360 likes | 578 Views
The Office of Infrastructure Protection. National Protection and Programs Directorate Department of Homeland Security. Protective Security Coordination Division Overview Brief. IP Vision and Mission.
E N D
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview Brief
IP Vision and Mission • Vision - A safe, secure, and resilient critical infrastructure based on and sustained through strong public and private partnerships • Mission - Lead the national effort to mitigate terrorism risk to, strengthen the protection of, and enhance the all hazard resilience of the Nation’s critical infrastructure
Protective Security Coordination Division Mission Statement Reduce the risk of the Nation’s critical infrastructure to a terrorist attack by assessing vulnerabilities and consequences; developing, implementing and providing national coordination for protective programs; and facilitating response to and recovery from all hazards
The Role of Homeland Security Unify a national effort to secure America Prevent and deter terrorist attacks Protect against and respond to threats and hazards to the Nation Respond to and recover from acts of terrorism, natural disasters, or other emergencies Coordinate the protection of our Nation’s critical infrastructure across all sectors 4
Threats May Come from All Hazards Threats May Come From All Hazards
National Response Framework • Guides how the Nation conducts all-hazards response • Documents the key response principles, roles, and structures that organize national response • Allows first responders, decision makers, and supporting entities to provide a unified national response
We will “hit hard the American economy at its heart and its core.” - Osama bin Laden The Threat
Effective December 17, 2003 Specifies the following key elements of the infrastructure protection mission: A strategy to identify, prioritize, and coordinate critical infrastructure protection Descriptions of activities which support each element of the strategy A summary of initiatives for sharing critical infrastructure information and for providing infrastructure threat warning data Coordination and integration with other Federal emergency management and preparedness activities The development of the National Infrastructure Protection Plan Homeland Security Presidential Directive 7 (HSPD-7)
Critical Infrastructure “Systems and assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters, across any Federal, State, regional, territorial, or local jurisdiction.” Source: National Infrastructure Protection Plan 2009 Critical Infrastructure Defined
Comprehensive plan and unifying structure for the government and private sector to improve protection and resiliency of critical infrastructure, including Partnership model and information sharing Roles and Responsibilities Risk management framework Authorities Integration with other plans Building a long-term program Providing resources and prioritizing investments Contributes to both steady-state risk management and incident management Drives IP’s programs and activities, and guides those of Other Federal agencies and departments State, local, tribal, and territorial governments Critical infrastructure owners and operators National Infrastructure Protection Plan (NIPP)
Agriculture and Food Banking and Finance Chemical Commercial Facilities Commercial Nuclear Reactors, Materials, and Waste Critical Manufacturing Dams Defense Industrial Base Drinking Water and Wastewater Treatment Systems Emergency Services Energy Government Facilities Information Technology National Monuments and Icons Postal and Shipping Public Health and Healthcare Telecommunications Transportation Systems Critical Infrastructure Sectors Critical Infrastructure Sectors 11
Majority of critical infrastructure assets are privately-owned DHS has limited legal authority to regulate security practices of private industry (exceptions: high-risk chemical facilities, Transportation Security Administration, US Coast Guard) DHS works with industry and Federal entities, as well as State, local, tribal, and territorial governments to protect critical infrastructure Coordinated through the NIPP To help communities better protect the Nation’s assets, DHS deployed Protective Security Advisors (PSAs) throughout the country Critical Infrastructure Protection Challenges
93 PSAs and Regional Directors, including 87 field deployed personnel, serve as critical infrastructure security specialists Deployed to 74 Districts in 50 States and Puerto Rico State, local, tribal, and territorial link to DHS infrastructure protection resources Coordinate vulnerability assessments, IP products and services, and training Support response, recovery, and reconstitution efforts of States affected by a disaster Provide vital link for information sharing Assist facility owners and operators with obtaining security clearances During contingency events, PSAs support the response, recovery, and reconstitution efforts of the State(s) by serving as pre-designated Infrastructure Liaisons (IL) and Deputy ILs at the Joint Field Offices (JFO) Developed over50,000 individual working relationships with Federal, State, local, tribal and territorial critical infrastructure protection partners Protective Security Advisors (PSAs)
Value of the PSA Program to You • PSAs: • Support comprehensive risk analyses for critical infrastructure • Assist in the review and analysis of physical/technical security for critical infrastructure • Convey local concerns and sensitivities to DHS and other Federal agencies • Relay disconnects between local, regional, and national protection activities • Communicate requests for Federal training and exercises
