Transcript Slide 1

The Office of Infrastructure Protection
National Protection and Programs Directorate
Department of Homeland Security
Critical Infrastructure Protection: Program Overview
Urban Area Security Initiative Conference, Columbus, OH
May 23, 2012
Agenda
Mo
 Historical Perspective
 Risk Management Framework Implementation
 Current Environment
 Key Initiatives
The Current Challenge
The homeland security enterprise is entering a new stage in its evolution.
Focus is shifting to considerations of all-hazards while resources are
becoming increasingly scarce due to the challenging budget environment.
Therefore, partnerships of all types must be leveraged to ensure that
resources are utilized in the most effective ways possible.
Presenter’s Name
June 17, 2003
2
Historical Perspective
When the Department of Homeland Security (DHS) was established in 2002, it
faced distinct challenges with regards to the protection and resilience of
critical infrastructure:

Other DHS components, such as the Federal Emergency Management Agency
(FEMA) and the U.S. Coast Guard (USCG), already had a well defined mission
space and implementation processes were functioning;

Critical infrastructure protection and resilience was generally a new mission area
and required the establishment of implementation mechanisms; and

The establishment of a governance structure was necessary in order to reach the
network of critical infrastructure protection and resilience partners in the private
sector and at all levels of government.
3
Critical Infrastructure Authorities
 Critical Infrastructure: 42 U.S.C. 5195c (e) defines the term “critical infrastructure” as the
“systems and assets, whether physical or virtual, so vital to the United States that the incapacity
or destruction of such systems and assets would have a debilitating impact on security, national
economic security, national public health or safety, or any combination of those matters.”
 Policy of the United States: 42 U.S.C. 5195c (c) establishes that it is the “policy of the United
States … that any physical or virtual disruption of the operation of the critical infrastructures of
the United States be rare, brief, geographically limited in effect, manageable, and minimally
detrimental to the economy, human and government services, and national security of the
United States…”
 Homeland Security Presidential Directive 7 – Critical Infrastructure Identification,
Prioritization, and Protection (HSPD-7): Establishes a national policy for Federal
departments and agencies to identify and prioritize critical infrastructure and to protect them
from terrorist attacks (now all-hazards) and established the original 17 (now 18) critical
infrastructure sectors.
 National Infrastructure Protection Plan (NIPP): Provides the unifying structure for the
integration of efforts for the enhanced protection and resilience of the Nation’s critical
infrastructure.
4
NIPP Risk Management Framework
Risk management framework:


Integrates and coordinates strategies, capabilities, and governance
to enable risk-informed decision making related to the nation’s critical
infrastructure
Six interrelated activities to continuously enhance the protection of
critical infrastructure
5
Risk Management Framework Implementation
To effectively implement the risk management framework and help critical
infrastructure protection and resilience partners make risk-informed
decisions, the following were developed:
Governance
Structure
Allows the Department to communicate with both public and
private sector partners.
Information
Sharing
Creates a nationwide network in which partners may effectively
collaborate to prepare for, protect against, respond to, and
recover from all-hazards.
Assessments &
Analysis
Establishes threats, vulnerabilities, and consequences for
individual and clustered critical infrastructure to develop
applicable security measures.
6
Current Environment
The critical infrastructure protection and resilience mission has become more
dynamic while resources are being decreased:




There is increased emphasis on all-hazards.
Cyber risks are more prevalent.
Climate related risks are receiving more attention.
There is increased focus on providing justification for how resources are utilized.
To meet these challenges, we must gather risk-informed requirements for our
programs that will allow us to make investments that truly support our
partners. In order to do this, we are implementing mechanisms that will:



Define the risk-informed outcomes we want to achieve.
Develop metrics to determine if we are meeting those outcomes.
Use information generated through the metrics to make decisions about how our
programs will get us closer to the outcomes we want to achieve.
7
One IP Objectives
Objectives
Example Implementing Mechanisms
Strengthen partnerships and
information sharing capacity
–
–
–
–
Provide partners with the
programs and tools they need
– Regional Resiliency Assessment Program
(RRAP)
– Fusion Center engagement
– Stakeholder Input Project
Measure program effectiveness so
that efforts can be improved
– Sector Annual Reports
– National Annual Report
– Critical Infrastructure Risk Management
Plan
Protective Security Advisors
Sector Partnerships
Information Sharing Environment
State and local partners
8
CIRMEI: Risk-informed Resource Allocation
Understand risks to
critical infrastructure
Assess impact of
activities
Feedback
Loop
Adjust resources
accordingly
Develop plan to
address gaps
9
A Regional Approach
To advance the Assistant Secretary’s vision, Secretary Napolitano’s “One
DHS” agenda and the critical infrastructure mission, NPPD/IP is collecting
regional requirements and will adjust programs to meet those requirements.
A regional approach is necessary because:
»
Critical infrastructure assets, systems, functions, and networks cross
jurisdictional boundaries
»
The types, integration, and concentration of assets vary across regions
»
Risk landscapes and resources vary region-by-region
»
All incidents begin and end in local communities
»
The effectiveness of protection and resilience activities is best measured by
their impact on stakeholders in communities across the country
10
Regional Initiative Approach
NPPD/IP Core Mission Areas
Partnership
Support
Regulatory
Assessing
Security and
Resiliency
Requirements
Information
Sharing
Analysis
Region-Specific
Mission
Requirements
Federal
Regions
I
II
III
IV
V
VI
VII
VIII
IX
X
August 2011
August 2011
FY 2013
February 2012
FY 2013
FY 2012
FY 2013
FY 2012
FY 2012
FY 2013
Critical Infrastructure Mission Partners (Public and Private)
Outcome: A sustainable One IP Framework that will enable NPPD/IP to
operationalize partnerships and deliver tailored programs to each region.
11
Components of the Regional Initiative
Key Recommendations for NPPD/IP Leadership
1
2
3
Feedback from Outreach
to Private Sector
Infrastructure Owners and
Operators
Feedback from Outreach
to State and Local
Government Partners
Feedback Provided in
Reports by various Partner
and Advisory Councils
One-on-one
interviews with SLTT
critical infrastructure
protection government
officials
Analysis of reports
from partner councils
containing feedback
relevant to service
delivery
Focus group
discussions in
Regional locations
Regional Initiative – Current Status
 As of May 2012, NPPD/IP has achieved the following progress with the
Regional Initiative:
– Received feedback on the status of critical infrastructure protection and
resilience activities in FEMA Regions I, II, and IV from State and local
government partners as well as private sector owners and operators.
– Completed an analysis of 14 relevant reports and white papers submitted to
NPPD/IP on critical infrastructure protection and resilience and identified key
findings.
– Coordinated with State and local partners to pursue focus groups in three
additional FEMA Regions (VI, VIII, and IX) this fiscal year.
 Findings from this effort will inform programmatic and budgetary decisions:
 More user friendly, flexible tools
 More scalable, realistic exercises to help identify interdependencies
 Tailoring and providing training and capabilities valued by our stakeholders
13
Questions?
(1) The
Challenge
The Current
homeland
security enterprise is entering a new stage in its evolution.
Focus is shifting to considerations of all-hazards while resources are
becoming increasingly scarce due to the challenging budget environment.
Therefore, partnerships of all types must be leveraged to ensure that
resources are utilized in the most effective ways possible.
14
For more information visit:
www.dhs.gov/criticalinfrastructure
Ken Buell
Policy Development and Coordination Unit
Office of Infrastructure Protection
National Protection and Programs Directorate
[email protected]