urban area security initiative conference, columbus, oh
DESCRIPTION
Urban Area Security Initiative Conference, Columbus, OH. May 23, 2012. Critical Infrastructure Protection: Program Overview. Agenda . Mo. Historical Perspective Risk Management Framework Implementation Current Environment Key Initiatives The Current Challenge. - PowerPoint PPT PresentationTRANSCRIPT
National Protection and Programs DirectorateDepartment of Homeland Security
The Office of Infrastructure Protection
Urban Area Security Initiative Conference, Columbus, OH
May 23, 2012
Critical Infrastructure Protection: Program Overview
Presenter’s Name June 17, 2003
Historical Perspective
Risk Management Framework Implementation
Current Environment
Key Initiatives
The Current Challenge
2
Agenda
The homeland security enterprise is entering a new stage in its evolution. Focus is shifting to considerations of all-hazards while resources are
becoming increasingly scarce due to the challenging budget environment. Therefore, partnerships of all types must be leveraged to ensure that
resources are utilized in the most effective ways possible.
Mo
3
Historical Perspective
When the Department of Homeland Security (DHS) was established in 2002, it faced distinct challenges with regards to the protection and resilience of critical infrastructure:
Other DHS components, such as the Federal Emergency Management Agency (FEMA) and the U.S. Coast Guard (USCG), already had a well defined mission space and implementation processes were functioning;
Critical infrastructure protection and resilience was generally a new mission area and required the establishment of implementation mechanisms; and
The establishment of a governance structure was necessary in order to reach the network of critical infrastructure protection and resilience partners in the private sector and at all levels of government.
4
Critical Infrastructure Authorities Critical Infrastructure: 42 U.S.C. 5195c (e) defines the term “critical infrastructure” as the
“systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
Policy of the United States: 42 U.S.C. 5195c (c) establishes that it is the “policy of the United States … that any physical or virtual disruption of the operation of the critical infrastructures of the United States be rare, brief, geographically limited in effect, manageable, and minimally detrimental to the economy, human and government services, and national security of the United States…”
Homeland Security Presidential Directive 7 – Critical Infrastructure Identification, Prioritization, and Protection (HSPD-7): Establishes a national policy for Federal departments and agencies to identify and prioritize critical infrastructure and to protect them from terrorist attacks (now all-hazards) and established the original 17 (now 18) critical infrastructure sectors.
National Infrastructure Protection Plan (NIPP): Provides the unifying structure for the integration of efforts for the enhanced protection and resilience of the Nation’s critical infrastructure.
5
NIPP Risk Management FrameworkRisk management framework:
Integrates and coordinates strategies, capabilities, and governance to enable risk-informed decision making related to the nation’s critical infrastructure
Six interrelated activities to continuously enhance the protection of critical infrastructure
6
Risk Management Framework ImplementationTo effectively implement the risk management framework and help critical infrastructure protection and resilience partners make risk-informed decisions, the following were developed:
Governance Structure
Information Sharing
Assessments & Analysis
Creates a nationwide network in which partners may effectively collaborate to prepare for, protect against, respond to, and recover from all-hazards.
Establishes threats, vulnerabilities, and consequences for individual and clustered critical infrastructure to develop applicable security measures.
Allows the Department to communicate with both public and private sector partners.
7
Current EnvironmentThe critical infrastructure protection and resilience mission has become more dynamic while resources are being decreased: There is increased emphasis on all-hazards. Cyber risks are more prevalent. Climate related risks are receiving more attention. There is increased focus on providing justification for how resources are utilized.
To meet these challenges, we must gather risk-informed requirements for our programs that will allow us to make investments that truly support our partners. In order to do this, we are implementing mechanisms that will: Define the risk-informed outcomes we want to achieve. Develop metrics to determine if we are meeting those outcomes. Use information generated through the metrics to make decisions about how our
programs will get us closer to the outcomes we want to achieve.
One IP Objectives
– Protective Security Advisors– Sector Partnerships– Information Sharing Environment– State and local partners
– Regional Resiliency Assessment Program (RRAP)
– Fusion Center engagement– Stakeholder Input Project
– Sector Annual Reports– National Annual Report– Critical Infrastructure Risk Management
Plan
8
Strengthen partnerships and information sharing capacity
Provide partners with the programs and tools they need
Measure program effectiveness so that efforts can be improved
Objectives Example Implementing Mechanisms
CIRMEI: Risk-informed Resource Allocation
Feedback Loop
Understand risks to critical infrastructure
1
3
2
4
Assess impact of activities
Adjust resources accordingly
Develop plan to address gaps
9
A Regional ApproachTo advance the Assistant Secretary’s vision, Secretary Napolitano’s “One DHS” agenda and the critical infrastructure mission, NPPD/IP is collecting regional requirements and will adjust programs to meet those requirements.A regional approach is necessary because:
» Critical infrastructure assets, systems, functions, and networks cross jurisdictional boundaries
» The types, integration, and concentration of assets vary across regions» Risk landscapes and resources vary region-by-region» All incidents begin and end in local communities» The effectiveness of protection and resilience activities is best measured by
their impact on stakeholders in communities across the country
10
Regional Initiative Approach
11
IAugust 2011
Partnership Support Assessing
Security and Resiliency
Analysis Information Sharing
Regulatory Requirements
IIAugust 2011
XFY 2013
IIIFY 2013
IVFebruary 2012
VFY 2013
VIFY 2012
VIIFY 2013
VIIIFY 2012
IXFY 2012
Federal Regions
Critical Infrastructure Mission Partners (Public and Private)
Region-Specific Mission
Requirements
Outcome: A sustainable One IP Framework that will enable NPPD/IP to operationalize partnerships and deliver tailored programs to each region.
NPPD/IP Core Mission Areas
Components of the Regional Initiative
Key Recommendations for NPPD/IP Leadership
Feedback from Outreach to Private Sector
Infrastructure Owners and Operators
Feedback from Outreach to State and Local
Government Partners
Feedback Provided in Reports by various Partner and Advisory Councils
Focus group discussions in
Regional locations
One-on-one interviews with SLTT critical infrastructure
protection government
officials
Analysis of reportsfrom partner councils containing feedback relevant to service
delivery
21 3
Regional Initiative – Current Status As of May 2012, NPPD/IP has achieved the following progress with the
Regional Initiative:– Received feedback on the status of critical infrastructure protection and
resilience activities in FEMA Regions I, II, and IV from State and local government partners as well as private sector owners and operators.
– Completed an analysis of 14 relevant reports and white papers submitted to NPPD/IP on critical infrastructure protection and resilience and identified key findings.
– Coordinated with State and local partners to pursue focus groups in three additional FEMA Regions (VI, VIII, and IX) this fiscal year.
Findings from this effort will inform programmatic and budgetary decisions: More user friendly, flexible tools More scalable, realistic exercises to help identify interdependencies Tailoring and providing training and capabilities valued by our stakeholders
13
Questions?
(1)The Current Challenge
14
The homeland security enterprise is entering a new stage in its evolution. Focus is shifting to considerations of all-hazards while resources are
becoming increasingly scarce due to the challenging budget environment. Therefore, partnerships of all types must be leveraged to ensure that
resources are utilized in the most effective ways possible.
For more information visit:www.dhs.gov/criticalinfrastructure
Ken BuellPolicy Development and Coordination UnitOffice of Infrastructure ProtectionNational Protection and Programs Directorate