The Office of Infrastructure Protection

Similar documents
Office of Infrastructure Protection Overview

The Office of Infrastructure Protection

June 5, 2018 Independence, Ohio

The Office of Infrastructure Protection

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Critical Infrastructure Resilience

DHS Cybersecurity: Services for State and Local Officials. February 2017

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

The Office of Infrastructure Protection

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

National Policy and Guiding Principles

Critical Infrastructure Sectors and DHS ICS CERT Overview

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Overview of the Federal Interagency Operational Plans

The Office of Infrastructure Protection

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

Implementing Executive Order and Presidential Policy Directive 21

Department of Homeland Security Office of Inspector General

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Region Snapshot Regions I and II

S&T Stakeholders Conference

Why you should adopt the NIST Cybersecurity Framework

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Department of Homeland Security Science and Technology Directorate

April 2009 Unclassified // For Official Use Only

Department of Homeland Security Updates

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

The Office of Infrastructure Protection

Statement for the Record

ISAO SO Product Outline

Long-Term Power Outage Response and Recovery Tabletop Exercise

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Introduction to the National Response Plan and National Incident Management System

Presidential Documents

The Office of Infrastructure Protection

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Needs and Challenges Funding assistance Training Partnership capabilities and sustainment. Implement Risk Management

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Cyber Security & Homeland Security:

Region Snapshot Region IV

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

National Preparedness System. Update for EMForum June 11, 2014

NEBRASKA STATE HOMELAND SECURITY STRATEGY

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

Bradford J. Willke. 19 September 2007

Election Infrastructure Security: The How and Why of It

Utilizing Terrorism Early Warning Groups to Meet the National Preparedness Goal. Ed Reed Matthew G. Devost Neal Pollard

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Member of the County or municipal emergency management organization

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

California Cybersecurity Integration Center (Cal-CSIC)

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

CRITICAL INFRASTRUCTURE AND KEY RESOURCES

Food and Agriculture Sector Criticality Assessment

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

How AlienVault ICS SIEM Supports Compliance with CFATS

Applying Mitigation. to Build Resilient Communities

Sharing of Information & Intelligence on the Importation & Transportation of Food

Critical Infrastructure

Alternative Fuel Vehicles in State Energy Assurance Planning

Control Systems Cyber Security Awareness

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

STRATEGIC PLAN. USF Emergency Management

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Intelligence Support to Critical Infrastructure Protection Table of Contents

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Developing a Holistic Strategy To Achieve Community Health Resilience

Terrorism Prevention. April 13, 2011 Michael J. McMullen Program Manager

Science & Technology Directorate: R&D Overview

Chapter 1. Chapter 2. Chapter 3

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

Florida Regional Domestic Security Task Forces

The National Network of Fusion Center: Where We Have Been and Where We are Going

Working Draft Supplemental Tool: Connecting to the NICC and NCCIC Draft October 21, 2013

The J100 RAMCAP Method

PIPELINE SECURITY An Overview of TSA Programs

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Transcription:

The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview MTIA St Louis 03 MAY 2016

Role of DHS Unify a national effort to secure America Prevent and deter terrorist attacks Protect against and respond to threats and hazards to the Nation Respond to and recover from acts of terrorism, natural disaster, or other emergencies Coordinate the protection of our Nation s critical infrastructure across all sectors 2

Threats May Come from All Hazards Courtesy of FEMA 3

National Preparedness Goal Defines what it means for the whole community to be prepared for all types of disasters and emergencies The goal is a more secure and resilient nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk. Courtesy of DHS 4

National Preparedness Goal (cont.) Organizes 31 core capabilities into 5 mission areas Prevention: Prevent, avoid, or stop an imminent, threatened, or actual act of terrorism Protection: Protect our citizens, residents, visitors, and assets against the greatest threats and hazards in a manner that allows our interests, aspirations, and way of life to thrive Mitigation: Reduce the loss of life and property by lessening the impact of future disasters Response: Respond quickly to save lives, protect property and the environment, and meet basic human needs in the aftermath of a catastrophic incident Recovery: Recover through a focus on the timely restoration, strengthening, and revitalization of infrastructure, housing, and a sustainable economy, as well as the health, social, cultural, historic, and environmental fabric of communities affected by a catastrophic incident 5

