Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protected Critical Infrastructure Information (PCII) Program Emily R. Hickey Sr. Communications Officer PCII Program Office Briefing to the FGDC HSWG Washington,

Similar presentations

Presentation on theme: "Protected Critical Infrastructure Information (PCII) Program Emily R. Hickey Sr. Communications Officer PCII Program Office Briefing to the FGDC HSWG Washington,"— Presentation transcript:

1 Protected Critical Infrastructure Information (PCII) Program Emily R. Hickey Sr. Communications Officer PCII Program Office Briefing to the FGDC HSWG Washington, DC September 21, 2006

2 2Overview  The PCII Program  Benefits of Participation  Operational Processes  Accreditation  Program Growth and New Initiatives  How to Participate in the PCII Program

3 3 The Protected Critical Infrastructure Information (PCII) Program  Established under the CII Act of 2002, the PCII Program protects voluntarily submitted critical infrastructure information from: Freedom of Information Act (FOIA) State and local sunshine laws Civil litigation proceedings  PCII Information cannot be used for regulatory purposes  The PCII Program is an important tool to encourage industry to share their sensitive critical infrastructure information

4 4 Examples of Critical Infrastructure Information (CII) Information defined by the CII Act includes:  Threats ― Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of a critical asset  Vulnerabilities ― Ability to resist threats, including assessments or estimates of vulnerability  Operational experience ― Any past operational problem or planned or past solution including repair, recovery, or extent of incapacitation

5 5 PCII Program Office Mission The Program Office’s mission is to receive, validate, facilitate access to, and safeguard PCII ReceiveValidate Facilitate Access

6 6 Benefits of Participation The PCII Program can:  Facilitate new information sharing without compromising sensitive business information  Strengthen existing public/private partnerships by adding protection to private sector’s information  Enhance and increase Federal, State and local government entity access to critical infrastructure information

7 7 Operational Processes Process for Submitting CII for PCII Protection  Private sector, State or local government entities, and Information Sharing and Analysis Organizations (ISAO) may voluntarily submit information that meets the definition of CII as defined in the Act. Information may be submitted to the Program Office by mail, fax, courier, or electronically through a secure Web portal at, and must  Express Statement requesting protection  Certification Statement User Access to PCII  Once validated, PCII can be shared in various ways with authorized users:  Hand delivery  E-mail password protected file

8 8 Qualifications for PCII Status To qualify for protection under the PCII Program, critical infrastructure information must:  Be voluntarily submitted to and validated by the PCII Program Office  Not otherwise be required by DHS  Not be customarily in the public domain

9 9 Validation Process for PCII PCII Program Office:  Checks for Express Statement  Verifies receipt of required certification  Reviews submitted information  Determines if information meets definition of CII Submissions from:  Private Industry  Information Sharing and Analysis Organizations (ISAO)  State/local governments NO YES Makes available to authorized users Destroy material or return it to submitter Meets criteria?

10 10 Standard Access Policy  To be an Authorized User, the following requirements must be met: PCII Training (Federal, State and local employees and their contractors) Contract Modification (Federal, State and local contractors) Non-Disclosure Agreement (non-Federal employees) Must be assigned homeland security duties (Federal, State and local government employees and their contractors) Must have a need to know the specific information (Federal, State and local government employees and their contractors)  Any Federal, State or local government Authorized User within an accredited entity may receive PCII

11 11 Purpose of Accreditation  Ensures that all participating government entities: Understand the handling, use, dissemination and safeguarding of PCII Have the necessary resources for operating a PCII Program  Promotes consistent application of uniform minimum standards and requirements by all participating entities  Ensures timely access to PCII  Provides ongoing guidance to participating government entities with respect to handling, using, disseminating and safeguarding PCII

12 12 PCII Safeguards PCII Program safeguards and Accreditation Program ensure that all submitted information is:  Accessed only by authorized and trained individuals, or those who receive submitter consent to view the PCII  Used appropriately, based on guidance set forth in the CII Act and the PCII Program Final Rule  Stored, handled, and disseminated using methods approved by the PCII Program Office

13 13 Program Growth Aggressive outreach has led to increased program participation  The PCII Program Office has publicized the Program at various conferences to reach out to individual industry sectors  The Program Office has enlisted the support of other DHS programs to advocate the benefits of PCII Program protections  The Program Office has hosted discussions with private sector and government representatives to determine the best approach to information sharing  Over the past year, private sector submissions of critical infrastructure information have quadrupled

14 14 Program Growth Federal EntitiesStates/local Entities  Food and Drug Administration’s Center for Food Safety and Applied Nutrition (Accredited)  Department of Agriculture (In Process)  Nuclear Regulatory Commission (In Process)  Department of Defense (In Process)  Maryland (Accredited)  Arizona (Accredited)  Massachusetts (Accredited)  California (Accredited)  Michigan (In Process)  New York (In Process)  Ohio (In Process)  District of Columbia (In Process)  Indianapolis, Indiana (In Process)  Seattle, Washington (In Process) The PCII Program Office has accredited, or is in the process of accrediting, numerous Federal, State and local entities.

15 15 Program Initiatives within DHS Increase in submissions through collaborative efforts with identified users of CII in DHS, including:  National Cyber Security Division’s United States Computer Emergency Readiness Team Secure Portal Submissions Capability  Risk Management Division’s (RMD) Risk Assessment Methodology for Critical Asset Protection (RAMCAP) Program  RMD’s Chemical Comprehensive Review  RMD’s Site Assistance Visits (SAVs) and Buffer Zone Plans (BZPs)  RMD’s Constellation/Automated Critical Asset Management System (ACAMS)

16 16 Questions to consider to determine if your entity would benefit from becoming an accredited entity of the PCII Program:  What are your entity's information needs?  What private sector companies hold this information?  Is there private sector information that you are not receiving because of FOIA concerns?  Do you or might you have a need to access PCII received by the Program Office? Contact the Program Office to discuss the process further How to Participate

17 17 PCII Program Office Department of Homeland Security 245 Murray Lane, SW Building 410 Washington, DC 20528-0001 202-360-3023 Contact Information

Download ppt "Protected Critical Infrastructure Information (PCII) Program Emily R. Hickey Sr. Communications Officer PCII Program Office Briefing to the FGDC HSWG Washington,"

Similar presentations

Ads by Google