Constellation/Automated Critical Asset Management System (C/ACAMS)
ACAMS – Establishing the Universe ACAMS: a new tool for the new frontier. This is the continuing roll-out of C/ACAMS. Its indefinite mission, to explore new methods, to seek out new partners and define new and existing infrastructure, to boldly go where the federal and many, state and local governments have not gone before
Discussion Points C/ACAMS Overview Stakeholders Capabilities Concept of Operations Tools and Resources Users
Constellation / Automated Critical Asset Management System (C/ACAMS) C/ACAMS is a secure, Web-based information services portal used to support infrastructure protection efforts at the state and local level Provides access to a comprehensive set of tools and resources to develop and implement comprehensive critical infrastructure programs Allows users to manage the collection and effective use of asset data Focuses on pre-incident prevention and protection but also assists in post-incident response Designed principally as a vulnerability assessment tool DHS derives programmatic authority to build and manage C/ACAMS from: Homeland Security Act of 2002 Homeland Security Presidential Direction (HSPD) – 7: Critical Infrastructure Identification, Prioritization and Protection HSPD – 8: National Preparedness National Infrastructure Protection Plan (NIPP) C/ACAMS incorporates national-level guidance to ensure consistency among state and local partners Read first bullet to the audience. This is a program a supporting IT system developed for first responders for pre-incident prevention and protection to identify their critical infrastructures. A methodology developed by first responders for first responders At the same time it satisfies DHS’s strategic requirements to identify and collect CI/KR (critical infrastructure/key resources) This methodology assists the first responder with building a relationship with the asset manager. The more effort put into this relationship the more information that will come out which will result in a more thorough assessment. LA PD has played a fundamental role in DHS’s ability to satisfy the first responder requirements at the same time satisfy their strategic requirements 4
C/ACAMS Principal Stakeholders State and Local First Responders, Emergency Managers, and Homeland Security Officials DHS Office on Infrastructure Protection, Infrastructure Information Collection Division (IICD) Los Angeles Police Department (LAPD) Operation Archangel DHS Protected Critical Infrastructure Information (PCII) Program Office DHS Federal Emergency Management Agency National Preparedness Directorate (FEMA/NPD)
Critical Infrastructure Assets in the Critical Infrastructure category include the systems, places, and people that are needed to provide continuity of operations in eighteen (18) potential sectors •National Monuments & Icons •Emergency Services •Government Facilities •Healthcare & Public Health •Commercial Assets •Defense Industrial Base •Information Technology •Postal & Shipping •Telecommunications •Dams •Nuclear Power •Water Supply and Delivery •Agriculture & Food •Energy (other than nuclear) •Chemical / Hazardous Materials •Banking and Finance •Transportation • Manufacturing
DHS Office of Infrastructure Protection Assistant Secretary for Infrastructure Protection ---------------------------------------------------------------- Dep. Assistant Secretary for Infrastructure Protection Resource Management and Planning External and International Affairs Chief of Staff ------------------- Dep. Chief of Staff Administration HITRAC SSA EMO Infrastructure Analysis & Strategy Divison (IASD) Chemical Security Compliance Division (CSCD) Infrastructure Information Collection Division (IICD) Protective Security Coordination Division (PSCD) Contingency Planning & Incident Management Division (CPIMD) Partnership & Outreach Division (POD) Contingency Planning & Incident Management Division (CPIMD)
DHS PCII Program Office The Protected Critical Infrastructure Information (PCII) Program, managed by the DHS PCII Program Office, is designed to encourage private industry and others with knowledge about our critical infrastructure to share sensitive and proprietary business information about this critical infrastructure with the federal government Critical Infrastructure Information (CII) Act (2002) prevents disclosure of PCII under: Freedom of Information Act (FOIA) requests State and local sunshine laws Civil litigation proceedings C/ACAMS and Operation Archangel have implemented business processes and an automated workflow to ensure that PCII information is correctly received, validated, and disseminated in accordance with the CII Act The PCII Program is a tool necessary to achieve the level of trust between the asset manager and the first responders. PCII is only one piece of the program; it’s only one tool on a tool belt and this tool belt also includes the relationship with the site owner and first responder. The bottom line is, the moment a piece of information is entered into ACAMS it is PCII protected!
C/ACAMS Concept of Operations Use of C/ACAMS ensures that state, local and regional CIP programs are consistent with the NIPP and other federal-level plans, programs, and policies Built around the NIPP, DHS Risk Management Framework Incorporates existing Infrastructure taxonomy C/ACAMS integrates existing, emerging DHS methodologies and reporting requirements Build DHS-level data models to ensure consistency across IT systems Push to build, implement national vulnerability and risk assessment methodologies Allow federal, state, local, private sector to speak the same CI/KR “language” Will work with states and commercial vendors to ensure data consistency across tools, enable integration of existing infrastructure data management tools
C/ACAMS Concept of Operations C/ACAMS leverages the close relationship between local law enforcement, first responders and the asset owner/operators CI/KR owners/operators are a key partner in planning and use of C/ACAMS C/ACAMS success depends on Public/Private Partnerships (P3) Focuses on gathering detailed, accurate asset information pre- and post-incident vulnerability and protection planning Supports both EOCs and an Incident Commander during a major response effort Incorporates private sector equities through close, regular coordination and cooperation Allows DHS to augment its collection of CI/KR data through the activities of tens of thousands of local law enforcement, fire and emergency management personnel across the nation C/ACAMS CONOPS assumes that processes to identify CI/KR assets are continuous and could involve hundreds of people within a large urban area C/ACAMS enables the effective inventory and management of thousands of assets within these areas We leverage the close relationship between CI/KR and the first responders that protect, defend, and respond to them on a daily basis This approach is more bottom up by leveraging that need for communication and coordination among first responders. Trust relationships are easier to form between the asset manager and the first responders. The goal is to use that relationship to gather accurate information that is ultimately going to be delivered to the first responders so that they can provide the best protection possible to the asset.. The focus of the program today is the collection and delivery of information useful for the deterrence, protection, and defense. 10
C/ACAMS Tools and Resources
C/ACAMS Tools and Resources A CI/KR asset management system that focuses on the unique requirements and information needs of first responders Vulnerability and consequence scoring tools that aid the user’s subjective analysis of criticality An integrated open source information portal, Constellation, tying together critical asset data and reporting about the current threat environment A tailorable reporting capability to assist in answering both local and national-level data calls on critical assets Generate Buffer Zone Protection Plans (BZPPs) Generate pre-incident operational plans for local police and first responders Electronically available resources for first responders, such as the DHS Daily Report, training materials, on-line manuals, and ACAMS FAQs Integrated Geospatial Information System (GIS) and mapping for use in collection process and analysis This slide goes over ACAMS tools and capabilities.
Inventory Why Inventory? PREVENTION: Knowing what’s out there and being able to develop strategies to disrupt and deter. Provide physical security as needed PLANNING: You cannot protect every potential target How many targets? How do you prioritize resources? RESPONSE: The incident commander needs vital information on the target in a timely manner.
PCII - C/ACAMS National Deployment Status 69 MA (113) 1 4 3 1 RI (1) 37 4 4 13 46 CT (10) 3 2 28 NJ (2) 50 9 8 117 11 39 DE (4) 9 29 62 4 10 29 MD (14) 779 1 44 DC (58) 85 9 1 2 1 3 6 USVI 26 7 GU (2) 116 PR (2) AS 3 MP HI (3) 26 States/Territories Approved for PCII, but no C/ACAMS data 09 States/Territories Not Approved for PCII Access 20 States/Territories with data loaded on C/ACAMS 1,874* C/ACAMS Users as of 29 APRIL 08 31,883 Assets Entered as of 29 APRIL 08 * - The number in each state represents total trained C/ACAMS users in the state 14
USER – State of Ohio Hierarchy Ohio has a adopted a hierarchy with the Ohio Homeland Security Office heading State efforts Subordinate elements are being developed within the Terrorism Early Warning Groups in the four Urban Area Security Initiative Cities in Ohio: Cincinnati, Columbus, Cleveland and Toledo Outreach efforts are currently ongoing to the State’s 88 Emergency Management Directors organized in six emergency management regions.
Ohio Homeland Security Planning Regions 1 2 3 4 5 6 7 8
Summary C/ACAMS is a tool that can be viewed and used at multiple levels of government to support a common operational picture during an incident or for planning Populating state assets supports the federal effort to establish the Infrastructure Data Warehouse (formerly the NADB) – the universe of assets from which critical infrastructure is determined based on Risk = Threat x Vulnerability x Consequence C/ACAMS builds Public-Private Partnerships The Asset Manager Questionnaire provides the most reliable and current information for a specific asset.