for Critical Infrastructure Security and Resilience EMI Higher Education Symposium 5 June 2014 Strategic Drivers 2 Critical Infrastructure Today Critical Infrastructure defined Assets systems and networks whether physical or virtual so vital to the United States that their incapac ID: 727847
Download Presentation The PPT/PDF document "NIPP 2013: Partnering" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
NIPP 2013: Partnering for Critical Infrastructure Security and Resilience
EMI Higher Education Symposium5 June 2014Slide2
Strategic Drivers2Slide3
Critical Infrastructure Today
Critical Infrastructure defined
: “Assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, economic security,
national public health or safety, or any combination thereof.”
16 Critical Infrastructure Sectors
Chemical
Commercial Facilities
Communications
Critical Manufacturing
Dams
Defense Industrial Base
Emergency Services
Energy
Financial Services
Food &
Agriculture
Government FacilitiesHealthcare and Public HealthInformation TechnologyNuclear Reactors, Materials and WasteTransportation SystemsWater & Wastewater Systems
3Slide4
Today’s Risk Landscape
America remains at risk from a variety of threats
including:
Acts of Terrorism
Cyber Attacks
Extreme Weather
Pandemics
Accidents or Technical
Failures
NIPP 2013 offers a distributed approach for addressing the diverse and evolving risk environment
.
4Slide5
National PoliciesPresident Obama announced two policies related to critical infrastructure security and resilience in February 2013:
Presidential Policy Directive 21:
Critical Infrastructure Security and Resilience
Executive Order 13636: Improving Critical Infrastructure Cybersecurity
“The Nation's critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure that are vital to public confidence and the Nation's safety, prosperity, and well-being.”
– Presidential Policy
Directive (PPD)
21
5Slide6
Critical Infrastructure PreparednessNIPP 2013 aligns critical infrastructure security and resilience with National preparedness policies.
Presidential Policy Directive
8:National Preparedness
Strengthens the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation.
6
Risk Elements
National Preparedness Mission AreasSlide7
NIPP 2013 Vision
A Nation in which physical and cyber critical infrastructure remain
secure
and
resilient
, with vulnerabilities reduced, consequences minimized, threats identified and disrupted, and response and recovery hastened
Security:
Reducing the risk to critical infrastructure by physical means or defensive cyber measures to intrusions, attacks, or the effects of natural or manmade disasters
Resilience:
The ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from
disruptions
7Slide8
NIPP 2013 Goals
Assess and analyze critical infrastructure threats, vulnerabilities and consequences to inform risk management
Address multiple threats through sustainable efforts to reduce risk; account for costs and benefits of security investments
Enhance critical infrastructure resilience; minimize the adverse consequences of incidents…as well as conduct effective responses…
Share actionable and relevant information across the critical infrastructure community to build awareness and enable risk-informed decision making
Promote learning and adaptation during and after exercises and incidents
8Slide9
Core Tenets
Coordinated and comprehensive risk identification and management
Cross-sector dependencies and interdependencies
Enhanced information sharing
Comparative advantage in risk mitigation
Regional and
SLTT
partnerships
Cross-jurisdictional collaboration
Security and resilience by design
9Slide10
Evolution from 2009 NIPP
Security and Resilience
Elevates security and resilience as the primary aim of critical infrastructure homeland security planning efforts
Cyber-Physical Integration
Integrates cyber and physical security and resilience efforts into an enterprise approach to risk management
Partnership Structure
Focuses on establishing a process to set critical infrastructure national priorities determined jointly by the public and private sector
International
Affirms that critical infrastructure security and resilience efforts require international collaboration
Risk Management
Updates the critical infrastructure risk management framework and addresses alignment to the National Preparedness System, across the prevention, protection, mitigation, response, and recovery mission areas
Regional and Local Partnerships
Supports execution of the National Plan and achievement of the National Preparedness Goal at both the national and community levels, with focus on leveraging regional collaborative efforts
Call to Action
Presents a detailed Call to Action with steps that will be undertaken, shaped by each sector’s priorities and in collaboration with critical infrastructure partners, to make progress toward
security and resilience
10Slide11
Risk Management FrameworkInformation sharing enables partners to benefit from broader knowledge and capabilities to support risk decision-making
Risk tolerance and priorities will vary
Consider costs and benefits during decision makingIntegrates information sharing as a core component
11
Critical
Infrastructure Risk Management Framework Slide12
Many Stakeholders, Many Strengths
Comparative Advantage
Engaging in collaborative processes
Applying individual expertise
Bringing resources to bear
Building the collective effort
Enhancing overall effectiveness
12Slide13
Partnership Structures
National Level Councils
Sector Coordinating Councils (
SCCs
)
Government Coordinating Councils (
GCCs
)
State, Local, Tribal, and Territorial Government Coordinating Council (
SLTTGCC
)
Critical Infrastructure Cross Sector Council
Federal Senior Leadership Council
Regional Consortium Coordinating Council
National, Regional, and Local Organizations
Public Private Partnerships
Regional PartnershipsState and Local CouncilsNon-Governmental OrganizationsInformation Sharing Mechanisms
Information Sharing and Analysis Centers (ISACs
)Fusion Centers
13Slide14
Call to ActionA whole of community approach to advancing the national effort
14
Build on Existing
Partnerships
Innovate in Managing Risk
Focus on
OutcomesSlide15
Build upon Partnership Efforts
Set
National F
ocus
through Joint Priority Setting
Determine Collective Actions through Joint Planning Efforts
Empower
Local and Regional Partnerships to Build Capacity Nationally
Leverage
incentives to Advance Security and Resilience
Innovate in Managing Risk
Enable
Risk-Informed Decision-Making through Enhanced Situational
Awareness
Analyze
Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects Rapidly Identify, Assess, and Respond to… Cascading E
ffects During and Following Incidents Promote Infrastructure, Community, and Regional Recovery Strengthen Coordinated Technical Assistance, Training, and Education
Improve Critical Infrastructure S
ecurity and Resilience by Advancing R&D Solutions
Focus on Outcomes
Evaluate Achievement of Goals
Learn and Adapt During and After Exercises and Incidents
15
Call to ActionSlide16
Build upon Partnership Efforts
Set
National F
ocus
through Joint Priority Setting
Determine Collective Actions through Joint Planning Efforts
Empower
Local and Regional Partnerships to Build Capacity Nationally
Leverage
incentives to Advance Security and Resilience
Innovate in Managing Risk
Enable
Risk-Informed Decision-Making through Enhanced Situational
Awareness
Analyze
Infrastructure Dependencies, Interdependencies, and Associated Cascading Effects Rapidly Identify, Assess
, and Respond to… Cascading Effects During and Following Incidents Promote Infrastructure, Community, and Regional Recovery Strengthen Coordinated Technical A
ssistance, Training
, and EducationImprove Critical Infrastructure
S
ecurity
and R
esilience
by
Advancing R&D Solutions
Focus on Outcomes
Evaluate Achievement of Goals
Learn and Adapt During and After Exercises and Incidents
16
Call to ActionSlide17
Enable
Risk Informed Decision Making Through Enhanced Situational
Awareness
Undertake a partnership-wide review of impediments to information sharing
Build
upon the functional relationship
deliverable from Presidential Policy Directive 21 (PPD-21)
Develop
streamlined, standardized processes to promote integration and coordination of information sharing
Develop
interoperability standards to enable more efficient information exchange through defined data standards and
requirements
Call to Action
17Slide18
Identify, Assess, and Respond to Unanticipated Infrastructure Cascading
Effects During and Following Incidents
Enhance
the capability to rapidly identify and assess cascading effects involving the lifeline functions and contribute to identifying infrastructure priorities—both known and emerging—during response and recovery
efforts
Enhance
the capacity of critical infrastructure partners to work through incident management structures such as the ESFs to mitigate the consequences of disruptions to the lifeline
functions
Call to Action
18Slide19
Promote
Infrastructure, Community, and Regional Recovery Following
Incidents
Encourage States and localities to consider critical infrastructure challenges in pre-incident recovery planning, post-incident damage assessments,
and
recovery
strategy development
Support
examination of initiatives to enhance, repair, or replace infrastructure providing lifeline functions during
recovery
Call to Action
19Slide20
Strengthen
Coordinated Development and Delivery of Technical
Assistance, Training, and Education
Capture, report, and prioritize the technical assistance, training, and education needs of critical infrastructure partners
Examine
current Federal technical assistance, training, and education programs to ensure that they support the national priorities and the risk management activities described in
NIPP 2013
L
everage
a wider network of partners to deliver training and education programs to better serve recipients and reach a wider audience while conserving
resources
Partner
with academia to establish and update critical infrastructure curricula that help to train critical infrastructure
professionals
Call to Action
20Slide21
Improve Critical Infrastructure Security and Resilience by Advancing
Research and Development Solutions
Promote
R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology
Enhance
modeling capabilities to determine potential impacts on critical infrastructure of an incident or threat scenario, as well as cascading effects on other
sectors
Facilitate
initiatives to incentivize cybersecurity investments and the adoption of critical infrastructure design features that strengthen all-hazards security and
resilience
Prioritize
efforts to support the strategic guidance issued by
DHS
Call to Action
21Slide22
Learn
and Adapt During and After Exercises and IncidentsDevelop and conduct exercises through participatory processes to suit diverse needs and
purposes Design exercises to reflect lessons learned and test corrective actions from previous exercises and incidents, address both physical and cyber threats and vulnerabilities, and evaluate the transition from steady state to incident response and recovery
efforts
Share
lessons learned and corrective actions from exercises and incidents and rapidly incorporate them into technical assistance, training, and education
programs
Call to Action
22Slide23
What You Can Do
Build Upon
Partnership Efforts
Innovate in
Managing
Risk
Focus on Outcomes
Understand the critical infrastructure landscape and how to partner with owners and operators
Provide support for assessing criticality and managing risk
Rigorous study of exercises and incidents
Bring
private sector into linkages with Emergency Management and Law Enforcement communities
Incorporate critical infrastructure perspectives into traditional emergency management curricula
Establishment/awareness of regional consortia with diverse stakeholders
Connect cyber/physical stakeholders
Encourage systems approach to understanding dependencies
and interdependencies
Connect to
the NICC/NCCIC
Adopt the Cybersecurity Framework
23Slide24
Resources and TrainingVisit
www.dhs.gov/nipp for links to the full NIPP 2013 and the NIPP Supplements and critical infrastructure training: NIPP Supplements
Connecting to the NICC and NCCIC Executing a Critical Infrastructure Risk Management ApproachIncorporating Resilience into Critical Infrastructure Projects
NPPD Resources to Support Vulnerability AssessmentsCritical
Infrastructure Partnership Courses
IS 913 Achieving
Results through Critical Infrastructure Partnership and Collaboration
IS 921 Implementing
Critical Infrastructure Protection Programs and CI
TOOLKIT
Security Awareness Series Courses
IS 906 Workplace
Security
IS 907 Active
Shooter
IS 912 Retail Security AwarenessIS 914 Surveillance Awareness: What you can do IS 915 Protecting Critical Infrastructure Against Insider ThreatIS 916 Critical Infrastructure Security: Theft and Diversion – What You Can Do24Slide25