Presentation on theme: "Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released."— Presentation transcript:
1 Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released on June 30, 2006, states its goal is to:“Build a safer, more secure, and resilient America by enhancing protection of the Nation’s critical infrastructure and key resources to prevent, deter, neutralize, or mitigate the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit them; and to strengthen national preparedness, timely response, and rapid recovery in the event of an attack, natural disaster, or other emergency.”The President directed the Secretary of Homeland Security to coordinate and implement national initiatives and develop a national plan to unify and enhance CI/KR protection efforts through an unprecedented partnership involving the private sector, as well as Federal, State, local, and tribal governments. The National Infrastructure Protection Plan (NIPP) meets the requirements that the President set forth in Homeland Security Presidential Directive 7 (HSPD-7), Critical Infrastructure Identification, Prioritization, and Protection, and provides the overarching approach for integrating the Nation’s many CI/KR protection initiatives into a single national effort.This briefing provides an overview of the key elements of the plan.
2 GoalBuild a safer, more secure, and more resilient America by enhancing protection of the Nation’s CI/KR to prevent, deter, neutralize, or mitigate the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit them; and strengthening national preparedness, timely response, and rapid recovery in the event of an attack, natural disaster, or other emergency.The goal of the NIPP is to:“Build a safer, more secure, and more resilient America by enhancing protection of the Nation’s CI/KR to prevent, deter, neutralize, or mitigate the effects of deliberate efforts by terrorists to destroy, incapacitate, or exploit them; and strengthening national preparedness, timely response, and rapid recovery in the event of an attack, natural disaster, or other emergency.”Protection includes actions to mitigate the overall risk to CI/KR assets, systems, networks, functions, or their interconnecting links resulting from exposure, injury, destruction, incapacitation, or exploitation. In the context of the NIPP, this includes actions to deter the threat, mitigate vulnerabilities, or minimize consequences associated with a terrorist attack or other incident.Protection includes a wide range of activities, such as hardening facilities, building resiliency and redundancy, incorporating hazard resistance into initial facility design, initiating active or passive countermeasures, installing security systems, promoting work force surety programs, and implementing cyber security measures, etc.
3 Homeland Security Strategic Framework The development of the NIPP was built on a series of progressively focused national policy documents designed to use a risk management framework to foster a more secure environment for the nation’s citizens and critical infrastructure:National Strategy for Homeland Security & National Security Act of 2002.National Strategy for the Physical Protection of Critical Infrastructures and Key Assets: Strategy to secure infrastructures and assets vital to American public health and safety, national security, governance, economy and public confidence.National Strategy to Secure Cyberspace: Plan to engage and empower Americans to secure portions of cyberspace that they own, operate or control or with which they interact.Homeland Security Presidential Directive (HSPD) 7: Critical Infrastructure Identification, Prioritization, and Protection to establish national policy for Federal Departments and agencies to identify and prioritize CI and protect it from terrorist attacks.These and other directives and initiatives shown on this graphic provide an overall coordinated approach to homeland security.The NIPP is as a key component of the Nation’s all-hazards homeland security framework
4 CI/KR Protection is Vital to America What is CI/KR?Assets, systems, and networks, whether physical or virtual, so vital to the United States that the incapacity or destruction of such assets, systems, or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those mattersWhy is CI/KR Important?Essential to the Nation’s security, public health and safety, economic vitality, and way of lifeWhat is CI/KR?Assets, systems, and networks, whether physical or virtual, so vital to the United States that the incapacity or destruction of such assets, systems, or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those mattersWhy is CI/KR Important?Protecting the critical infrastructure and key resources (CI/KR) of the United States is essential to the Nation’s security; public health and safety; economic vitality; and way of life. Attacks on CI/KR could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident. Direct terrorist attacks and natural, manmade, or technological hazards could produce catastrophic losses in terms of human casualties, property destruction, and economic effects, as well as profound damage to public morale and confidence. Attacks using components of the Nation’s CI/KR as weapons of mass destruction could have even more devastating physical and psychological consequences.
5 Security PartnersSector-Specific Agencies: Implementation of the NIPP and guidance for development of SSPsOther Federal Departments, Agencies, and Offices: Implementation of specific roles designated in HSPD-7 or other relevant statutes and executive ordersState, Territorial, Local, and Tribal Governments: Development and implementation of a CI/KR protection program as a component of their overarching homeland security programPrivate Sector Asset Owners and Operators: CI/KR protection, coordination, and cooperationThe NIPP defines Security partners as:“Those Federal, State, regional, territorial, local, or tribal government entities, private sector owners and operators and representative organizations, academic and professional entities, and certain not-for-profit and private volunteer organizations that share responsibility for protecting the Nation’s critical infrastructures and key resources.“Primary roles for CI/KR security partners include:DHS: Manage the Nation’s overall CI/KR protection framework and oversee NIPP development and implementation.Sector-Specific Agencies: Implement the NIPP framework and guidance as tailored to the specific characteristics and risk landscapes of each of the CI/KR sectors designated in HSPD-7.Other Federal Departments, Agencies, and Offices: Implement specific CI/KR protection roles designated in HSPD-7 or other relevant statutes, executive orders, and policy directives.State, Local, and Tribal Governments: Develop and implement a CI/KR protection program as a component of their overarching homeland security programs.Private Sector Owners and Operators: Undertake CI/KR protection, restoration, coordination, and cooperation activities, and provide advice, recommendations, and subject-matter expertise to the Federal Government.
6 Designated Sectors and Lead Agencies DHS is responsible for coordinating the overall national effort toenhance protection of CI/KR across sectors.HSPD-7 designated 17 Sector Specific Agencies (SSAs) to be responsible for the 17 CI/KR sectors defined in HSPD-7.SSAs are responsible for working with DHS to implement the NIPP sector partnership model and risk management framework, develop protective programs and related requirements, and provide sector-level CI/KR protection guidance in line with the overarching guidance established by DHS pursuant to HSPD-7. Working in collaboration with security partners, they are responsible for developing and submitting Sector Specific Plans and sector-level performance feedback to DHS to enable national cross-sector CI/KR protection program gap assessments.SSAs are also responsible for collaborating with private sector security partners and encouraging the development of appropriate information-sharing and analysis mechanisms within the sector.In addition to its overarching leadership and cross-sector responsibilities, DHS serves as the SSA for 10 of the CI/KR sectors identified in HSPD-7.Additional, cross-cutting, DHS CI/KR protection roles and responsibilities include:Identifying, prioritizing, and coordinating Federal action in support of the protection of nationally critical assets, systems, and networks, with a particular focus on CI/KR that could be exploited to cause catastrophic health effects or mass casualties comparable to those produced by a weapon of mass destructionEstablishing and maintaining a comprehensive, multi-tiered, dynamic information-sharing network designed to provide timely and actionable threat information, assessments, and warnings to public and private sector security partners; including protecting sensitive information voluntarily provided by the private sector
7 Sector Partnership Model National-Level Coordination: The DHS Office of Infrastructure Protection (OIP) facilitates overall development of the NIPP and SSPs, provides overarching guidance, and monitors the full range of associated coordination activities and performance metrics.Sector Partnership Coordination:The Private Sector Cross-Sector Council (i.e., the Partnership for Critical Infrastructure Security (PCIS)Government Cross-Sector CouncilNIPP Federal Senior Leadership Council (FSLC)State, Local, and Tribal Government Coordinating Council (SLTGCC),Individual SCCs and GCCs create a structure through which representative groups from Federal, State, local, and tribal governments and the private sector can collaborate and develop consensus approaches to CI/KR protection.Regional Coordination: Regional partnerships, groupings, and governance bodies enable CI/KR protection coordination among security partners within and across geographical areas and sectors. They facilitate enhanced coordination between jurisdictions within a State where CI/KR cross multiple jurisdictions, and help sectors coordinate with multiple States that rely on a common set of CI/KR.DHS may selectively convene regionally based councils to address issues that cross sectors or jurisdictions, as required.Provides the framework for security partners to work together in a robust public-private partnership.
8 Risk Management Framework Set Security GoalsIdentify Assets, Systems, Networks, and FunctionsAssess Risk (Consequences, Vulnerabilities, and Threats)PrioritizeImplement Protective ProgramsMeasure EffectivenessThe NIPP Risk Management Framework is the cornerstone of the NIPP.The framework includes six steps which entail setting security goals; identifying assets, systems, networks, and functions; assessing risk; prioritizing; implementing protective programs; and measuring effectiveness.Risk is defined as the potential for loss, damage, or disruption to the Nation’s CI/KR resulting from destruction, incapacitation, or exploitation during some future or man-made or naturally occurring event.The NIPP Risk Management Framework:Establishes the process for combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of national or sector-specific riskProvides for continuous improvement and feedbackProvides the framework to prioritize CI/KR protection for assets, systems, networks, and functionsIs flexible and adaptable to the risk landscape of each sector
9 Networked Information Sharing The NIPP uses the Homeland Security Information Network (HSIN) approach to information sharing that most importantly “Real-Time Collaboration” between all security partners:Enables secure multidirectional information sharing between and across government and CI/KR owners and operators at all levelsProvides mechanisms, using “need to know” protocols as required, to support the development and sharing of strategic and specific threat assessments, incident reports and threat warning, impact assessments, and best practicesAllows and provides more access to information for security partners to assess risks, conduct risk management activities, allocate resources, and make continuous improvements to the Nation’s CI/KR protective postureDHS and other Federal agencies use a number of programs and procedures, such as the PCII, Nuclear Safeguards, and National Security Classification programs, to ensure that CI/KR information is properly safeguardedThe PCII Program was established pursuant to the Critical Infrastructure Information (CII) Act of The Program provides a means for sharing private sector information with the government while providing assurances that the information will be exempt from public disclosure and will be properly safeguarded.
10 Summary National Response Framework Focuses on all-hazards response Joins elected and appointed executives with dedicated practitionersArticulates standard structuresDescribes effective unity of effort between jurisdictions, the private sector and NGOsOutlines shared objectivesGuides effective response to save lives, protect property and meet basic human needsServes the people, and communities of our great Nation
11 Clarifies Roles and Responsibilities Key Response ActionsCommunity ResponseState ResponseFederal ResponseGain and maintain situational awarenessAssess situation, activate capabilitiesCoordinate Response ActionsDemobilizeState Coordinating OfficerGovernor’s Authorized RepresentativePrincipal Federal OfficialFederal Coordinating OfficerSenior Federal Law Enforcement OfficialJoint Task Force (JTF) CommanderDefense Coordinating OfficerOther Senior OfficialsFederal Resource Coordinator11
13 Incident Annexes Biological Incident Catastrophic Incident Outline core procedures, roles and responsibilities for specific contingencies.Biological IncidentCatastrophic IncidentCyber IncidentFood and Agriculture IncidentMass Evacuation IncidentNuclear/Radiological IncidentTerrorism Incident Law Enforcement and Investigation
14 National Planning Scenarios Defined by the National Preparedness Guidelines, these high consequence scenarios are being used to develop more granular strategic guidance and operational plans.Improvised Nuclear DeviceMajor EarthquakeAerosol AnthraxMajor HurricanePandemic InfluenzaRadiological Dispersal DevicePlagueImprovised Explosive DeviceBlister AgentFood ContaminationToxic Industrial ChemicalsForeign Animal DiseaseNerve AgentCyber AttackChlorine Tank Explosion
15 National Incident Management System (NIMS) A consistent nationwide approach for all levels of government to work effectively and efficiently together to prepare for and respond to domestic incidentsCore set of concepts, principles and terminology for incident command and multi-agency coordination
16 National Incident Management System Components PreparednessCommunications and InformationManagementResource ManagementCommand and ManagementIncident Command SystemMulti-agency Coordination SystemsPublic Information
17 This concludes my briefing on the National Infrastructure Protection Plan – The nation’s first ever comprehensive risk management framework that is designed to help all of its security partners at all levels of government and the private sector to clearly define roles and responsibilities in protecting our CI/KR, assessing the risks to them, and prioritizing and delivering protective programs that will accomplish the stated goal of:“Build a safer, more secure, and more resilient America…”Thank You.