Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Similar documents
2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Implementing Executive Order and Presidential Policy Directive 21

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Pre-Decisional Draft Working Product Do Not Cite or Quote

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Overview of the Federal Interagency Operational Plans

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

The Office of Infrastructure Protection

Cyber Security & Homeland Security:

DHS Cybersecurity: Services for State and Local Officials. February 2017

Why you should adopt the NIST Cybersecurity Framework

Critical Infrastructure Resilience

Statement for the Record

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Member of the County or municipal emergency management organization

National Preparedness System. Update for EMForum June 11, 2014

Section One of the Order: The Cybersecurity of Federal Networks.

National Policy and Guiding Principles

Department of Homeland Security Updates

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Presidential Documents

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

ISAO SO Product Outline

HPH SCC CYBERSECURITY WORKING GROUP

NCSF Foundation Certification

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Cyber Partnership Blueprint: An Outline

The Office of Infrastructure Protection

COUNTERING IMPROVISED EXPLOSIVE DEVICES

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

FDA & Medical Device Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

U.S. Department of Homeland Security Office of Cybersecurity & Communications

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Medical Device Cybersecurity: FDA Perspective

Industry role moving forward

Critical Infrastructure Sectors and DHS ICS CERT Overview

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

The Office of Infrastructure Protection

PIPELINE SECURITY An Overview of TSA Programs

The Office of Infrastructure Protection

Long-Term Power Outage Response and Recovery Tabletop Exercise

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Department of Defense. Installation Energy Resilience

National Health Security Strategy

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

Bad Idea: Creating a U.S. Department of Cybersecurity

Office of Infrastructure Protection Overview

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

CONCLUSIONS AND RECOMMENDATIONS

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

JOINT UNITED STATES-CANADA ELECTRIC GRID SECURITY AND RESILIENCE STRATEGY

STRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015

Region Snapshot Regions I and II

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Framework for Improving Critical Infrastructure Cybersecurity

The Office of Infrastructure Protection

The Office of Infrastructure Protection

A Framework for Critical Information Infrastructure Risk Management

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

S&T Stakeholders Conference

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

Emergency Preparedness Working Group Strategic Plan

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Cybersecurity & Privacy Enhancements

Introduction to the National Response Plan and National Incident Management System

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

National Cyber Incident Response - Architectural Concepts

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Applying Mitigation. to Build Resilient Communities

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

Overview of the Cybersecurity Framework

Homeland Security & All-Hazards Senior Advisory Committee (H-SAC)

The US National Near-Earth Object Preparedness Strategy and Action Plan

Transcription:

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive 21 (PPD-21), Critical Infrastructure Security and Resilience Builds on the extensive work done to date to protect and enhance the resilience of the Nation s critical infrastructure (CI) Aims to clarify roles and responsibilities across the Federal Government Intends to institutionalize ways to work more effectively with CI partners to enhance the security and resilience of CI Directs the Secretary of Homeland Security to provide to the President a successor to the National Infrastructure Protection Plan to address the implementation of this directive [PPD-21], the requirements of Title II of the Homeland Security Act of 2002 as amended, and alignment with the National Preparedness Goal and System required by PPD-8. Is informed by the expertise, experience, capabilities, and responsibilities of government and industry 2

EO 13636: Improving CI Cybersecurity At the same time, President Obama signed Executive Order (EO) 13636 - Improving Critical Infrastructure Cybersecurity Joint issuance of the EO and PPD reinforced the need and desire for an integrated approach to strengthening the security and resilience of CI against all hazards through an overarching national framework that acknowledges the increased role of cybersecurity in protecting physical assets. This approach is reflected in the new NIPP 2013. DHS established an Integrated Task Force to lead DHS implementation and coordinate interagency, intergovernmental, and private sector efforts to ensure integrated and synchronized implementation across the homeland security enterprise. 3

NIPP 2013 - Outline Section 1 Introduction Introduces document s structure and changes since 2009. Section 2 Vision, Mission, and Goals Outlines the vision, mission, and goals for the CI community. Section 3 CI Environment Describes key concepts influencing security and resilience efforts with a focus on the policy, risk, and operating environments and the partnership structure. Section 4 Core Tenets Describes the principles and that inform the development of the Plan. Section 5 Collaborating to Manage Risk Builds on the risk management framework described in previous NIPPs, conceptualizing risk management activities conducted by the CI community in the context of national preparedness. Section 6 Call to Action Calls on the Federal Government in partnership with the CI community (respective of authorities, responsibilities, and business environments) to take cross-cutting actions that support collective efforts in CI security and resilience in the coming years. 4

NIPP 2013 Overview Scope: guide national efforts and drive progress, while seeking to engage the broader community about the importance of CI security and resilience Audience: a broad CI community comprised of public and private owners and operators; Federal departments and agencies; SLTT governments; regional entities; and other organizations from the private and non-profit sectors with a role to play in securing and strengthening the resilience of the Nation s CI Integrated approach to: Detect, deter, disrupt, and prepare for threats to the Nation s critical infrastructure, including natural hazards; Reduce vulnerabilities of critical assets, systems, and networks; and, Mitigate the potential consequences to critical infrastructure of incidents or adverse events that do occur Requires: flexible, proactive, and inclusive partnerships to advance CI security and resilience. Recognizes: varying risk management perspectives of the public and private sectors, where government and private industry have aligned, but not identical, interests in securing CI 5

Evolution from 2009 NIPP More strategic and flexible document Focus on actions and implementation Retains a focus on risk management as the foundation of national CI security and resilience; makes enhancements to framework Continues to promote voluntary partnerships as the principal mechanism for managing risks to CI 6

Significant Changes and Evolution Elevates security and resilience as the primary aim of CI planning efforts Draws alignment between critical infrastructure risk management efforts and the National Preparedness System (across five mission areas) Focuses on national priorities jointly determined by public and private sectors, while limiting discussion of Federal programs Integrates cyber and physical security and resilience efforts into an enterprise approach to risk management Continues progress to support execution of the National Plan at both the national and community levels 7

Significant Changes and Evolution Affirms the reality that critical infrastructure security and resilience efforts require international collaboration; Incorporates practical lessons learned from national program and feedback from partners Is mindful of the perspectives and capabilities of different partners including Federal roles outlined in PPD 21 -- and how this affects collective efforts Includes a detailed Call to Action, with steps that the Federal Government will undertake working with CI partners to make progress toward security and resilience 8

Supplements Several standalone supplements are also offered to provide guidance and assistance to the CI community for implementation Implementing the CI Risk Management Framework Connecting to the National Cybersecurity and Communications Integration Center and the National Infrastructure Coordinating Center DHS Resources for Vulnerability Assessments Incorporating Security and Resilience into CI Projects Additional supplements will be developed after the NIPP 2013 has been issued 9

Call to Action The Call to Action section guides the Federal Government and informs private sector, SLTT, and regional efforts in implementing the National Plan. The actions are multi-year priorities to be reviewed annually with input from partners. The actions are organized into 3 broad categories: Building upon partnership efforts Innovating in managing risk Focusing on outcomes 10

Call to Action Build upon Partnership Efforts 1. Set National Focus through Joint Priority Setting 2. Determine Collective Actions through Joint Planning Efforts 3. Empower Local and Regional Partnerships to Build Capacity Nationally 4. Leverage Incentives to Advance Security and Resilience Innovate in Managing Risk 5. Enable Risk-Informed Decision-Making through Enhanced Situational Awareness 6. Analyze Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects 7. Rapidly Identify, Assess, and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents 8. Promote Infrastructure, Community, and Regional Recovery Following Incidents 9. Strengthen Coordinated Development and Delivery of Technical Assistance, Training, and Education 10.Improve Critical Infrastructure Security and Resilience by advancing Research and Development Solutions Focus on Outcomes 11. Evaluate Achievement of Goals 12. Learn and Adapt During and After Exercises and Incidents 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback