Transcript Document
www.fleetresponse.org Secure Information Sharing Pilot Project January 13th, 2015 1 What are the Goals/Objectives of the Pilot? www.fleetresponse.org • There are five goals for this Pilot: – Leverage existing, proven TSCP process – Test B2B and B2G secure information sharing – Educate public and private sectors on existing and future Use Cases where lack of information sharing hampers operational response – Identify opportunities for future enhancements – Organize work groups to achieve results 2 What is the Pilot Program? Sensitive Operational Data www.fleetresponse.org FWG Data Government WG Participants (States/County) Private Sector WG Participants (Food/Fuel/ Electric) The “Secure Information Sharing Pilot Project” will test the sharing of sensitive operational information via SharePoint portal between lifeline private sectors (food/fuel/electric) with participating States initially utilizing a trusted process that validates user identity. 3 www.fleetresponse.org What Is The Trust Framework? The trust framework is defined as a combination of policy, processes, business rules and technologies that work together to ensure trust between users in order to share digital information. Since there is currently no regional public/private trust framework established between states, cites and the electric sector, the Fleet Response Working Group is leveraging an existing trust framework already in use within the aerospace industry and the US Department of Defense which serves over 50 million users worldwide connected to TSCP’s members 4 Credentialing Levels of Assurance www.fleetresponse.org Protection Strength Level of Assurance (LoA) = How confident I am that I know who is logging into an online system. LoA Credential Type 4 Smart Card: Chip with encryption 3 Two Factor: e.g. Password + one time Text to cell phone Example + Pin Number JeCaMiJe_22 + How and What Identity Information is Provided In person - with inspection of government issued IDs, Finger Prints, Photo, Data Chip on Card Remote – gov’t ID + financial account number with all information verified 2 Strong Password JeCaMiJe_22 Remote – gov’t ID + financial account number with some information verified 1 Weak Password 1234 Remote - self asserted 5 Concept: Regional Private Sector Data Sharing Model • • • • State OEM State DOT State Police State Other Agency www.fleetresponse.org Custom Screens from WebEOC , E-Teams, etc… Regional State OPS System(s) Transportation Police Emergency Management MS Fleet WG’s Regional PIV-I Identity Verification Cloud(s) Custom Screens from OPS Center Systems Electric Sector OPS System(s) Dispatch HR Custom Screens from OPS Center Systems Fuel Sector OPS System(s) Fuel Sector OPS System(s) • • • • Electric Sector Fuel Sector Food Sector Rail Sector Custom Screens from OPS Center Systems Food Sector OPS System(s) Food Sector OPS System(s) Outages 6 Who is Participating in Initial Pilot Thru March 2015 www.fleetresponse.org • States/Localities – District of Columbia (HSEMA, DOT, Fusion Center) – Delaware (Emergency Management) – Maryland (MEMA, Baltimore UASI, Fusion Center, DOT) – North Carolina (Emergency Management) – New Jersey (Northern NJ UASI, Fusion Center, OEM, DOT, OHSP) – New York (NYC OEM) – Pennsylvania (PEMA, Phila-OEM, PUC, State Police, OHS, Montgomery County) – Virginia (VDEM) – West Virginia (Dept. of Military Affairs & Public Safety, Fusion Center, HS/EM) 7 Who is Participating in initial Pilot Thru March 2015 www.fleetresponse.org • Private Sector – Electric Sector (EEI, The Southern Company, Southern Electric Exchange, First Energy, PSEG, Pepco, Central Hudson Electric & Gas, ConED, Dominion Power, PECO Energy) – Financial (Bank of America) – Food (NJ Food Council, Wakefern Foods) – Fuel (Texas Oil & Gas Assoc., CITGO) – Telecom (Verizon) – Higher Ed (GWU, Rutgers) 8 Timeline December 2014- Project Start Date/Cloud Platform Development January-March 2015- Public/Private Training & Cyber ID Issuance, Working Groups (Trust Agreement & Access Control) www.fleetresponse.org March 2015- Initial Pilot for Secure Information Sharing, Secure Information Sharing Pilot Feedback Meeting March-July 2015- Develop Additional Use Cases, More Users per Sector (Public & Private), Changes per Pilot Feedback 9 Initial Pilot Information to Be Shared Non-Sensitive FWG Data Fleet WG Activity Log (12-06-2013 Ice Storm Fleet Movement Data Spreadsheet) www.fleetresponse.org Sensitive FWG Data (National Fleet Coordination Call Database for State Contacts) (Proprietary Private Sector Critical Resource Information- Open/Closed Status- Fuel, Food, Hotels, Pharmacies) 10 www.fleetresponse.org Demonstration 11 www.fleetresponse.org Pilot Project LOGIN Page 12 Pilot Project LOGIN Page www.fleetresponse.org Enter Username & Password to login for NON- SENSITIVE Information CLICK HERE to Use Your CYBER ID (PIVI) card to login for SENSITIVE Information 13 www.fleetresponse.org www.fleetresponse.org www.fleetresponse.org www.fleetresponse.org Sample Fleet WG Activity Log www.fleetresponse.org 12-6-13 Ice Storm Fleet Movement Data Spreadsheet www.fleetresponse.org National Fleet Coordination Process Contacts Spreadsheet www.fleetresponse.org Link to Fleet Response WG Portal www.fleetresponse.org LOGIN w/Guest Account Information www.fleetresponse.org National Fleet Open / Closed App www.fleetresponse.org App Home Screen Fleet - Open/Closed Service www.fleetresponse.org http://youtu.be/ZAK4WicroMc 24 www.fleetresponse.org 25 Pilot Deliverables www.fleetresponse.org • Create a Regional Federated Information Sharing Process & Agreement(s) • Perform and document the results of the Pilot Project • Form Working Groups • Engage private and public sector operations professionals • Expand upon the information being shared in the portal 26 Participant Activities Activity Issue PIV-I credential Issue userid/pw FWG Credential Log in and access information Provide User experience Feedback Join Working Group(s) www.fleetresponse.org Attend Pilot Workshop Participant When X X X Jan - March Feb March X X X March March March-April 27 Volunteer for Working Groups • Trust Agreement Working Group • Lead: Shauna Russell – [email protected] • Create draft regional user agreement(s) that defines the necessary liability model, T&Cs, security rules, privacy rules, etc. www.fleetresponse.org • Access Control Working Group • Lead: Steve Race – [email protected] • Define the processes needed to ensure the proper people access the proper information 28 Next Steps • Conference Call – 1/21/2015 at 10:00am ET • Verify your CYBER ID (PIV-I) card works – No issues with your machine – You have access to the TSCP – You have access to Fleet WG portal • Need Assistance? – Technical www.fleetresponse.org • Jim Cox, 301-639-9320, [email protected] – Non-Technical • Angie Wanger, 240-285-3276, [email protected] 29 www.fleetresponse.org 30 www.fleetresponse.org 31 www.fleetresponse.org 32 www.fleetresponse.org 33 www.fleetresponse.org 34 www.fleetresponse.org 35