540 likes | 720 Views
The Future of Homeland Security with the Commercial Facilities Infrastructure Sector. January 10 th , 2013. Overview. PSA’s Roles and Responsibilities The Threat Back to the Future The Future Resources. Protective Security Advisors. 93 Protective Security Advisors (PSAs) Non-Regulatory
E N D
The Future of Homeland Security with the Commercial Facilities Infrastructure Sector January 10th, 2013
Overview PSA’s Roles and Responsibilities The Threat Back to the Future The Future Resources
Protective Security Advisors • 93 Protective Security Advisors (PSAs) • Non-Regulatory • Facilitate and coordinate training and assessments of local critical infrastructure • Provide reach back capabilities to DHS and other Federal resources • Respond to disasters to assist with the reconstitution of critical infrastructure • Support special events
Infrastructure at a Glance - The United States has more than 46,000 shopping centers nationwide. - The American Hotel & Motel Association reported 53,500 operating establishments. - The National Association of Theatre Owners reported 6,060 movie theaters in the U.S. - The United States has more than 600 convention centers. - The Center for Exhibition Industry Research (CEIR) survey revealed there were 11,094 trade and consumer shows in the country in 2000. - Nearly 59 million skiers/boarders visit at the 478 ski areas operating in the United States annually. - There are about 878,000 restaurants in the United States. These establishments serve more than 70 billion meals annually, have sales of more than $440 billion. Source: Overview of Potential Indicators of Terrorist Activity, Common Vulnerabilities, and Protective Measures for Critical Infrastructures and Key Resources (DHS 2006)
Trends and Tactics • Tactics, techniques, and procedures evolve quickly and adapt to countermeasures • Recent plots disrupted in NY, NC, AR, AK, TX, and IL were unrelated operationally, but indicative of a common cause that rallies independent extremists to want to attack the United States • Pre-operational indicators are becoming more and more difficult to detect, therefore State, local, and private sector partners play a critical role in identifying and reporting suspicious activity Najibullah Zazi (Denver Post) September 25, 2009 Zazi purchasing chemicals (CNN)
Asymmetric Threat EnvironmentActivities and Indicators • Surveillance / Countersurveillance (Human/Cyber) • Facility Security • Facility Access • Facility Construction • Target Dynamics • Secondary Targets
Direct impacts: Significant economic impacts locally, regionally, and nationally Large scale loss of life Facility repair costs Utilities could be shut down temporarily for the surrounding area Psychological impacts Indirect impacts: Cascading economic impacts to suppliers, travel, and entertainment business sectors Decreased interactions for professional and industry-wide advancement and progress Increase public anxiety Consequences of Impacts to Sector
Public-Private Partnership • Become familiar with your workplace and infrastructures that you depend on and depend on you. • Report suspicious activities to your local law enforcement agency. • Provide information for a Suspicious Activities Report (SAR) to the Statewide Information and Analysis Center (SIAC) and Joint Terrorism Task Force (JTTF).
“If You See Something, Say Something™” • In July 2010, DHS, at Secretary Janet Napolitano's direction, launched a national "If You See Something, Say Something™" public awareness campaign • The campaign is a simple and effective program to raise public awareness of indicators of terrorism and violent crime • Emphasizes the importance of reporting suspicious activity to the proper State and local law enforcement authorities • DHS is launching the campaign in conjunction with the Nationwide Suspicious Activity Reporting (SAR) Initiative
“If You See Something, Say Something™” (cont.) • Only reports that document behavior reasonably indicative of criminal activity related to terrorism will be shared with Federal, state, local, tribal and territorial partners. • Over the past year, the Department has rolled out the campaign with a variety of partners: • Amtrak • American Hotel and Lodging Association • Major League Soccer • National Basketball Association • National Collegiate Athletic Association • DHS and the State continue to expand its partnership
The Nationwide Suspicious Activity Reporting (SAR) Initiative • In March 2010, the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office was established within the U.S. Department of Justice (DOJ), Bureau of Justice Assistance, and is an interagency office composed of representatives from DOJ, DHS, FBI, and the Program Manger – Information Sharing Environment office • The NSI established standards, policies, and processes for gathering, documenting, processing, analyzing, and sharing SAR while taking into account the protection of privacy, civil rights, and civil liberties of Americans • The NSI program includes training for line officers, analysts, and chief executives, as well as community outreach and a comprehensive privacy framework • The FBI eGuardian Program is an integral part of the NSI, ensuring that information is getting from the field to the FBI Joint Terrorism Task Force for investigation • The NSI closely coordinates with the DHS "If You See Something, Say Something™" campaign. The NSI also coordinates with the DHS Office of Intelligence and Analysis which leads interagency support to the National Network of Fusion Centers
The Nationwide Suspicious Activity Reporting (SAR) Initiative (cont.) • In order for DHS to assist State, local, tribal, territorial and private sector partners with obtaining “If You See Something, Say Something™” materials, the DHS Office of Public Affairs will need to obtain a few items from the requestor in order to draft materials – those items are outlined below. The Office of Public Affairs will send the draft(s) back to the requestor for final approval • Product Options • Posters, paystub inserts, table tent cards, etc. • Electronic materials such as Ribbon Board/ Score Boards (need pixels/dimensions to design) • Placing “If You See Something, Say Something TM” logo on credentials • Public Service Announcement – DHS can write the script for the Public Service Announcements. It is recommended that someone recognizable from your group record the message • “Back-of-house” materials – These will help instruct staff/volunteers on what to look for and what they should do in case they see something suspicious • Please refer to the “If You See Something, Say Something™” Information and Public Display Materials Fact Sheet for more information
For each CI/KR sector, a Sector Specific Plan (SSP) have been developed that sets forth how the NIPP is implemented within the sector Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans (18) Sector Specific Plans • Detail the application of the NIPP risk management framework across each sector • Tailored to address the unique characteristics and risk landscapes of each sector • Sector Specific Agencies (SSAs) partner with Sector Coordinating Councils (SCCs) and Government Coordinating Councils (GCCs) to develop the SSPs
DHS Taxonomy Commercial Facilities Sector - 8 Sub-Sectors: 1. Entertainment and Media (e.g., motion picture studios, broadcast media); 2. Gaming(e.g., casinos); 3. Lodging(e.g., hotels, motels, conference centers); 4. Outdoor Events (e.g., theme and amusement parks, fairs, campgrounds, parades); 5. Public Assembly (e.g., arenas, stadiums, aquariums, zoos, museums, convention centers); 6. Real Estate (e.g., office and apartment buildings, condominiums, mixed use facilities, self-storage); 7. Retail(e.g., retail centers and districts, shopping malls); 8. Sports Leagues (e.g., professional sports leagues and federations).
NIPP Sector Partnership Model To coordinate activities under the NIPP, a framework for Federal, state, territorial, tribal, local, and private sector security partners to work together has been developed
CF Government Coordinating Council • Members Include: • Department of Commerce • Department of Education • Department of Homeland Security • Department of Housing and Urban Development • Department of the Interior • Department of Justice • Environmental Protection Agency • General Services Administration • Library of Congress • National Endowment for the Arts
Members Include: Affinia Hospitality BOMA International Dallas Convention Center International Association of Amusement Parks and Attractions International Association of Assembly Managers International Association of Fairs and Expositions International Council of Shopping Centers Major League Baseball Marriott International National Association of Industrial and Office Properties National Association of RV Parks and Campgrounds National Hockey League National Multi Housing Council National Retail Federation NBC Universal Oneida Gaming Commission RBC Center Retail Industry Leaders Association Related Management Company Self Storage Association Stadium Managers Association Starwood Hotels and Resorts Worldwide The Loss Prevention Foundation The Real Estate Roundtable The Walt Disney Company Tishman Speyer Trump Organization Warner Bros. Studio Facilities Westfield Shopping Centers CF Private Sector Coordinating Council
Resilience: Theory and Applications Ability of an entity — asset, organization, community, region — to anticipate, resist, absorb, respond to, adapt to, and recover from a disturbance.
Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep™) • Any hazard can cause operational disruptions that can affect private-sector entities and bring about various degrees of loss • The PS-Prep™ Framework Guides can offer an organization several options toward greater levels of preparedness standards • The goal of PS-Prep™ is to help improve private sector preparedness, resilience, and emergency management • Key Points: • Program is strictly voluntary • DHS does not perform audits; the accreditation and certification process is administered by the ANSI-ASQ National Accreditation Board • The purpose is not to impose Federal preparedness standards; PS-Prep™ standards were developed by private sector standard development organizations • In March 2012, AT&T became the first company to be certified to a DHS preparedness standard
PS-Prep™ (cont.) • Certifying to a PS-Prep™ standard enables a business to: • Develop a plan of action for handling disruptions • Minimize potential impact to essential operations • Protect data and information to ensure continued decisionmaking • Protect market share and minimize financial losses • Development of PS-Prep™ Framework Guides is ongoing • The Electric and Chemical Sector-Specific Framework Guides have been completed • Banking and Finance, Critical Manufacturing, Dams, Defense Industrial Base, and Nuclear will soon be finalized • For more information, please visit: http://www.fema.gov/privatesector/preparedness/ • Or email IP_Education@hq.dhs.gov for the Framework Guides
PS-Prep™ (cont.) • New ISO 22301, 22313, 22398 – Business Continuity Management • Moving your business continuity program to a management system requires management commitment. It involves embedding business continuity management into the culture of the organization. It is the endgame. There is finally have a “standard” method for BCM program development and improvement. We no longer need to rely on “Consultant X’s ‘Patented Approach.’” We no longer have to discuss and argue about definitions. The vocabulary is defined. • Based on British Standard 25999-1 • DHS Deciding whether to include the new ISO’s into PS-Prep
Enhanced Critical Infrastructure Protection • Infrastructure Survey Tool (IST) (contact your PSA to schedule an IST for your facility at no cost) • Over 1,800 IST surveys conducted to date • Apply weighted scores to identify vulnerabilities and trends for infrastructure and sectors and conduct sector-by-sector and cross-sector vulnerability comparisons • A consistent methodology of facility security information analysis • Provides an analysis for protective measures planning and resource allocation
Enhanced Critical Infrastructure Protection • Infrastructure Survey Tool (IST) • Over 1,800 IST surveys conducted to date • Apply weighted scores to identify vulnerabilities and trends for infrastructure and sectors and conduct sector-by-sector and cross-sector vulnerability comparisons • A consistent methodology of facility security information analysis • Provides an analysis for protective measures planning and resource allocation • Provides Protective Measures Index (PMI) and Resilience Measurement Index (RMI) Dashboard products for comparative analysis
Comparing Facility and Subsector Subsector Maximum Facility PMI Subsector Average Overall Facility PMI Subsector Minimum
ECIP Dashboard – Overall Tab • “Overall” tab shows the overall facility PMI and the PMIs for each major component (Level 1) of the facility PMI (blue bar) and the low, average, and high PMI for the subsector (dots).
ECIP Dashboard – Component Screens Tabs – Level 1 Level 3 Data Level 2 Components Overall PMI Bar Level 1 PMI Bar Level 2 PMI Dial Level 3 Component PMI
RMI Dashboard • The RMI Dashboard tabs will reflect the components of resilience • All RMI questions are in the RMI tabs • High, Average and Low comparisons will be available immediately • These are calculated using certain assumed answers to the new questions for the average facility within the sector • All on-line dashboards in 2013
Computer Based Assessment Tool • The CBAT is used to blend technical site assessment data, structural schematics, and other relevant site data with video of facilities, surrounding areas, routes, etc, to create an interactive visual guide of any location • Assist the facility owners and operators, local law enforcement, and emergency response personnel to prepare for and respond to an incident • Used in the 2012 Presidential Debates, 2009, -10, -11 Super Bowls, G-20, and the Presidential Inauguration
Cyber Security Evaluation Tool (CSET ) • Stand-alone software application • Self-assessment using recognized standards • Tool for integrating cyber security into existing corporate risk management strategy • Performs a variety of cyber security assessments to identify weaknesses and provide options for consideration. Key assessments include, Cyber Resilience Reviews (CRR). Cyber Resilience Review (CRR)
Protected Critical Infrastructure Information • PCII is an information-protection tool that enhances the ability of industry and government to share sensitive information with government authorities • All information classified as PCII is protected from public disclosure through the Critical Infrastructure Act of 2002 • To qualify as PCII, information must: • Contain critical infrastructure information not in the public domain • Be voluntarily submitted by the private sector or State and local owners and operators • Include express and certification statements • PCII is protected from public disclosure under the Freedom on Information Act (FOIA) and similar State and local disclosure laws • Also, PCII cannot be used in civil litigation or for regulatory purposes
PCII (cont.) • Access to PCII is limited to government employees and contractors trained in safeguarding and the handling of PCII • There have been no unauthorized releases of PCII reported since the program’s inception in 2004 • Current stats: • Over 6,000 PCII authorized users and tens of thousands of items have been submitted to the program or its Federal partners • Program Update: • New oversight procedures are being implemented to ensure that every State or Federal entity that handles PCII is regularly reviewed for compliance requirements • For more information, please visit: www.dhs.gov/pcii
DHS Training Courses • Provide protection personnel in public and private sectors with specialized security training to prevent and protect against continuing and emerging threats to our Nation’s infrastructure • Private Sector Counter-Terrorism Awareness Workshop • Improvised Explosive Device Awareness Workshop • Bomb-Making Materials Awareness Program • Surveillance Detection Course • Soft Target Awareness Course • Protective Measures Course
Active Shooter Awareness Program • Active shooters are an ongoing threat to attack out workplaces, schools, military installations, and other public settings • Given today’s ever-changing threat environment, preparing for Active Shooter scenarios should be a key component of any organization’s incident response planning • The DHS Active Shooter Awareness Program provides resources to help public and private-sector security managers prepare for and train workforces to mitigate this threat • There are several resources available: • Live Workshops (monthly day-long events with law enforcement and behavioral subject matter experts) • Online Training (an Independent Study Course is available that was developed with the Federal Law Enforcement Training Center and the Hospitality, Entertainment, and Tourism Security Council
Active Shooter Awareness Program (cont.) • Webinars (the Active Shooter Awareness Virtual Roundtable helps partners understand the importance of developing emergency plans) • Archived version: http://www.dhs.gov/files/programs/gc_1231165582452.shtm • Other Resources (a booklet and poster that can assist facility owners and operators in preparing for an active shooter incident) • Topics include: Profile of an active shooter; practices for coping; and tips for recognizing signs of potential workplace violence • For more information, please email cfsteam@hq.dhs.gov
IS-906: Workplace Security Awareness • Online training provides guidance to individuals and organizations on how to improve security in the workplace • Online training can be completed in 45 minutes • Applicable across all 18 critical infrastructure sectors • Threat scenarios include: • Access and Security Control • Criminal and Suspicious Activities • Workplace Violence • Cyber Threats • Link to online training: http://training.fema.gov/EMIWeb/IS/IS906.asp
IS-907: Active Shooter: What You Can Do • Online training for broad audience regardless of knowledge and skill level • Provides guidance on how to prepare and respond to an active shooter • Online training can be completed in 45 minutes • Uses interactive scenarios and videos to illustrate proper response during an active shooter event • Topics include: • Actions to take when confronted with an active shooter • How to recognize potential indicators of workplace violence • Actions to prevent and prepare for an active shooter situation • Features interactive knowledge reviews, final exam, and additional resources • Link to training: http://training.fema.gov/EMIWeb/IS/IS907.asp
Active Shooter: How to Respond • 13 page booklet for managers • Topics include: • Profile of an active shooter • How to respond to an active shooter • How to respond when police arrive • Training your staff for an active shooter • Human Resources responsibilities • Facility Manager responsibilities • Manager responsibilities • How to assist those with special needs and/or disabilities • Indicators of potential violence by employee • How to manage consequences • Download at: http://www.dhs.gov/files/programs/gc_1259859901230.shtm
Active Shooter Poster • Poster for break rooms, training areas, offices, restrooms • Reinforces training topics • Download at:http://www.dhs.gov/files/programs/gc_1259859901230.shtm
Active Shooter Pocket Guide Download at: http://www.dhs.gov/xlibrary/assets/active_shooter_pocket_card.pdf
Video: “Threat Detection and Reaction for Retail and Shopping Center Staff” • 20-minute presentation • Intended for Point-of-Sale staff • Applicable to all employees of a shopping center, mall, or retail facility • Uses case studies and best practices to explain • suspicious behavior and items • how to reduce the vulnerability to an active shooter threat • the appropriate actions to take if employees notice suspicious activity • The presentation can be viewed on the HSIN-CS Commercial Facilities portal at https://connect.hsin.gov/p21849699/ • For access to HSIN-CS, email your name and organization to HSINCS@dhs.gov
Tabletop Exercise: Dealing with Workplace Violence • Low density, high demand resource • Audience • Critical infrastructure stakeholders • Public safety partners • Purpose: to address gaps, issues, and concerns related to Active Shooters • Typical exercise agenda (4 hours): • Welcome 10 minutes • Module 1: Pre-Incident Phase 30 minutes • Module 2: Incident Response Phase 90 minutes • Module 3: Assessment Phase 60 minutes • HotWash 20 minutes • Contact the Utah Protective Security Advisor (PSA) to determine availability
DHS Support and Resources • In addition, DHS has developed materials and training tools for sector partners, including owners and operators, to make the sector more prepared, more secure, and more resilient from terrorist attacks, natural disasters, and other incidents • These materials are available through the Homeland Security Information Network – Critical Sectors (HSIN-CS) portal and are detailed in the Commercial Facilities Sector Resource Guide
HSIN-CS • Secure portal that provides a “peer to peer” collaboration space for: • Workgroups • Sub-portals • Events calendar • Resources available: • Intelligence bulletins • Guides • Training • Contact Information