Focus Areas Contaminant Warning System Gap Analysis Electrical System Analysis Emergency Response Planning Gap Assessment Grant Funding Opportunities Cyber Vulnerability Assessment 27 Cyber Vulnerability Assessment Attacks more publicized and frequent Critically important to Water/WW Ongoing convergence more data + faster to more people Lots of attention from the Feds and industry organization 28 14
15 Cyber Systems IT vs. OT (SCADA) Outage Impact Item IT SCADA Loss of service/ productivity Infrastructure damage, impact to public health, regulatory violation Availability Core Hardware Operator Impact 24/7, can be shutdown to retain system integrity Server Productivity 24/7, shutdowns have operation ramifications Logic Controller Real-time operator situational awareness, process knowledge 29 Phase II Implementation Harnessed momentum from Phase I: Leadership Team Alignment Focused Threat Characterization Understanding of the J100 Standard & Process 1) Asset Characterization 2) Threat Characterization 3) Consequence Analysis 4) Vulnerability Analysis 5) Threat Likelihood Analysis 6) Risk/Resilience Analysis 7) Risk/Resilience Management 30 15
16 Mission & Service Levels What is our Mission? What is our Service Level For the utility For each critical asset 31 Critical Asset Identification Do you know what your critical assets are? Something of importance that, if targeted, exploited, destroyed, or incapacitated could result in injury, death, economic damage to the owner or the community High Repair/Replacement Cost Long Outage Time/Service Denial Little/No Redundancy Single Point of Failure August 30,
17 Threat Identification Malevolent (Physical) Malevolent (Cyber) Critical Asset Natural Hazards Dependency / Proximity Hazards August 30, Threat Characterization Critical Assumptions Malicious Adversaries Criminal Adversary Attributes: 1. Intentions 2. Motivations 3. Capabilities 4. Expected Number 5. Police Response 6. Threat Level 7. Impacts Does the adversary have explosives? 34 17
18 Threat Characterization Cyber Insiders: Accidental/Intentional User/Privileged User Outsiders: Small-Scale Attackers Criminal groups Terrorists Foreign Intelligence Services 35 Threat Characterization Critical Dependencies Electrical Utilities Natural Gas Utilities Mississippi River Upper St. Anthony Falls Dam and Pool State Duty Officer for Notification of River Contamination 36 18
19 Threat Characterization Proximity Hazard Mississippi River Rail & Highway 37 Threat Characterization Mississippi River Rail and Highway Crossings 38 19
20 Threat Characterization Monticello Nuclear Generating Plant Located ~40 miles upriver Began operating in 1971 Strong operational record 39 Threat Characterization Mississippi River Hazardous Material Pipeline Crossings Mississippi River Pipeline Crossing Minneapolis WaterWorks 40 20
21 Threat Characterization Data Sources 41 Threat-Asset Pairs (TAPs) All Combinations of Threats + Critical Assets TAPs Organized by Asset Type or Geography Threat Asset Threat Asset August 30,
22 Data Management Data Summary Total Number of Facilities 38 Total Number of Critical Facilities 24 Approximate Total Number of Assets >1,000 Total Number of Critical Assets ~300 Total Number of Selected Threats 15 Total Number of Threat-Asset Pairs (TAPs) ~200 Total Number of TAPs (to focus on) ~70 43 Data Management Software Which is the right tool? What functionality did we need? Easily handle large datasets Automate natural hazard calculations Automate vulnerability calculations (event tree, path analysis, expert elicitation) Automate risk & resilience calculations Automate documentation of assumptions and inputs Arcadis selected: (Vulnerability Self Assessment Tool) (Program to Assist Risk & Resilience Examination) 44 22
23 Consequences Risk = C x V x T Worst Reasonable Case: most severe but reasonable and credible consequences C is expressed as cost ($) Caution: Somewhat subjective. Utilize same team members for consistent analysis. August 30, Vulnerability Risk = C x V x T Assume threat occurs. V = Probability Of Consequences Occurring August 30,
24 Threat Likelihood Risk = C x V x T What is the likelihood the threat will strike my operation? T = Probability Undesirable Event Occurs August 30, Risk Calculation Revisited Risk = C x V x T C V T = Consequences = Vulnerability = Threat Likelihood August 30,
25 Risk/Resilience Analysis R = C x V x T Risk Flood Tornado Drought Malicious Adversary Utility Dependence Distribution Contamination Source Water Contamination 49 Setting the Bar Why wouldn t you want to target a Risk = $ Zero? Considerations: Resources (Man-power, $) Physical constraints Regulatory Social/customer influence Time Where should we start? August 30,
26 Target Risks R = C x V x T Flood Tornado Drought Malicious Adversary Utility Dependence Distribution Contamination Source Water Contamination Risk Reduction Target Risk 51 Trending TAP Risk What projects reduce risk? Can a single project benefit multiple TAPs? Iterative process August 30,
27 Risk/Resilience Management R&R Analysis provided baseline level of risk Develop Risk Mitigation Measures (RMMs) Scope with conceptual designs Cost Estimate Recalculate Risk assuming RMM implemented Executed Benefit-Cost Analysis (BCA) BCA = Risk Reduction ($) Cost ($) Cost ($) 53 Risk Mitigation Measure Projects Training/exercising program enhancements Conceptual design projects Physical security experts, Water engineer, Structural engineer, Architect, Cyber security expert, Emergency response expert Packages included: Project descriptions Schematics Capital costs O&M costs 54 27
28 Risk Mitigation Measure Project Profile Project Name Project No. Priority Relevant Threats and Assets Duration Description Pump Station A Upgrade X Medium Tornado Pump Station A 1 year Upgrade description. Impacted Stakeholders Maintenance staff Operations staff Cost Estimate CAPITAL COST RANGE $90,000 - $120,000 ANNUAL O&M COSTS $10,000 PROJECT USEFUL LIFE 10 years 55 Capital Planning Ready RMM projects identified (20-25 total) 5-Year-Capital Plan Ready Prioritization: Short-term/Long-Term Benefit-Cost Analysis Capital Cost % Risk Reduction Year 1 Project 1 Project 2 Year 2 Project 3 Project 4 Year 3 Project 5 Project 6 Year 4 Project 7 Project 8 Year 5 Project 9 Project
29 RMM Cost Estimates Association for the Advancement of Cost Engineering International (AACE) Level 4 Feasibility Project Definition: 1-15% Purpose of Estimate: Feasibility Accuracy: -30% to +50% cost range Assumed annual O&M costs Assumed average project useful life 57 Summary of RMMs RMM Threat Type Critical Assets Project Name 1 All All Emergency Response Plan and Multi-Year Training and Exercise Plan Development 2 Natural Hazard - Tornadoes Pump Station A Tornado Protection 3 Natural Hazard - Floods Pump Station B Flood Protection 4 Malevolent Threat - Sabotage Treatment Building Physical Security Upgrades (Access Control) Insider/Outsider 5 Malevolent Threat - Sabotage Pump Station C Physical Security (Cameras) Insider/Outsider 6 Dependence - Utilities Pump Station D Backup Power Installation 7 Natural Hazard - Floods Pump Station E Flood-proofing and Response Exercising 8 Malevolent Threat - Sabotage Pump Station F SCADA Cabinet Upgrade (Cyber VA) Insider/Outsider 9 Malevolent Threat - Sabotage All Cabinet Physical Security Policy (Cyber VA) Insider/Outsider 10 Natural Hazard - Tornadoes All Facility Connectivity (Cyber VA) 58 29
30 Risk Reduction Summary RMM No. Priority Cost Estimate 1 All Emergency Response Planning, Training and Exercising High $200,000 2 Pump Station A Tornado Protection Low $400,000 3 Pump Station B Flood Protection Low $20,000 4 Treatment Building Sabotage Low $300,000 5 Pump Station C Sabotage Low $40,000 6 Pump Station D Sabotage High $30,000 7 Pump Station E Floods Medium $100,000 8 Pump Station F Backup Power Medium $500,000 9 All Sabotage Security Policy High $1, Communications System Tornadoes High $50, RMM Prioritization RMM No. Priority Cost Estimate 1 All Emergency Response Planning, Training and Exercising High $200,000 9 All Sabotage Security Policy High $1, Communications System Tornadoes High $50,000 6 Pump Station D Sabotage High $30,000 TOTAL $281,000 7 Pump Station E Floods Medium $100,000 8 Pump Station F Backup Power Medium $500,000 TOTAL $600,000 2 Pump Station A Tornado Protection Low $400,000 3 Pump Station B Flood Protection Low $20,000 4 Treatment Building Sabotage Low $300,000 5 Pump Station C Sabotage Low $40,000 TOTAL $760,
31 Conclusions Additional Benefits of Vulnerability Assessment Workshops Encouraged: Engagement Information sharing across departments Staff Learned How to Assess Risk Improved Risk Culture Risk Mitigation Projects Support Capital Improvement Planning 62 31
32 VA Conclusions Identified areas for improvement Documented capabilities Informed the CIP Informed the overall risk management process 63 Acknowledgements Bob Ervin, PE, Minneapolis Water Annika Bankston, PE, Minneapolis Water Minneapolis Water Staff! Shannon Spence, PE, Arcadis 64 32
33 THANK YOU! August 29, 2016 Mr. Glen Gerads Director Minneapolis WaterWorks Mr. Andrew Ohrt, PE Senior Consultant Arcadis U.S., Inc