The PCII Program is an important tool to encourage industry to share their sensitive critical infrastructure information Established under the Critical Infrastructure Information Act of 2002, the PCII Program protects voluntarily submitted critical infrastructure information from: Freedom of Information Act (FOIA) State and local sunshine laws Civil litigation proceedings Regulatory usage Provides private sector with legal protections and “peace of mind” Protected Critical Infrastructure Information (PCII) Program
Examples of Critical Infrastructure Information (CII) • Protected information defined by the CII Act includes: • Threats ― Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of a critical asset • Vulnerabilities ― Ability to resist threats, including assessments or estimates of vulnerability • Operational experience ― Any past operational problem or planned or past solution including repair, recovery, or extent of incapacitation • Any information normally available in the public domain will not be protected
ECIP Initiative Identifies facilities’ physical security, security forces, security management, protective measures, information sharing, and dependencies Provides comparison across like assets and tracks implementation of new protective measures Informs facility owners/operators of the importance of their facilities as an identified high-priority infrastructure and the need to be vigilant Establishes/enhances relationships with facility owners/operators ECIP Surveys Over 1,400 ECIP surveys conducted to date Apply weighted scores to identify vulnerabilities and trends for infrastructure and sectors and conduct sector-by-sector and cross-sector vulnerability comparisons Facilitate the consistent collection of facility security information Provide information for protective measures planning and resource allocation Enhance overall capabilities, methodologies, and resource materials for identifying and mitigating vulnerabilities Enhanced Critical Infrastructure Protection (ECIP)
ECIP Survey Data Categories • Facility Information • Contacts • Facility Overview • Information Sharing • Protective Measures Assessment • Criticality • Security Management Profile • Security Areas/Assets • Additional DHS Products/Services • Criticality Appendix • Images • Security Force • Physical Security • Building Envelope • Delivery/Vehicle Access Control • Parking • Site’s Security Force • IDS/CCTV • Access Control • Security Lighting • Cyber Vulnerability • Dependencies **** Comparative analysis provided
ECIP Survey Tool • Web-based vulnerability survey tool that applies weighted scores to identify vulnerabilities and trends for infrastructure and across sectors • Facilitates the consistent collection of security information • Physical Security, Security Force, Security Management, Information Sharing, Protective Measures, Dependencies • The tool allows DHS to: • Identify and document critical infrastructure overall security • Provide information for protective measures planning and resource allocation • Facilitate government information sharing • Enhance its ability to analyze data and produce improved metrics
Weighting Process and Participants Scoring for Physical Security, Security Management, and Security Force was conducted using a working group comprised of: Physical security experts Scientists Mathematicians Sector representatives Owners and operators of facilities being weighted Weights validated using a separate panel of representatives. Example: Fences • Aluminum chain link fence • 7 foot height • With outriggers • Barbed wire • Fence Protective Measures Index = 71 • Wood fence • 6 foot height • Partial clear zone • Fence Protective Measures Index = 13
ECIP Deliverables Notional Information
Executive Summary (ExSum) Provides the security director a briefing tool to easily convey information to senior leadership and decision makers. Information identifies the sector, sub-sector, segment, and sub-segment high, low, average, and facility scores. The ExSum provides the ability to rapidly convey the overall Protective Measure Index (PMI) and specific area PMIs. Facility Executive Summary Notional Information
Dashboards and Information Sharing Areas individually separated into Physical Security, Security Management, Security Force, Information Sharing, and Protective Measures. Owner/Operator can make adjustments and see improvements to individual area and overall protective measure index (PMI). Greater understanding of the most significant changes and trends. Notional Information
Dashboard – Physical Security Example Notional Information
Other Products and Resources • InfraGard • Homeland Security Information Network (HSIN) • Vulnerability Assessments • Infrastructure Protection Report Series • Bomb-making Materials Awareness Program • TRIPwire & Security Training • DHS United States Computer Emergency Readiness Team (US-CERT) • DHS Daily Open Source Infrastructure Report • DHS Active Shooter Documents • Random Security Measures • Pandemic Influenza Guidance
InfraGard • InfraGard • http://www.infragard.net • InfraGard is an information-sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector • InfraGard is an association of businesses, academic institutions, State and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States
HSIN is DHS’s primary technology tool for trusted information sharing HSIN enables direct communication between DHS, Federal, State and local government, and infrastructure owners and operators Operated by DHS Office of Operations Coordination (OPS), HSIN is an Internet-based “portal” technology enabling encrypted communications with individually vetted members of secure “Communities of Interest (COI)” HSIN-CS leverages the HSIN system. IP contributes to the HSIN technical infrastructure and supports the unique needs of the CS program As a part of HSIN, HSIN-CS can leverage economies of scale to allow users to collaborate across “COIs” Homeland Security Information Network-Critical Sectors (HSIN-CS)
Vulnerability Assessment Programs • Buffer Zone Protection Program (BZPP) • Buffer zone is the area outside a facility that can be used by an adversary to conduct surveillance or launch an attack • A infrastructure protection grant program targeted to local law enforcement • Provides funding to local law enforcement for equipment acquisition and planning activities to enhance security capabilities in protecting the highest risk critical infrastructure sites • Supports the development of effective preventive/protective measures that make it more difficult for terrorists to conduct surveillance or launch attacks from the immediate vicinity of critical infrastructure • Site Assistance Visit (SAV) • Brings together Federal partners, State and local law enforcement, other emergency responders, and critical infrastructure owners and operators to conduct an “inside the fence” assessment • Identifies critical assets, specific vulnerabilities, protective measures, and dependencies and interdependencies • Provides options for consideration for improving security
Characteristics and Common Vulnerabilities Potential Indicators of Terrorist Activity Protective Measures • Common Characteristics • Consequences of Events • Common Vulnerabilities • Surveillance Indicators • Surveillance Objectives • Transactional and Behavioral Indicators • General Protective Measures Options • Specific Protective Measures Options per HSAS Level Infrastructure Protection Report Series • Increase awareness and improve understanding of infrastructure protection • DHS has produced reports for 142 different asset types, including: Casinos, convention centers, hotels, education facilities, office buildings, shopping malls, stadiums, theme parks, residential buildings, and other commercial sector assets
Comprehensive effort to educate law enforcement and private sector suppliers of materials used in the manufacture and construction of IEDs, of the potential risks associated with the sale or theft of those products Point-of-Sale Awareness Notification Processes Supply Chain Awareness Law Enforcement Training Material Facilitates partnerships between local law enforcement and private sector Encourages the retail industry to take an active role in bombing prevention efforts at little or no cost Bomb-Making Materials Awareness
TRIPwire - online unclassified network for law enforcement having bombing prevention responsibilities to discover and share tactics, techniques, and procedures of terrorist IED use Combines expert analysis with relevant documents gathered from terrorist sources to assist law enforcement anticipate, identify and prevent IED incidents TRIPwire Community Gateway brings timely bombing prevention awareness information and analysis to the private sector with bombing prevention responsibilities Responds to increasing private sector demand for bombing prevention information and assistance Leverages content, expertise, and reputation of the existing TRIPwire system Shares information on common site vulnerabilities, potential threat indicators, and effective protective measures to the 18 critical infrastructure sectors through HSIN-CS TRIPwire and TRIPwire Community Gateway
Surveillance Detection Course Provides a guideline for mitigating risks to critical infrastructure through developing, applying, and employing protective measures and the creation of a surveillance detection plan Protective Measures Provides the knowledge and skills to understand common vulnerabilities and employ effective protective measures to enhance commercial sector awareness on how to devalue, detect, deter, and defend facilities from terrorism Private Sector Counterterrorism Awareness Workshop Provides private sector security professionals with current strategies on soft target awareness, surveillance detection, and IED recognition, and outlines specific counterterrorism awareness and prevention actions that reduce vulnerability and mitigate the risk of domestic terrorist attacks Soft Target Awareness Course Provides private sector security and safety personnel terrorism awareness, prevention, and protection information IED Awareness Workshop Provides a basic awareness of IED prevention measures and planning protocols and the current technology and trends that characterize IEDs Risk Mitigation Training
How Can You Help? • Engage with your Protective Security Advisors to facilitate protective actions and establish priorities and the need for information • Assist in efforts to identify, assess, and secure critical infrastructures in your community • Communicate local critical infrastructure protection related concerns • Business and economic ramifications of actions • Issues unique to the community
Summary • Success will depend in part on the strength of our partnership • Our approach to addressing the terrorism threat will be a long term, ongoing project of the highest priority • This effort will require the highest degree of vigilance and dedication from all of us
For more information visit: www.dhs.gov/criticalinfrastructure