u.s. department of homeland security protective security ...brief to ca-nv-awwa march 31, 2010 u.s....
TRANSCRIPT
Brief to CA-NV-AWWA
March 31, 2010
U.S. Department of Homeland SecurityProtective Security Coordination Division
Pete Owen, Protective Security Advisor
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 2
Goal for this afternoon
• The National Infrastructure Protection Plan
• The Role of the Protective Security Coordination Division
• How we can help members of the CA-NV-AWWA
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
The National Infrastructure Protection Plan
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 4
HSPD-7, the National Infrastructure Protection Plan,
and the Water Sector-Specific Plan
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 5
Critical Infrastructure and Key Resources Critical Infrastructure :
Agriculture and FoodBanking and FinanceChemicalCritical ManufacturingDefense Industrial BaseWaterEmergency ServicesEnergyInformation TechnologyNat’l Monuments & IconsPostal and ShippingPublic Health & HealthcareTelecommunicationsTransportation Systems
Key ResourcesCommercial FacilitiesCommercial Nuclear
Reactors, Materials, and Waste
DamsGovernment Facilities
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 6
CI in the Water Sector
• Raw Water Supply, Storage & Transmission• Water Treatment Facilities• Treated Water Storage & Distribution
Systems• Treated Water Monitoring Systems &
Distribution Control Centers• Wastewater Treatment Facilities
• Dam Sector: Reservoir Dam Projects
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Sector Partnership Model
• Critical infrastructure protection and resiliency are the shared responsibilities of Federal, State, local, tribal, and territorial governments, regional coalitions, and the owners and operators of the Nation’s CIKR
• NIPP outlines their roles & responsibilities • Also describes the information-sharing environment & communications
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Example: Water Sector
• Lead Federal Agency: Environmental Protection Agency
• SCC: Water Sector Coordinating Council (WSCC)
• WSCC mission: “To serve as a policy, strategy, and coordination mechanism and recommend actions to reduce and eliminate significant homeland security vulnerabilities to the water sector through interactions with the Federal government.”
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
NIPP Risk Management Framework
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Security Goals for the Water Sector
• Sustain protection of public health and the environment.
• Recognize and reduce risks.• Maintain a resilient
infrastructure.• Increase communication,
outreach, and public confidence.
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
The Role of the Protective Security Coordination Division
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
PSCD Programs
• Everything we do is voluntary• Everything we do is free• We do everything in partnership with state &
local agencies• Everything we collect is safeguarded
– PCII
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
PSCD Programs and Initiatives
Office for Bombing Prevention (OBP)DHS’ lead for bombing prevention activitiesSeeks to reduce the Nation’s risk to terrorist
bombing attacks
Vulnerability Assessments Branch (VAB)Conducts vulnerability assessments in partnership
with Federal, State, local, and private sector security partners to prevent, deter, and mitigate the risk of a terrorist attack.
Field Operations Branch (FOB)Protective Security Advisors (PSAs) in all 50 States
and 1 Territory
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
DHS Office of Bombing Prevention
• Coordinates national efforts • Analyzes IED incidents worldwide• Analyzes counter-IED requirements and
capabilities• Promotes information sharing and IED
awareness and vigilance– TRIPWire
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
• Developed in partnership with FBI
• Focus of DHS effort is training and equipping state and local law enforcement and fire fighters.
• Local officers conduct outreach to commercial retailers, service providers, and chemical distributors & wholesalers.
• Educates private sector on suspicious behavior, hazardous materials, precursor chemicals, and other bomb-making information.
Bomb-Making Material Awareness Program (BMAP)
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
DHS Vulnerability Assessments
Man-hours
DetailEnhanced Critical Infrastructure Protection visit
Regional Resiliency Assessment
Buffer-Zone Protection ProgramComputer Based Assessment Tool
+ Site Assist Visit
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Texas
Gulf Coast Florida
Mid-Atlantic
Northeast
Anchorage
Portland
Seattle
Sacramento
San Francisco
Salt Lake City
Denver
Las Vegas
Los Angeles
San Diego
Honolulu
Phoenix
Albuquerque
El Paso
Oklahoma City
San Antonio
Houston
Dallas
Des MoinesOmaha
Kansas City
Minneapolis
Little Rock
Springfield
Chicago
Milwaukee
Grand Rapids Detroit
Cleveland
CincinnatiIndianapolis
Louisville
Nashville
Memphis
ColumbiaAtlantaBirmingham
Mobile
Jackson
Baton RougeNew Orleans
Tampa
Miami
Charlestown
Pittsburgh
BuffaloAlbany
Boston
NorfolkRichmond
BaltimoreWashington, D.C.
San Juan
Guam U.S. Virgin Islands
St. Louis
Harrisburg
Tallahassee
Topeka
Raleigh
Cheyenne
Denton
Helena
Manchester
Williston
Bismarck
PierrePortland
Philadelphia
Dover
New HavenNewarkNew York CityProvidence
Boise
PSA LocationsProtective Security Advisors (PSAs)
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 18
PSAs – Who we are
Link to DHS infrastructure protection resources
• Risk assessment• Information sharing • Incident support
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 19
Who We Are Not
• Grant administrators• Regulators or inspectors• Law enforcement
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 20
• “Risk” is a function of – Consequences– Vulnerability– & Threat
• DHS and our state partners: – Identify and prioritize CIKR according to
consequences– Perform detailed vulnerability assessments of
CIKR – Assess threats
How We Assess Risk
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 21
• Push intelligence & best practices to our local partners
• Conduct intelligence analysis– Regionally at the fusion center– Reach-back to DHS
• Participate in hazard mitigation planning• Provide local context to DHS• Coordinate security training and exercises
How We Share Information
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 22
Critical Infrastructure Information Act of 2002
Protects PCII from • The Freedom of Information Act (FOIA),• State and local disclosure laws, and • Use in civil litigation
• PCII cannot be used for regulatory purposes
• PCII can only be accessed in accordance with strict safeguarding and handling requirements
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 23
• Conduct liaison for CIKR between DHS, state & local agencies + the private sector at the field level.