34 Presentation Handout Perspectives on a J100 Vulnerability Assessment Lessons Learned by Minneapolis Water Mr. Glen Gerads & Mr. Andrew Ohrt August 29th, 2016 Resilience One Definition Resilience is the capacity of individuals, communities, institutions, businesses, and systems within a city to survive, adapt, and grow no matter what kinds of chronic stresses and acute shocks they experience. Common Questions Regarding Risk How many critical assets do I have? What is the most likely threat for my assets? Which threats have the biggest consequences? Do I need to worry about cyber-attacks? Should I protect my assets against a bomb? How do I set my utility up for compliance with future rules and laws? How do I measure the risk associated with threats? What are the means to track risk reduction? How do I prioritize projects to increase resilience? What is the definition of resilience for my utility? What is the American Water Works Association J100 Standard for Risk and Resilience Management of Water and Wastewater Systems? Methodology to quantify risk ($) to the individual asset level. Provides a way to evaluate multiple threat types. A way to compare apples to oranges for both asset and threat/hazard types. AUGUST 29, 2016
35 Presentation Handout Perspectives on a J100 Vulnerability Assessment Lessons Learned by Minneapolis Water Mr. Glen Gerads & Mr. Andrew Ohrt August 29th, 2016 Steps to perform a VA using the J100 Standard are: 1) Asset Characterization What assets do I have that are critical to my operations? 2) Threat Characterization What reasonable worst case man-made threat, natural hazard & supply chain scenarios should I consider? 3) Consequence Analysis 4) Vulnerability Analysis 5) Threat Likelihood Analysis What happens to my assets & operations if attacked by terrorists, natural hazards or supply chain disruption? How much money lost, to me? fatalities? injuries? How much economic loss to the regional community? What vulnerabilities would allow a terrorist, natural disaster or supply chain problems to cause these consequences? Given the scenario, what is the likelihood it will result in these consequences? What is the likelihood that a terrorist natural disaster or supply chain disruption will strike my operations? 6) Risk/Resilience Analysis Risk = Consequences x Vulnerability x Threat Likelihood Resilience = Service Outage x (Vulnerability x Threat Likelihood) 7) Risk/Resilience Management What options do I have to reduce risks & increase resilience? How much will each benefit in reduced risks and Increased resilience? How much will it cost? What is the net benefit & benefit/cost ratio of my options? How can I manage the chosen options? AUGUST 29, 2016
An Update on Security and Emergency Preparedness Standards for Utilities
An Update on Security and Emergency Preparedness Standards for Utilities Linda P. Warren, Launch! Consulting Safety and Security in the Workplace March 28, 2013 Overview 1 Review of AWWA Standards in Water
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationThe J100 RAMCAP Method
The J100 RAMCAP Method 2012 ORWARN Conference Kevin M. Morley, PhD Security & Preparedness Program Manager AWWA--Washington, DC Water is Key to Daily Life Potable drinking water Sanitation Public Health
More informationAll-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011 Copyright 2009 American Water Works Association Copyright 2011 American Water Works Association Security
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationDISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK
DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK GOODS AND SERVICES CONTRACTS Page 1 of 5 RFP 16-PR-DEM-33 Comprehensive All-Hazards
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationEnergy Assurance Plans
Energy Assurance Plans funded through the American Reinvestment and Recovery Act (ARRA) - Stimulus $$ to help create jobs to enhance energy reliability and facilitate recovery from disruptions to the energy
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationLong-Term Power Outage Response and Recovery Tabletop Exercise
1 Long-Term Power Outage Response and Recovery Tabletop Exercise After Action Report [Template] The After-Action Report/Improvement Plan (AAR/IP) aligns exercise objectives with preparedness doctrine to
More informationSecurity Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015
Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015 Who is Cascade Water Alliance? Joined together in 1999 350,000 residents 20,000 businesses City of Bellevue
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationJune 5, 2018 Independence, Ohio
June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga
More informationRailroad Infrastructure Security
TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationTHE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS
THE WHITE HOUSE Office of the Press Secretary EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical
More informationAlternative Fuel Vehicles in State Energy Assurance Planning
+ Alternative Fuel Vehicles in State Energy Assurance Planning July 17, 2014 Webinar hosted by the National Association of State Energy Officials (NASEO), with support from the U.S. Department of Energy
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationEmergency Management Response and Recovery. Mark Merritt, President September 2011
