June 5, 2018 | Independence, Ohio

National Protection and Programs Directorate

Department of Homeland Security

The Office of Infrastructure Protection

2018 Cuyahoga County Emergency Management Summit

June 5, 2018

Securing the Nation at the Community Level

3

Threats May Come from All Hazards

Courtesy of FEMA

4

National Preparedness Goal

▪ Defines what it means for the

whole community to be prepared

for all types of disasters and

emergencies

▪ The goal is “a more secure and

resilient nation with the capabilities

required across the whole

community to prevent, protect

against, mitigate, respond to, and

recover from the threats and

hazards that pose the greatest

risk.”

5

▪ Prevention: Prevent, avoid, or stop an imminent, threatened, or actual act of terrorism

▪ Protection: Protect our citizens, residents, visitors, and assets against the greatest threats and hazards

in a manner that allows our interests, aspirations, and way of life to thrive

▪ Mitigation: Reduce the loss of life and property by lessening the impact of future disasters

▪ Response: Respond quickly to save lives, protect property and the environment, and meet basic human

needs in the aftermath of a catastrophic incident

▪ Recovery: Recover through a focus on the timely restoration, strengthening, and revitalization of

infrastructure, housing, and a sustainable economy, as well as the health, social, cultural, historic, and

environmental fabric of communities affected by a catastrophic incident

National Preparedness Goal (cont.)5 mission areas

66

Infrastructure Prioritization

▪ In accordance with the 9/11 Commission Act, DHS maintains lists of the Nation’s most critical infrastructure

▪ Lists are developed through an annual data call using criteria developed by IP’s National Critical Infrastructure Prioritization Program (NCIPP)

▪ Program identifies domestic and foreign “too critical to fail” infrastructure, which are then used to inform homeland security grant programs, and other critical infrastructure protection activities

Level 1(Nationally Critical)

Level 2(Nationally or Regionally Critical)

State Lists(Regionally Critical)

7

Risk: How do we think about risk?Risk = f(Consequence, Vulnerability, Threat)

CONSEQUENCE (C)

Negative effects on public health and safety, the economy, public confidence in institutions, and function of government if asset, system, or network is damaged, destroyed, or disrupted

VULNERABILITY (V)

Likelihood that a characteristic of, or flaw in, an asset, system, or network renders it susceptible to hazards

THREAT (T)

Likelihood that a particular asset, system, or network will suffer an attack or an incident

RISK

Potential for loss or damage

8

Protective Security Advisors (PSA)

Available Services & Resources

▪ Active Shooter awareness training

▪ Active Shooter Workshops to develop

active shooter plans

▪ Bomb Threat Management Workshops

to develop bomb threat plans

▪ Protective Measures training

▪ Anti-vehicle ramming measures

9

PSA Services: Security of Soft Targets

10

PSA Services: Rapid Survey Tool

▪ The RST is a non-regulatory data

collection capability that examines the

most critical aspects of a facility’s

security and resilience posture

▪ Allows assessors to gather the

general status of a facility to determine

if an in-depth survey is required

▪ The data are then analyzed to

determine the facility’s relative security

and resilience in comparison to the

national average for similar facilities

Courtesy of DHS

11

PSA Services:

Infrastructure Survey Tool (IST)▪ The IST is a web-based vulnerability survey tool that applies

weighted scores to identify infrastructure vulnerabilities and

trends across sectors

▪ Facilitates the consistent collection of security information

▪ The tool allows DHS and facility owners and operators to:

▪ Identify security gaps

▪ Compare a facility’s security in relation to similar facilities

▪ Track progress toward improving critical infrastructure security

12

PSA Coordination: National Infrastructure Coordinating

Center (NICC)

▪ http://www.dhs.gov/national-infrastructure-coordinating-center

▪ The National Infrastructure Coordinating Center (NICC) is the information and

coordination hub of a national network dedicated to protecting critical infrastructure

▪ 24/7 situational awareness and crisis monitoring of critical infrastructure

▪ Shares threat information in order to reduce risk, prevent damage, and enable rapid

recovery of critical infrastructure assets

▪ The NICC and the NCCIC are co-located to facilitate collaboration

13

DHS Cyber Security

Available Services & Resources

▪ DHS is responsible for safeguarding our Nation’s critical

infrastructure from physical and cyber threats that can

affect national security, public safety, and economic

prosperity.

▪ DHS actively engages the public and private sectors as

well as international partners to prepare for, prevent, and

respond to catastrophic incidents that could degrade or

overwhelm these strategic assets.

14

DHS Cyber Security

15

DHS Cyber Security Resources:

Cyber Infrastructure Survey Tool

▪ The Cyber Infrastructure Survey Tool (C-IST) provides public and private sector

organizations with:

▪ Effective, repeatable data collection technique for cybersecurity operations

▪ Ability to review results using comparative data analytics and peer metrics

▪ User-friendly, data-rich, interactive dashboard for sharing information on and planning

improvements to Critical Cyber Services (CCS)

▪ Note: C-IST’s are conducted by CSA’s

Cyber Security Evaluation Tool (CSET )

16

▪ Stand-alone software application

▪ Self-assessment using recognized standards

▪ Tool for integrating cybersecurity into existing

corporate risk management strategy

CSET Download:http:/us-cert.gov/control_systems/csetdownload.html

R

▪ The NCATS team consists of subject matter experts in

penetration testing methodology and tactical delivery

▪ Washington, D.C. based (National Cybersecurity and

Communications Integration Center – NCCIC)

▪ NCATS team members have extensive experience in current

and emerging web applications, networks, databases, wireless,

mobile computing, cloud security, social engineering, social

media and intelligence gathering

17

National Cybersecurity Assessments and

Technical Services Team (NCATS)

NCATS security services currently available include:

• Vulnerability Scanning and Testing

• Penetration Testing

• Social Engineering (Phishing)

• Web Application Scanning and Testing

• Operating System Scanning

• Database Scanning

• Wireless Discovery and Identification

18

NCATS Services

19

Cyber Incident Reporting

▪ NCCIC provides real-time threat analysis and incident

reporting capabilities

▪ 24x7 contact number: 1-888-282-0870

▪ Email: nccic@hq.dhs.gov

▪ When to report:

▪ If there is a suspected or confirmed cyber attack or incident that:

▪ Affects core government or critical infrastructure functions

▪ Results in the loss of data, system availability, or control of

systems

▪ Indicates malicious software is present on critical systems

20

DHS Cyber Security - Contacts

▪ Mr. Antonio Enriquez, Cyber Security Advisor (Chicago)

▪ Antonio.Enriquez@hq.dhs.gov

▪ Alternate: cyberadvisor@hq.dhs.gov

▪ Phone: (202) 809-7894

▪ National Cyber Security and Communications Integration Center

▪ NCCIC Customer Service: ncciccustomerservice@hq.dhs.gov

▪ Phone: (888) 282-0870

▪ Note: Includes NCATS team support

▪ ICS-CERT Cybersecurity Operations Center (24/7)

▪ Phone: (877) 776-7585

21

DHS Office for Bombing Prevention

Available Services & Resources

▪A very high proportion of terrorism-

related incidents since 9/11 involve

IED plots or attacks

▪State and Urban Areas Security

Initiative partners report a high level

of concern about the use IEDs

▪Extremist publications promote IEDs

for attacks in the homeland

▪A few commercial products and an

online search are all that is required

to construct deadly IEDs in the U.S.

22For Official Use Only

Domestic IED Threat State/Local-Identified Threats of

Concern, 2013*

IEDs

▪ Diverse curriculum of training designed to build

counter-IED core capabilities, such as:

▪ Increases knowledge and ability to detect,

prevent, protect against, and respond to

bombing threats

23

Courtesy of DHS OBP

For Official Use Only

▪ Vehicle-Borne IED (VBIED) Detection

▪ Protective Measures

▪ IED Search Procedures

▪ IED Counterterrorism Detection

▪ Surveillance Detection

▪ Bomb Threat Management

Counter-IED Training & Awareness

▪ Joint DHS-FBI program that promotes

private sector point-of-sale awareness

and suspicious activity reporting to

prevent misuse of dual-use explosive

precursor chemicals and components

commonly used in IEDs

▪ Increases prevention opportunities by

building a network of aware and

vigilant private sector partners

24

Courtesy of DHS/FBI

For Official Use Only

Bomb-Making Materials Awareness Program (BMAP)

Counter-IED Training & Awareness

25

Additional DHS

Available Services & Resources

26

Homeland Security Information

Network (HSIN)

▪ https://hsin.dhs.gov/

▪ HSIN is DHS’s primary technology tool for trusted information

sharing

▪ HSIN – Critical Infrastructure (HSIN-CI) enables direct

communication between:

▪ DHS

▪ Federal, State, and local governments

▪ Critical infrastructure owners and operators

27

Homeland Security Information

Network (cont.)▪ Content includes:

▪ Planning and Preparedness: Risk assessments, analysis,

guidance, and security products; geospatial products and

hurricane models; and exercise and national event info

▪ Incident Reporting and Updates: Real-time situational reports and

alerts

▪ Situational Awareness: Daily and monthly sector-specific and

cross-sector reports on topics ranging from cybersecurity to

emerging threats

▪ Education and Training: Training on topics ranging from critical

infrastructure resilience, to threat detection and reaction for retail

staff

▪ Increase awareness of the

infrastructure mission and build a

baseline of security and resilience

knowledge throughout the Nation

▪ Identify Common Vulnerabilities,

Potential Indicators of Terrorist

Activity, and associated Protective

Measures, along with actions that

can be undertaken to enhance

resilience

28

Infrastructure Protection Report Series

Courtesy of DHS

▪ The following link takes you to the official

webpage:

▪ https://www.dhs.gov/see-something-say-something

▪ To become a partner, send an email to

seesay@hq.dhs.gov and include:

▪ The entity you represent

▪ Your name and contact information (phone,

email)

▪ The city and state in which your entity is located

▪ Note: Customized posters and outreach

materials are available to your organization

29

“If You See Something, Say Something”

For more information, visit:

www.dhs.gov/critical-infrastructure

Patrick Shaw

Supervisory Protective Security Advisor

patrick.shaw@hq.dhs.gov