• Recommend CIKR priorities to the Unified Coordination Group.
• Provides situational awareness on CIKR to the incident managers.
• Support prioritization of response and restoration efforts.
• Leverage private-sector relationships to support response and recovery efforts.
What PSAs do as the Infrastructure Liaison during an incident or special event
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
How we can help members of the CA-NV-AWWA
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Assessing Risk: Infrastructure Surveysaka “Enhanced Critical Infrastructure Protection” (ECIP)
• Helps DHS build the national risk picture• Provides comparison to similar facilities • Based on consistent, objective criteria
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Vulnerability Dashboard
Random Security MeasuresPhysical Security
Overall
Facility and Sector Protective
Measures Index
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Assessing Risk: Buffer Zone Protection Program (BZPP)
• An infrastructure protection grant program targeted to first responders.
• Builds terrorism prevention and protection capabilities through planning and equipment acquisition by local law enforcement and first responders.
• Develops protective measures that make it more difficult for terrorists to conduct surveillance or launch attacks from the immediate vicinity of CIKR.
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Assessing Risk: Site Assistance Visits (SAVs)
• Conducted with federal, state, and local government agencies, and CIKR owners/ operators.
• Identifies CIKR dependencies, interdependencies, resiliency characteristics, and regional capability gaps.
• Increases owner/operator awareness of vulnerabilities and provides options for enhancing protective measures.
• Provides detailed reports to private sector partners used to make security enhancements.
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Assessing Risk: Automated Critical Asset Management System (ACAMS)
• Originally developed by LAPD as “Archangel”– Now administered and funded by DHS
• Conducted by state in partnership with fusion centers and local law enforcement– Not all states & local agencies use this
• Facilitates emergency planning + response• Helps assess consequence + vulnerability
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Cyber Assessments• Cyber Security Evaluation Tool
(CSET) – A desktop software tool – For both control systems and
business/enterprise systems – Guides the user through a step-by-
step process – Assesses cyber systems and network
security practices against recognized industry standards
• Cyber Resiliency Review – A technical assist visit– Assesses key process areas of cyber
security management– Facilitated Q&A that identifies and
substantiates cyber security performance
To learn more: [email protected] or www.us-cert.gov/control_systems/
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Information Sharing Resources
• HSIN• TRIPwire• Infragard• Best practices• Training
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 32
Homeland Security Information Network
• Secure and trusted web-based platform • Sensitive But Unclassified (SBU)
information • Used by federal, state, local, tribal, private
sector• Request membership via e-mail to
[email protected] or 1-866-430-0162
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
TRIPWire
(Technical Resource for Incident Prevention)
• Secure, online information-sharing network
• Current terrorist bombing tactics, techniques, and procedures, including improvised explosive device (IED) design and emplacement.
• Access through HSIN Critical Sectors Community Portal
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Infragard
• A partnership between the FBI and the private sector.
• An association of businesses, academic institutions, state and local law enforcement agencies, and others
• Dedicated to sharing information and intelligence to prevent hostile acts against the United States
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Sharing Best Practices
• Common Vulnerabilities• Potential Indicators of Terrorist Activity• Protective Measures• Active Shooter material• Bombing prevention material
All available on TRIPwire
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 36
Training Resources
Protective Measures2-day courseProvide executives &
employees with the knowledge to identify vulnerabilities & select appropriate protective measures for their facility
Surveillance Detection3-day course Developing, applying,
& employing surveillance detection protective measures
Developing a surveillance detection plan
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
The Department of Homeland Security Control Systems Security Program is offering a one-day introductory training course covering control systems cybersecurity challenges facing the nation’s critical infrastructure. The course discusses the importance of securing control systems, how cyber attacks can be launched, and concepts for implementing mitigation strategies. Participants will also gain an understanding of how to start improving the cyber security posture of their control system networks. Specific topics will include:
• Protecting control systems from cyber attacks and why they are susceptible• Risks and potential consequences of cyber attacks • Common vulnerabilities in industrial control systems• System exposures to attacks, various attack scenarios, and associate mitigation strategies• Control System Security Program products and services available to asset owners.
When: May 5, 2010 – 8:00 a.m. to 5:00 p.m.
Where: Saddleback Church, 1 Saddleback Way, Lake Forest, CA 92630
Who may attend: Priority registration will be given to control system and IT professionals associated with operations of critical infrastructure assets in all sectors.
Cost: The course is offered at no cost. Travel and accommodations are the responsibility of each participant.
Registration: Contact Pete Owen, DHS Protective Security Advisor at [email protected] .
Training CourseIntroduction to Industrial Control Systems Cybersecurity
May 5, 2010
http://www.us-cert.gov/control_systems/index.html
SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY
Questions?
Brian Keith Los Angeles CA 213-369-4932 [email protected]
Donald Ray Los Angeles CA 213-200-0905 [email protected]
Frank Calvillo Sacramento CA 916.203.8995 [email protected]
Peter Owen San Diego CA 619-733-9262 [email protected]
Richard Sierze San Francisco CA 415-209-3574 [email protected]
Richard Stribling San Francisco CA 415-328-8341 [email protected]
Gonzalo Cordova Las Vegas NV 702-271-5509 [email protected]