Emergency Management Response and Recovery Mark Merritt, President September 2011 Evolution of Response and Recovery Emergency Management Pendulum Hurricane Andrew August 24, 1992 9/11 Terrorist Attacks
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationChapter 1. Chapter 2. Chapter 3
Contents Preface ix Chapter 1 Terrorism 1 Terrorism in General 2 Definition of Terrorism 3 Why Choose Terrorism 4 Goals of Terrorists 5 Selection of Targets and Timing of Attacks 6 Perpetrators 7 Weapons
More informationINFRASTRUCTURE. A Smart Strategy Global Water Asset Management Lead, Ove Arup NYC FORUM -
SMART INFRASTRUCTURE A Smart Strategy Ian.gray@arup.com Global Water Asset Management Lead, Ove Arup FORUM - NYC What I ll Cover Context Developing a Smart Strategy Step 1 Develop a resilience strategy
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More informationIntegration of Business Continuity, Emergency Preparedness, and Emergency Response
Integration of Business Continuity, Emergency Preparedness, and Emergency Response Continuity Insights Conference 2014 Julia Halsne Manager of Business Continuity East Bay Municipal Utility District Contents
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationEnergy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013
+ Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013 Jeffrey R. Pillon, Director, Energy Assurance Programs National Association of State
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationResiliency and the Need for Re-Thinking our Water Infrastructure. Andrew Bielanski U.S. Environmental Protection Agency June 25, 2015
Resiliency and the Need for Re-Thinking our Water Infrastructure Andrew Bielanski U.S. Environmental Protection Agency June 25, 2015 Presentation Goals & Focus Define What is Meant by Resiliency Explain
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationSouth East Region THIRA
South East Region THIRA The THIRA follows a four-step process, as described in Comprehensive Preparedness Guide 201, Second Edition: 1. Identify the Threats and Hazards of Concern. Based on a combination
More informationFEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017
FEMA Update Tim Greten Technological Hazards Division Deputy Director NREP April 2017 FEMA Strategic Priorities Priority 1: Be survivor-centric in mission and program delivery. Priority 2: Become an expeditionary
More informationMaking plans. An integrated and holistic solution
SPECIAL EDITION INNOVATION+RESILIENCE Vulnerability to cyber hacking is exposing and expensive, and it also has the potential to be highly dangerous. In developing a cyber resilience plan, a collaborative
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationApplying Mitigation. to Build Resilient Communities
Applying Mitigation to Build Resilient Communities The Hazards Around Us Think about the natural hazard that... poses the greatest risk to where you live or work OR has had the greatest impact on you personally
More informationCommunity-Based Water Resiliency
Community-Based Water Resiliency Helping Water Utilities Build Stronger Communities Presentation to the Mid-Atlantic APWA Chapter Conference Virginia Beach, VA May 10, 2013 What is Community-Based Water
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationPresentation on the Community Resilience Program
CIB Meeting Delft, The Netherlands May 21, 2015 Presentation on the Community Resilience Program Dr. Therese McAllister Engineering Laboratory National Institute of Standards and Technology U.S. Department
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationEnergy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials
+ NGA State Learning Lab on Energy Assurance Coordination May 13-15, 2015 Trenton, New Jersey Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National
More informationS&T Stakeholders Conference
S&T Stakeholders Conference Risk-Informed Requirements Process Col. Merrick Krause, USAF (Ret.) Director Infrastructure Analysis & Strategy Division U.S. Department of Homeland Security June 2-5, 2008
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationSTATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials
STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS Alice Lipper t Senior Technical Advisor Of fice of Electricity Deliver y and Energy Reliability (OE) US Depar tment of
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationEmergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:
Emergency Support Function #12 Energy Annex ESF Coordinator: Department of Energy Primary Agency: Department of Energy Support Agencies: Department of Agriculture Department of Commerce Department of Defense
More informationHIGHLIGHTS Highlights of City Auditor Report #0708, a report to the City Commission and City management.
