Transcript Critical Infrastructure Protection

Unclassified
Critical Infrastructure Protection
Chuck Whitley
EMS User’s Group
June 9, 1999
 1
PDD-63 (May 22, 1998):
Unclassified
President Clinton’s Goal
“No later than the year 2000, the United States shall have achieved an initial
operating capability and no later than (the year 2003) the United States shall have
achieved and shall maintain the ability to protect our nation’s critical infrastructures
from intentional acts that would significantly diminish the abilities of:



the Federal Government to perform essential national security missions and to
ensure the general public health and safety;
state and local governments to maintain order and to deliver minimum essential
public services;
the private sector to ensure the orderly functioning of the economy and the
delivery of essential telecommunications, energy, financial and
transportation services.”
 2
National Infrastructure
Protection Center
Unclassified

PDD-63, May 22, 1998:
– The NIPC will provide a national focal point for
gathering information on threats to infrastructures
– Its mission includes providing timely warnings of
intentional threats and attacks, producing
comprehensive analyses, and coordinating law
enforcement investigation of and response to threats
and attacks
– The NIPC will support National Command Authority
during a foreign-sponsored attack on U.S. interests
 3
Information Flow
Unclassified
WATCH
CENTER
PRIVATE
SECTOR
ISACs
ANALYSIS
&
WARNING
COMPUTER
INTRUSION
INVESTIGATIONS
FED GOV’T
WARNINGS
ALERTS
ADVISORIES
INTERAGENCY
INVESTIGATION
USG DECISION MAKERS
 4
NIPC Indications &
Warnings Objective:
Unclassified
It is the objective of the NIPC to
develop a national-level system that
provides timely, accurate, actionable
warning of infrastructure threats and
attacks.
 5
NIPC Approach to Achieve Objectives
Unclassified

Immediately develop a tactical warning system
– Warn of threats and imminent attacks at the earliest
possible time
– Achieve in near term

Ultimately develop a strategic warning system
– Seeks to identify as early as possible dynamic features of
a situation that may affect US interests
– Requires participation of Intelligence and Law
Enforcement communities, other government agencies,
and the private sector
– Development will proceed in parallel to tactical system
 6
I&W Schedule
Unclassified
Electric Power,
Telecom
initial Operations
1999
2000
PDD-63
FOC
PDD-63
IOC
2001
2002
2003
 7
I&W Concept
Unclassified
Other
Government
Agencies
Sector
Lead Agencies
Department of
Defense
Intelligence
Community
NIPC
Federal, State, & Local
Law Enforcement
Infrastructure
Owners &
Operators
Warnings
“Indicators”
 8
When to Notify NIPC:
General Guidelines
Unclassified

ASAP after an infrastructure
– Has had significant capability degraded
• Service disruption
• Core capability degraded (e.g., management / control functions)
– Has potential to suffer significant damage or degraded
capability
• If in doubt, err on the side of caution
– Is subject to suspicious patterns of behavior or
responses to control
• Anomalous technical attributes, timing, locations, etc.
 9
Warning Outputs from NIPC
Unclassified

NIPC will disseminate three types of messages:
Advisories will be issued as appropriate when new
information on threats or vulnerability becomes
available.
Alerts will be issued when serious vulnerabilities or
threats are uncovered that threaten infrastructure
operations.
Warnings will be issued when serious, confirmed
vulnerabilities in one or more infrastructure sectors
appear to be the focus of confirmed threat activity.

Initially, NIPC will disseminate these messages through
existing communication channels
 10
Reporting Criteria (Strawman)
Unclassified
 Critical electric power
facilities
– Control Centers
•
•
•
•
Power Pools
Control Areas (~ 150)
Regional/Secuirty Coordinators (~ 22)
Independent System Operators
– Transmission Systems
• HV Substations ( > 230 kV)
• HV Lines ( > 230 kV)
 11
Reporting Criteria (Strawman)
Unclassified
 Critical networks and
systems
– SCADA and Energy Management Systems
– Networks and other systems used for generation
and transmission control
– Networks used for essential communications for
system operation, control, and maintenance
– NERCNet, including the InterRegional Secuirty
Network (ISN)
 12