June 5, 2018 Independence, Ohio

Similar documents
The Office of Infrastructure Protection

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Cyber Security & Homeland Security:

Office of Infrastructure Protection Overview

The Office of Infrastructure Protection

Department of Homeland Security Updates

The Office of Infrastructure Protection

DHS Cybersecurity: Services for State and Local Officials. February 2017

Election Infrastructure Security: The How and Why of It

Statement for the Record

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

COUNTERING IMPROVISED EXPLOSIVE DEVICES

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

DHS Cybersecurity Services and Resources

Bradford J. Willke. 19 September 2007

Critical Infrastructure Sectors and DHS ICS CERT Overview

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

The Office of Infrastructure Protection

Oregon Department of Justice

STRATEGIC PLAN. USF Emergency Management

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

How AlienVault ICS SIEM Supports Compliance with CFATS

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Emergency Management Response and Recovery. Mark Merritt, President September 2011

April 2009 Unclassified // For Official Use Only

Alternative Fuel Vehicles in State Energy Assurance Planning

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

FEMA Region III Cyber Security Program

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

National Policy and Guiding Principles

Presidential Documents

The Australian Government s Approach to Critical Infrastructure Resilience

NEBRASKA STATE HOMELAND SECURITY STRATEGY

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

Control Systems Cyber Security Awareness

U.S. Department of Homeland Security Office of Cybersecurity & Communications

The J100 RAMCAP Method

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

The Office of Infrastructure Protection

Overview of the Federal Interagency Operational Plans

PIPELINE SECURITY An Overview of TSA Programs

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

National Preparedness System. Update for EMForum June 11, 2014

Florida Regional Domestic Security Task Forces

Cyber Resilience. Think18. Felicity March IBM Corporation

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cybersecurity for Health Care Providers

Region Snapshot Regions I and II

CALIFORNIA CYBERSECURITY TASK FORCE

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Long-Term Power Outage Response and Recovery Tabletop Exercise

S&T Stakeholders Conference

California Cybersecurity Integration Center (Cal-CSIC)

Working Draft Supplemental Tool: Connecting to the NICC and NCCIC Draft October 21, 2013

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

Department of Defense. Installation Energy Resilience

Technology Advances in FEMA Response and Recovery to Disasters

Member of the County or municipal emergency management organization

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Status Update from the Department of Transportation

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

What Every CEO Needs to Know

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

For providing decision support on climate stressors to infrastructure and assets for federal, state, local, and private clients...

Implementing Executive Order and Presidential Policy Directive 21

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

An Update on Security and Emergency Preparedness Standards for Utilities

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Continuity of Business

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Highway & Motor Carrier Orientation & Modal Overview. June 2018

Business Continuity: How to Keep City Departments in Business after a Disaster

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

The Office of Infrastructure Protection

Why you should adopt the NIST Cybersecurity Framework

ISAO SO Product Outline

Introduction to the National Response Plan and National Incident Management System

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Transcription:

June 5, 2018 Independence, Ohio

The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga County Emergency Management Summit June 5, 2018

Threats May Come from All Hazards Courtesy of FEMA 3

National Preparedness Goal Defines what it means for the whole community to be prepared for all types of disasters and emergencies The goal is a more secure and resilient nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk. 4

National Preparedness Goal (cont.) 5 mission areas Prevention: Prevent, avoid, or stop an imminent, threatened, or actual act of terrorism Protection: Protect our citizens, residents, visitors, and assets against the greatest threats and hazards in a manner that allows our interests, aspirations, and way of life to thrive Mitigation: Reduce the loss of life and property by lessening the impact of future disasters Response: Respond quickly to save lives, protect property and the environment, and meet basic human needs in the aftermath of a catastrophic incident Recovery: Recover through a focus on the timely restoration, strengthening, and revitalization of infrastructure, housing, and a sustainable economy, as well as the health, social, cultural, historic, and environmental fabric of communities affected by a catastrophic incident 5

Infrastructure Prioritization Level 1 (Nationally Critical) Level 2 (Nationally or Regionally Critical) State Lists (Regionally Critical) In accordance with the 9/11 Commission Act, DHS maintains lists of the Nation s most critical infrastructure Lists are developed through an annual data call using criteria developed by IP s National Critical Infrastructure Prioritization Program (NCIPP) Program identifies domestic and foreign too critical to fail infrastructure, which are then used to inform homeland security grant programs, and other critical infrastructure protection activities 6

Risk: How do we think about risk? Risk = f(consequence, Vulnerability, Threat) CONSEQUENCE (C) VULNERABILITY (V) THREAT (T) Negative effects on public health and safety, the economy, public confidence in institutions, and function of government if asset, system, or network is damaged, destroyed, or disrupted Likelihood that a characteristic of, or flaw in, an asset, system, or network renders it susceptible to hazards Likelihood that a particular asset, system, or network will suffer an attack or an incident RISK Potential for loss or damage 7

Protective Security Advisors (PSA) Available Services & Resources 8

PSA Services: Security of Soft Targets Active Shooter awareness training Active Shooter Workshops to develop active shooter plans Bomb Threat Management Workshops to develop bomb threat plans Protective Measures training Anti-vehicle ramming measures 9

PSA Services: Rapid Survey Tool The RST is a non-regulatory data collection capability that examines the most critical aspects of a facility s security and resilience posture Allows assessors to gather the general status of a facility to determine if an in-depth survey is required The data are then analyzed to determine the facility s relative security and resilience in comparison to the national average for similar facilities Courtesy of DHS 10

PSA Services: Infrastructure Survey Tool (IST) The IST is a web-based vulnerability survey tool that applies weighted scores to identify infrastructure vulnerabilities and trends across sectors Facilitates the consistent collection of security information The tool allows DHS and facility owners and operators to: Identify security gaps Compare a facility s security in relation to similar facilities Track progress toward improving critical infrastructure security 11

PSA Coordination: National Infrastructure Coordinating Center (NICC) http://www.dhs.gov/national-infrastructure-coordinating-center The National Infrastructure Coordinating Center (NICC) is the information and coordination hub of a national network dedicated to protecting critical infrastructure 24/7 situational awareness and crisis monitoring of critical infrastructure Shares threat information in order to reduce risk, prevent damage, and enable rapid recovery of critical infrastructure assets The NICC and the NCCIC are co-located to facilitate collaboration 12

DHS Cyber Security Available Services & Resources 13

DHS Cyber Security DHS is responsible for safeguarding our Nation s critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. DHS actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets. 14

DHS Cyber Security Resources: Cyber Infrastructure Survey Tool The Cyber Infrastructure Survey Tool (C-IST) provides public and private sector organizations with: Effective, repeatable data collection technique for cybersecurity operations Ability to review results using comparative data analytics and peer metrics User-friendly, data-rich, interactive dashboard for sharing information on and planning improvements to Critical Cyber Services (CCS) Note: C-IST s are conducted by CSA s 15

Cyber Security Evaluation Tool (CSET R ) Stand-alone software application Self-assessment using recognized standards Tool for integrating cybersecurity into existing corporate risk management strategy CSET Download: http:/us-cert.gov/control_systems/csetdownload.html 16

National Cybersecurity Assessments and Technical Services Team (NCATS) The NCATS team consists of subject matter experts in penetration testing methodology and tactical delivery Washington, D.C. based (National Cybersecurity and Communications Integration Center NCCIC) NCATS team members have extensive experience in current and emerging web applications, networks, databases, wireless, mobile computing, cloud security, social engineering, social media and intelligence gathering 17

NCATS Services NCATS security services currently available include: Vulnerability Scanning and Testing Penetration Testing Social Engineering (Phishing) Web Application Scanning and Testing Operating System Scanning Database Scanning Wireless Discovery and Identification 18

Cyber Incident Reporting NCCIC provides real-time threat analysis and incident reporting capabilities 24x7 contact number: 1-888-282-0870 Email: nccic@hq.dhs.gov When to report: If there is a suspected or confirmed cyber attack or incident that: Affects core government or critical infrastructure functions Results in the loss of data, system availability, or control of systems Indicates malicious software is present on critical systems 19

DHS Cyber Security - Contacts Mr. Antonio Enriquez, Cyber Security Advisor (Chicago) Antonio.Enriquez@hq.dhs.gov Alternate: cyberadvisor@hq.dhs.gov Phone: (202) 809-7894 National Cyber Security and Communications Integration Center NCCIC Customer Service: ncciccustomerservice@hq.dhs.gov Phone: (888) 282-0870 Note: Includes NCATS team support ICS-CERT Cybersecurity Operations Center (24/7) Phone: (877) 776-7585 20

DHS Office for Bombing Prevention Available Services & Resources 21

Domestic IED Threat A very high proportion of terrorismrelated incidents since 9/11 involve IED plots or attacks State/Local-Identified Threats of Concern, 2013* State and Urban Areas Security Initiative partners report a high level of concern about the use IEDs Extremist publications promote IEDs for attacks in the homeland IEDs A few commercial products and an online search are all that is required to construct deadly IEDs in the U.S. For Official Use Only 22

Counter-IED Training & Awareness Courtesy of DHS OBP Diverse curriculum of training designed to build counter-ied core capabilities, such as: IED Counterterrorism Detection Surveillance Detection Bomb Threat Management Vehicle-Borne IED (VBIED) Detection Protective Measures IED Search Procedures Increases knowledge and ability to detect, prevent, protect against, and respond to bombing threats For Official Use Only 23

Counter-IED Training & Awareness Bomb-Making Materials Awareness Program (BMAP) Joint DHS-FBI program that promotes private sector point-of-sale awareness and suspicious activity reporting to prevent misuse of dual-use explosive precursor chemicals and components commonly used in IEDs Increases prevention opportunities by building a network of aware and vigilant private sector partners Courtesy of DHS/FBI For Official Use Only 24

Additional DHS Available Services & Resources 25

Homeland Security Information Network (HSIN) https://hsin.dhs.gov/ HSIN is DHS s primary technology tool for trusted information sharing HSIN Critical Infrastructure (HSIN-CI) enables direct communication between: DHS Federal, State, and local governments Critical infrastructure owners and operators 26

Homeland Security Information Network (cont.) Content includes: Planning and Preparedness: Risk assessments, analysis, guidance, and security products; geospatial products and hurricane models; and exercise and national event info Incident Reporting and Updates: Real-time situational reports and alerts Situational Awareness: Daily and monthly sector-specific and cross-sector reports on topics ranging from cybersecurity to emerging threats Education and Training: Training on topics ranging from critical infrastructure resilience, to threat detection and reaction for retail staff 27

Infrastructure Protection Report Series Increase awareness of the infrastructure mission and build a baseline of security and resilience knowledge throughout the Nation Identify Common Vulnerabilities, Potential Indicators of Terrorist Activity, and associated Protective Measures, along with actions that can be undertaken to enhance resilience Courtesy of DHS 28

If You See Something, Say Something The following link takes you to the official webpage: https://www.dhs.gov/see-something-say-something To become a partner, send an email to seesay@hq.dhs.gov and include: The entity you represent Your name and contact information (phone, email) The city and state in which your entity is located Note: Customized posters and outreach materials are available to your organization 29

For more information, visit: www.dhs.gov/critical-infrastructure Patrick Shaw Supervisory Protective Security Advisor patrick.shaw@hq.dhs.gov

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback