S&T Stakeholders Conference

Similar documents
Food and Agriculture Sector Criticality Assessment

The Office of Infrastructure Protection

HITRAC Hurricane Sandy Support

April 2009 Unclassified // For Official Use Only

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Statement for the Record

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

The Office of Infrastructure Protection

National Policy and Guiding Principles

Department of Homeland Security Science and Technology Directorate

The Office of Infrastructure Protection

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

PIPELINE SECURITY An Overview of TSA Programs

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Region Snapshot Regions I and II

Regional Resilience: Prerequisite for Defense Industry Base Resilience

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Cyber Security & Homeland Security:

Critical Infrastructure Partnership

Strategic Foresight Initiative (SFI)

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

Emergency Management Response and Recovery. Mark Merritt, President September 2011

The Office of Infrastructure Protection

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Status Update from the Department of Transportation

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Critical Infrastructure Sectors and DHS ICS CERT Overview

STATEMENT GEORGE FORESMAN UNDERSECRETARY FOR PREPAREDNESS U.S. DEPARTMENT OF HOMELAND SECURITY

Transportation Security Risk Assessment

Department of Defense. Installation Energy Resilience

National Infrastructure Protection Plan

Developing a Holistic Strategy To Achieve Community Health Resilience

Office of Infrastructure Protection Overview

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

FY Bay Area UASI Risk and Grants Management Program Update. November 14, 2013

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Critical Infrastructure Resilience

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Community-Based Water Resiliency

Department of Homeland Security Updates

Long-Term Power Outage Response and Recovery Tabletop Exercise

Sharing of Information & Intelligence on the Importation & Transportation of Food

Member of the County or municipal emergency management organization

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Chapter 12 Security. Security Element. The Central Virginia Urban Areas Security Initiative

Emergency Communications Preparedness Center (ECPC) Research and Development (R&D) Focus Group (FG)

The J100 RAMCAP Method

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

National Level Exercise 2018 After-Action Findings

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

Homeland Security Perspective on Modeling and Simulation (M&S)

National Preparedness System. Update for EMForum June 11, 2014

Department of Homeland Security

The National Network of Fusion Center: Where We Have Been and Where We are Going

Cyber Resilience. Think18. Felicity March IBM Corporation

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

June 5, 2018 Independence, Ohio

Overview of the Federal Interagency Operational Plans

Implementing Executive Order and Presidential Policy Directive 21

Intelligence Support to Critical Infrastructure Protection Table of Contents

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Region Snapshot Region IV

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Alternative Fuel Vehicles in State Energy Assurance Planning

Applying Mitigation. to Build Resilient Communities

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

The Center of Innovation: Creating an Innovation

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Utilizing Terrorism Early Warning Groups to Meet the National Preparedness Goal. Ed Reed Matthew G. Devost Neal Pollard

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Appendix 3 Disaster Recovery Plan

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Department of Homeland Security Office of Inspector General

Don t Fail to Prepare for Failure Key Issues in Energy Assurance and Cybersecurity and Related NGA Center Activities

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

The Office of Infrastructure Protection

Presidential Documents

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Resilience at JRC. Naouma Kourti. Dep. Head of Unit. Technology Innovation in security Security, Space and Migration Directorate

Updates to the NIST Cybersecurity Framework

Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. Good morning Chairwoman Clarke, Ranking Member Lungren, and distinguished

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

The Office of Infrastructure Protection

Transcription:

S&T Stakeholders Conference Risk-Informed Requirements Process Col. Merrick Krause, USAF (Ret.) Director Infrastructure Analysis & Strategy Division U.S. Department of Homeland Security June 2-5, 2008 PARTNERING FOR A SAFER NATION

National Infrastructure Protection Plan (NIPP) Operational framework for protecting the 17 Critical Infrastructure/Key Resources (CI/KR) sectors Provides a clear division of labor between infrastructure protection and our Federal, State, local, tribal, and private sector partners Forms the basis for risk-based CI/KR protection requirements and prioritization Informs the annual Federal budget process in infrastructure protection mission area Physical Human Set Security Goals Identify Assets Assess Risks Prioritize Implement Protective Programs Measure Effectiveness Cyber Governance and Information Sharing The The NIPP NIPP risk risk management framework uses uses threat, threat, consequence, and and vulnerability information to to produce comprehensive and and systematic assessments that that drive drive CI/KR CI/KR risk risk reduction 2

NIPP Partnership Model Creates a forum for the requirements collection process Involves 2-way collaborations with private sector, Federal agencies, States, Territories, local governments, and tribal security partners 3

Assessed Components of Risk Risk Threat Vulnerability Consequence Assessed in coordination w/ Intelligence Community Assessed in coordination w/sector-specific Agencies (SSAs) Intent Recognizability Loss of Life Capability Countermeasure Effectiveness Robustness/ Resistance Economic Impact Psychological Impact 4

Risk Analysis Components Infrastructure Analysis & Strategy Division (IASD) Homeland Infrastructure Threat & Risk Analysis Center (HITRAC) Joint Program Office between IP and I&A conducting threat and risk analysis Risk analysis for all sectors Influences approximately $2-3B in DHS grants National Infrastructure Simulation and Analysis Center (NISAC) Congressionally mandate center for critical infrastructure protection Operations support with all-hazards modeling, simulation, and analysis Capabilities with and between all sectors (consequence analysis, cascading effects, interdependencies) R&D Analysis Branch Focal point for emerging technology and risk reduction Leads joint CIKR Sector R&D requirements process Enhanced interaction with S&T Directorate and full spectrum of potential collaborators (Centers of Excellence, university programs, etc.) 5

Strategic Homeland Infrastructure Risk Assessment (SHIRA) Provides a snapshot of the risks to the Nation s CIKR, including physical and cyber assets from international terrorists and their affiliates: Determines the highest risks to the nation from attacks targeting the CI/KR sectors Addresses risk based on existing threat, vulnerability and consequence data, but does not speculate on how these variables will evolve Basis for the National CIKR Risk Profile within the National CIKR Protection Annual Report HITRAC coordinates directly with the stakeholders to obtain or generate the data used in the assessment: Work with the Intelligence Community to assess threat Work with the SSAs and other Federal subject matter experts to assess vulnerability and consequence by CIKR sector 6

Tier 1/Tier 2 Program Through collaborative process with Federal partners, and State and territorial government partners, DHS has identified ~3,000 Tier 1/Tier 2 assets and systems based upon objective consequence and criticalitybased criteria Designed to increase accuracy of prioritization efforts that inform DHS resource allocation decisions, focus planning, and support effective incident management, response and restoration activities The Tier 1/Tier 2 results will be used to: Provide common basis for which DHS & partners to implement CI/KR protection initiatives Support eligibility determinations for largest Homeland Security Grant Programs Ensure assets/systems capable of creating significant consequences are primary focus of DHS protective efforts 7

Natural Disaster Preparedness The National Infrastructure Simulation and Analysis Center (NISAC) produced 10 detailed hurricane impact studies covering the East Coast from Texas to Maine Broadly distributed them within DHS and to external partners to support pre-event planning Studies provide comprehensive hurricane impact analysis on CIKR in affected area, highlighting critical assets (Tier 1/Tier 2 and others), as well as assets that have significant cascading effects DHS provides specific impact studies for all hurricanes Category 2 and above that are scheduled to make landfall Provide updated analysis and respond to specific analytical requests year round (e.g., prioritize facilities for restoration, protection, DHS leadership-requested preplanned analyses, etc.) 8

Risk-Based Requirements Process Collected and re-organized Sector Annual Report (SAR) capability gaps/requirements chapter SAR utilizing new capability gaps template for tracking and management R&D Tiger Teams consulted with sectors to help articulate requirements IP staff has emphasized Sector-Specific Agencies for contact thus far Integrated S&T Critical Infrastructure Protection (CIP) R&D Plan with SAR and CIKR Annual Report Created and used Requirements Steering Group (cross-functional team of IP and S&T division directors) to evaluate and prioritize requirements/capability gaps Used matrix analysis to identify CIKR sector R&D requirements that were completely unaddressed in S&T IPT process Presented gaps and SMEs to S&T Transition for use in Dec 07 Integrated Product Team (IPT) Capstones and other S&T research centers/vendors Used SHIRA & other criteria for risk-informed prioritization 9

Conclusion Risk is cornerstone in identifying and prioritizing grants, disaster preparedness activities, CIKR Sector requirements, and potential R&D projects Threat, vulnerability, and consequences are key components in calculating risk All risk-related projects and analyses for the Office of Infrastructure Protection fall within National Infrastructure Protection Plan (NIPP) framework Bottom Line: DHS customer-driven R&D process needs deliberate, authoritative risk-informed decisions to allow prioritization of limited resources 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback