u.s. department of homeland security protective security ...brief to ca-nv-awwa march 31, 2010 u.s....

Brief to CA-NV-AWWA

March 31, 2010

U.S. Department of Homeland SecurityProtective Security Coordination Division

Pete Owen, Protective Security Advisor

SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY 2

Goal for this afternoon

• The National Infrastructure Protection Plan

• The Role of the Protective Security Coordination Division

• How we can help members of the CA-NV-AWWA

SENSITIVE BUT UNCLASSIFIEDFOR OFFICIAL USE ONLY

The National Infrastructure Protection Plan


HSPD-7, the National Infrastructure Protection Plan,

and the Water Sector-Specific Plan


Critical Infrastructure and Key Resources Critical Infrastructure :

Agriculture and FoodBanking and FinanceChemicalCritical ManufacturingDefense Industrial BaseWaterEmergency ServicesEnergyInformation TechnologyNat’l Monuments & IconsPostal and ShippingPublic Health & HealthcareTelecommunicationsTransportation Systems

Key ResourcesCommercial FacilitiesCommercial Nuclear

Reactors, Materials, and Waste

DamsGovernment Facilities


CI in the Water Sector

• Raw Water Supply, Storage & Transmission• Water Treatment Facilities• Treated Water Storage & Distribution

Systems• Treated Water Monitoring Systems &

Distribution Control Centers• Wastewater Treatment Facilities

• Dam Sector: Reservoir Dam Projects


Sector Partnership Model

• Critical infrastructure protection and resiliency are the shared responsibilities of Federal, State, local, tribal, and territorial governments, regional coalitions, and the owners and operators of the Nation’s CIKR

• NIPP outlines their roles & responsibilities • Also describes the information-sharing environment & communications


Example: Water Sector

• Lead Federal Agency: Environmental Protection Agency

• SCC: Water Sector Coordinating Council (WSCC)

• WSCC mission: “To serve as a policy, strategy, and coordination mechanism and recommend actions to reduce and eliminate significant homeland security vulnerabilities to the water sector through interactions with the Federal government.”


NIPP Risk Management Framework


Security Goals for the Water Sector

• Sustain protection of public health and the environment.

• Recognize and reduce risks.• Maintain a resilient

infrastructure.• Increase communication,

outreach, and public confidence.


The Role of the Protective Security Coordination Division


PSCD Programs

• Everything we do is voluntary• Everything we do is free• We do everything in partnership with state &

local agencies• Everything we collect is safeguarded

– PCII


PSCD Programs and Initiatives

Office for Bombing Prevention (OBP)DHS’ lead for bombing prevention activitiesSeeks to reduce the Nation’s risk to terrorist

bombing attacks

Vulnerability Assessments Branch (VAB)Conducts vulnerability assessments in partnership

with Federal, State, local, and private sector security partners to prevent, deter, and mitigate the risk of a terrorist attack.

Field Operations Branch (FOB)Protective Security Advisors (PSAs) in all 50 States

and 1 Territory


DHS Office of Bombing Prevention

• Coordinates national efforts • Analyzes IED incidents worldwide• Analyzes counter-IED requirements and

capabilities• Promotes information sharing and IED

awareness and vigilance– TRIPWire


• Developed in partnership with FBI

• Focus of DHS effort is training and equipping state and local law enforcement and fire fighters.

• Local officers conduct outreach to commercial retailers, service providers, and chemical distributors & wholesalers.

• Educates private sector on suspicious behavior, hazardous materials, precursor chemicals, and other bomb-making information.

Bomb-Making Material Awareness Program (BMAP)


DHS Vulnerability Assessments

Man-hours

DetailEnhanced Critical Infrastructure Protection visit

Regional Resiliency Assessment

Buffer-Zone Protection ProgramComputer Based Assessment Tool

+ Site Assist Visit


Texas

Gulf Coast Florida

Mid-Atlantic

Northeast

Anchorage

Portland

Seattle

Sacramento

San Francisco

Salt Lake City

Denver

Las Vegas

Los Angeles

San Diego

Honolulu

Phoenix

Albuquerque

El Paso

Oklahoma City

San Antonio

Houston

Dallas

Des MoinesOmaha

Kansas City

Minneapolis

Little Rock

Springfield

Chicago

Milwaukee

Grand Rapids Detroit

Cleveland

CincinnatiIndianapolis

Louisville

Nashville

Memphis

ColumbiaAtlantaBirmingham

Mobile

Jackson

Baton RougeNew Orleans

Tampa

Miami

Charlestown

Pittsburgh

BuffaloAlbany

Boston

NorfolkRichmond

BaltimoreWashington, D.C.

San Juan

Guam U.S. Virgin Islands

St. Louis

Harrisburg

Tallahassee

Topeka

Raleigh

Cheyenne

Denton

Helena

Manchester

Williston

Bismarck

PierrePortland

Philadelphia

Dover

New HavenNewarkNew York CityProvidence

Boise

PSA LocationsProtective Security Advisors (PSAs)


PSAs – Who we are

Link to DHS infrastructure protection resources

• Risk assessment• Information sharing • Incident support


Who We Are Not

• Grant administrators• Regulators or inspectors• Law enforcement


• “Risk” is a function of – Consequences– Vulnerability– & Threat

• DHS and our state partners: – Identify and prioritize CIKR according to

consequences– Perform detailed vulnerability assessments of

CIKR – Assess threats

How We Assess Risk


• Push intelligence & best practices to our local partners

• Conduct intelligence analysis– Regionally at the fusion center– Reach-back to DHS

• Participate in hazard mitigation planning• Provide local context to DHS• Coordinate security training and exercises

How We Share Information


Critical Infrastructure Information Act of 2002

Protects PCII from • The Freedom of Information Act (FOIA),• State and local disclosure laws, and • Use in civil litigation

• PCII cannot be used for regulatory purposes

• PCII can only be accessed in accordance with strict safeguarding and handling requirements


• Conduct liaison for CIKR between DHS, state & local agencies + the private sector at the field level.

• Recommend CIKR priorities to the Unified Coordination Group.

• Provides situational awareness on CIKR to the incident managers.

• Support prioritization of response and restoration efforts.

• Leverage private-sector relationships to support response and recovery efforts.

What PSAs do as the Infrastructure Liaison during an incident or special event


How we can help members of the CA-NV-AWWA


Assessing Risk: Infrastructure Surveysaka “Enhanced Critical Infrastructure Protection” (ECIP)

• Helps DHS build the national risk picture• Provides comparison to similar facilities • Based on consistent, objective criteria


Vulnerability Dashboard

Random Security MeasuresPhysical Security

Overall

Facility and Sector Protective

Measures Index


Assessing Risk: Buffer Zone Protection Program (BZPP)

• An infrastructure protection grant program targeted to first responders.

• Builds terrorism prevention and protection capabilities through planning and equipment acquisition by local law enforcement and first responders.

• Develops protective measures that make it more difficult for terrorists to conduct surveillance or launch attacks from the immediate vicinity of CIKR.


Assessing Risk: Site Assistance Visits (SAVs)

• Conducted with federal, state, and local government agencies, and CIKR owners/ operators.

• Identifies CIKR dependencies, interdependencies, resiliency characteristics, and regional capability gaps.

• Increases owner/operator awareness of vulnerabilities and provides options for enhancing protective measures.

• Provides detailed reports to private sector partners used to make security enhancements.


Assessing Risk: Automated Critical Asset Management System (ACAMS)

• Originally developed by LAPD as “Archangel”– Now administered and funded by DHS

• Conducted by state in partnership with fusion centers and local law enforcement– Not all states & local agencies use this

• Facilitates emergency planning + response• Helps assess consequence + vulnerability


Cyber Assessments• Cyber Security Evaluation Tool

(CSET) – A desktop software tool – For both control systems and

business/enterprise systems – Guides the user through a step-by-

step process – Assesses cyber systems and network

security practices against recognized industry standards

• Cyber Resiliency Review – A technical assist visit– Assesses key process areas of cyber

security management– Facilitated Q&A that identifies and

substantiates cyber security performance

To learn more: [email protected] or www.us-cert.gov/control_systems/


Information Sharing Resources

• HSIN• TRIPwire• Infragard• Best practices• Training


Homeland Security Information Network

• Secure and trusted web-based platform • Sensitive But Unclassified (SBU)

information • Used by federal, state, local, tribal, private

sector• Request membership via e-mail to

[email protected] or 1-866-430-0162

mailto:[email protected]�


TRIPWire

(Technical Resource for Incident Prevention)

• Secure, online information-sharing network

• Current terrorist bombing tactics, techniques, and procedures, including improvised explosive device (IED) design and emplacement.

• Access through HSIN Critical Sectors Community Portal


Infragard

• A partnership between the FBI and the private sector.

• An association of businesses, academic institutions, state and local law enforcement agencies, and others

• Dedicated to sharing information and intelligence to prevent hostile acts against the United States


Sharing Best Practices

• Common Vulnerabilities• Potential Indicators of Terrorist Activity• Protective Measures• Active Shooter material• Bombing prevention material

All available on TRIPwire


Training Resources

Protective Measures2-day courseProvide executives &

employees with the knowledge to identify vulnerabilities & select appropriate protective measures for their facility

Surveillance Detection3-day course Developing, applying,

& employing surveillance detection protective measures

Developing a surveillance detection plan


The Department of Homeland Security Control Systems Security Program is offering a one-day introductory training course covering control systems cybersecurity challenges facing the nation’s critical infrastructure. The course discusses the importance of securing control systems, how cyber attacks can be launched, and concepts for implementing mitigation strategies. Participants will also gain an understanding of how to start improving the cyber security posture of their control system networks. Specific topics will include:

• Protecting control systems from cyber attacks and why they are susceptible• Risks and potential consequences of cyber attacks • Common vulnerabilities in industrial control systems• System exposures to attacks, various attack scenarios, and associate mitigation strategies• Control System Security Program products and services available to asset owners.

When: May 5, 2010 – 8:00 a.m. to 5:00 p.m.

Where: Saddleback Church, 1 Saddleback Way, Lake Forest, CA 92630

Who may attend: Priority registration will be given to control system and IT professionals associated with operations of critical infrastructure assets in all sectors.

Cost: The course is offered at no cost. Travel and accommodations are the responsibility of each participant.

Registration: Contact Pete Owen, DHS Protective Security Advisor at [email protected] .

Training CourseIntroduction to Industrial Control Systems Cybersecurity

May 5, 2010

http://www.us-cert.gov/control_systems/index.html

http://www.us-cert.gov/control_systems/index.html�


Questions?

Brian Keith Los Angeles CA 213-369-4932 [email protected]

Donald Ray Los Angeles CA 213-200-0905 [email protected]

Frank Calvillo Sacramento CA 916.203.8995 [email protected]

Peter Owen San Diego CA 619-733-9262 [email protected]

Richard Sierze San Francisco CA 415-209-3574 [email protected]

Richard Stribling San Francisco CA 415-328-8341 [email protected]

Gonzalo Cordova Las Vegas NV 702-271-5509 [email protected]

u.s. department of homeland security protective security ...brief to ca-nv-awwa march 31, 2010 u.s....

Documents