290 likes | 555 Views
National Infrastructure Protection Plan (NIPP). The NIPP Provides a Strategic Context for Infrastructure Protection/Resiliency. Dynamic threat environment Natural Disasters Terrorists Accidents Cyber Attacks A complex problem, requiring a national plan and organizing framework
E N D
The NIPP Provides aStrategic Context for Infrastructure Protection/Resiliency • Dynamic threat environment • Natural Disasters • Terrorists • Accidents • Cyber Attacks • A complex problem, requiring a national plan and organizing framework • 18 Sectors, all different, ranging from asset-focused to systems and networks • Outside regulatory space (very few security-focused regimes) • 85% privately owned • 100% in State and local jurisdictions
18 Sectors & Sector-Specific Agencies • DHS coordinates the overall national effort to enhance CIKR protection and resiliency through the implementation of the NIPP • Sector-specific agencies lead the activities in each of 18 sectors and develop and implement Sector-Specific Plans • DHS leads 11 of the sectors • IP leads six of these sectors
Sector Partnership Model • Critical infrastructure protection and resiliency are the shared responsibilities of Federal, State, local, tribal, and territorial governments, regional coalitions, and the owners and operators of the Nation’s CIKR • NIPP outlines their roles & responsibilities • Also describes the information-sharing environment & communications Council functions include comprehensive planning, methodology development, risk assessment, protective programs & resiliency strategies, incident management, training, exercises, identification of R&D requirements
Partnership Structures Critical Infrastructure Partnership Advisory Council Overarching Framework Sector Coordinating Councils Government Coordinating Councils Government Counterparts CIKR Owners & Operators Regional Consortium Coordinating Coalitions CIKR Initiatives Integration Using Existing Regional Coalitions
NRF CIKR Support Annex Provides the bridge between the NIPP “steady-state” approach for CIKR protection and the NRF incident management doctrine Addresses recommendations of the Hurricane Katrina after-action review CIKR Support Annex
NIPP – NRF : The Full Spectrum of Incident Management Pre-Incident Incident Post-Incident Prevention Preparedness Response Recovery Mitigation
NRF Coordination Structure Field Level Regional Level NationalLevel NIMS Role Incident Advisory Council (IAC) JFO Coordination Group Multiagency Coordination System • Multiagency Coordination Entity • Strategic coordination Joint Field Office National Operations Center (NOC) Regional Response Coordination Center Local Emergency Operations Center State Emergency Operations Center • Multiagency Coordination Centers/EOCs • Support and coordination • Incident Command • Directing on-scene emergency management Role of regional components varies depending on scope and magnitude of the incident. An Area Command is established when needed due to the complexity or number of incidents. Area Command The NRF includes slight variations of the base structure for terrorism response and Federal-to-Federal support Incident Command Post Incident Command Post Incident Command Post
Joint Field Office • The JFO is the focal point for coordination of Federal support to on-scene incident management efforts Principal Federal Official JFO Coordination Group Other Senior Federal Officials State, Local and Tribal Representative(s) Senior Federal Law Enforcement Official Federal Coordinating Officer Chief of Staff ----------------------- Liaison Officer Safety Coordinator Security Officer Infrastructure LiaisonOthers as needed External Affairs JFO Coordination Staff Defense Coordinating Officer (DCO) Office of Inspector General JFO Sections Operations Section Logistics Section Planning Section Finance and Admin
Strategic Drivers The DHS Appropriations Act of 2007 charged IP with creating a chemical security regulatory program. The Appropriations Act of 2008 also requires Ammonium Nitrate regulations. Department of Homeland Security Appropriations Act of 2007 The Homeland Security Act of 2002 established an Assistant Secretary for Infrastructure Protection, responsible for assessing vulnerabilities of key resources and critical infrastructures and developing a comprehensive national plan. In 2006, P.L. 109-295, Section 550 directed the regulation of high risk chemical facilities. The 2005 / 08 hurricanes affirmed IP’s important mission and central role in preparedness. HSPD-5 HSPDs provide inter-related and focused policy guidance in the areas of incident management, critical infrastructure protection, and national preparedness. HSPD-7 National strategies for Homeland Security, Cyber Security, and Physical Protection of CIKR provided high level goals and priorities for the Office of Infrastructure Protection. HSPD-8 HSPD-9 HSPD-19 STAKEHOLDER INTERACTION
Critical Infrastructure & Key Resources(CIKR) • Critical Infrastructure: Systems and assets, whether physical or virtual, so vital to the United States that the incapacitation or destruction of such systems and assets would have a debilitating impact on national security, national economic security, public health or safety, or any combination of those matters • Key Resources: Publicly or privately controlled resources essential to the minimal operations of the economy or government • Why is CIKR Protection Important? • Essential to the Nation’s security, public health and safety, economic vitality, and way of life
National Infrastructure Protection Plan Build a safer, more secure, and more resilient America by preventing, deterring, neutralizing, or mitigating the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit elements of our Nation’s CIKR and to strengthen national preparedness, timely response, and rapid recovery of CIKR in the event of an attack, natural disaster, or other emergency.
National Infrastructure Protection Plan • A comprehensive plan and unifying structure for the government and the private sector to improve protection and resiliency of critical infrastructure and key resources, including • Partnership model & information sharing • Roles & responsibilities • Risk management framework • Authorities • Integration with other plans • Building a long-term program • Providing resources & prioritizing investments • Contributes to both steady-state (non-incident) risk management and incident management • Drives IP’s programs/activities, guides those of • Other Federal agencies and departments • State, local, tribal, and territorial governments • CIKR owners and operators
Sector-Specific Plans (SSPs) • Tailor application of the NIPP risk management framework to each of the CIKR sectors • Address the unique characteristics and risk landscapes of each sector • Sector-Specific Agencies (SSAs) partnered with Sector Coordinating Councils (SCCs) and Government Coordinating Councils (GCCs) to develop the SSPs • SSPs were released in May 2007 and underwent annual review in 2008 • SSPs will undergo a triennial review for reissue in 2010
Goal and Objectives Build a safer, more secure, and more resilient America by enhancing protection of the Nation’s CIKR Roles & Responsibilities Federal State Local Private Sector Managing Risk Goals Identify Assets, Systems, and Networks Assess Risk Prioritize Implement Protective Programs and Resiliency Strategies Measure Effectiveness Organizing & Partnering Sector Partnership Model Government Coordinating Councils (GCCs) Sector Coordinating Councils Federal Senior Leadership Council State, Local, Tribal, and Territorial GCC Regional Consortium Coordinating Council Relationship to Other Plans & NIPP Outreach National Response Framework Building National Awareness Education and Training R&D Resources for CIKR Protection National CIKR Protection Annual Report Sector CIKR Protection Annual Reports Sector Security Goals (example) Rapidly reconstitute critical sector assets, systems, networks, and functions after national and regional emergencies. Plan for emergencies and crises by participating in exercises and updating response and continuity of operations plans. Educate stakeholders on infrastructure resiliency and risk management practices in the sector. Ensure timely, relevant, and accurate threat information sharing between the law enforcement and intelligence communities and key decision makers in the sector. Establish effective, cross-sector coordination mechanisms to address critical interdependencies, including incident situational awareness, and cross-sector incident management. CIKR Identification Assets Systems Networks Functions Risk Assessments Industry Self Assessments – Corporate process National Sector Risk Assessment – Government sponsored Cross Sector Dependency Analysis – Government sponsored Protective Programs Cultivate existing programs Address high risk areas identified by risk assessments Priority based, linked to goals and related risks Measuring Effectiveness Core NIPP Metrics Specific sector goals Protective programs National Infrastructure Protection Plan NIPP Base Plan (2009) 18 Sector-Specific Plans (2007)
NIPP Risk Management Framework • The NIPP describes processes to: • Set Goals and Objectives • Identify Assets, Systems, and Networks • Assess Risk (Consequences, Vulnerabilities, and Threats) • Prioritize • Implement Protective Programs & Resiliency Strategies • Measure Effectiveness
Overview of Key ChangesNIPP - 2009 • Improvements to 2006 NIPP do not change underlying policy • 2009 NIPP integrates the concepts of resiliency and protection and broadens the focus of NIPP-related programs and activities to the all-hazards environment • Changes reflect suggestions and comments received from our partners as well as: • Release of SSPs in 2007 • New HSPDs, national strategies, and legislation • Establishment of Critical Manufacturing as the 18th CIKR sector • Designation of Education as a subsector of Government Facilities • Formation of the Regional Consortium Coordinating Council (RCCC) • Release of the Chemical Facility Anti-Terrorism Standards (CFATS)
Infrastructure Liaison • Principal advisor to the JFO Coordination Group regarding all national and regional CIKR incident-related issues • Maintains operational control over all IP staff assigned to support the JFO • Principal functions include: • Act as the liaison between the national-and regional-level CIKR, the private sector, and the JFO • Coordinate CIKR and ESF issues between the JFO Coordination Group and IP representatives located at the NOC, IAC, and NRCC • Provide situational awareness on the affected CIKR and periodic updates to the JFO Coordination Group • Serve as the senior advocate within the JFO for CIKR issues within the JFO and to support the prioritization of response and restoration efforts • Leverage private sector relationships to support response and recovery efforts
Stafford Act • General Framework for Assistance (Section 402/403) • Section 403(a): • authorizes FEMA “to provide assistance essential to meeting immediate threats to life and property resulting from a major disaster.” • direct Federal assistance – either by using, lending, or donating to State and local governments Federal equipment, supplies, facilities, personnel, and other resources; or by distributing through States/locals medicine, food, and other consumable supplies, and other services and assistance to disaster victims. Section 403(a)(1), (2) • Limiting Factors: • 403(a)(1), (2) authorize assistance only to “State and local governments” or certain “private non-profit” entities • Aid not routinely available to for-profit entities; however, such entities may be indirect or incidental beneficiaries of Federal assistance in appropriate circumstances
CIKR RFA Determinations • Issues to be considered in supporting an RFA Contribution of the requested assistance to meeting public safety & health goals • Contribution of the requested assistance to meeting response/restoration priorities established by the SCO/FCO • Requestor’s capability to resource the requested assistance from their own capabilities • Alternative means and timing of providing the requested assistance • Benefit of providing the requested assistance to the restoration of a local community critical resources/capability • Benefit of providing the requested assistance to meeting critical regional/national CIKR needs • Benefit/cost of redirecting the requested resource or capability from other priority requirements • Prioritization adjudication JFO(PFO/FCO/IL) NRCC (IL/IP supported) IAC • Potential for cost share by requestor
Major CIKR Concerns/Issues • Access and Credentialing • Evacuation and re-entry plans and routes • Status of • Electricity • Water • Telecommunications • Roads • Resource and supply confiscation
Cross-Sector Coordination Regional Consortium Coordinating Council Cross-Sector Cybersecurity Working Group State, Local, Tribal, and Territorial Government Coordinating Council CIKR Cross-Sector Council Federal Senior Leadership Council Agriculture/Food Banking & Finance Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy Government Facilities Healthcare and Public Health Information Technology National Monuments & Icons Nuclear Postal & Shipping Transportation Systems Water