1. The Future of Homeland Security with the Commercial Facilities Infrastructure Sector
January 10th, 2013

2. Overview PSA’s Roles and Responsibilities The Threat
Back to the Future
The Future
Resources 2

3. Protective Security Advisors
93 Protective Security Advisors (PSAs)
Non-Regulatory
Facilitate and coordinate training and assessments of local critical infrastructure
Provide reach back capabilities to DHS and other Federal resources
Respond to disasters to assist with the reconstitution of critical infrastructure
Support special events

4. The Threat 4

5. Infrastructure at a Glance
- The United States has more than 46,000 shopping centers nationwide.
- The American Hotel & Motel Association reported 53,500 operating establishments.
- The National Association of Theatre Owners reported 6,060 movie theaters in the U.S.
- The United States has more than 600 convention centers.
- The Center for Exhibition Industry Research (CEIR) survey revealed there were 11,094 trade and consumer shows in the country in 2000.
- Nearly 59 million skiers/boarders visit at the 478 ski areas operating in the United States annually.
- There are about 878,000 restaurants in the United States. These establishments serve more than 70 billion meals annually, have sales of more than $440 billion.
Source: Overview of Potential Indicators of Terrorist Activity, Common
Vulnerabilities, and Protective Measures for Critical Infrastructures and Key
Resources (DHS 2006)
The Commercial Facilities sector is considered a “soft-target” sector. 5

6. Najibullah Zazi (Denver Post)
Trends and Tactics
Najibullah Zazi (Denver Post)
September 25, 2009 Zazi purchasing chemicals (CNN)
Tactics, techniques, and procedures evolve quickly and adapt to countermeasures
Recent plots disrupted in NY, NC, AR, AK, TX, and IL were unrelated operationally, but indicative of a common cause that rallies independent extremists to want to attack the United States
Pre-operational indicators are becoming more
and more difficult to detect, therefore State, local,
and private sector partners play a critical role in
identifying and reporting suspicious activity

7. Asymmetric Threat Environment Activities and Indicators
Surveillance / Countersurveillance (Human/Cyber)
Facility Security
Facility Access
Facility Construction
Target Dynamics
Secondary Targets
SURVEILLANCE Activities and Indicators
Surveillance and Countersurveillance 
Identity of places where further surveillance can take place
Identity of places where countersurveillance can be detected
Facility Security
Presence or absence of security cameras
Number, location, type, and coverage of security cameras
Security screening procedures for employees, visitors, and vehicles
Procedures for changing of the guard
Opportunities for theft of facility identification (ID) cards or special license plates
Proximity to first-responder locations
Security event response times
Number, gender, ethnicity, location, dress, weapons, and equipment of security/police forces
Facility Access 
Configuration and staffing of control points
Visitor access procedures
Availability of tours
Location of roadways, entrances, parking lots, gates, and access points
Facility Construction
Construction materials used
Building shape, height, and set backs
Location of vulnerable structural components
Opportunities for cascading damage effects
Location of executive offices and employee meeting places
Location of power and HVAC systems
Adequacy of emergency exits, escape routes, and fire suppression systems
Target Dynamics
Opening and closing times
Lunch and break times
Shift changes
Patterns of concentration of people and vehicles; traffic congestion
Nearby people and vehicle movement throughout the day
Monitoring of police radio frequencies and recording of emergency response times
Secondary Targets
Nearby alternative targets
Nearby collateral targets 7

8. Consequences of Impacts to Sector
Direct impacts:
Significant economic impacts locally, regionally, and nationally
Large scale loss of life
Facility repair costs
Utilities could be shut down temporarily for the surrounding area
Psychological impacts
Indirect impacts:
Cascading economic impacts to suppliers, travel, and entertainment business sectors
Decreased interactions for professional and industry-wide advancement and progress
Increase public anxiety
The most significant and widespread effect of an attack on a commercial facility such as a shopping mall would be the psychological impact, which could lead to significant economic consequences that go well beyond the physical damages to the facility and the impact on the local area. A good example is the effect of two simultaneous terrorist attacks in 1985 at the Rome and Vienna airports. In those incidents, the casualties totaled about 20 people and the damage to the facilities was minimal; the economic consequences, however, were substantial. During the following six months, it was estimated that international tourism decreased by 23%. An analogous impact following an attack against a shopping mall might be anticipated. The effect of a sharp reduction in consumer spending could have an effect throughout the economy.

9. Public-Private Partnership
Become familiar with your workplace and infrastructures that you depend on and depend on you.
Report suspicious activities to your local law enforcement agency.
Provide information for a Suspicious Activities Report (SAR) to the Statewide Information and Analysis Center (SIAC) and Joint Terrorism Task Force (JTTF).

10. “If You See Something, Say Something™”
In July 2010, DHS, at Secretary Janet Napolitano's direction, launched a national "If You See Something, Say Something™" public awareness campaign
The campaign is a simple and effective program to raise public awareness of indicators of terrorism and violent crime
Emphasizes the importance of reporting suspicious activity to the proper State and local law enforcement authorities
DHS is launching the campaign in conjunction with the Nationwide Suspicious Activity Reporting (SAR) Initiative
Source: DHS

11. “If You See Something, Say Something™” (cont.)
Only reports that document behavior reasonably indicative of criminal activity related to terrorism will be shared with Federal, state, local, tribal and territorial partners.
Over the past year, the Department has rolled out the campaign with a variety of partners:
Amtrak
American Hotel and Lodging Association
Major League Soccer
National Basketball Association
National Collegiate Athletic Association
DHS and the State continue to expand its partnership

12. The Nationwide Suspicious Activity Reporting (SAR) Initiative
In March 2010, the Nationwide Suspicious Activity Reporting Initiative (NSI) Program Management Office was established within the U.S. Department of Justice (DOJ), Bureau of Justice Assistance, and is an interagency office composed of representatives from DOJ, DHS, FBI, and the Program Manger – Information Sharing Environment office
The NSI established standards, policies, and processes for gathering, documenting, processing, analyzing, and sharing SAR while taking into account the protection of privacy, civil rights, and civil liberties of Americans
The NSI program includes training for line officers, analysts, and chief executives, as well as community outreach and a comprehensive privacy framework
The FBI eGuardian Program is an integral part of the NSI, ensuring that information is getting from the field to the FBI Joint Terrorism Task Force for investigation
The NSI closely coordinates with the DHS "If You See Something, Say Something™" campaign. The NSI also coordinates with the DHS Office of Intelligence and Analysis which leads interagency support to the National Network of Fusion Centers

13. The Nationwide Suspicious Activity Reporting (SAR) Initiative (cont.)
In order for DHS to assist State, local, tribal, territorial and private sector partners with obtaining “If You See Something, Say Something™” materials, the DHS Office of Public Affairs will need to obtain a few items from the requestor in order to draft materials – those items are outlined below. The Office of Public Affairs will send the draft(s) back to the requestor for final approval
Product Options
Posters, paystub inserts, table tent cards, etc.
Electronic materials such as Ribbon Board/ Score Boards (need pixels/dimensions to design)
Placing “If You See Something, Say Something TM” logo on credentials
Public Service Announcement – DHS can write the script for the Public Service Announcements. It is recommended that someone recognizable from your group record the message
“Back-of-house” materials – These will help instruct staff/volunteers on what to look for and what they should do in case they see something suspicious
Please refer to the “If You See Something, Say Something™” Information and Public Display Materials Fact Sheet for more information

14. Back to the Future 14

15. National Infrastructure Protection Plan (NIPP)
April 20, 2017
National Infrastructure Protection Plan (NIPP)

16. For each CI/KR sector, a Sector Specific Plan (SSP) have been developed that sets forth how the NIPP is implemented within the sector
April 20, 2017
Sector Specific Plans
Detail the application of the NIPP risk management framework across each sector
Tailored to address the unique characteristics and risk landscapes of each sector
Sector Specific Agencies (SSAs) partner with Sector Coordinating Councils (SCCs) and Government Coordinating Councils (GCCs) to develop the SSPs
Sector-Specific Plans
Sector-Specific Plans (18)

17. DHS Taxonomy Commercial Facilities Sector - 8 Sub-Sectors:
1. Entertainment and Media (e.g., motion picture studios, broadcast media);
2. Gaming (e.g., casinos);
3. Lodging (e.g., hotels, motels, conference centers);
4. Outdoor Events (e.g., theme and amusement parks, fairs, campgrounds, parades);
5. Public Assembly (e.g., arenas, stadiums, aquariums, zoos, museums, convention centers);
6. Real Estate (e.g., office and apartment buildings, condominiums, mixed use facilities, self-storage);
7. Retail (e.g., retail centers and districts, shopping malls);
8. Sports Leagues (e.g., professional sports leagues and federations).
The CF Sector represents a wide range of assets. The majority of the facilities and assets operate under the principle of “open access to the public”. 17

18. NIPP Sector Partnership Model
April 20, 2017
NIPP Sector Partnership Model
To coordinate activities under the NIPP, a framework for Federal, state, territorial, tribal, local, and private sector security partners to work together has been developed

19. CF Government Coordinating Council
Members Include:
Department of Commerce
Department of Education
Department of Homeland Security
Department of Housing and Urban Development
Department of the Interior
Department of Justice
Environmental Protection Agency
General Services Administration
Library of Congress
National Endowment for the Arts 19

20. CF Private Sector Coordinating Council
Members Include:
Affinia Hospitality
BOMA International
Dallas Convention Center
International Association of Amusement Parks and Attractions
International Association of Assembly Managers
International Association of Fairs and Expositions
International Council of Shopping Centers
Major League Baseball
Marriott International
National Association of Industrial and Office Properties
National Association of RV Parks and Campgrounds
National Hockey League
National Multi Housing Council
National Retail Federation
NBC Universal
Oneida Gaming Commission
RBC Center
Retail Industry Leaders Association
Related Management Company
Self Storage Association
Stadium Managers Association
Starwood Hotels and Resorts Worldwide
The Loss Prevention Foundation
The Real Estate Roundtable
The Walt Disney Company
Tishman Speyer
Trump Organization
Warner Bros. Studio Facilities
Westfield Shopping Centers
These are the members of the Sector Coordinating Council. They meet separate from the GCC and are the driving influence on how to implement the NIPP within the sector and within each sub-sector. If your business falls in the CF sector and you belong to one of these organizations or associations, you should participate if possible in the SCC meetings. At a minimum, ask questions of your association’s leadership as to how they are participating and let them know your concerns. Concerns not just within the sector, but to upcoming programs like PS-PREP… 20

21. The Future 21

22. Risk Management

23. Resilience: Theory and Applications
Ability of an entity — asset, organization, community, region — to anticipate, resist, absorb, respond to, adapt to, and recover from a disturbance.

24. Resources 24

25. Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep™)
Any hazard can cause operational disruptions that can affect private-sector entities and bring about various degrees of loss
The PS-Prep™ Framework Guides can offer an organization several options toward greater levels of preparedness standards
The goal of PS-Prep™ is to help improve private sector preparedness, resilience, and emergency management
Key Points:
Program is strictly voluntary
DHS does not perform audits; the accreditation and certification process is administered by the ANSI-ASQ National Accreditation Board
The purpose is not to impose Federal preparedness standards; PS-Prep™ standards were developed by private sector standard development organizations
In March 2012, AT&T became the first company to be certified to a DHS preparedness standard

26. PS-Prep™ (cont.)
Certifying to a PS-Prep™ standard enables a business to:
Develop a plan of action for handling disruptions
Minimize potential impact to essential operations
Protect data and information to ensure continued decisionmaking
Protect market share and minimize financial losses
Development of PS-Prep™ Framework Guides is ongoing
The Electric and Chemical Sector-Specific Framework Guides have been completed
Banking and Finance, Critical Manufacturing, Dams, Defense Industrial Base, and Nuclear will soon be finalized
For more information, please visit:
Or for the Framework Guides

27. PS-Prep™ (cont.)
New ISO 22301, 22313, – Business Continuity Management
Moving your business continuity program to a management system requires management commitment. It involves embedding business continuity management into the culture of the organization. It is the endgame. There is finally have a “standard” method for BCM program development and improvement. We no longer need to rely on “Consultant X’s ‘Patented Approach.’” We no longer have to discuss and argue about definitions. The vocabulary is defined.
Based on British Standard
DHS Deciding whether to include the new ISO’s into PS-Prep

28. Enhanced Critical Infrastructure Protection
Infrastructure Survey Tool (IST) (contact your PSA to schedule an IST for your facility at no cost)
Over 1,800 IST surveys conducted to date
Apply weighted scores to identify vulnerabilities and trends for infrastructure and sectors and conduct sector-by-sector and cross-sector vulnerability comparisons
A consistent methodology of facility security information analysis
Provides an analysis for protective measures planning and resource allocation

29. Enhanced Critical Infrastructure Protection
Infrastructure Survey Tool (IST)
Over 1,800 IST surveys conducted to date
Apply weighted scores to identify vulnerabilities and trends for infrastructure and sectors and conduct sector-by-sector and cross-sector vulnerability comparisons
A consistent methodology of facility security information analysis
Provides an analysis for protective measures planning and resource allocation
Provides Protective Measures Index (PMI) and Resilience Measurement Index (RMI) Dashboard products for comparative analysis

30. Comparing Facility and Subsector
Subsector Maximum
Facility PMI
Subsector Average
Subsector Minimum
Overall Facility PMI

31. ECIP Dashboard – Overall Tab
“Overall” tab shows the overall facility PMI and the PMIs for each major component (Level 1) of the facility PMI (blue bar) and the low, average, and high PMI for the subsector (dots).

32. ECIP Dashboard – Component Screens
Tabs – Level 1
Level 2
Components
Level 3
Data
Overall PMI Bar
Level 1 PMI Bar
Level 2 PMI Dial
Level 3
Component PMI

33. RMI Dashboard
The RMI Dashboard tabs will reflect the components of resilience
All RMI questions are in the RMI tabs
High, Average and Low comparisons will be available immediately
These are calculated using certain assumed answers to the new questions for the average facility within the sector
All on-line dashboards in 2013

34. Computer Based Assessment Tool
The CBAT is used to blend technical site assessment data, structural schematics, and other relevant site data with video of facilities, surrounding areas, routes, etc, to create an interactive visual guide of any location
Assist the facility owners and operators, local law enforcement, and emergency response personnel to prepare for and respond to an incident
Used in the 2012 Presidential Debates, 2009, -10, -11 Super Bowls, G-20, and the Presidential Inauguration
Source: DHS

35. Cyber Security Evaluation Tool (CSET )
Stand-alone software application
Self-assessment using recognized standards
Tool for integrating cyber security into existing
corporate risk management strategy
Performs a variety of cyber security assessments to identify weaknesses and provide options for consideration. Key assessments include, Cyber Resilience Reviews (CRR).
Cyber Resilience Review (CRR)
Source: DHS

36. Protected Critical Infrastructure Information
PCII is an information-protection tool that enhances the ability of industry and government to share sensitive information with government authorities
All information classified as PCII is protected from public disclosure through the Critical Infrastructure Act of 2002
To qualify as PCII, information must:
Contain critical infrastructure information not in the public domain
Be voluntarily submitted by the private sector or State and local owners and operators
Include express and certification statements
PCII is protected from public disclosure under the Freedom on Information Act (FOIA) and similar State and local disclosure laws
Also, PCII cannot be used in civil litigation or for regulatory purposes

37. PCII (cont.)
Access to PCII is limited to government employees and contractors trained in safeguarding and the handling of PCII
There have been no unauthorized releases of PCII reported since the program’s inception in 2004
Current stats:
Over 6,000 PCII authorized users and tens of thousands of items have been submitted to the program or its Federal partners
Program Update:
New oversight procedures are being implemented to ensure that every State or Federal entity that handles PCII is regularly reviewed for compliance requirements
For more information, please visit:

38. DHS Training Courses
Provide protection personnel in public and private sectors with specialized security training to prevent and protect against continuing and emerging threats to our Nation’s infrastructure
Private Sector Counter-Terrorism Awareness Workshop
Improvised Explosive Device Awareness Workshop
Bomb-Making Materials Awareness Program
Surveillance Detection Course
Soft Target Awareness Course
Protective Measures Course

39. Active Shooter Awareness Program
Active shooters are an ongoing threat to attack out workplaces, schools, military installations, and other public settings
Given today’s ever-changing threat environment, preparing for Active Shooter scenarios should be a key component of any organization’s incident response planning
The DHS Active Shooter Awareness Program provides resources to help public and private-sector security managers prepare for and train workforces to mitigate this threat
There are several resources available:
Live Workshops (monthly day-long events with law enforcement and behavioral subject matter experts)
Online Training (an Independent Study Course is available that was developed with the Federal Law Enforcement Training Center and the Hospitality, Entertainment, and Tourism Security Council

40. Active Shooter Awareness Program (cont.)
Webinars (the Active Shooter Awareness Virtual Roundtable helps partners understand the importance of developing emergency plans)
Archived version:
Other Resources (a booklet and poster that can assist facility owners and operators in preparing for an active shooter incident)
Topics include: Profile of an active shooter; practices for coping; and tips for recognizing signs of potential workplace violence
For more information, please

41. IS-906: Workplace Security Awareness
Online training provides guidance to individuals and organizations on how to improve security in the workplace
Online training can be completed in 45 minutes
Applicable across all 18 critical infrastructure sectors
Threat scenarios include:
Access and Security Control
Criminal and Suspicious Activities
Workplace Violence
Cyber Threats
Link to online training:

42. IS-907: Active Shooter: What You Can Do
Online training for broad audience regardless of knowledge and skill level
Provides guidance on how to prepare and respond to an active shooter
Online training can be completed in 45 minutes
Uses interactive scenarios and videos to illustrate proper response during an active shooter event
Topics include:
Actions to take when confronted with an active shooter
How to recognize potential indicators of workplace violence
Actions to prevent and prepare for an active shooter situation
Features interactive knowledge reviews, final exam, and additional resources
Link to training:

43. Active Shooter: How to Respond
13 page booklet for managers
Topics include:
Profile of an active shooter
How to respond to an active shooter
How to respond when police arrive
Training your staff for an active shooter
Human Resources responsibilities
Facility Manager responsibilities
Manager responsibilities
How to assist those with special needs and/or disabilities
Indicators of potential violence by employee
How to manage consequences
Download at:

44. Active Shooter Poster
Poster for break rooms, training areas, offices, restrooms
Reinforces training topics
Download at:

45. Active Shooter Pocket Guide
Download at:
Photo: DHS
1. Active Shooter Pocket Card,

46. Video: “Threat Detection and Reaction for Retail and Shopping Center Staff”
20-minute presentation
Intended for Point-of-Sale staff
Applicable to all employees of a shopping center, mall, or retail facility
Uses case studies and best practices to explain
suspicious behavior and items
how to reduce the vulnerability to an active shooter threat
the appropriate actions to take if employees notice suspicious activity
The presentation can be viewed on the HSIN-CS Commercial Facilities portal at
For access to HSIN-CS, your name and organization to

47. Tabletop Exercise: Dealing with Workplace Violence
Low density, high demand resource
Audience
Critical infrastructure stakeholders
Public safety partners
Purpose: to address gaps, issues, and concerns related to Active Shooters
Typical exercise agenda (4 hours):
Welcome minutes
Module 1: Pre-Incident Phase 30 minutes
Module 2: Incident Response Phase 90 minutes
Module 3: Assessment Phase 60 minutes
HotWash minutes
Contact the Utah Protective Security Advisor (PSA) to determine availability

48. DHS Support and Resources
In addition, DHS has developed materials and training tools for sector partners, including owners and operators, to make the sector more prepared, more secure, and more resilient from terrorist attacks, natural disasters, and other incidents
These materials are available through the Homeland Security Information Network – Critical Sectors (HSIN-CS) portal and are detailed in the Commercial Facilities Sector Resource Guide
Source: DHS

49. HSIN-Critical Sectors (CS)
The Homeland Security Information Network (HSIN) is a secure portal that serves as the primary conduit through which DHS shares information on domestic terrorist threats (Sensitive But Unclassified (SBU)) and incident management with our partners.
Source: DHS

50. HSIN-CS
Secure portal that provides a “peer to peer” collaboration space for:
Workgroups
Sub-portals
Events calendar
Resources available:
Intelligence bulletins
Guides
Training
Contact Information
The Homeland Security Information Network (HSIN) is a secure portal that serves as the primary conduit through which DHS shares information on domestic terrorist threats (Sensitive But Unclassified (SBU)) and incident management with our partners.
Source: DHS

53. New! - Business Continuity Planning Suite
The BCP Suite includes:
Business Continuity Training
Business Continuity Plan Generator
Disaster Recovery Plan Generator (IT Recovery Plan)
Business Continuity Plan Test
Contact your PSA to get a copy of the material.

54. Ralph Ley
Protective Security Advisor–Utah District