FY Bay Area UASI Risk and Grants Management Program Update. November 14, 2013

Similar documents
TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Santa Clara County. San Francisco City and County. Marin County. Napa County. Solano County. Contra Costa County. San Mateo County

Fusion Centers Information Sharing, Analysis and Coordination

Bay Area UASI FY Annual Report

S&T Stakeholders Conference

The Bay Area Homeland Security Strategy and Implementation Plan

Threat and Hazard Identification and Risk Assessment (THIRA) In Progress Review (IPR) July 2012

Energy Assurance Plans

Updates to the NIST Cybersecurity Framework

Framework for Improving Critical Infrastructure Cybersecurity

The Bay Area Compendium of Core Capabilities

CRS Report for Congress

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Critical Infrastructure Assessment

The J100 RAMCAP Method

Advanced IT Risk, Security management and Cybercrime Prevention

ARRA State & Local Energy Assurance Planning & Implementation

Board of Directors April 25, BART The Next 40 Years BART Metro Vision Update Enhancing Service, Capacity and Coverage

National Policy and Guiding Principles

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Bay Area Information Sharing Report

Energy Step Code Implementation Strategy. March 26, 2018

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

Current status and next steps. Haileyesus Getahun Coordinator IACG Secretariat World Health Organization

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan

Food and Agriculture Sector Criticality Assessment

The NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Maritime Cyber Security Project Work Plan. Maritime Cyber Security. Work Plan Draft

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Bay Area UASI Homeland Security Goals and Objectives

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

Framework for Improving Critical Infrastructure Cybersecurity

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

The Office of Infrastructure Protection

2014 CFD Rating Analysis

FISMA Cybersecurity Performance Metrics and Scoring

ICAO Aviation Security Assistance Program and Guyana s efforts to meet GASeP S Goals. Presented by: Mr. Abraham Dorris

Undergraduate Admission File

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan

PIPELINE SECURITY An Overview of TSA Programs

ACR 2 Solutions Compliance Tools

Cyber Security & Homeland Security:

(2) Provide fair compensation that aligns with regional market indicators for compensation levels for each position;

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Integrated Consortium of Laboratory Networks (ICLN) Brief to the NPDN National Meeting

Strategic Foresight Initiative (SFI)

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

An Introduction To: Help Me Grow-LA. August 11, 2016

Physical Security Reliability Standard Implementation

Statement for the Record

Integrated Consortium of Laboratory Networks (ICLN)

Belize s Climate Resilient Investment Plan. Prioritised Investment Plan for Climate Readiness

Smart Grid Standards and Certification

Department of Defense. Installation Energy Resilience

Developing a Model for Cyber Security Maturity Assessment

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

NIST Smart Grid Activities

New Concept for Article 36 Networking and Management of the List

Managed Lane owner decision needed San Mateo County s options Understanding revenues & costs Pros & cons of County s options Proposed next steps

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

IT Updates. Maryland Health Benefit Exchange Board Meeting April 15, Presented by: Isabel FitzGerald Secretary, DoIT

CIP Standards Development Overview

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Review of the WMO DRR Programme activities in the area of MHEWS as a contribution to the WMO DRR Priority (2005 to present)

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Views on the Framework for Improving Critical Infrastructure Cybersecurity

Annual Policy Initiatives Roadmap Process Straw Proposal

Information Technology (CCHIT): Report on Activities and Progress

NIS Directive : Call for Proposals

Long-Term Power Outage Response and Recovery Tabletop Exercise

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

SANS Vendor Events. SANS offers a variety of events which bring you in touch with the highly qualified SANS community.

Request for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning

Overview of support provided by the LEG

Houston Urban Area Security Initiative (UASI) Cybersecurity Mini-Assessment Workshop

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Gateway Transportation Collaboration Forum. 21/01/2015 Gateway Transportation Collaboration Forum 1

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Critical Cyber Asset Identification Security Management Controls

Subject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento

Cybersecurity & Privacy Enhancements

Unified Development Code. Public Workshop No. 3 November 7, 2017

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

IATF Transition Strategy Presenter: Mrs. Michelle Maxwell, IAOB

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

IAEA Action Plan on Nuclear Safety

Office of Infrastructure Protection Overview

Critical Infrastructure Sectors and DHS ICS CERT Overview

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Transcription:

FY 2013-2014 Bay Area UASI Risk and Grants Management Program Update November 14, 2013

Overview FY 2013 Bay Area UASI Risk and Grants Management Program May 2013 December 2013 Data Management Analysis CIKR Data Validation Risk Validation THIRA Grant Planning Process Regional Gap Analysis Capabilities Data Collection Regional Capabilities Assessment UASI Security Strategy

Background DHS and UASI Approval Authority Bylaws require a risk and capability-based methodology to apply for and allocate grant funds Since July 2009 the Bay Area UASI has conducted a crossjurisdictional, cross-functional risk management program to: THIRA Set priorities develop/compare courses of action inform decision-making An on-going effort with continuous data input, validation, regularly scheduled assessments, and annual reporting

Digital Sandbox 7 (DS7)- Risk Analysis Center Used by all eight California UASIs Supports a State/local approach to risk management Assists state and local risk management communities: understand and identify risk based on threats, vulnerabilities and consequences risk prioritization methodology to align resources to needs Supports a common view of risk Complies with national guidelines, agency standards and regulations

FY 2014 Bay Area Risk Management Timeline Tasks 2013 Kickoff Risk Validation & Data Mgt. Capabilities Assessment & Gap Analysis THIRA Strategy Update Grant Planning Process* May June Jul. Aug. Sept. Oct. Nov. Dec. * Timelines tentative based on the release of the DHS budget and grant guidance.

Asset Risk Only one component of Allocation Formula As adopted by the Bay Area UASI Approval Authority Population Risk Percentage distribution may change depending upon DHS guidance 22% 29% 49% Asset Risk Formula to be presented to Approval Authority in December Economic Risk

Risk Validation/Data Management June July 2013 Added/updated asset details, priority levels, vulnerability and consequence scores (VHEMP), field assessments (where appropriate) Identified new users Protected Critical Infrastructure Information (PCII) Asset Catalog Development Criteria Priority Assessments August 2013 NCRIC reviewed updated asset information and validated data items that affect risk Note: NCRIC submits updated asset information to the DHS PCII office for certification.

2013 Update Bay Area Asset catalog increased from 8,583 to 12,923 assets All Jurisdictions were involved in process Major Sectors Updated: Banking, Chemical, Defense Industry, Energy, IT, Communications, Postal, Healthcare, Transportation, Water, Monuments, Commercial, Government, Dams, Nuclear, and Manufacturing NCRIC eliminated duplicate assets in DS7 56 Asset Priority Updates 111 VHEMP Assessments completed: Alameda, Contra Costa, Monterey, San Benito, San Francisco, San Mateo, Santa Clara, Santa Cruz, Sonoma Oakland, San Jose

2013 Asset Risk 35 Asset Risk 30 Percent of Total Asset Risk 25 20 15 10 5 0 San Francisco Santa Clara Alameda San Mateo Contra Costa Solano Monterey Sonoma San Benito Marin Santa Cruz Napa

2013 Hub Asset Risk 50 Hub Asset Risk 45 40 35 Percent of Total Asset Risk 30 25 20 15 10 5 0 West East South North

2012-2013 Asset Risk Comparison 35 Asset Risk 30 Percent of Total Asset Risk 25 20 15 10 2013 2012 5 0 San Francisco Santa Clara Alameda San Mateo Contra Costa Solano Monterey Sonoma San Benito Marin Santa Cruz Napa

2012-2013 Hub Asset Risk Comparison 50 Hub Asset Risk 45 40 Percent of Total Asset Risk 35 30 25 20 15 2013 2012 10 5 0 West East South North

Core Capabilities Measures and Metrics Locally tailored performance and resource measures and metrics assessed ability and preparedness Compendium of Bay Area 31 Core Capabilities uploaded and stored in the DS7 tool Capability gaps integrated into Strategy update and the THIRA priority objectives for project funding

Core Capabilities Work Performed 14 of 31 Core Capabilities (including cyber security) were identified as needing attention A Cyber Security Core Capability assessment was conducted for the first time At least one representative THIRA from each planning hub was asked to complete all 31 Core Capabilities (including cyber). A total of 217 Capabilities were assessed by the Operational Areas

Regional Capabilities Assessment/Gap Analysis Conducted using subject matter experts using the Core Capabilities measures and metrics Results used to understand most relevant capabilities for the region s risk Subject Matter Experts obtained THIRAconsensus through individual workshops The DS7 Capabilities Assessment Tool provided a Gap Analysis based on the updated data and results of the workshops Note: The DS7 Capabilities Assessment is based on the DHS Core Capabilities List.

2013 Strategy Update Results helped inform updates to the Bay Area Homeland Security Strategy Updated Strategy reflects the new National Preparedness Goal and related Core Capabilities Updated Bay Area Homeland Security Strategy presented to Approval Authority at the October 2013 meeting

THIRA THIRA is organized around the following components: Note: Regional stakeholders will have the opportunity to provide feedback.

Next Steps Regional Stakeholders review THIRA THIRA Briefing to the Approval Authority THIRA Submittal to DHS Update Risk Allocation Formula

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback