1 / 20

CI/KR Public-Private Partnerships

CI/KR Public-Private Partnerships. Overview March 2010 Prepared By: Thomas DiNanno International Assessment and Strategy Center.

savea
Download Presentation

CI/KR Public-Private Partnerships

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CI/KR Public-Private Partnerships Overview March 2010 Prepared By: Thomas DiNanno International Assessment and Strategy Center

  2. The United States will forge an unprecedented level of cooperation throughout all levels of government, with private industry and institutions, and with the American people to protect our critical infrastructure and key assets from terrorist attack. The National Strategy for Homeland Security July 2002 Vision

  3. HSPD-7 directs the development of a National Infrastructure Protection Plan (NIPP) The NIPP is a comprehensive, integrated National Plan for Critical Infrastructure and Key Resources Protection to outline national goals, objectives, milestones, and key initiatives. The Plan includes the following elements: A strategy to identify, prioritize, and coordinate CI/KR protection, including how DHS intends to work with Federal departments and agencies, State and local governments, the private sector, foreign countries, and international organizations; HSPD-7 Requirements

  4. Agriculture, Food Public Health, Healthcare, Food Drinking Water, Water Treatment HSPD-7 Designated Sectors & Agencies Defense Industrial Base Energy Banking and Finance USDA National Monuments & Icons HHS Transportation Systems EPA Information Technology DHS is responsible for coordinating the overall national effort to enhance protection of CI/KR across Sectors DoD Telecommunications DOE Chemical TREAS Emergency Services DOI Postal and Shipping DHS Critical Infrastructure Sectors Commercial Facilities DHS Government Facilities DHS Sector-Specific Agencies (SSAs) DHS Dams DHS Commercial Nuclear Reactors, Materials, & Waste DHS DHS DHS DHS Key Resources DHS

  5. The NIPP uses a network approach to information sharing that: Enables secure multidirectional information sharing between and across government and CI/KR owners and operators at all levels. Provides mechanisms, using “need to know” protocols as required, to support the development and sharing of strategic and specific threat assessments, incident reports and threat warning, impact assessments, and best practices. Allows security partners to assess risks, conduct risk management activities, allocate resources, and make continuous improvements to the Nation’s CI/KR protective posture DHS and other Federal agencies use a number of programs and procedures, such as the Protected Critical Infrastructure Information (PCII) Program, to ensure that CI/KR information is properly safeguarded Major NIPP Theme: Information Sharing and Protection

  6. Resources must be directed to areas of greatest priority to enable effective management of risk. The NIPP resource allocation process describes: The integrated risk-based approach that will be used to determine how CI/KR protection programs will be prioritized and funded How State- and local-level CI/KR protection efforts will be supported through DHS and other CI/KR protection Grant Programs How all of these investments, coupled with appropriate incentives, support collaboration among security partners to enhance CI/KR protection Major NIPP Theme: Providing Resources for the CI/KR Protection Program

  7. The success of the partnership for CI/KR protection depends on articulating the mutual benefits to government and private sector partners. This value proposition: Enables Federal, State, local, tribal and private sector security partners to clearly understand the national CI/KR protection priorities Provides CI/KR protection planning, information sharing, risk management, resource coordination, and program implementation processes Is intended to be used as a framework for coordinating CI/KR protection efforts across sectors and security partners NIPP Value Proposition

  8. Provides the framework for security partners to work together in a robust public-private partnership. Major NIPP Theme: Sector Partnership Model

  9. Implementing the NIPP Public Health, Healthcare, Food Drinking Water, Water Treatment Defense Industrial Base Energy Banking and Finance National Monuments & Icons HHS Transportation Systems EPA Information Technology DoD Telecommunications DOE Chemical TREAS Emergency Services DOI Postal and Shipping DHS Commercial Facilities DHS Government Facilities DHS DHS Dams DHS Commercial Nuclear Reactors, Materials, & Waste DHS DHS DHS DHS DHS

  10. SSPs are annexes to the NIPP Base Plan SSPs detail the application of the NIPP risk management framework across each of the 17 CI/KR sectors Sector-Specific Agencies partner with their sector to develop the individual SSP Finalized SSPs are to be submitted to DHS within 180 days after the NIPP is issued by the Secretary of Homeland Security Sector-Specific Plans (SSPs) Content Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans Sector-Specific Plans (17)

  11. Security goals collectively represent the desired national and sector-specific security posture These goals will vary between sectors and should consider the physical, human, and cyber elements of CI/KR protection From the sector perspective, security goals: Define the protective (and, if appropriate, the response or recovery) posture that security partners seek to attain Consider distinct assets, systems, networks, operational processes, business environments, and risk management approaches Vary according to the specific characteristics and security landscape for the affected sector, jurisdiction, or locality Set Security Goals

  12. Involves developing a comprehensive inventory containing basic information on the Nation’s assets, systems, and networks This inventory can be used to determine which assets systems, or networks are nationally critical, state critical, or locally critical based on the most current risk profile Identify Assets, Systems, Networks, and Functions

  13. Is the Methodology Credible? Integrity: Is the methodology based on classic risk analysis and security vulnerability analysis Complete: Does the methodology provide reasonably complete results via a quantitative, systematic, and rigorous process Defensible: Is the methodology thorough and does it use the recognized methods of the professional disciplines relevant to the analysis Is the Methodology Comparable to Other Methodologies? Documented Transparent Reproducible Accurate Evaluating Existing Risk Methodologies

  14. DHS will work with security partners to prioritize the results of risk assessments to help identify where risk reduction is most pressing and to subsequently determine what protective actions should be taken Requires a comparison of the relative levels of asset and sector risk along with options for achieving the established security goals Enables protective actions to be applied where they offer the greatest reduction in risk relative to the cost Prioritize

  15. Protective actions are intended to reduce risk by: Deterring attacks Devaluing the attractiveness of the asset, system, or network Detecting potential attacks Defending the asset, system, or network to delay or prevent an attack Protective programs may also include actions that reduce consequences should an attack occur, including: Mitigating the range of potential attacks Responding and recovering efficiently and effectively Implement Protective Programs

  16. NIPP establishes a metrics-based system to provide feedback on efforts to attain specified security goals Metrics provide a basis for establishing accountability, documenting actual performance, facilitating diagnoses, promoting effective management, and reassessing goals and objectives at the national and sector level NIPP Risk Management Framework uses three types of metrics Descriptive Process (or output) Outcome Measure Effectiveness

  17. The NIPP was developed as a collaborative process between DHS, the SSAs and State, local, and private sector security partners. The review and comment process: Broadly distributed for review across sectors and at each level of government and the private sector and the public to obtain individual comments and input Draft NIPP Base Plan was Distributed to the following Security Partners: Federal Government DHS; Sector-Specific Agencies; HSPD-7 Departments & Agencies; Government Coordinating Councils State, Local, Territorial, and Tribal Governments Homeland Security Advisors; State Administrative Agents and Emergency Managers Advisory Councils National Infrastructure Advisory Council; National Security Telecommunications Committee; Homeland Security Advisory Committee Private Sector Partners Sector Coordinating Councils; Private Sector Security Partners NIPP Development & Coordination

  18. Chemical Security HIGH RISK CHEMICAL FACILITIES – Sec 550 Tier 1= Universe Potentially High-Risk Chemical Facilities Perform CSAT Consequence Screen Tier 1= Facilities deemed not high-risk 20,000 6000 ? 20,000

  19. Chemical Security Risk Based Performance Standards Define the Performance Standards • Have defined 17 Performance Standards • Standards will be tied to specific risk types present at the facility (i.e., release hazard; precursor; sabotage; economic/mission criticality). • Standards address the full range of security practices: • Physical Security • Perimeter Control • Access Control • Cyber Security (physical and logical) • Personnel surety • Deter Detect Delay • Security and Response Force planning and training & Exercise • Material Control • Counter Theft – Counter Diversion

  20. Emergency Management • Support response, recover, and reconstitution efforts of States affected by a disaster: • Support PFO and FCO in Joint Field Offices (JFOs) • Serve as pre-designated IL and JFO when requested • Help coordinated Federal, State, and LLE CIKR protection efforts • Coordinate sharing of IP HQ analysis within JFO • Perform SAVs to identify vulnerabilities • Provide advice on protective measures to enhance security at CIKR in and around impact area • Provide key stakeholders with updates on issues relating to CIKR assets

More Related