150 likes | 299 Views
Urban Area Security Initiative Conference, Columbus, OH. May 23, 2012. Critical Infrastructure Protection: Program Overview. Agenda . Mo. Historical Perspective Risk Management Framework Implementation Current Environment Key Initiatives The Current Challenge.
E N D
Urban Area Security Initiative Conference, Columbus, OH May 23, 2012 Critical Infrastructure Protection: Program Overview
Agenda Mo • Historical Perspective • Risk Management Framework Implementation • Current Environment • Key Initiatives The Current Challenge The homeland security enterprise is entering a new stage in its evolution. Focus is shifting to considerations of all-hazards while resources are becoming increasingly scarce due to the challenging budget environment. Therefore, partnerships of all types must be leveraged to ensure that resources are utilized in the most effective ways possible. 2
Historical Perspective When the Department of Homeland Security (DHS) was established in 2002, it faced distinct challenges with regards to the protection and resilience of critical infrastructure: • Other DHS components, such as the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), already had a well defined mission space and implementation processes were functioning; • Critical infrastructure protection and resilience was generally a new mission area and required the establishment of implementation mechanisms; and • The establishment of a governance structure was necessary in order to reach the network of critical infrastructure protection and resilience partners in the private sector and at all levels of government.
Critical Infrastructure Authorities • Critical Infrastructure: 42 U.S.C. 5195c (e) defines the term “critical infrastructure” as the “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” • Policy of the United States: 42 U.S.C. 5195c (c) establishes that it is the “policy of the United States … that any physical or virtual disruption of the operation of the critical infrastructures of the United States be rare, brief, geographically limited in effect, manageable, and minimally detrimental to the economy, human and government services, and national security of the United States…” • Homeland Security Presidential Directive 7 – Critical Infrastructure Identification, Prioritization, and Protection (HSPD-7): Establishes a national policy for Federal departments and agencies to identify and prioritize critical infrastructure and to protect them from terrorist attacks (now all-hazards) and established the original 17 (now 18) critical infrastructure sectors. • National Infrastructure Protection Plan (NIPP): Provides the unifying structure for the integration of efforts for the enhanced protection and resilience of the Nation’s critical infrastructure.
NIPP Risk Management Framework Risk management framework: • Integrates and coordinates strategies, capabilities, and governance to enable risk-informed decision making related to the nation’s critical infrastructure • Six interrelated activities to continuously enhance the protection of critical infrastructure
Risk Management Framework Implementation To effectively implement the risk management framework and help critical infrastructure protection and resilience partners make risk-informed decisions, the following were developed: Governance Structure Allows the Department to communicate with both public and private sector partners. Creates a nationwide network in which partners may effectively collaborate to prepare for, protect against, respond to, and recover from all-hazards. Information Sharing Assessments & Analysis Establishes threats, vulnerabilities, and consequences for individual and clustered critical infrastructure to develop applicable security measures.
Current Environment The critical infrastructure protection and resilience mission has become more dynamic while resources are being decreased: • There is increased emphasis on all-hazards. • Cyber risks are more prevalent. • Climate related risks are receiving more attention. • There is increased focus on providing justification for how resources are utilized. • To meet these challenges, we must gather risk-informed requirements for our programs that will allow us to make investments that truly support our partners. In order to do this, we are implementing mechanisms that will: • Define the risk-informed outcomes we want to achieve. • Develop metrics to determine if we are meeting those outcomes. • Use information generated through the metrics to make decisions about how our programs will get us closer to the outcomes we want to achieve.
Objectives Example Implementing Mechanisms One IP Objectives • Protective Security Advisors • Sector Partnerships • Information Sharing Environment • State and local partners • Regional Resiliency Assessment Program (RRAP) • Fusion Center engagement • Stakeholder Input Project • Sector Annual Reports • National Annual Report • Critical Infrastructure Risk Management Plan Strengthen partnerships and information sharing capacity Provide partners with the programs and tools they need Measure program effectiveness so that efforts can be improved 8
CIRMEI: Risk-informed Resource Allocation Understand risks to critical infrastructure Assess impact of activities 1 2 Feedback Loop 4 3 Develop plan to address gaps Adjust resources accordingly
A Regional Approach To advance the Assistant Secretary’s vision, Secretary Napolitano’s “One DHS” agenda and the critical infrastructure mission, NPPD/IP is collecting regional requirements and will adjust programs to meet those requirements. A regional approach is necessary because: • Critical infrastructure assets, systems, functions, and networks cross jurisdictional boundaries • The types, integration, and concentration of assets vary across regions • Risk landscapes and resources vary region-by-region • All incidents begin and end in local communities • The effectiveness of protection and resilience activities is best measured by their impact on stakeholders in communities across the country 10
Regional Initiative Approach NPPD/IP Core Mission Areas Partnership Support Assessing Security and Resiliency Regulatory Requirements Information Sharing Region-Specific Mission Requirements Analysis Federal Regions IX FY 2012 X FY 2013 VIII FY 2012 I August 2011 VI FY 2012 VII FY 2013 II August 2011 III FY 2013 IV February 2012 V FY 2013 Critical Infrastructure Mission Partners (Public and Private) Outcome: A sustainable One IP Framework that will enable NPPD/IP to operationalize partnerships and deliver tailored programs to each region. 11
Components of the Regional Initiative Key Recommendations for NPPD/IP Leadership Feedback from Outreach to Private Sector Infrastructure Owners and Operators Feedback from Outreach to State and Local Government Partners Feedback Provided in Reports by various Partner and Advisory Councils 1 2 3 Analysis of reports from partner councils containing feedback relevant to service delivery Focus group discussions in Regional locations One-on-one interviews with SLTT critical infrastructure protection government officials
Regional Initiative – Current Status As of May 2012, NPPD/IP has achieved the following progress with the Regional Initiative: • Received feedback on the status of critical infrastructure protection and resilience activities in FEMA Regions I, II, and IV from State and local government partners as well as private sector owners and operators. • Completed an analysis of 14 relevant reports and white papers submitted to NPPD/IP on critical infrastructure protection and resilience and identified key findings. • Coordinated with State and local partners to pursue focus groups in three additional FEMA Regions (VI, VIII, and IX) this fiscal year. Findings from this effort will inform programmatic and budgetary decisions: • More user friendly, flexible tools • More scalable, realistic exercises to help identify interdependencies • Tailoring and providing training and capabilities valued by our stakeholders 13
Questions? • The Current Challenge The homeland security enterprise is entering a new stage in its evolution. Focus is shifting to considerations of all-hazards while resources are becoming increasingly scarce due to the challenging budget environment. Therefore, partnerships of all types must be leveraged to ensure that resources are utilized in the most effective ways possible. 14
Ken Buell Policy Development and Coordination Unit Office of Infrastructure Protection National Protection and Programs Directorate Kenneth.Buell@HQ.DHS.GOV