National Response Framework Guides how the Nation conducts all-hazards response Documents the key response principles, roles, and structures that organize national response Allows first responders, decisionmakers, and supporting entities to provide a unified national response Courtesy of DHS 6

National Infrastructure Protection Plan (NIPP) Comprehensive plan and unifying structure for the public and private sector to enhance the protection and resilience of critical infrastructure Partnership model Risk management framework Roles, responsibilities, and authorities Courtesy of DHS 7

NIPP (cont.) Drives internal Department of Homeland Security (DHS) programs and activities Guides programs and activities for: Other Federal agencies and departments State, local, tribal, and territorial governments Critical infrastructure owners and operators Courtesy of DHS 8

Presidential Policy Directive-21 Presidential Policy Directive-21: Critical Infrastructure Security and Resilience directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time Understand the cascading consequences of infrastructure failures Evaluate and mature the public-private partnership Update the National Infrastructure Protection Plan Develop comprehensive research and development plan 9

Critical Infrastructure Defined Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction. Source: National Infrastructure Protection Plan 2013 Courtesy of FEMA 10

Critical Infrastructure Sectors Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy Financial Services Food and Agriculture Government Facilities Healthcare and Public Health Information Technology Nuclear Reactors, Materials, and Waste Transportation Systems Water and Wastewater Systems Courtesy of DHS 11

Security and Resilience Challenges A majority of critical infrastructure is privately owned DHS has limited legal authority to regulate security practices of private industry Exceptions: National Protection and Programs Directorate Office of Infrastructure Protection (high-risk chemicals), Transportation Security Administration, and United States Coast Guard DHS; Sector-Specific Agencies; other Federal entities; the private sector; and State, local, tribal, and territorial governments all have roles and responsibilities in critical infrastructure protection 12

Protective Security Coordination Division Department of Homeland Security (DHS) Ensures a homeland that is safe, secure, and resilient against terrorism and other hazards National Protection and Programs Directorate (NPPD) Leads the national effort to protect and enhance the resilience of the nation s physical and cyber infrastructure Office of Infrastructure Protection (IP) Leads the national effort to protect critical infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community Protective Security Coordination Division (PSCD) Provides strategic coordination and field operations support to reduce risk to the nation s critical infrastructure from a terrorist attack or natural disaster 13

PSCD Mission Areas Conduct Security Surveys, Gap Analysis, and Assessments Conduct Outreach Activities Support National Special Security Events (NSSEs) and Special Event Activity Rating (SEAR) Events Respond to Incidents Provide Improvised Explosive Device (IED) Awareness & Risk Mitigation Training 14

Protective Security Advisors PSAs are field-deployed personnel who serve as critical infrastructure security specialists Regional Directors (RDs) oversee and manage the PSA program in their respective region State, local, tribal, and territorial (SLTT) and private sector link to DHS infrastructure protection resources Coordinate vulnerability assessments, training, and other DHS products and services Provide a vital link for information sharing in steady state and incident response Assist facility owners and operators with obtaining security clearances During contingency events, PSAs support the response, recovery, and reconstitution efforts of the States by serving as pre-designated Infrastructure Liaisons (IL) and Deputy ILs at the Joint Field Offices 15

Protective Security Advisor Locations Courtesy of DHS 16

Protected Critical Infrastructure Information Established under the Critical Infrastructure Information Act of 2002 Protects voluntarily submitted critical infrastructure information from: Freedom of Information Act State and local sunshine laws Civil litigation proceedings Regulatory usage Provides private sector with legal protections and peace of mind. Courtesy of DHS 17

