SECR 5140-FLCritical Infrastructure Protection

Dr. Barry S. HessSpring 2 Semester

Week 4: 8 April 2006

2

Class Website

Class Info http://home.covad.net/~bshess/

Contact info barry.hess@gmail.com 571.237.3418

3

Announcement

The Barden Education Center is not open next weekend NO CLASS on 15 April 2006

We will double up on 22 April

4

Agenda

Presentations Lecture Discussion

Presentations

Developing a Partnership

7

Functions of the Partnership Policy Formulation—The federal government can best assess emerging threats, and the

owners and operators can best assess their vulnerabilities. Together they should assess the national risk and determine assurance objectives, strategies, and policy.

Prevention and Mitigation—Owners and operators will have to examine the vulnerabilities of their own systems and networks and put in place the protective measures and practices needed to achieve target levels of assurance. The government can and should support these efforts through R&D, awareness and education, threat assessments, initiatives to facilitate private sector adoption of best practices, and , possibly, through direct financial assistance.

Information Sharing and Analysis—The key products of this functional area are answers to two questions: (1) What unusual is happening among our infrastructures, and (2) what unusual is happening among our adversaries? Owners and operators should take the lead for the former; the federal government (law enforcement and intelligence) for the latter. Analyzing the information provided and synthesizing it into advisories and warnings should be a shared responsibility.

Counteraction (incident management)—The objective of this functional area will be to deter an attack on our critical infrastructures, and, should deterrence fail, to cause the attacker to cease and desist. This area is clearly a federal responsibility, primarily of the law enforcement and defense communities, but there are many important ways in which the owners and operators can and should assist.

Response, Restoration, and Reconstitution (consequence management)—Responding to the basic needs of the populace following a disaster is a responsibility of the states, supported by the federal government. Restoring and reconstituting infrastructures is the responsibility of the owners and operators, supported by their sector. A major restoration and reconstitution effort would require coordinated public and private sector actions.

8

Proposed Roles and Responsibilities

9

Proposed Infrastructure Assurance Structure An Office of National Infrastructure Assurance in the White House to serve

as the focal point for infrastructure assurance A National Infrastructure Assurance Council of prominent infrastructure

corporate leaders, representatives of state and local government, and Cabinet officers to address infrastructure assurance policy issues and make appropriate recommendations to the President

An Infrastructure Assurance Support Office to provide functional support and management of federal organizations involved in infrastructure assurance, and provide direct assistance to the public and private sector partnership effort

A federal Lead Agency for each sector to take the initiative in bringing together the owners and operators to create an acceptable means for sharing information

A Sector Infrastructure Assurance Coordinator for each infrastructure to function as a “clearing house,” organizing information sharing activities, protecting the information provided by each participant, and acting as a channel for information to, and from, the government

An Information Sharing and Analysis Center consisting of government and industry representatives working together to receive information from all sources, analyze it to draw conclusions about what is happening within the infrastructures, and appropriately inform government and private sector users

A Warning Center designed to provide operational warning of a physical or cyber attack on the infrastructures

10

Reality

XX

XX

X

11

Why the Change?

12

Why the Change?

Formation of Department of Homeland Security

Consolidation of infrastructure protection efforts in DHS’s Information Analysis and Infrastructure Protection (IAIP) Directorate

13

Homeland Security Operations Center (HSOC) Homeland Security Operations Center (HSOC) serves as

the nation’s nerve center for information sharing and domestic incident management—dramatically increasing the vertical coordination between federal, state, territorial, tribal, local, and private sector partners

HSOC collects and fuses information from a variety of sources everyday to help deter, detect, and prevent terrorist acts.

Provides real-time situational awareness and monitoring of the homeland, coordinates incidents and response activities

Issues advisories and bulletins concerning threats to homeland security, as well as specific protective measures

Information on domestic incident management is shared with Emergency Operations Centers at all levels through the Homeland Security Information Network (HSIN).

14

Homeland Security Information Network (HSIN) HSOC communicates in real-time to its partners through the

Homeland Security Information Network’s (HSIN) internet-based counterterrorism communications tool, supplying information to all 50 states, Washington, D.C., and more than 50 major urban areas.

Threat information is exchanged with state and local partners at the Sensitive-but-Unclassified level (SBU)

Future program expansion will include linking additional cities and counties, communication capabilities at the classified SECRET level, and increasing the involvement and integration of the private sector

The system is encrypted using a secure network that includes a suite of applications including mapping and imaging capabilities

System participants include governors, mayors, Homeland Security Advisors, state National Guard offices, Emergency Operations Centers, First Responders and Public Safety departments, and other key homeland security partners

Each receives training to participate in the information sharing network to combat terrorism and increase anti-terrorism situational awareness

15

HSOC Operational Capabilities Vulnerability Situational Awareness

Monitors vulnerabilities and compares them against threats, providing a centralized, real-time flow of information between homeland security partners

Data collected from across the country is fused into a master template which allows HSOC to provide a visual picture of the nation’s current threat status

Imagery Capability HSOC staff can apply imagery capability by cross-referencing

informational data against geospatial data that can then pinpoint an image down to an exact location

Satellite technology is able to transmit pictures of the site in question directly into the HSOC

Geographic data can be stored to create a library of images that can be mapped against future threats and shared with state and local partners

Senior Level Communication Constant communication with the White House Situation Room,

providing situational awareness

16

HSOC Incident Management Role Interagency Incident Management Group (IIMG)

A headquarters-level group comprised of senior representatives from DHS components, other federal departments and agencies, and non-governmental organizations

Provides strategic situational awareness, synthesizes key intelligence and operational information, frames operational courses of action and policy recommendations, anticipates evolving requirements, and provides decision support to the Secretary of Homeland Security and other national authorities during periods of elevated alert and national domestic incidents

Quick Response During incidents such as Hurricane Isabel, the December

2003 Orange Alert, and the black-out in New York City, the IIMG was “stood-up” in less than 90 minutes and hosted Assistant Secretary-level members of the represented agencies to provide strategic leadership

17

HSOC Watchstanders Federal Bureau of Investigation United States Coast Guard Postal Inspection Service Central Intelligence Agency United States Secret Service DC Metropolitan Police Department Defense Intelligence Agency Federal Protective Service New York Police Department National Security Agency Customs and Border Protection Los Angeles Police Department Immigration Customs Enforcement Department of Energy Environmental Protection Agency Drug Enforcement Agency Department of Interior (US Park Police)

Federal Air Marshal Service Alcohol, Tobacco, and Firearms Department of Defense Department of State Department of Transportation Department of Veterans Affairs National Capitol Region Transportation Security Administration National Geospatial Intelligence Agency Department of Health and Human Services Federal Emergency Management Agency National Oceanic Atmospheric

Administration Public Affairs (DHS) State and Local Coordination Office Science and Technology Directorate Geo-spatial Mapping Office Information Analysis Office Infrastructure Protection Office

18

DHS: Protected Critical Infrastructure Information (PCII) Program

For Immediate ReleasePress OfficeFebruary 18, 2004The U.S. Department of Homeland Security announced today the launch of the Protected Critical Infrastructure Information (PCII) Program. The PCII Program enables the private sector to voluntarily submit infrastructure information to the Federal government to assist the Nation in reducing its vulnerability to terrorist attacks.Critical infrastructure includes the assets and systems that, if disrupted, would threaten our national security, public health and safety, economy, and way of life.  Although these industries, services and systems may be found in both the public and private sectors, the Department of Homeland Security estimates that more than 85 percent falls within the private sector.Under provisions of the Critical Infrastructure Information Act of 2002 (CII Act), information that is voluntarily submitted per those provisions will be protected from public disclosure until and unless a determination is made by the PCII Program Office that the information does not meet the requirements for PCII.  If validated as PCII, the information will remain exempt from public disclosure. The rule establishing the procedures for PCII was published this week in the Federal Register. The PCII Program Office is part of Homeland Security's Information Analysis and Infrastructure Protection (IAIP) Directorate and is charged with receiving submissions, determining if the information qualifies for protection and, if validated, sharing it with authorized entities for use as specified in the CII Act.   Initially, the PCII Program Office will limit the sharing of PCII to IAIP analysts.  PCII may be used for many purposes, focusing primarily on analyzing and securing critical infrastructure and protected systems, risk and vulnerabilities assessments, and assisting with recovery as appropriate. The IAIP Directorate plays a critical role in securing the homeland by identifying and assessing threats and mapping those threats against vulnerabilities such as critical infrastructure. Effective immediately, members of the public who wish to submit information may do so through the PCII Program Office.  

19

Information Sharing and Analysis Centers (ISACs) Sharing Information to Protect the

Economy Develop ways of better protect our critical

infrastructures and to help minimize vulnerabilities, DHS established ISACs to allow critical sectors to share information and work together to help better protect the economy

http://www.dhs.gov/dhspublic/display?theme=73&content=1375

20

Computer Emergency ResponseTeam/Coordination Center (CERT/CC)

The consequences of an attack on our cyber infrastructure can cascade across many sectors, causing widespread disruption of essential services, damaging our economy, and imperiling public safety

DHS/IAIP places a high priority on protecting our cyber infrastructure from terrorist attack by unifying and focusing key cyber security activities performed by the Critical Infrastructure Assurance Office (currently part of Department of Commerce) and National Infrastructure Protection Center (FBI)

DHS/IAIP will augment those capabilities with the response functions of the National Cyber Security Division (NCSD) United States Computer Emergency Response Team (US-CERT)

Because our information and telecommunications sectors are increasingly interconnected, DHS will also assume the functions and assets of the National Communications System (Department of Defense), which coordinates emergency preparedness for the telecommunications sector

Discussion

22

Discussion Question

Has the formation of the Department of Homeland Security helped protect the critical infrastructure?

Do the ISACs help foster cooperation?

Assignment for Week 5

24

Quiz

Read Anatomy of Cyberterrorism: Is America Vulnerable? by Bradley K. Ashley, Lt Col, USAF Available on web site

Be prepared to answer one or two short questions