The J100 RAMCAP Method

Similar documents
All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

An Update on Security and Emergency Preparedness Standards for Utilities

Business Continuity: How to Keep City Departments in Business after a Disaster

The Water Sector Approach to Cybersecurity

PERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

The Office of Infrastructure Protection

The NIST Cybersecurity Framework

Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Critical Infrastructure Resilience

Business Continuity Planning

Long-Term Power Outage Response and Recovery Tabletop Exercise

Alternative Fuel Vehicles in State Energy Assurance Planning

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Statement for the Record

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Member of the County or municipal emergency management organization

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Resiliency and the Need for Re-Thinking our Water Infrastructure. Andrew Bielanski U.S. Environmental Protection Agency June 25, 2015

The Office of Infrastructure Protection

CRS Report for Congress

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

National Policy and Guiding Principles

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

RESILIENT AMERICA ROUNDTABLE: PARTNERING WITH COMMUNITIES TO BUILD RESILIENCE

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Private sector s engagement in the implementation of the Sendai Framework

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

National Strategy for CBRNE Standards

Local Action for Building Resilience at Nations and Communities

Overview of the Federal Interagency Operational Plans

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Preparedness & BCP Resources: Strategies for Spreading BCP

The UNISDR Private Sector Alliance for Disaster Resilient Societies

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

RESILIENT UTILITY COALITION OF SOUTH FLORIDA

South East Region THIRA

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Presidential Documents

Active and Effective Water Security Programs. Be Informed Be Alert Be Ready

S&T Stakeholders Conference

European Responsible Care Forum. Security & Safe Maintenance

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Bradford J. Willke. 19 September 2007

JOINT UNITED STATES-CANADA ELECTRIC GRID SECURITY AND RESILIENCE STRATEGY

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

ARRA State & Local Energy Assurance Planning & Implementation

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Don t Fail to Prepare for Failure Key Issues in Energy Assurance and Cybersecurity and Related NGA Center Activities

June 5, 2018 Independence, Ohio

Legal and Regulatory Developments for Privacy and Security

Hazard Management Cayman Islands

Area Business Continuity Management Scalable Cross Sector Coordination Framework of Disaster Management for Business Continuity

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

Sustainable Networks: Challenges and Opportunities. Anne Meltzer

Risk Management for Homeland Security and Enhancing Food Safety

Developing a Holistic Strategy To Achieve Community Health Resilience

ArcGIS Solutions for Community Resilience. Matthew S Deal

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

Toronto Hydro Response to December 2013 Ice Storm Independent Review Panel Report

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Transportation Security Risk Assessment

Regional Resilience: Prerequisite for Defense Industry Base Resilience

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Section 1 Metrics: Community Adoption

STRATEGIC PLAN. USF Emergency Management

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Table of Contents. Sample

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE

Critical Infrastructure Partnership

Homeland Security and Geographic Information Systems

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Introduction to the National Response Plan and National Incident Management System

Critical Infrastructure Sectors and DHS ICS CERT Overview

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

The Office of Infrastructure Protection

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Continuity of Business

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

Transcription:

The J100 RAMCAP Method 2012 ORWARN Conference Kevin M. Morley, PhD Security & Preparedness Program Manager AWWA--Washington, DC

Water is Key to Daily Life Potable drinking water Sanitation Public Health Fire suppression

So why does security and preparedness matter in the water sector?

Because stuff happens Utilities will need HELP!

Preparing for

Responding to

and Recovering from

All-Hazards

Key Points in Time December 7, 1941 Pearl Harbor April 19, 1995 Oklahoma City December 31, 1999 Y2K September 11, 2001 WTC, Pentagon, PA August 29, 2005 - Katrina

Security Legislation Bioterrorism Act Patriot Act Homeland Security Act Implementing 9/11 Commission Recommendations Act

HSPD-7: The NIPP in Basic Terms

The Water Sector Vision A secure and resilient drinking water and wastewater infrastructure that provides clean and safe water as an integral part of daily life. This Vision assures the economic vitality of and public confidence in the nation's drinking water and wastewater through a layered defense of effective preparedness and security practices in the sector.

SSP Goals 1. Sustain protection of public health and the environment. 2. Recognize and reduce risks in the water sector. 3. Maintain a resilient infrastructure. 4. Increase communication, outreach, and public confidence.

