Private Sector Clearance Program (PSCP) Webinar

Similar documents
Personnel Security Clearance Task Force (PSCTF) Report Discussion DRAFT

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

DHS Cybersecurity: Services for State and Local Officials. February 2017

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

The Office of Infrastructure Protection

ERO Enterprise IT Projects Update

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

Critical Infrastructure Protection Committee Strategic Plan

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

PIPELINE SECURITY An Overview of TSA Programs

Grid Security & NERC

Department of Homeland Security Updates

Implementing Executive Order and Presidential Policy Directive 21

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Cybersecurity Overview

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Industry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

National Counterterrorism Center

The Office of Infrastructure Protection

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

Project Physical Security Directives Mapping Document

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

Briefing to National Association of Regulatory Utility Commissioners

ISAO SO Product Outline

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Federal Information Sharing Resources for Small and Midsize Businesses

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

Compliance Monitoring and Enforcement Program Technology Project Update

Industry role moving forward

HPH SCC CYBERSECURITY WORKING GROUP

UNCLASSIFIED. September 24, In October 2007 the President issued his National Strategy for Information Sharing. This

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Cyber Partnership Blueprint: An Outline

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart

NERC Staff Organization Chart 2015 Budget

Security Standards for Electric Market Participants

Committee on National Security Systems. CNSS Policy No. 14 November 2002

Introduction to HSIN Basics (HSIN 101)

Election Infrastructure Security: The How and Why of It

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Resolution: Advancing the National Preparedness for Cyber Security

The Office of Infrastructure Protection

Welcome Mike Kraft, MRO SAC Member

Presented by: Mike Ray Personnel Security Management Office for Industry (PSMO-I)

The National Network of Fusion Center: Where We Have Been and Where We are Going

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

National Policy and Guiding Principles

Cyber Security Program

Statement for the Record

Subject: University Information Technology Resource Security Policy: OUTDATED

Critical Infrastructure Sectors and DHS ICS CERT Overview

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

Enterprise Income Verification (EIV) System User Access Authorization Form

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

ESTABLISHMENT OF AN OFFICE OF FORENSIC SCIENCES AND A FORENSIC SCIENCE BOARD WITHIN THE DEPARTMENT OF JUSTICE

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

Live Webinar: Best Practices in Substation Security November 17, 2014

AskPSMO-I. Security Violations Zaakia Bailey Defense Security Service. October 28, :30 PM EST

Cybersecurity: Federalism as Defense-in-Depth

Critical Infrastructure Partnership

Office of Infrastructure Protection Overview

Standard Development Timeline

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Cyber Security Incident Report

Section One of the Order: The Cybersecurity of Federal Networks.

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Incident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014

National Infrastructure Resilience

Cyber Security & Homeland Security:

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

INFORMATION ASSURANCE DIRECTORATE

Privacy Impact Assessment for the National Cyber Security Division Joint Cybersecurity Services Pilot (JCSP) DHS/NPPD-021.

Donor Countries Security. Date

Meredith Lichtenstein Cone, MPH Manager, Surveillance and Informatics Program May 8, 2018

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Legal and Regulatory Developments for Privacy and Security

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Transcription:

Private Sector Clearance Program (PSCP) Webinar Critical Infrastructure Protection Committee November 18, 2014 Nathan Mitchell, ESCC Clearance Liaison

Agenda History NERC CIPC Private Sector Clearance Program (PSCP) Guidebook ESCC Clearance Handbook Requirements to Obtain Clearance Responsibilities of a Clearance Holder Initial and Annual Security Training Report of Foreign Travel (ipsecurity@hq.dhs.gov) Changes, Deactivation, and Termination of a clearance How to use your clearance 2 RELIABILITY ACCOUNTABILITY

History of PSCP 1998, Presidential Decision Directive/NSC (PDD) 63 PDD 63 Develops the framework for information sharing Encourages the formation of ISACs. The Electricity Sector chose NERC to run the ES ISAC 2002 Department of Homeland Security (DHS) 2003, Homeland Security Presidential Directive (HSPD) 7 Framework for Information Sharing between US Government and Private Sector Government Coordinating Council (GCC) and Sector Coordinating Councils (SCC) 3 RELIABILITY ACCOUNTABILITY

History of PSCP 2010 Executive Order 13549 Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities Assigns DHS Office of the Chief Security Officer (OCSO) responsibility for DHS security programs DHS Office of Infrastructure Protection (IP) established the Private Sector Clearance Program (PSCP) for critical infrastructure Ensure that select critical infrastructure private sector owners, operators, and industry representatives may be processed for security clearances. 4 RELIABILITY ACCOUNTABILITY

History of PSCP 2013, EO 13636, Improving Critical Infrastructure Cybersecurity DHS IP is responsible for identifying appropriate private sector stakeholders who are in a position to enhance the DHS infrastructure security and resilience mission It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats. Expedite clearances for select group of critical infrastructure 5 RELIABILITY ACCOUNTABILITY

