1 / 71

Introduction to the National Infrastructure Protection Plan IS 860

Introduction to the National Infrastructure Protection Plan IS 860. Amelia Muccio Director of Disaster Planning NEW JERSEY PRIMARY CARE ASSOCIATION. Lesson 1 Overview.

waldemar
Download Presentation

Introduction to the National Infrastructure Protection Plan IS 860

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to the National Infrastructure Protection Plan IS 860 Amelia Muccio Director of Disaster Planning NEW JERSEY PRIMARY CARE ASSOCIATION

  2. Lesson 1 Overview • Explain the criticality of protecting and ensuring the continuity of critical infrastructure (CI) and key resources (KR) of the United States. • Describe how the NIPP provides the unifying structure for the integration of CI/KR protection efforts into a single national program. • Define CI/KR and protection in the content of the NIPP.

  3. Collaborative Partnerships • The NIPP was developed through a collaborative partnership representing the DHS; other Federal agencies; State, tribal, and local gov’t; and the private sector.

  4. Critical Infrastructure and Key Resources (CI/KR) • CI: refers to assets, systems, and networks, whether physical or virtual to the U.S. that the incapacity or destruction of such assets, systems, or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those matters. • KR: as defined in the Homeland Security Act of 2002, are publicly or privately controlled resources essential to the minimal operations of the economy or gov’t.

  5. Importance of CI/KR • Terrorists attacks on CI/KR and other manmade or natural disasters could significantly disrupt the functioning of gov’t and business alike, and produce cascading effects far beyond the affected CI/KR and physical location of the incident.

  6. NIPP • The NIPP provides the unifying structure for the integration of CI/KR protection efforts into a single national program. • The NIPP establishes an overall framework for integrating programs and activities that are currently underway in the various sectors, as well as new and developing CI/KR protection efforts.

  7. NIPP Goal • Achieving the NIPP goal requires: • Understanding and sharing information about terrorists threats and other hazards. • Building security partnerships to share information and implement CI/KR protection programs. • Implementing a long-term risk-management program. • Maximizing efficient use of resources for CI/KR protection.

  8. Building on Homeland Security Strategies • Builds on the principles of the President’s National Strategy for Homeland Security and its companion strategies for the physical protection of critical infrastructure and key assets and the securing of cyberspace. • Fulfills requirements in Homeland Security Presidential Directive 7 (HSPD-7) and the Homeland Security Act of 2002.

  9. The Terrorist Threat • Terrorists attacks against CI/KR across the U.S. could serious threaten national security, result in mass casualties, weaken the economy, and damage public morale and confidence.

  10. All-Hazards Approach • The direct impacts, disruptions, and cascading effects of natural disasters and manmade incidents on the Nation’s CI/KR are well documented.

  11. Integration Framework • Many owners and operators, gov’t emergency managers, and first responders have developed strategies, plans, policies, and procedures for preparing for, mitigating, responding to, and recovering from a variety of natural and manmade incidents.

  12. Security Partnerships • The NIPP defines security partners as those Federal, State, regional, Territorial, local, or tribal gov’t entities, private sector owners and operators and representative organizations, academic and professional entities, and certain not-for-profit and private volunteer orgs that share in the responsibility for protecting the Nation’s CI/KR. • NIPP provides the framework that allows these partners to work collaboratively.

  13. Sector-Specific Nature of CI/KR Protection • HSPD 7 designated responsibility to various Federal gov’t departments to serve as Sector-Specific Agencies (SSAs) for each of the CI/KR sectors. • SSAs are responsible for working with DHS to implement the NIPP sector partnership model and risk management framework, develop protective programs and related requirements, and provide sector-level CI/KR protection guidance.

  14. The Value Proposition • The public-private partnership called for in the NIPP provides the foundation for effective CI/KR protection. • Gov’t and private-sector bring core competencies. • Prevention, response, mitigation, and recovery efforts are most efficient and effective when there is full participation of gov’t and private sector partners. • The success of the partnership depends on articulating the mutual benefits to gov’t and private sector partners.

  15. Private Sector Capabilities • Management of a vast majority of CI/KR in many sectors. • Knowledge of CI/KR assets, networks, facilities, functions, and other capabilities. • Capability to take initial first-response actions in the event of an incident. • Ability to innovate and to provide products, services, and technologies to address security gaps. • Robust mechanisms for sharing and protecting sensitive information regarding threats, vulnerabilities, countermeasures, and best practices.

  16. Risk Management Framework • The cornerstone of the NIPP is its risk management framework. • This framework establishes the process for combining consequence, vulnerability, and threat information to produce a comprehensive, systemic, and rational assessment of national or sector-specific risk that drives CI/KR protection activities.

  17. Adaptive Nature of Terrorist Threat • A risk-based approach will provide the basis for an effective risk management strategy and efficient resource allocation.

  18. Information Sharing Among Security Partners • Robust, multidirectional information sharing. • When owners/operators are provided with comprehensive picture of threats and hazards to CI/KR and participate in ongoing multidirectional information flow, their ability to assess risks, make prudent security investments, and take protective actions is sustainably enhanced. • When the gov’t is equipped with an understanding of private sector information needs, it can adjust its information collection, analysis, synthesis, and dissemination activities accordingly.

  19. Information Sharing (con’t) • When the private sector is assured that critical infrastructure information that it shares with the gov’t will be protected from release or disclosure, the Nation’s CI/KR protection capabilities will be enhanced.

  20. Information Flow and Protection • The NIPP information sharing approach constitutes a shift from a strictly hierarchical to a networked model, allowing distribution and access to information to enable decentralized decision-making and actions. • Information in the network is: • Protected • Safeguarded • Monitored

  21. NIPP Components • The NIPP covers the full range of physical, cyber, and human protection within and across all of the Nation’s CI/KR sectors: • Executive Summary • Introduction • Authorities, Roles, and Responsibilities • The Protection Program Strategy • Organizing and Partnering • Integrating CI/KR Protection • Ensuring an Effective and Efficient Program • Providing Resources for the CI/KR Protection Program

  22. Lesson 2 Overview • DHS • SSAs • Other Federal departments/agencies • State, local, and tribal jurisdictions • Private-Sector owners and operators

  23. Homeland Security Act of 2002 • Provides the primary authority for the overall homeland security mission and provides the basis for DHS responsibilities in the protection of the Nation’s CI/KR.

  24. HSPD-7 • The national approach to CI/KR protection is provided through the unifying framework established by HSPD-7. • This directive establishes the U.S. policy for enhancing protection of the Nation’s CI/KR and mandates a national plan to actuate that policy. • Security of Homeland Security as the principal Federal office to lead CI/KR protection efforts.

  25. SSAs • SSAs are responsible for working with DHS to implement the NIPP sector partnership model and risk management framework, develop protective programs and related requirements, and provide sector-level CI/KR protection guidance in line with overarching guidance. • SSAs also develop sector-specific plans and feedback.

  26. SSAs AssignmentsSSA------------------CI/KR • Dept of Agriculture Agriculture and Food • HHS “ “ • DoD Defense Industrial Base • Dept of Energy Energy • HHS Public Health/Healthcare • Dept of Interior Monuments/Icons • Dept of Treasury Banking/Finance • EPA Drinking H20/Water Treatment • DHS OIP Chemical, Dams, Nuclear Reactors, Waste • DHS Cyber IT • TSA Postal and Shipping • TSA Transportation • Immigration Gov’t Facilities

  27. Other Federal Agencies • Assist in assessing risk, prioritizing CI/KR, and enabling protective actions and programs within that sector. • Support the national goal of enhancing CI/KR protection through their roles as the regulatory agencies for owners and operators represented within specific sectors when so designated by statue.

  28. State and Territorial Gov’t • Serve as crucial coordination hubs, bringing together prevention, protection, response, and recovery authorities; capacities; and resources. • Coordinate requests for Federal assistance when the threat or incident situation exceeds jurisdictional capabilities. • Develop and implement statewide/regional CI/KR protection programs that reflect the full range of NIPP activities.

  29. Local Gov’t • Provide critical public services and functions in conjunction with private-sector owners and operators. • Drive emergency preparedness, as well as local participation in NIPP and SSP implementation, across a variety of jurisdictional security partners.

  30. Tribal Gov’t • Tribal gov’t roles and responsibilities regarding CI/KR mirror those of State and local gov’t. • Under NIPP, tribal gov’t must ensure close coordination with Federal, State and local and international counterparts to achieve synergy in the implementation of the NIPP/SSP frameworks.

  31. Regional Partners • Regional security partners include a variety of public-private initiatives that cross jurisdictional and/or sector boundaries and focus on homeland security and phases of disaster mgt. • Specific regional initiatives range in scope from orgs that include multiple jurisdictions and private-sector partners within a single State to groups that involve jurisdictions and enterprises in more than one State and internationally focused.

  32. Regional Partners: Best Practices • Pacific Northwest Economic Region • The region established by statute in all member States and provinces, sponsors binational, multijurisdictional CI/KR protection interdependency exercises, and has developed an action plan outlining several physical and cyber CI/KR protection projects with important regional impact.

  33. Boards, Commissions, Authorities, Councils, and Other Entities • Perform regulatory, advisory, policy, or business oversight functions related to various aspects of CI/KR operations and protection within and across sectors and jurisdictions. • These entities may serve as SSAs within a State and contribute expertise. • Housing authorities, water and sewer boards, park commissions (examples)

  34. Commissions: Public Utility • Creating networks among utility regulators and other Federal, State, local, and private sector entities to address cross-sector issues. • Recommending strategies to facilitate information sharing. • Recommending cost-effective solutions • Identifying and prioritizing issues, researching best practices, and disseminating information.

  35. Private-Sector Owners and Operators • Owners and operators generally represent the first line of defense for the CI/KR under their control. • Private-sector owners and operators are responsible for taking action to support risk mgt planning and make prudent investments in security measures by: • Continuity of Business and EMPs • Protect facilities against physical and cyber attacks and natural disasters • Guarding against the insider threat • Building increased resiliency and redundancy into business processes and systems • Minimize impact of surrounding communities

  36. Sector Coordinating Councils (SCCs) • The sector partnership encourages CI/KR owners and operators to create or identify a Sector Coordinating Council as the principal entity for coordinating with the gov’t on a wide range of CI/KR protection activities and issues. • The PCIS provides senior level, cross sector strategic coordination through partnerships with DHS and the SSAs.

  37. Government Coordinating Councils (GCCs) • Formed as the government counterpart for each SCC to enable interagency and cross-jurisdictional coordination. • GCC is compromised of all levels of gov’t. • Government Cross-Sector Council addresses cross-sector issues.

  38. Critical Infrastructure Partnership Advisory Council (CIPAC) • Directly supports the NIPP sector partnerships by providing a legal framework for members of the SCCs and GCCs to engage in joint CI/KR protection-related activities. • CIPAC serves as a forum for gov’t and private sector security partners to engage in a broad spectrum of activities including planning, coordination, and implementation of operational activities.

  39. Regional and Int’l Coordination • Regional: regional partnerships, groupings, and governance bodies enable CI/KR protection within and across geographical areas and sectors. • Int’l: The U.S.-Canada-Mexico Security and Prosperity Partnership, North Atlantic Treaty Org Senior Civil EP Committee, and other non-governmental and public-private orgs enable a range of CI/KR protection through int’l agreements.

  40. Advisory Councils • Provide advice, recommendations, and expertise to the gov’t regarding CI/KR. • Enhance private-public partnerships • Engagement of PPP

  41. AC Examples • Homeland Security Advisory Council: advice to Secretary of DHS • Private Sector Senior Advisory Committee: provides HSAC (above) with expertise • National Infrastructure Advisory Council: provides the President with advice • National Security Telecommunications Advisory Committee: industry-based advice and expertise

  42. Academia, Research Centers, and Think Tanks • Establishing Centers of Excellence • Supporting research • Analyzing, and sharing best practices • Disseminating guidelines • Conducting research for new technologies

  43. Lesson 3 Overview • Describe how the use of the risk mgt framework ensures a steady state of protection within and across the CI/KR sectors. • Indentify the risk mgt activities implemented by security partners.

  44. Managing Risk • The NIPP risk mgt framework establishes a process for identifying risks and prioritizing protection initiatives and investments within and across sectors. • Gov’t and private sector offer the most benefit for mitigating risk by lessening vulnerabilities, deterring threats, and minimizing the consequence of terrorist attacks and other manmade and natural disasters.

  45. What is Risk? • Risk is defined as a measure of potential harm that encompasses threat, vulnerability, and consequence. • Risk is the expected magnitude of loss due to an event along with the likelihood of such an event occurring and causing that loss.

  46. NIPP Risk Mgt Framework • Setting security goals • Identifying assets • Assessing risks • Prioritizing and implementing corrective programs • Measuring performance • Taking corrective action

  47. NIPP Risk Mgt Framework (con’t) • Applicable to the general threat environment, as well as to specific threats or incidents situations • Structured to promote continuous improvement to enhance CI/KR protection • Tailored ad applied on an asset depending on the fundamental characteristics of the individual CI/KR sectors.

  48. SSAs Responsibilities • Developing and implementing Sector-specific plans • Fostering communication • Coordinating sector-wide risk mgt • Prioritizing sector risks and needs

  49. DHS Responsibilities • Supporting risk mgt efforts by providing guidance, tools, and analytical support to SSAs and other security partners. • Using the results obtained in sector-specific risk mgt efforts to conduct cross-sector risk analysis and mgt activities. • Working with security partners to identify and share threat information, lessons learned and best practices.

  50. Physical, Cyber, and Human Elements • Physical: tangible property • Cyber: electronic information and communication systems, and the information contained therein • Human: critical knowledge of functions or people uniquely susceptible to attack

More Related