Presentation on theme: "Department of Homeland Security Site Assistance Visit (SAV)"— Presentation transcript:
1 Department of Homeland Security Site Assistance Visit (SAV)
2 Department History and Mission Created by the Homeland Security Act of 2002Activated on March 1, 2003Absorbed 22 agenciesMissionPrevent terrorist attacks withinthe United StatesReduce America’s vulnerabilityto terrorismMinimize the damage and recoverfrom attacks that do occurDHS ~ 2.5 years year oldIt takes time to organize 22 agenciesEveryday we improve agency cooperationThere are various changes occurring to streamline organization and better assist facility ownersBriefly discuss the three main points of the DHS MissionOur guidance is The Homeland Security Policy Directives along with the Homeland Security Act of 2002HSPD 7 is the key document that tells us to identify, prioritize and protect critical infrastructure.Consistent with this directive, we will identify, prioritize, and coordinate the protection of critical infrastructure and key resources (More on Mission in upcoming slides)
3 Organization Under Secretary National Protection and Programs Assistant Secretary Infrastructure ProtectionStaff DirectorHomeland Infrastructure Threat Risk Analysis CenterRisk Management DivisionContingency Planning & Support DivisionInfrastructure Partnership DivisionChemical & Nuclear Preparedness & Protection DivisionWithin the Preparedness Directorate we are one of the Divisions that make-up the Office of Infrastructure Protection.
4 Risk Management Division Organization RMD DirectorRMD Deputy DirectorStaff DirectorPlans and Policy BranchProgram Support BranchField Operations BranchInteragency Management BranchRisk Analysis BranchThis is the proposed organizational structure that we expect to be in place soon.Org charts are subject to change, but the basic process tends to remain the same.PSA is in this chart also…PSA is local link to DHS HQ. They have a vast range of resources available to assist local officials and business.
5 Risk Management Division (RMD) Mission Mission StatementThe Risk Management Division will reduce the Nation’s vulnerability to terrorism and deny the use of critical infrastructure and key resources (CI/KR) as a weapon by developing, coordinating, integrating, and implementing plans and programs that identify, catalog, prioritize (using a risk-based approach), and protect CI/KR in cooperation with all levels of government and private sector partners.In addition to Mission, RMD Roles and Responsibilities Include:Principal source of risk based prioritization for allocation of Federal resources for protective effortsMetrics/Performance Measurement of NIPP executionSector coordination & program management for designated NIPP sectors (5 or 2, depending on status of reorg at time of presentation)Provision of services to other SSAs in support of operations in the sectors for which RMD is not the SSA, including establishing standards, guidelines and templates.Maintenance of surge capability to support field response to I&W in all sectorsMaintenance of surge service capability and operational component to support NSSE and other eventsLead on effort to design protection into facilitiesField an organization (PSA’s) to represent DHS/IP in local communities, serving as a liaison and reach-back capacity between DHS, the private sector, and federal, state, local and tribal entities, acting as DHS’ on-site specialist.Provide expertise to the PFOs and others responsible for SE’s, including NSSEs; and providing real-time information on facility significance and protective measures
6 RMD Vulnerability Identification and Reduction Efforts Vulnerability Identification Self-Assessment Tool (ViSAT)Buffer Zone Protection PlanComprehensive ReviewSite Assistance Visit (SAV)Be sure to highlight the type of visit being conductedSite Assistance Visit:1-3 day visitIdentify weaknesses that terrorists can exploit to increase the probability of success of an attackIdentify protective measures currently in place and assess their adequacy to minimize or withstand the risk or consequences of an attack.The Site Assistance Visit (SAV) program can be traced back to President Clinton’s Commission on Critical Infrastructure Protection, and began as the Department of Energy’s (DOE) Vulnerability Assessment Program for Energy Infrastructures (2001).The SAV program was born in Since this date, ~ 600 SAVs have been performed among the nation’s 17 sectors of CI.Since its inception, SAV program goals have revolved around identifying site vulnerabilities and incorporating local first responders and owners and operators into the site visit process. As the program has matured, these objectives have expanded in scope to include:Better understand and prioritize vulnerabilitiesProvide results to assist policy makersIncrease awareness of threats and vulnerabilitiesEnhance overall capabilities to identify and mitigate vulnerabilitiesFacilitate government information sharing (e.g., threat assessments, vulnerability reductionsEnhance vulnerability assessment methodology developmentAs both RMD and DHS have matured, the SAV program has become more sophisticated. What began as an legacy program has become a fine-tuned field assessment that not only provides government with information necessary to formulate national protection strategies, but also one that now gives sites detailed unclassified reports, or “Green Reports”, on their specific facilities.RMD now also has the ability to modify surveys and assessments, essentially customizing them around the needs of the facility, DHS, or both. This new built-in flexibility allows RMD to better serve the needs of industry while improving the quality of data collected. Rapid Response VisitVisit of less than a dayReview of policy and procedures and quick review of facilityIdentify vulnerabilities and provide options for consideration.ViSATA web-based Self Assessment tool for owners/operators to identify vulnerabilities of specific facilitiesInitial application was for stadiums and arenasBeing expanded to other soft targetsBuffer Zone Protection Plan:Developed independently or with RMD assistanceFacilitate the development of effective protective measuresMake it difficult for terrorists to conduct surveillance or launch an attack from the immediate vicinity.
7 Site Assistance Visit (SAV) The SAV is an information gathering visitStrictly voluntaryThis visit is non-regulatory and is not an inspection, audit or testThere is no pass - fail gradeSite Assistance Visit(SAV)
8 Objectives Provide information to fulfill DHS mission Identify and document Critical infrastructure/Key Resource vulnerabilitiesProvide information for protective measures planning and resource allocationIdentify and document protective measures for HSAS threat levelsProvide private sector with key information (comparative statistics, feedback, lessons learned, best practices)These are the goals we address with this SAV. We are identifying vulnerabilities at key sites around the nation and providing “options for consideration” to mitigate those vulnerabilities.Explain why this location was selected:Stakeholder requestNSSELocal PDActual threatState requestThe solutions we provide come from;1) our own expertise2) the security industry, and3) similar sites we have already visited that have been proactive and implemented solutions to vulnerabilities they have identified.(Def. “Option for Consideration” – a option that incorporates the quickest acquisition and installation timeframe, most cost effective, and eliminates the maximum amount of a site vulnerability.)What occurs at a given site when a change occurs in the HSAS level. Assists decision makers determine what actions are occurring or what support if any, is required.The information gathered and the protective measures suggested minimize the possibility of our own infrastructure and interdependencies used against us as a weapon.Information adds to development of common vulnerabilities and potential indicator CV/PI papersAssists in the sharing of best practices, lessons learned and provides comparative statistics
9 Agenda Opening Comments Introductions DHS In-Briefing Overview of FacilityPreliminary Question and Answer SessionFacility TourFollow-up Question and Answer SessionOut-BriefingSite Assistance Visit(SAV)
10 What’s in it for the site? Free Federally-Funded AssessmentAll Hazards ApproachGovernment Subject Matter Expertise in the areas of:Government CoordinationCrisis / Emergency ManagementPhysical Security, Assault PlanningCyber Security, Operational SecurityInfrastructure Interdependencies and Systems EffectsIncreased Coordination with State and Local LE - Fire-EMSIncreased Awareness of VulnerabilitiesOptions for Consideration
11 Report Resulting from SAV Open source reviewProtective measure resourcesLinks to useful reference materialsLinks to useful organizationsThreat informationOpen source threat informationCritical Asset IdentificationVulnerability considerationsOptions for considerationsSite Assistance Visit(SAV)FY2006UnclassifiedCombine what the site owner considers as critical and what the visit team discoversOften the sameSometimes the site owner considers the entire structure…and rightfully so. The team occasionally finds a single point of failure, thus potentially changing what may be considered critical. This is very site and sector dependent.Specific threat scenarios then tailored to the site. While anything is possible, the SAV considers the factors of attractiveness and combined with criticality helps prioritize efforts.Options for consideration are just that. There may be other factors involved: cost, personnel, policy change, weather considerations, other agencies, policies, etc.Option sfor consideration focus on low cost/no cost solutions to the extent possible.Resources are available to assist. We provide as many as we can and are always available to answer questionsOpen source reviews are included in report (Background packages developed before a visit are attached to the report).
12 Protected Critical Infrastructure Information (PCII) Pursuant the Protected Critical Infrastructure Act of 2002Protects information created in SAVCreated by Information Sharing and Analysis CommitteeProtected from public disclosureSubmitted to PCII Office in DHS/HQ for control and storageOnly released when originator authorizes itCritical Infrastructure Information Act of 2002FY2006UnclassifiedCombine what the site owner considers as critical and what the visit team discoversOften the sameSometimes the site owner considers the entire structure…and rightfully so. The team occasionally finds a single point of failure, thus potentially changing what may be considered critical. This is very site and sector dependent.Specific threat scenarios then tailored to the site. While anything is possible, the SAV considers the factors of attractiveness and combined with criticality helps prioritize efforts.Options for consideration are just that. There may be other factors involved: cost, personnel, policy change, weather considerations, other agencies, policies, etc.Option sfor consideration focus on low cost/no cost solutions to the extent possible.Resources are available to assist. We provide as many as we can and are always available to answer questionsOpen source reviews are included in report (Background packages developed before a visit are attached to the report).
13 Other Reports Increase Awareness & Improve Understanding Characteristics and Common VulnerabilitiesPotential Indicators of Terrorist ActivityPreemptive and Protective Actions to Mitigate Vulnerabilities, Reduce the Probability of Successful Attacks, and Eliminate the Need for Special Security MeasuresCommon characteristics, components, and applicable standardsConsequences of eventsCommon vulnerabilitiesTerrorist targeting objectivesActivity indicatorsIn most cases we can provide copies.RMD produces a series of reports based of SAV data on specific critical infrastructure sectors to assist owners and operators in detecting and preventing terrorist attacksCharacteristics and Common Vulnerabilities (CV) reports provide insights into the common characteristics, the general vulnerabilities, and likely consequences of an attack for representative facilities in a given sectorPotential Indicators of Terrorist Activity (PI) reports identify possible signs of an attack to better facilitate early detection, reporting, and prevention of terrorist activities on a sector-by-sector basisProtective Measures (PM) reports describe likely terrorist objectives, methods of attack and corresponding protective measures and their implementation in accordance with the Homeland Security Advisory System, on a sector-by-sector basis
14 Site Assistance Visit Questions? Bob WintersProtective Security Advisor-Pittsburgh