January 9, 2007 HOMELAND SECURITY WATER SUPPLY Sam M. McCall, CPA, CGFM, CIA, CGAP City Auditor HIGHLIGHTS Highlights of City Auditor Report #0708, a report to the City Commission and City management.
More informationRESILIENT UTILITY COALITION OF SOUTH FLORIDA
RESILIENT UTILITY COALITION OF SOUTH FLORIDA RUC MISSION The Resilient Utility Coalition seeks to advance utility infrastructure resiliency efforts in South Florida and provide essential value to its members
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationCritical Infrastructure Resilience
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the
More informationNERCPI Regional Cyber Disruption Planning.
NERCPI Regional Cyber Disruption Planning www.newenglandrcpi.org Cyber Disruption Planning Catastrophic cyber planning is an evolving concept True emergencies vs. inconveniences Fully interconnected world
More informationActive and Effective Water Security Programs. Be Informed Be Alert Be Ready
Active and Effective Water Security Programs A Summary Report of the National Drinking Water Advisory Council Recommendations on Water Security Be Informed Be Alert Be Ready Offi ce of Water (4601M) EPA
More informationOutreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness
2011/EPWG/WKSP/020 Session 4 Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness Submitted by: Australia Workshop on Private Sector Emergency Preparedness Sendai,
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationAsset Management Made Easy. AWWA-PNWS Section Conference April 2018
Asset Management Made Easy AWWA-PNWS Section Conference April 2018 1 Agenda Asset Management basics Asset Management at SPU A few case studies 2 Definitions Asset management A process for maintaining a
More informationCYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017
CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017 Sponsored by: Kansas Municipal Utilities Kansas Municipal Energy Agency Kansas Power Pool CYBERSECURITY TRAINING EXERCISE DATE November
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationFLOOD VULNERABILITY ASSESSMENT FOR CRITICAL FACILITIES
FLOOD VULNERABILITY ASSESSMENT FOR CRITICAL FACILITIES Lisa Graff GIS Team Manager Prairie Research Institute Illinois State Water Survey University of Illinois OUTLINE Motivation Project details Partners
More informationNational Cyber Incident Response - Architectural Concepts
CSIRT Contributions to National Cyber Incident Response: An Architectural Perspective with U.S. Examples Bradford J. Willke Team Lead, Information Security Assessment & Evaluation Survivable Enterprise
More informationOverview of the Federal Interagency Operational Plans
Overview of the Federal Interagency Operational Plans July 2014 Table of Contents Introduction... 1 Federal Interagency Operational Plan Overviews... 2 Prevention Federal Interagency Operational Plan...2
More informationThe Australian Government s Approach to Critical Infrastructure Resilience
The Australian Government s Approach to Critical Infrastructure Resilience GNSS Workshop University of New South Wales 4 December 2013 Mr Kris Garred, Director Critical Infrastructure Policy Attorney-General
More informationWELCOME TO A SILVER JACKETS WEBINAR ON:
WELCOME TO A SILVER JACKETS WEBINAR ON: Flood Vulnerability Assessment for Critical Facilities For audio, call 877-336-1839 Access code: 8165946 Security Code: 4567 MOLLY WOLOSZYN Extension Climate Specialist
More informationDISASTER RISK MANAGEMENT (DRM/DRR) TEAM
SPARC LABORATORY DISASTER RISK MANAGEMENT (DRM/DRR) TEAM Summary of Research Directions Presented by Sayanti Mukhopadhyay, PhD Candidate Date: 12/14/2016 Director: Makarand (Mark) Hastak, Ph.D., PE, CCP
More informationDHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security
DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security Josha Jordan U.S. Department of Homeland Security National Protection and Programs Directorate
More informationNATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC
NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC Draft Version incorporating Management Review [MR] Edits and Comments Document Date: July 2013 Goal One: Ensure Interoperable
More informationIdentifying Critical Infrastructure Through the Use of Hydraulic Modeling to Support Asset Management
Identifying Critical Infrastructure Through the Use of Hydraulic Modeling to Support Asset Management James P. Cooper, Prof. Engineer, Cert. Operator Acknowledgements Lisa Gresehover Kimberly Six Karem
More informationThreat and Hazard Identification and Risk Assessment (THIRA) In Progress Review (IPR) July 2012
Threat and Hazard Identification and Risk Assessment (THIRA) In Progress Review (IPR) 2 13 July 2012 1 Roll Call Region A Region B Region C Region D Region E Region F Region G Region H Region I STL UASI
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationPD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection
PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection December 17, 2003 SUBJECT: Critical Infrastructure Identification, Prioritization,
More informationBuilding A Disaster Resilient Quebec
Building A Disaster Resilient Quebec Paula L. Scalingi, Ph.D. Executive Director, Bay Area Center for Regional Disaster Resilience President, The Scalingi Group February 14, 2012 Importance of Regional
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power
Substation Security and Resiliency Update on Accomplishments thus far ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power Dominion Profile Leading provider
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationEARTH Ex 2017 Middle Planning Conference
EARTH Ex 2017 Middle Planning Conference 20 April 2017 Emergency All-sector Response to Transnational Hazards Exercise 23 August 2017 1 EARTH Ex 2017 MPC Sector Objectives Review EARTH Ex Plan, Concepts
More informationOffice of Infrastructure Protection Overview
Office of Infrastructure Protection Overview Harvey Perriott Protective Security Advisor North Texas District U.S. Department of Homeland Security Vision and Mission Vision A safe, secure, and resilient
More informationNational Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015
National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 The Post Katrina Emergency Management Reform Act (2006) Required the
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationA Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist
A Survival Guide to Continuity of Operations David B. Little Senior Principal Product Specialist Customer Perspective: Recovery Time & Objective Asynchronous Replication Synchronous Replication WAN Clustering
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationMULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management
2017-2019 MULTI-YEAR TRAINING AND EXERCISE PLAN Boone County Office of February 2017 PREFACE The utilizes a coordinated preparedness strategy that combines enhanced planning, resource acquisition, innovative
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationBuilding Resilience to Disasters for Sustainable Development: Visakhapatnam Declaration and Plan of Action
Building Resilience to Disasters for Sustainable Development: Visakhapatnam Declaration and Plan of Action Adopted at the Third World Congress on Disaster Management Visakhapatnam, Andhra Pradesh, India
More informationSmart Cities and Security. Security - 1
Smart Cities and Security Security - 1 Where are we in 2013? Security - 2 Where are we in 2050? Security - 3 Our Topics Who is concerned? Security of the electric grid Security of the water supply Security
More informationResilient Energy Solutions for Community Needs
Resilient Energy Solutions for Community Needs Robert Jeffers, Sandia National Laboratories Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering
More informationRetro-Commissioning of Data Centers
Retro-Commissioning of Data Centers Agenda Unique traits of Data Centers (DCs) Benefits of Retro-Cx DCs Suitable candidates for Retro-Cx Phases of Retro-Cx Additional considerations for DCs 2 Unique Traits
More informationGlobal Infrastructure Connectivity Alliance Initiative
Global Infrastructure Connectivity Alliance Initiative 1. Background on Global Infrastructure Connectivity Global Infrastructure Connectivity refers to the linkages of communities, economies and nations
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Regional Resiliency Assessment Program 2015 State Energy Risk Assessment Workshop April
More informationPresidential Documents
Federal Register Vol. 84, No. 61 Friday, March 29, 2019 Presidential Documents 12041 Title 3 Executive Order 13865 of March 26, 2019 The President Coordinating National Resilience to Electromagnetic Pulses
More information