Role for Standards ANSI/AWWA G430-09: Security Practices for Operation and Management ANSI/ASME-ITI/AWWA J100-10 Risk Analysis and Management for Critical Asset Protection (RAMCAP ) Standard for Risk and Resilience Management of Water and Wastewater Systems ANSI/AWWA G440: Emergency Preparedness Practices

ANSI/AWWA G430-09: Security Practices for Operations and Management Purpose: This standard defines the minimum requirements for a protective security program for a water or wastewater utility that will promote the protection of employee safety, public health, public safety, and public confidence. This standard builds on the long-standing practice amongst utilities of utilizing a multiple barrier approach for the protection of public health and safety. 13

ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification

Purpose of the J100 Standard Guide analysis of risk and resilience of water and wastewater systems Direct the design and evaluation of options to reduce risk and enhance resilience Support resource allocation decisions to risk-reduction and resilience-enhancement options Implement the Risk Analysis and Management for Critical Asset Protection (RAMCAP ) in the water sector Ultimately, reduce risk and enhance resilience of water and wastewater utilities

Scope of J100 Standard Sets requirements for risk and resilience analysis and management Prescribes methods that can be used to address these requirements Identifies vulnerabilities to malevolent threats, natural hazards, and dependencies Provides methods to evaluate the options for improving these weaknesses

Brief History of RAMCAP & J100 9/02: ASME-White House-industry infrastructure workshop recommends consistent risk management methods comparable across sectors 4/04: Professional societies, National Labs, DHS & other Federal Agencies review RAMCAP; advise: KEEP IT SIMPLE 1/06: First five Sector-Specific Guidance documents are completed 6/06: DHS issues NIPP, designates RAMCAP as the key critical infrastructure protection methodology 9/07: Work completed on Dams & Water Sectors and Regional Resilience conceptual design 1/09: ASME-ITI and AWWA establish a joint standards committee to develop J100 1/10: ASME-ITI and AWWA Boards approve J100 Standard 5/10: ANSI approval; J100 is first RAMCAP standard issued 2/12: J100 receives SAFETY Act designation from DHS

J100 = Consistency and Comparability A uniform risk/resilience analysis methodology that provides Common terminology Common metrics Common process Common scenarios Consistent results The RAMCAP process is not intended to be the most comprehensive and detailed risk assessment methodology but it is intended to be Practical and efficient to apply, Cumulative over time, and Necessary for the comparability essential to resource allocation Effective in enhancing security and resilience

The J100 Process What assets do I have that are critical to my operations? 1) Asset Characterization 2) Threat Characterization 3) Consequence Analysis 4) Vulnerability Analysis 5) Threat Likelihood Analysis 6) Risk / Resilience Likelihood 7) Risk / Resilience Management What reasonable worst case threat, natural hazard & supply chain scenarios should I consider? What happens to my assets & operations if attacked by terrorists, natural hazards or supply chain disruption? How much money lost, to me? fatalities? injuries? How much economic loss to the regional community? What vulnerabilities would allow a terrorist, natural disaster or supply chain problems to cause these consequences? Given the scenario, what is the likelihood it will result in these consequences? What is the likelihood that a terrorist natural disaster or supply chain disruption will strike my operations? Risk = Consequences x (Vulnerability x Threat Likelihood) Resilience = Service Outage x (Vulnerability x Threat Likelihood) What options do I have to reduce risks, increase resilience and value? How much will each benefit my organization? My region? How much will it cost? What is benefit/cost ratio of my options? How can I manage the chosen options?

The J100 Process Is Selective 1) Asset Characterization 2) Threat Characterization 3) Consequence Analysis Non-Critical & Low-Consequence Facilities Non-Critical Assets in Critical Facilities Low-Consequence Critical Assets in Critical Facilities Low-Consequence Threat-Asset Pairs Low-Consequence Threat-Asset Pairs 4) Vulnerability Analysis 5) Threat Likelihood Analysis 6) Risk / Resilience Analysis 7) Risk / Resilience Management High Net-Benefit Options Threat-Asset Pairs w/ Acceptable Risk/Resil. Low Net Benefit Options

Benefits & Incentives Using J100 Standard For utility owners & operators, use of RAMCAP: Enables efficient and cost-effective application Encourages intuitive, widespread voluntary use Provides insights into vulnerabilities, consequences and risks for internal preparedness, security and resilience (continuity) decisions Permits direct comparisons across like and unlike assets for risk/resilience resource allocation Improves reliability of service, enhancing future revenue prospects MAY reduce insurance premiums, improve bond ratings & reduce liability Enhances the ability to communicate risk, enhance security & resilience Assists in rational utility rate and fee setting to pay for reliability Repeated applications assure accountability, measure progress & changing security environment Lowers risks and increases resilience to man-made and natural hazards

Benefits and Incentives (continued) For public sector decision-makers, use of RAMCAP: Allows stakeholders to understand the security and resilience challenges faced by water utilities Identifies areas of potential market failure for action by customers and/or government Incentivizes private investment decision-making Establishes budgets needed to restore American infrastructure to effectiveness Prioritizes public investments in risk reduction & resilience enhancement Rationalizes utility rate setting for security and reliability investments RAMCAP Plus can serve as basis for a voluntary consensus standard for selfregulation or as industry s mechanism for shaping regulation All this produces a more secure, resilient American Infrastructure for the 21 st Century

Additional Resources

Questions Kevin M. Morley, Ph.D. Security & Preparedness Program Manager AWWA Government Affairs 1300 Eye Street, NW Suite 701W Washington, DC 2005 202-628-8303 or kmorley@awwa.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback