Protected Critical Infrastructure Information (PCII) Program

Slides:

Advertisements

Similar presentations

Homeland Security Information Network-Emergency Management (HSIN-EM) Fire Service Community Overview Technologies for Critical Incident Preparedness Conference.

Advertisements

Department of Homeland Security Site Assistance Visit (SAV)

DEFENSE SUPPORT OF CIVIL AUTHORITIES (DSCA)

Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

Briefing Outline  Overview of the CUI Program  Establishment of the Program  Elements of the CUI Executive Order  Requirements and Timelines  Categories.

©2010 National Center for Food Protection and Defense. All rights reserved. Do not copy or distribute without permission of NCFPD. Food and Agriculture.

Securing the Chemical Sector: An Outline of the Chemical Facility Anti-Terrorism Standards (CFATS) Program May 2008.

National Infrastructure Protection Plan

1 NGA Regional Bio-Terrorism Conference Boston, Massachusetts January 12-13, 2004.

Chemical Facility Anti-terrorism Standards (CFATS) Compliance Plan Overview prepared by The Office of Environmental Health & Safety 1.

1 Executive Office of Public Safety. 2 National Incident Management System.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Public Private Partnerships P3s What the Public Sector Considers When Selecting the Right Private Partner Jose A. Galan - Division Director Miami-Dade.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

Security Controls – What Works

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FDA’s Pharmaceutical Inspectorate Robert Coleman National Expert Drug Investigator Food and Drug Administration.

National Governor’s Association September 29-30, 2003 Salt Lake City, Utah.

Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.

VIRGINIA PUBLIC-PRIVATE EDUCATION FACILITIES AND INFRASTRUCURE ACT OF 2002 (PPEA) Augusta County Board of Supervisors Wednesday, January 6, 2009.

Maintaining Essential Business and Community Services During a Pandemic Paul R. Patrick, Director Bureau of Emergency Medical Services Utah Department.

Session 16: Distribution of Geospatial Data 1 Distribution of Geospatial Data in the Public Environment Hazard Mapping and Modeling.

Annual Certification IDEAS-PD Select your IDEAS role from the list at the right. After completing that module, be sure to take the User Preference Setup.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.

U.S. Department of Homeland Security Chemicals of Interest Anti-terrorism Standard.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Deemed Exports Overview and the Inspector General’s Report Presentation for : Alex Lopes Director, Deemed Exports and Electronics Division Office of National.

FAO/WHO CODEX TRAINING PACKAGE Enhancing participation in Codex activities Developed by the Food and Agriculture Organization of the United Nations (FAO)

Status Report for Critical Infrastructure Protection Advisory Group

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

United States Department of Agriculture Food Safety and Inspection Service 1 FSA Work Flow and Next Steps EIAO Methodology Industry Walkthrough December.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.

U.S. Department of Homeland Security Brief to the Inter Agency Board Incident Management and Communications Subgroup Oct 22, 2010 Pete Owen, PSA San Diego.

1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.

InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.

The OCIO/PSCD, in collaboration with the Advisory Board’s Long Range Planning Committee, developed this Strategic Plan to foster the leadership and.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

1 Washington State Critical Infrastructure Program “No security, No infrastructure” Infrastructure Protection Office Emergency Management Division Washington.

Security at FERC Energy Projects Energy Bar Association Mid-Year Meeting Robert J. Cupina, Deputy Director Office of Energy Projects Federal Energy Regulatory.

Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”

The Solutions Exchange Bill Piatt August 17, 2004.

1 CONSERVATION STEWARDSHIP PROGRAM (CSP) Continuous Sign-Up Kick-Off Steve Parkin Stewardship Program Team August 10, 2009.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

For Official Use Only (FOUO) and Similar Designations NPS Security Office

1 Brian Carney National RECC Coordinator Regional Emergency Communications Coordination Working Groups (RECCWG) National.

1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.

DHS/ODP OVERVIEW The Department of Homeland Security (DHS), Office for Domestic Preparedness (ODP) implements programs designed to enhance the preparedness.

Centers of Excellence and Expertise Department of Homeland Security  Customs and Border Protection 1.

April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.

Providing Access to Your Data: Handling sensitive data

Equipment Management Chris Crutcher | Branch Director, Internal Operations | September 19, 2017.

Oregon Department of Education Summer Food Service Program

Overview of NRC Low-Level Waste Activities and Initiatives

Health Care: Privacy in a Digital Age

Presentation transcript:

Protected Critical Infrastructure Information (PCII) Program Briefing to the FGDC HSWG Washington, DC September 21, 2006 Emily R. Hickey Sr. Communications Officer PCII Program Office

Overview The PCII Program Benefits of Participation Operational Processes Accreditation Program Growth and New Initiatives How to Participate in the PCII Program

The Protected Critical Infrastructure Information (PCII) Program The PCII Program is an important tool to encourage industry to share their sensitive critical infrastructure information Established under the CII Act of 2002, the PCII Program protects voluntarily submitted critical infrastructure information from: Freedom of Information Act (FOIA) State and local sunshine laws Civil litigation proceedings PCII  Information cannot be used for regulatory purposes

Examples of Critical Infrastructure Information (CII) Information defined by the CII Act includes: Threats ― Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of a critical asset Vulnerabilities ― Ability to resist threats, including assessments or estimates of vulnerability Operational experience ― Any past operational problem or planned or past solution including repair, recovery, or extent of incapacitation

PCII Program Office Mission The Program Office’s mission is to receive, validate, facilitate access to, and safeguard PCII Facilitate Access Receive Validate

Benefits of Participation The PCII Program can: Facilitate new information sharing without compromising sensitive business information Strengthen existing public/private partnerships by adding protection to private sector’s information Enhance and increase Federal, State and local government entity access to critical infrastructure information

Operational Processes Process for Submitting CII for PCII Protection Private sector, State or local government entities, and Information Sharing and Analysis Organizations (ISAO) may voluntarily submit information that meets the definition of CII as defined in the Act. Information may be submitted to the Program Office by mail, fax, courier, or electronically through a secure Web portal at www.dhs.gov/pcii, and must include: Express Statement requesting protection Certification Statement User Access to PCII Once validated, PCII can be shared in various ways with authorized users: Hand delivery E-mail password protected file

Qualifications for PCII Status To qualify for protection under the PCII Program, critical infrastructure information must: Be voluntarily submitted to and validated by the PCII Program Office Not otherwise be required by DHS Not be customarily in the public domain

Validation Process for PCII Submissions from: Private Industry Information Sharing and Analysis Organizations (ISAO) State/local governments PCII Program Office: Checks for Express Statement Verifies receipt of required certification Reviews submitted information Determines if information meets definition of CII Meets criteria? YES NO Destroy material or return it to submitter Makes available to authorized users

Standard Access Policy To be an Authorized User, the following requirements must be met: PCII Training (Federal, State and local employees and their contractors) Contract Modification (Federal, State and local contractors) Non-Disclosure Agreement (non-Federal employees) Must be assigned homeland security duties (Federal, State and local government employees and their contractors) Must have a need to know the specific information (Federal, State and local government employees and their contractors) Any Federal, State or local government Authorized User within an accredited entity may receive PCII

Purpose of Accreditation Ensures that all participating government entities: Understand the handling, use, dissemination and safeguarding of PCII Have the necessary resources for operating a PCII Program Promotes consistent application of uniform minimum standards and requirements by all participating entities Ensures timely access to PCII Provides ongoing guidance to participating government entities with respect to handling, using, disseminating and safeguarding PCII

PCII Safeguards PCII Program safeguards and Accreditation Program ensure that all submitted information is: Accessed only by authorized and trained individuals, or those who receive submitter consent to view the PCII Used appropriately, based on guidance set forth in the CII Act and the PCII Program Final Rule Stored, handled, and disseminated using methods approved by the PCII Program Office

Program Growth Aggressive outreach has led to increased program participation The PCII Program Office has publicized the Program at various conferences to reach out to individual industry sectors The Program Office has enlisted the support of other DHS programs to advocate the benefits of PCII Program protections The Program Office has hosted discussions with private sector and government representatives to determine the best approach to information sharing Over the past year, private sector submissions of critical infrastructure information have quadrupled

States/local Entities Program Growth The PCII Program Office has accredited, or is in the process of accrediting, numerous Federal, State and local entities. Federal Entities States/local Entities Food and Drug Administration’s Center for Food Safety and Applied Nutrition (Accredited) Department of Agriculture (In Process) Nuclear Regulatory Commission (In Process) Department of Defense (In Process) Maryland (Accredited) Arizona (Accredited) Massachusetts (Accredited) California (Accredited) Michigan (In Process) New York (In Process) Ohio (In Process) District of Columbia (In Process) Indianapolis, Indiana (In Process) Seattle, Washington (In Process)

Program Initiatives within DHS Increase in submissions through collaborative efforts with identified users of CII in DHS, including: National Cyber Security Division’s United States Computer Emergency Readiness Team Secure Portal Submissions Capability Risk Management Division’s (RMD) Risk Assessment Methodology for Critical Asset Protection (RAMCAP) Program RMD’s Chemical Comprehensive Review RMD’s Site Assistance Visits (SAVs) and Buffer Zone Plans (BZPs) RMD’s Constellation/Automated Critical Asset Management System (ACAMS)

Contact the Program Office to discuss the process further How to Participate Questions to consider to determine if your entity would benefit from becoming an accredited entity of the PCII Program: What are your entity's information needs? What private sector companies hold this information? Is there private sector information that you are not receiving because of FOIA concerns? Do you or might you have a need to access PCII received by the Program Office? Contact the Program Office to discuss the process further

Contact Information PCII Program Office Department of Homeland Security 245 Murray Lane, SW Building 410 Washington, DC 20528-0001 202-360-3023 www.dhs.gov/pcii pcii-info@dhs.gov