NERC CIPC PSCP Guidebook Objectives Review the U.S. Government requirements applicable to our industry Examine protocols for granting private sector clearances Develop recommendations on security clearances for industry Develop a model for industry to use in determining which personnel should seek a security clearance 6 RELIABILITY ACCOUNTABILITY

NERC CIPC PSCP Guidebook Findings Industry SMEs provide valuable operational context to classified discussions Need for consistent process for identifying appropriate individuals for clearance Maturing information sharing process from one way briefings to a collaboration between government industry experts Need for a better understanding of the clearance process Need for active participation by clearance holders in classified discussions Need for additional TS SCI clearances 7 RELIABILITY ACCOUNTABILITY

NERC CIPC PSCP Guidebook Recommendations Inform government of the value that industry SMEs bring to classified discussions Use the clearance model to identify and validate industry nominees on a functional basis Use the ES ISAC to facilitate the selection process Encourage nominees to use the guidance to expedite processing of clearance applications Encourage nominees to use the guidance to meet their obligations as clearance holders Advocate for more TS SCI clearances for key industry personnel 8 RELIABILITY ACCOUNTABILITY

NERC CIPC PSCP Guidebook Clearances NERC FUNCTIONAL ENTITY REGISTRATION TYPE RC BA TO TOP TSP GOP GO DP IC Tota l Granting D/A (DOE, DHS, etc.) Cyber Security Jane Doe* 1 D/A AREA OF EXPERTISE Physical Security Operations Executive John Doe* Jane Smith* John Smith* Jim Example^ Jane Example^ 3 D/A 1 D/A 1 D/A Clearance Total 1 1 1 1 0 1 0 1 0 6 9 RELIABILITY ACCOUNTABILITY

Clearances by Sector 10 RELIABILITY ACCOUNTABILITY

ESCC Clearance Handbook Granting of security clearances to select industry representatives facilitates access to classified information to better enable risk informed decision making; assists in determining the content, structure, and types of information most useful to critical infrastructure owners, operators, and industry representatives; and allows greater participation in the protection of critical infrastructure and the security of the homeland. 11 RELIABILITY ACCOUNTABILITY

ESCC Clearance Handbook Codifies the DHS and ESCC PSCP liaison relationship Gives justifications needed to obtain a clearance Responsibilities of a Clearance Holder Non disclosure agreements Initial and Annual Security Training Significant Life Changes Report of Foreign Travel Changes, Deactivation, and Termination of a clearance How to Use the Clearance 12 RELIABILITY ACCOUNTABILITY

ESCC PSCP liaison An ESCC Liaison position has been established to help facilitate the efficient processing of security clearances for the Electricity Subsector. Communicate on a regular basis with the IP (SOPD) Electricity Liaison Team Assist in the pre vetting of clearance requests, Managing the flow and maintaining awareness of the status of clearances in process, and Assist in providing more detailed justification for the requested clearance and priority of the application. 13 RELIABILITY ACCOUNTABILITY

ESCC PSCP liaison The pre vetting process is an informal check and balance process, The ESCC Liaison verifies a nominee s place of employment, position within the utility or organization, and reviews the nomination s justification. Priority is given to senior level positions of an organization or a designee of the Chief Executive Officer (CEO) or CSO, SMEs, and members of the critical information sharing forums and associations 14 RELIABILITY ACCOUNTABILITY

ESCC PSCP liaison Note: Applications require utility senior management approval; without this approval, applications will likely be returned to the nominee for further justification after the first review. Note: A nominee is strongly encouraged to submit an email or letter on official company letterhead from their Security Coordinator, Company Senior Manager, or Chief Security Officer (CSO) approving the nominee for a security clearance. This correspondence should include the name of the utility and the senior manager s name, contact number, and email address. 15 RELIABILITY ACCOUNTABILITY

Nomination Stage The DHS/IP Electricity Liaison team (electricityliaisons@hq.dhs.gov ) and Protective Security Advisors (PSAs), (PSCDOPS@hq.dhs.gov) are the primary nominators for the Electricity Subsector. Private sector individuals, organizations, or associations may not initiate nominations or self nominate, may recommend an individual for nomination to an approved Nominator. An eligible nominee must be an employee not a contractor or consultant Start by filing out DHS Form 9014 16 RELIABILITY ACCOUNTABILITY

DHS Form 9014 17 RELIABILITY ACCOUNTABILITY

Clearance Processing 18 RELIABILITY ACCOUNTABILITY

eqip Application Process Once the nominee s Personal Identifiable Information (PII) is obtained, the IP Security Office will enter the information into eqip, a secure government portal for investigation processing of the required online security questionnaire. Note: The nominee must complete his or her security questionnaire in eqip within 45 days of initiation, or he or she will be inactivated and may be removed from consideration. Upon initiation of and OCSO background investigation DHS may grant an interim Secret clearance Interim Secret clearances are typically granted in seven days The average timeline for the full security clearance process is approximately two to three months 19 RELIABILITY ACCOUNTABILITY