Examples of Critical Infrastructure Information Protected information defined by the Critical Infrastructure Information Act includes: Threats Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of a critical asset Vulnerabilities Ability to resist threats, including assessments or estimates of vulnerability Operational experience Any past operational problem or planned or past solution including repair, recovery, or extent of incapacitation Any information normally available in the public domain will not be protected 18

Enhanced Critical Infrastructure Protection Visit Establishes and enhances DHS s relationship with critical infrastructure owners and operators, informs them of the importance of their facilities, and reinforces the need for continued vigilance During an Enhanced Critical Infrastructure Protection (ECIP) visit, PSAs focus on coordination, outreach, training, and education ECIP visits are often followed by security surveys using the Infrastructure Survey Tool (IST) or Rapid Survey Tool (RST), or delivery of other IP services 19

Infrastructure Survey Tool The IST is a web-based vulnerability survey tool that applies weighted scores to identify infrastructure vulnerabilities and trends across sectors Facilitates the consistent collection of security information Physical Security Security Force Security Management Information Sharing Protective Measures Dependencies 20

Infrastructure Survey Tool (cont.) Generates the Protective Measures Index and Resilience Measurement Index The tool allows DHS and facility owners and operators to: Identify security gaps Compare a facility s security in relation to similar facilities Track progress toward improving critical infrastructure security 21

Infrastructure Survey Tool (cont.) Courtesy of DHS The Dashboards highlight areas of potential concern and feature options to view the impact of potential enhancements to protection and resilience measure The written report, developed from the IST data, contains a description of the facility and its vulnerabilities as well as recommendations to mitigate identified vulnerabilities 22

IST Survey Data Categories Facility Information Contacts Facility Overview Information Sharing* Protective Measures Assessment* Criticality* Security Management Profile* Security Areas/Assets Additional DHS Products/Services Criticality Appendix Images Security Force* Physical Security* Building Envelope Delivery/Vehicle Access Control Parking Site s Security Force Intrusion Detection System (IDS)/Close Circuit Television (CCTV) Access Control Security Lighting Cyber Vulnerability Dependencies* * Comparative analysis provided 23

Dashboards and Information Sharing Areas individually separated into Physical Security, Security Management, Security Force, Information Sharing, and Protective Measures. Owner/Operator can make adjustments and see improvements to individual area and overall Protective Measure Index (PMI). Greater understanding of the most significant changes and trends. Notional Information 24

Dashboard Physical Security Example Notional Information 25

Computer-Based Assessment Tool Computer-Based Assessment Tool (CBAT) A data collection and presentation medium that supports critical infrastructure security, special event planning, and response operations by leveraging assessment data and other relevant materials Integrates assessment data with immersive video, geospatial, and hypermedia data Assists facility owners and operators, local law enforcement, and emergency response personnel to prepare for, respond to, and manage critical infrastructure, National Special Security Events (NSSEs), high-level special events, and contingency operations 26

Regional Resiliency Assessment Program The Regional Resiliency Assessment Program (RRAP) began in 2009 as a pilot program out of efforts to assess security of individual critical assets The goal is to identify opportunities for regional homeland security officials and critical infrastructure partners to strengthen resilience to all hazards The RRAP process identifies critical infrastructure security and resilience gaps; dependencies; interdependencies; cascading effects; and State, local, tribal, and territorial government capability gaps 27

Regional Resiliency Assessment Program (cont.) The RRAP process identifies critical infrastructure security, resilience, dependencies, interdependencies, cascading effects, and State, local, tribal, and territorial agency capability gaps Conducted 57 RRAP projects from Fiscal Year (FY) 2009 through FY 2015 Diverse and dynamic set of critical infrastructure topics, sectors, and regions 28

TRIPwire Technical Resource for Incident Prevention Secure information sharing platform for IED incident information, evolving IED tactics, lessons learned, and counter-ied preparedness information Courtesy of TRIPwire Builds knowledge and preparedness capabilities, filling vital gaps in information sharing 29

Counter-IED Training & Awareness Courtesy of DHS OBP Diverse curriculum of training designed to build counter-ied core capabilities, such as: IED Counterterrorism Detection Surveillance Detection Bomb Threat Management Vehicle-Borne IED (VBIED) Detection Protective Measures IED Search Procedures Increases knowledge and ability to detect, prevent, protect against, and respond to bombing threats 30

Counter-IED Training & Awareness Bomb-Making Materials Awareness Program (BMAP) Joint DHS-FBI program that promotes private sector point-of-sale awareness and suspicious activity reporting to prevent misuse of dual-use explosive precursor chemicals and components commonly used in IEDs Increases prevention opportunities by building a network of aware and vigilant private sector partners Courtesy of DHS/FBI 31

NCCAD National Counter-IED Capabilities Analysis Database The counter-ied capability and readiness assessment program uses a consistent, repeatable analytical methodology, field surveys, and web-accessible database for Bomb Squads, SWAT, Explosive Detection Canine Teams, and Public Safety Dive Teams Courtesy of NCCAD Increases knowledge of counter-ied capabilities at the unit, State, regional, and national-level in relation to relevant local or national preparedness goals Over 1,500 units assessed since 2005 32

NCCAD (cont.) Case Study: NCCAD Use by the State of New York (NYS) Courtesy of New York State Homeland Security and Emergency Services NYS mandated use of NCCAD in Homeland Security Grant Program justifications: 2008, Bomb Squads 2011, Explosive Canine Detection Teams 2013, SWAT NYS s NCCAD strategy addresses counter-ied capability gaps and directs investments on a State-wide basis Courtesy of FBI Other states are looking to NYS as a model 33

MJIEDSP Multi-Jurisdiction IED Security Planning A systematic process fusing counter- IED education, capability analysis, training, and planning tailored to the unique requirements of high-risk jurisdictions providing: Enhanced multi-agency, multijurisdiction IED prevention, protection, and response capabilities Integrated with National Preparedness System, including grant process and regional planning Courtesy of DHS OBP Over 75 workshops with after-action reports since 2007 34

Homeland Security Information Network (HSIN) HSIN (https://hsin.dhs.gov/) is DHS s primary technology tool for trusted information sharing HSIN Critical Infrastructure (HSIN-CI) enables direct communication between: DHS Federal, State, and local governments Critical infrastructure owners and operators Content includes: Planning and Preparedness Incident Reporting and Updates Situational Awareness Education and Training 35

InfraGard https://www.infragard.org InfraGard is an information-sharing and analysis effort serving the interests of and combining the knowledge base of a wide range of members At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and the private sector InfraGard is an association of businesses, academic institutions, State and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States 36

Infrastructure Protection Report Series Courtesy of DHS Increase awareness of the infrastructure mission and build a baseline of security and resilience knowledge throughout the Nation Identify Common Vulnerabilities, Potential Indicators of Terrorist Activity, and associated Protective Measures, along with actions that can be undertaken to enhance resilience 37

Summary Facilitate local field activities in coordination with other DHS offices Provide partners with effective vulnerability and gap analyses, bombing prevention capability analyses, and the development of protective measures to identify emerging needs and areas for investment Through data collection, assessment, and analysis, DHS can generate products for Federal, State, and local officials and private sector owners and operators that drive initiatives, such as infrastructure protection grant programs and research and development requirements 38

How Can You Help? Engage with PSAs and other partners on critical infrastructure protection programs and initiatives Encourage participation in efforts to identify, assess, and secure critical infrastructure in your community Communicate local concerns related to critical infrastructure protection Enhanced security and resilience depends on developing and strengthening partnerships between all entities with a role in critical infrastructure protection 39

For more information, visit: www.dhs.gov/critical-infrastructure Ricky D. Goins Protective Security Advisor ricky.goins@hq.dhs.gov 573.469.1960

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback