Department of Homeland Security Site Assistance Visit (SAV)

Department History and Mission Created by the Homeland Security Act of 2002 Activated on March 1, 2003 Absorbed 22 agencies Mission Prevent terrorist attacks within the United States Reduce America’s vulnerability to terrorism Minimize the damage and recover from attacks that do occur DHS ~ 2.5 years year old It takes time to organize 22 agencies Everyday we improve agency cooperation There are various changes occurring to streamline organization and better assist facility owners Briefly discuss the three main points of the DHS Mission Our guidance is The Homeland Security Policy Directives along with the Homeland Security Act of 2002 HSPD 7 is the key document that tells us to identify, prioritize and protect critical infrastructure. Consistent with this directive, we will identify, prioritize, and coordinate the protection of critical infrastructure and key resources (More on Mission in upcoming slides)

Organization Under Secretary National Protection and Programs Assistant Secretary Infrastructure Protection Staff Director Homeland Infrastructure Threat Risk Analysis Center Risk Management Division Contingency Planning & Support Division Infrastructure Partnership Division Chemical & Nuclear Preparedness & Protection Division Within the Preparedness Directorate we are one of the Divisions that make-up the Office of Infrastructure Protection.

Risk Management Division Organization RMD Director RMD Deputy Director Staff Director Plans and Policy Branch Program Support Branch Field Operations Branch Interagency Management Branch Risk Analysis Branch This is the proposed organizational structure that we expect to be in place soon. Org charts are subject to change, but the basic process tends to remain the same. PSA is in this chart also… PSA is local link to DHS HQ. They have a vast range of resources available to assist local officials and business.

Risk Management Division (RMD) Mission Mission Statement The Risk Management Division will reduce the Nation’s vulnerability to terrorism and deny the use of critical infrastructure and key resources (CI/KR) as a weapon by developing, coordinating, integrating, and implementing plans and programs that identify, catalog, prioritize (using a risk-based approach), and protect CI/KR in cooperation with all levels of government and private sector partners. In addition to Mission, RMD Roles and Responsibilities Include: Principal source of risk based prioritization for allocation of Federal resources for protective efforts Metrics/Performance Measurement of NIPP execution Sector coordination & program management for designated NIPP sectors (5 or 2, depending on status of reorg at time of presentation) Provision of services to other SSAs in support of operations in the sectors for which RMD is not the SSA, including establishing standards, guidelines and templates. Maintenance of surge capability to support field response to I&W in all sectors Maintenance of surge service capability and operational component to support NSSE and other events Lead on effort to design protection into facilities Field an organization (PSA’s) to represent DHS/IP in local communities, serving as a liaison and reach-back capacity between DHS, the private sector, and federal, state, local and tribal entities, acting as DHS’ on-site specialist. Provide expertise to the PFOs and others responsible for SE’s, including NSSEs; and providing real-time information on facility significance and protective measures

RMD Vulnerability Identification and Reduction Efforts Vulnerability Identification Self-Assessment Tool (ViSAT) Buffer Zone Protection Plan Comprehensive Review Site Assistance Visit (SAV) Be sure to highlight the type of visit being conducted Site Assistance Visit: 1-3 day visit Identify weaknesses that terrorists can exploit to increase the probability of success of an attack Identify protective measures currently in place and assess their adequacy to minimize or withstand the risk or consequences of an attack. The Site Assistance Visit (SAV) program can be traced back to President Clinton’s Commission on Critical Infrastructure Protection, and began as the Department of Energy’s (DOE) Vulnerability Assessment Program for Energy Infrastructures (2001). The SAV program was born in 2003. Since this date, ~ 600 SAVs have been performed among the nation’s 17 sectors of CI. Since its inception, SAV program goals have revolved around identifying site vulnerabilities and incorporating local first responders and owners and operators into the site visit process. As the program has matured, these objectives have expanded in scope to include: Better understand and prioritize vulnerabilities Provide results to assist policy makers Increase awareness of threats and vulnerabilities Enhance overall capabilities to identify and mitigate vulnerabilities Facilitate government information sharing (e.g., threat assessments, vulnerability reductions Enhance vulnerability assessment methodology development As both RMD and DHS have matured, the SAV program has become more sophisticated. What began as an legacy program has become a fine-tuned field assessment that not only provides government with information necessary to formulate national protection strategies, but also one that now gives sites detailed unclassified reports, or “Green Reports”, on their specific facilities. RMD now also has the ability to modify surveys and assessments, essentially customizing them around the needs of the facility, DHS, or both. This new built-in flexibility allows RMD to better serve the needs of industry while improving the quality of data collected.  Rapid Response Visit Visit of less than a day Review of policy and procedures and quick review of facility Identify vulnerabilities and provide options for consideration. ViSAT A web-based Self Assessment tool for owners/operators to identify vulnerabilities of specific facilities Initial application was for stadiums and arenas Being expanded to other soft targets Buffer Zone Protection Plan: Developed independently or with RMD assistance Facilitate the development of effective protective measures Make it difficult for terrorists to conduct surveillance or launch an attack from the immediate vicinity.

Site Assistance Visit (SAV) The SAV is an information gathering visit Strictly voluntary This visit is non-regulatory and is not an inspection, audit or test There is no pass - fail grade Site Assistance Visit (SAV)

Objectives Provide information to fulfill DHS mission Identify and document Critical infrastructure/Key Resource vulnerabilities Provide information for protective measures planning and resource allocation Identify and document protective measures for HSAS threat levels Provide private sector with key information (comparative statistics, feedback, lessons learned, best practices) These are the goals we address with this SAV. We are identifying vulnerabilities at key sites around the nation and providing “options for consideration” to mitigate those vulnerabilities. Explain why this location was selected: Stakeholder request NSSE Local PD Actual threat State request The solutions we provide come from; 1) our own expertise 2) the security industry, and 3) similar sites we have already visited that have been proactive and implemented solutions to vulnerabilities they have identified. (Def. “Option for Consideration” – a option that incorporates the quickest acquisition and installation timeframe, most cost effective, and eliminates the maximum amount of a site vulnerability.) What occurs at a given site when a change occurs in the HSAS level. Assists decision makers determine what actions are occurring or what support if any, is required. The information gathered and the protective measures suggested minimize the possibility of our own infrastructure and interdependencies used against us as a weapon. Information adds to development of common vulnerabilities and potential indicator CV/PI papers Assists in the sharing of best practices, lessons learned and provides comparative statistics

Agenda Opening Comments Introductions DHS In-Briefing Overview of Facility Preliminary Question and Answer Session Facility Tour Follow-up Question and Answer Session Out-Briefing Site Assistance Visit (SAV)

What’s in it for the site? Free Federally-Funded Assessment All Hazards Approach Government Subject Matter Expertise in the areas of: Government Coordination Crisis / Emergency Management Physical Security, Assault Planning Cyber Security, Operational Security Infrastructure Interdependencies and Systems Effects Increased Coordination with State and Local LE - Fire-EMS Increased Awareness of Vulnerabilities Options for Consideration

Report Resulting from SAV Open source review Protective measure resources Links to useful reference materials Links to useful organizations Threat information Open source threat information Critical Asset Identification Vulnerability considerations Options for considerations Site Assistance Visit (SAV) FY2006 Unclassified Combine what the site owner considers as critical and what the visit team discovers Often the same Sometimes the site owner considers the entire structure…and rightfully so. The team occasionally finds a single point of failure, thus potentially changing what may be considered critical. This is very site and sector dependent. Specific threat scenarios then tailored to the site. While anything is possible, the SAV considers the factors of attractiveness and combined with criticality helps prioritize efforts. Options for consideration are just that. There may be other factors involved: cost, personnel, policy change, weather considerations, other agencies, policies, etc. Option sfor consideration focus on low cost/no cost solutions to the extent possible. Resources are available to assist. We provide as many as we can and are always available to answer questions Open source reviews are included in report (Background packages developed before a visit are attached to the report).

Protected Critical Infrastructure Information (PCII) Pursuant the Protected Critical Infrastructure Act of 2002 Protects information created in SAV Created by Information Sharing and Analysis Committee Protected from public disclosure Submitted to PCII Office in DHS/HQ for control and storage Only released when originator authorizes it Critical Infrastructure Information Act of 2002 FY2006 Unclassified Combine what the site owner considers as critical and what the visit team discovers Often the same Sometimes the site owner considers the entire structure…and rightfully so. The team occasionally finds a single point of failure, thus potentially changing what may be considered critical. This is very site and sector dependent. Specific threat scenarios then tailored to the site. While anything is possible, the SAV considers the factors of attractiveness and combined with criticality helps prioritize efforts. Options for consideration are just that. There may be other factors involved: cost, personnel, policy change, weather considerations, other agencies, policies, etc. Option sfor consideration focus on low cost/no cost solutions to the extent possible. Resources are available to assist. We provide as many as we can and are always available to answer questions Open source reviews are included in report (Background packages developed before a visit are attached to the report).

Other Reports Increase Awareness & Improve Understanding Characteristics and Common Vulnerabilities Potential Indicators of Terrorist Activity Preemptive and Protective Actions to Mitigate Vulnerabilities, Reduce the Probability of Successful Attacks, and Eliminate the Need for Special Security Measures Common characteristics, components, and applicable standards Consequences of events Common vulnerabilities Terrorist targeting objectives Activity indicators In most cases we can provide copies. RMD produces a series of reports based of SAV data on specific critical infrastructure sectors to assist owners and operators in detecting and preventing terrorist attacks Characteristics and Common Vulnerabilities (CV) reports provide insights into the common characteristics, the general vulnerabilities, and likely consequences of an attack for representative facilities in a given sector Potential Indicators of Terrorist Activity (PI) reports identify possible signs of an attack to better facilitate early detection, reporting, and prevention of terrorist activities on a sector-by-sector basis Protective Measures (PM) reports describe likely terrorist objectives, methods of attack and corresponding protective measures and their implementation in accordance with the Homeland Security Advisory System, on a sector-by-sector basis

Site Assistance Visit Questions? Bob Winters Protective Security Advisor-Pittsburgh 412-995-3750 Bob.Winters@DHS.Gov