Non-Disclosure Agreements Non Disclosure Agreements Complete a Classified Information Nondisclosure Agreement (SF 312) Complete a DHS Non Disclosure Agreement (DHS Form 11000 6) Review Statement of Understanding Relative to the Protection of Classified National Security Information and sign letter of acknowledgement Safeguarding Classified Information A cleared individual is responsible for safeguarding all classified information that he/she has accessed in accordance with the terms of the SF 312 20 RELIABILITY ACCOUNTABILITY

Security Training Initial and Annual Security Training To maintain a clearance, the cleared individual must complete both initial and annual refresher security training. The annual refresher security training is administered by the PSCP Administrator, who will notify clearance holders via email when the training is due. PSCP participants should notify the DHS/IP PSCP Administrator (PSCP@hq.dhs.gov ) or the Electricity Liaison team (electricityliaisons@hq.dhs.gov) of any change to their email address so that it can be updated. 21 RELIABILITY ACCOUNTABILITY

Reporting Significant Life Events A cleared individual must report significant life events to IP Security Office (ipsecurity@hq.dhs.gov) Name Marital Status Citizenship changes Adverse information, such as Recent arrests, criminal charges (including charges that are dismissed), citations, tickets, summons or detentions by Federal, State, or other law enforcement authorities for violations of law within or outside of the U.S. (Traffic violations for which a fine of up to $300 was imposed need not be reported, unless the violation was alcohol or drugrelated) 22 RELIABILITY ACCOUNTABILITY

Reporting Significant Life Events Alcohol or drug related problems Personal or business related bankruptcy filing Loss or compromise of classified information Any unofficial contact with foreign nationals If a member of the individual s immediate family is a citizen or resident of a foreign country Any potential employment or service with a foreign government, organization, entity or interest If a cleared individual is aware of any security violation he/she or another cleared individual have committed, then he/she shall promptly report the violation to IP Security (ipsecurity@hq.dhs.gov). 23 RELIABILITY ACCOUNTABILITY

Report of Foreign Travel All foreign travel, both business and leisure, should be reported in advance of departure. Contact IP Security (ipsecurity@hq.dhs.gov) to obtain a Notification of Foreign Travel Form. For foreign travel not reported in advance, the form should still be completed and submitted to IP Security. 24 RELIABILITY ACCOUNTABILITY

Report of Foreign Travel 25 RELIABILITY ACCOUNTABILITY

Deactivation of a clearance DHS will deactivate a clearance for any of the following reasons: Failure to complete annual security refresher training Change in employment (a new DHS Form 9014 must be submitted to reactivate) Change in Name Change in citizenship No access to classified information for more than one (1) year 26 RELIABILITY ACCOUNTABILITY

Termination of Need to Know Upon leaving his/her position of employment and/or no longer retaining a need to know with regards to classified information, the cleared individual shall contact IP Security (ipsecurity@hq.dhs.gov) and the PSCP Administrator (PSCP@hq.dhs.gov) to commence the debriefing process and removal from the program. 27 RELIABILITY ACCOUNTABILITY

How to use your clearance Reach out to their local PSAs, Fusion Centers (https://nfcausa.org/), Federal Bureau of Investigation Field Offices, Secret Service Offices, and other Federal partners Introduce yourselves and provide subject matter expertise as required This strengthens the public private partnership, Gives awareness of points of contact at secured facilities and dates of classified meetings or briefings of interest Permanent Certification, or perm cert, allows a person who is cleared through one U.S. Federal Department or Agency to have his/her clearance passed to another U.S. Federal Department or Agency for a period of up to one year. 28 RELIABILITY ACCOUNTABILITY

How to use your clearance Developing Unclassified Documents and Tearlines Integrate threat analysis efforts with the ES ISAC to develop industry guidance and alerts The bidirectional sharing of information can help the federal partners evaluate intelligence data and provide feedback on industry issues of concern Individuals cleared at the appropriate level may also have greater awareness of, and potentially access to, tools and technologies that will enhance the information sharing process. 29 RELIABILITY ACCOUNTABILITY

How to use your clearance Cybersecurity Risk Information Sharing Program (CRISP) National Cyber Investigative Joint Task Force The joint meetings between the ESCC and Government Executives to develop strategic level policy Electricity industry representatives may provide assistance during national incident response operations. 30 RELIABILITY ACCOUNTABILITY

References NERC CIPC Personnel Security Clearance Task Force (PSCTF) Report: http://www.nerc.com/comm/cipc/personnel%20security%20clearances%2 0Task%20Force%20PSCTF%20201/Personnel%20Security%20Clearances%2 0Task%20Force%20Report.pdf DHS Form 9014: http://www.khlaw.com/files/17583_dhs%20form%209014.pdf ESCC Security Clearance Handbook: Coming Soon 31 RELIABILITY ACCOUNTABILITY

Questions? Nathan Mitchell ESCC Clearance Liaison nmitchell@publicpower.org 202-467-2925

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback