Embed Size (px)
DESCRIPTION
Citation preview
1
Infrastructure Information Collection Division
Timothy Huddleston
Deputy Director
Infrastructure Information Collection Division
Office of Infrastructure Protection
2
Agenda Office of Infrastructure Protection (OIP)
Infrastructure Information Collection Division (IICD)
Infrastructure Information Collection Program (IICP) Automated Critical Asset Management System (ACAMS) Infrastructure Data Warehouse (IDW) Integrated Common Analytical Viewer (iCAV) Risk Analysis and Management for Critical Asset Protection
(RAMCAP) Vulnerability Identification Self-Assessment Tool (VISAT) Current / End State Next Steps
Questions
3
HSPD-5
HSPD-7
HSPD-8
The Homeland Security Act of 2002 established an Assistant Secretary for Infrastructure Protection, with responsibility for assessing vulnerabilities of key resources and critical infrastructures and developing a comprehensive national plan. In 2006, P.L. 109-295, Section 550 directed regulation of high risk chemical facilities.
HSPD-9
Office of Infrastructure Protection (OIP) Strategic Drivers
National strategies for Homeland Security, Cyber Security, and Physical Protection of CI/KR provided high level goals and priorities for the Office of Infrastructure Protection
HSPDs 5-9 & 19 provide inter-related and focused policy guidance in the areas of incident management, critical infrastructure protection, and national preparedness. HSPD-7 is a central policy driver of IP plans and programs
Secretary’s 2nd Stage Review
“2SR” established the Preparedness Directorate, which aligns IP with other DHS preparedness partners
The 2005 hurricanes affirmed the Preparedness Directorate’s important mission and IP’s central role in preparedness
HSPD-19
4
OIP’s Vision, Mission, and GoalsVISION: A safe, secure, and resilient national
infrastructure through public and private partnerships.
MISSION: Lead the coordinated national effort to
reduce the risk to our critical infrastructures and key resources posed by acts of terrorism, as well as enable national preparedness, timely response and rapid recovery in the event of an attack, natural disaster or other
emergency.
GOALS:1. Understand and share risk and other
information about terrorist threats and other hazards to our national CI/KR.
2. Build and sustain effective CI/KR partnerships and coordination mechanisms.
3. Build and implement a sustainable, national CI/KR risk-management program.
4. Ensure efficient use of resources for KI/KR risk reduction.
5. Provide a foundation for continuously improving national CI/KR preparedness.
6. Promote an OIP culture of organizational excellence and a quality work environment that value and support our workforce.
Mission
Vision
Goals
5
NIPP Operational FrameworkAs the operational framework for IP activities, the NIPP will:
Detail the national architecture we will use to protect our CI/KR sectors (governance, information sharing, risk analysis, protective measures, and performance measurement)
Provide a clear division of labor between IP and our Federal State, local, tribal, and private sector partners
Form the basis for a risk-based CI/KR protection requirements determination and prioritization process
Inform the annual Federal budget process in the IP mission area
Physical
Physical
Human
Cyber
AssessRisks
(Consequences,Vulnerabilities
& Threats)
ImplementProtectivePrograms
Measure Effectiveness Prioritize
IdentifyAssets,
Systems, Networks,
and Functions
SetSecurity
Goals
The NIPP’s risk management framework establishes the process for combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of national or sector risk that drives CI/KR risk reduction activities.
Continuous improvement to enhance protection of CI/KR
6
HITRACChemical Security
Compliance Division
• Implement chemical sector security legislation
• Regulate security activities for chemical industry
• Oversee inspector cadre
• Review chemical site security plans, conduct inspections, and audit sites
Infrastructure Information Collection Division
• Infrastructure information Collection Program
• Infrastructure Critical Asset Viewer
• Collection Management
• Geospatial Support
• National Infrastructure Inventory
Infrastructure Analysis & Strategies Division*
• National Infrastructure Simulation & Analysis Center
• Strategic Homeland Infrastructure Risk Assessment
• Tier 1 & 2 Analysis• Sector Assmts• Committee on
Foreign Investment in the US Support
• Red Team• S&T Liaison
CI/KR Protective Security
Coordination Division
• Protective Measures
• Protective Security Advisor
• Buffer Zone Protection Program
• Comprehensive Review
• Office for Bombing Prevention
• Site Assistance Visits
CI/KR Contingency Planning and
Incident Management
Division • National Infrastructure
Coordinating Center• Plans• Training• Readiness/Continuity
of Operations• Exercises• Incident Management
Support
CI/KR Partnership and Outreach Division
•National Infrastructure Protection Plan Program Management Office•NIPP Metrics•NIPP Education & Awareness•Protected Critical Infrastructure Information•National Infrastructure Advisory Council•Critical Infrastructure Warning Information Network•Homeland Security Information Network-Critical Sectors•Sector Coordination
- - - - - - - - - - - - •Sector Specific Agencies
•Dams•Chemical•Nuclear•Emergency Services•Commercial Facilities
Office of the Assistant Secretary for Infrastructure Protection
*Note: The Infrastructure Analysis & Strategy Division represents a partnership between OIP and the Critical Infrastructure Threat Analysis Division within the Office of Intelligence and Analysis. This partnership, named HITRAC, is led by M.Smislova (I&A) and B.Wales (OIP) serves as D.Director.
OIP Structure
7
IICD’s Vision, Mission, and GoalsVISION:
Provide the DHS enterprise solution for the collection and sharing of infrastructure data Create more relevant infrastructure
information Develop persistent awareness of the
nations infrastructure (support to the NICC)
Enable timely decisions to protect, secure, analyze, and restore the nations infrastructure
Enable informed actionable decisions to protect, secure, analyze, and restore the nations infrastructure
MISSION:
Lead the Department’s efforts to provide standardized, relevant, and customer-focused infrastructure information to homeland security partners.
GOALS:
1. Ensure infrastructure information collection processes, procedures, and tools support the implementation and sustainment of a comprehensive risk-management program
2. Develop an infrastructure information collection management process to coordinate requirements to support our mission partners and customers.
3. Provide leadership, collaboration, and support in establishing partnership within the infrastructure information management community .
4. Ensure appropriate open access to OIP CI/KR infrastructure information
5. Instill discipline in the design and implementation of processes and technologies to collect infrastructure information
6. Provide a work environment that values and encourages our workforce and drives organizational excellence
Mission
Vision
Goals
8
IICD Organization Roles & Responsibilities
Administrative AssistantAdministrative AssistantAdministrative AssistantAdministrative Assistant
Division DirectorDivision DirectorDeputy Division DirectorDeputy Division Director
Mission Management: Develop policies and procedures for the submission and dissemination of infrastructure data
Requirements Management: Establish and implement a Requirements Process and approval board to consolidate and prioritize information and intelligence requirements. Defines ‘what’ to collect
Collection Management: Establish and implement a process for collection of information based on requirements and available resources; identify sources of industry-accepted information. Defines ‘how’ to collect data.
Establish data format standards to facilitate information collection, exchange, and dissemination
Coordinate with external partners (SASSD, PSCD) to disseminate information and ensure requirements are met
Provides capability and functionality requirements, and data standards to for tool design and development.
IT/System support to ensure coordination and integration of projects with DHS-level IT requirements. Includes
Enterprise Architecture Certification & Accreditation Approval Board (EAB, ERB)
Project Evaluation and Assessment supports PMs and COTRs is managing contract costs and schedules, establishing performance-based metrics and milestones, and coordinating with DHS PA&E to achieve project approvals
Business Support Team: Develops division funding requirements for out-years and implements procurement actions.
Human Resource support to ensure personnel vacancies are filled with qualified applicants; coordinates professional development and training courses for employees.
Policy Support: Field external information requests and assists in developing strategic guidance/ vision
IICP Program IICP Program Management OfficeManagement Office
Information Management Information Management BranchBranch
Mission Support Mission Support BranchBranch
Manage development of the Geospatial tools to support DHS’ Infrastructure Protection, Security, and Restoration mission areas.
Provide PM support for iCAV.
Provide geospatial services to IP:
Analysis
Production
Training Contract GA Support - (ESRI) Collaborate with the DHS GMO
to establish geospatial data format standards to facilitate information collection, exchange, and dissemination
Identify and prioritize capability and functionality requirements for tool development.
Project Task Managers and COTRs manage program and contract schedules and costs using EVMS.
Develop and implement procurement actions to enable tool development.
Geospatial Program Geospatial Program OfficeOffice
Manage infrastructure information collection programs and the projects to development and maintain their respective technology components:
Assessment Tools User Interface Data Warehouse Systems Integration Help Desk Support
Develop a process-oriented approach for tools requirements and align with data classifications and policies specified by the Information Management Branch
Manage the integration of infrastructure information collection tools and all investment documentation requirements
Develop and implement procurement actions to enable tool development.
Support the technological development of IICP tools and integration with project management disciplines, including EVMS.
DSs
9
Overview of Risk Analysis
CONSEQUENCE (C)
(a.k.a. Criticality) – Estimate of what could happen to people, the
economy, national psyche, or mission
capability
VULNERABILITY (V)
Estimate of how easy or difficult it would be to successfully attack the asset and, in so
doing, yield the most severe consequences
THREAT (T)
Application of threat to the asset, in terms of enemy Capability and Intent, well-informed by both consequence & vulnerability values
“[W]e cannot protect every single person against every single threat at every moment and in every place. We have to, with our finite resources
and our finite number of employees, we have to be able to focus ourselves on those priorities which most demand our attention. And that means we have to focus on risk. And what does that mean? It means we look to consequence, it means we look to vulnerability, and it means we
look to threat.” Secretary Chertoff, July 25, 2005
10
Infrastructure Information Collection Program (IICP)
Collects, catalogs, and maintains standardized and quantifiable risk-related infrastructure information to enable the execution of national risk management.
IICP will integrate at least four existing projects to reduce duplication and facilitate information collection through the implementation of a distributed architecture Automated Critical Asset Management Systems (ACAMS)
Web-based tool enabling collection of infrastructure and risk information from Owners/operators, law enforcement and first responders at State and Local level
Vulnerability Identification Self Assessment Tool (VISAT) Tool for owners/operators of non-complex assets to assess their facility risk through
standard methodologies and common metrics to enable cross-sector comparisons
CI/KR Risk Assessment Methodology Technology Implementation Implementation of sector specific methodologies into tools to support within sector risk
analysis and the collection of asset information
National Asset Database (NADB) Repository of infrastructure information
11
IICP Planned Capabilities A focused CI/KR information management system in which quantifiable
variables required for risk analysis, CIP planning, and decisions are collected, consolidated, and presented to inform DHS leadership and other CIP partners
Capabilities and Functions: Integrates existing collection processes Drive asset information collection through standard risk methodologies Data standards established for information collected Incentives to CI/KR owners and operators to submit information on their
assets Infrastructure data is accessible via a common graphics user interface Infrastructure data is accessible to meet the mission requirements of DHS
components and inform long term CIP strategic planning Establish requirements-based Collection Management process Geospatially enabled with integration into iCAV
12
Constellation / ACAMS Constellation/ACAMS is a web-enabled system focused at the state
and local level for the collection and effective use of asset data, protection information, and incident response and recovery plans pertaining to infrastructure. Purpose to facilitate the identification, prioritization and collection of CI/KR
assets.
Focus on collecting and communicating necessary local information required by incident commander both pre-incident (protection plans, operational guides) and post-incident (response, recovery)
Program capabilities include: Comprehensive Training program
Open source information and news feeds (Constellation)
Library of vulnerability and risk assessments and reports
Information to support strategic planner and tactical commanders
14
Constellation/ACAMS Incorporates these Principles in an Information System for Identifying, Prioritizing
and Cataloging Critical Assets – Focusing on the Information Needed by First Responders:
Inventory Process
Asset Management
Questionnaire Stage
Initial Assessment Visit
Highly
Critical
Assets
Non -Critical
And Uncategorized
Assets
Small Number of
Critical
Sites – Highly
Detailed
High Number of
Sites - Only
Basic Information
Collected
Buffer
Zone
Plan
15
Constellation / ACAMS System is operational in CA, with a limited pilot expansion that
began in October 2006. Representatives from 25 States have attended training
“Train the Trainer” curriculum under development
National roll-out will facilitate future data calls or DHS information requests to State and Local jurisdictions.
System integration with IICP capabilities will enable more efficient analysis for determination of inclusion of infrastructures in the Tier One/ Two program
16
Trained by State – near future
480
36
12
345
12
415
410
51
DC (48)
MD (9)
MA (35)
7
11
3
2
CT (4)
9 4
24
10
5
DE (7)
5
5
5
5
769 Trained by AUG 07
17
Using a distributed architecture, the IDW evolves from the National Asset Database (NADB) to integrate independent databases Provides for a more robust and complete data set Reduces duplication of effort and distributes information maintenance
Primary repository of the knowledge necessary to implement risk-informed infrastructure and resource protection activities
The IDW contains: A comprehensive catalogue of the assets that comprise the Nation’s
infrastructure All pertinent information about those assets (e.g. address, facility type, owner’s
name and phone number, consequence and vulnerability information) These items can be quickly searched in a variety of manners to
support rapid identification of those assets of greatest interest or at the greatest risk depending on the circumstances
Establishing a collection management process to collect infrastructure information based on stakeholder requirements
Integrated Data Warehouse (IDW)
19
Sources of Information DHS is employing a multi-pronged approach to populate the IDW
with data about the nation’s infrastructure and resources: Formal data calls to States and Territories Identification and integration of existing federal agency databases
National Inventory of Dams (NID) Risk Management Plan (RMP)
Incorporation of information collected as part of other DHS initiatives, such as: Automated Critical Asset Management System (ACAMS) Risk Analysis and Management for Critical Asset Protection (RAMCAP) Site Assistance Visits Buffer Zone Protection Plans Comprehensive Reviews
Collection of voluntary private sector and industry input Procurement of commercial and private databases
Homeland Security Infrastructure Program (HSIP)
Information not received as part of other DHS initiatives is validated for accuracy
20
GCOA Report
21
Risk Analysis and Management Technology Implementation (RAM-TI) The RAM-TI program are tools for private sector owners and operators to assess
facility risk through standard methodologies and common metrics to enable cross-sector risk comparisons.
RAM-TI includes:
Risk Analysis and Management for Critical Asset Protection (RAMCAP) to assess complex infrastructures
Vulnerability Self Assessment Tool (ViSAT) methodologies and standards to assess non-complex infrastructures.
Sector –specific methodologies as identified by the SSA (JATT, RAM-W)
Five RAMCAP Technical Specification documents written for: Commercial Nuclear Power
Nuclear Spent Fuel
Petroleum Refineries
Two RAMCAP Technical Specification documents in development: Dams, Locks and Levees / Water Sector
Chemical Manufacturing
LNG storage
22
Integrated Common Analytical Viewer (iCAV) Integration Platform
Enhanced with a Services Oriented Architecture (SOA) approach, iCAV provides a consistent geospatial context for viewing threat, asset and vulnerability information.
Geospatial Capabilities
Based on ESRI Products, iCAV is a web-enabled, DHS-owned analytical Geospatial tool
Licenses
In partnership w/ NGA, data is licensed to “Homeland Security / Homeland Defense Partners”
Common View
Permitting state and local users access to iCAV provides a common view of geo-referenced information and helps reduce inconsistencies
Service Platform
Web services deployed from iCAV allow integration with other SOA-enabled system
Role Based
iCAV provides the capability to permit or restrict access to specific layers of data based on a variety of criteria including user, location as well as business rules presented by remote systems
Providing operational, situational and strategic awarenesscapabilities for Preparedness, Response & Recovery
supporting the Homeland Security Mission
23
iCAV Users / Integration
Vertical IntegrationDHS
Federal Situational Awareness
National Asset Information
State EOC
Fusion Centers
Local First Responders
Local Law Enforcement
Horizontal IntegrationDHS – Multi Component
Situational Awareness
Event & Activity Data
State EOC/Fusion Centers Situational Awareness
State monitored activities
Local First Responders Response/Recovery Resource
Coordination
24
Geospatially Integrate DHS Databases Integration of DHS Databases
iCAV/HSIP IICP Master Watch Control Log NBIS Lite COP LENS NGA, USGS, FEMA Web Mapping Services Additional Integration w/ Sensors, Data and Video
Establish Inter-system Governance Define rules to expand our ability to share data Defined user profiles
Establish Initial Identity Management Capability iCAV system leverages the authentication capabilities of the Homeland
Security Information Network (HSIN). A single sign on for ease of use
25
iCAV Viewer showing full global view. Critical Infrastructure Categories in left hand column
26
NBIS Lite Integration NBIS - Bio-surveillance data on H5N1 detection based on open source information.
27
LENS Integration - Regional US View showing locations of completed Buffer Zone Protection Plans, Comprehensive Reviews, Site Assistance Visits and other PREP/OIP/RMD products.
28
Clicking a BZPP Icon launches LENS showing the actual reports for that particular asset.
29
Hurricane support - Hurricane data obtained from NOAA resulting in a forecast cone for Alberto,
2006
30
Hurricane data for Alberto overlaid with Nuclear Power Plants. Used to produce impact reports.
31
Real time video integration – iCAV showing locations of static video cameras as well as UAV video feeds
32
Clicking a camera icon retrieves and displays the video from the source camera or UAV
33
NOC COP integration - iCAV integrated as the Geospatial platform for the DHS National Operating Center COP
34
IICP System Current State A coherent plan to move forward with system integration
Includes functional requirements for systems integration
ACAMS
ViSAT S/W
Security Everywhere
ANL
Rapid Ingest process
ORNLiCAV @ Stennis
PSC
LENS
IDW
LandScan
CSAT S/W
Unique ID
35
IICS End State FY08 (IOC)
Enterprise Service BusCore messaging and interaction
services are provided by a single set of integrated components
Geospatial ViewerSupports multi-perspective, multi-device
location-based end user interfaces.Common, interoperable geospatial functionality is
packaged as discrete services which can be reused across the Department
Process ManagementUtility services are invoked in a particular sequence
to provide meaningful location-based business functionality
Utility ServicesCommon, interoperable tool functionality is
packaged as discrete services which can be reused across Federal, State and Local governments and
sectors
System IntegrationAccess to DHS and HLS enterprise
geospatial applications and data sources is provided via
standards-based interfaces
NOC COP
ViSAT Sector RAT State VATOthers
Services
Analytical Tools PDA
DAMS / RAM-W
Enterprise CoverageRepositories
OpsData
Infrastructure Situational/Strategic Awareness•Preparedness/Risk•Incident Reporting•Threat Analysis•Response/Recovery
Lexis Nexis
Sector DB LENS Imagery ElevationNICCNOC COP
USACE
GIS-Analysis/Mapping (iCAV)(Unclas/Secret/Top Secret)
Future integration – Development by DHS, NGA, National Labs etc
Threat
iCAV - Current Implementation
ACAMS
LandScanHSIPGold
EnterpriseInfrastructure
Data Warehouse
Orchestration Transformation Security Management Transport
PresentationSmooth user feel, easily downloadable products,
and role based
Common Graphics User Interface•Single Sign On to multiple tools•Secure Web Based Portal•Intuitive Navigation•Google like search/categorization
37
IICP Next Steps IICP System Integration
Plan completed by 18 May 07 Immediate implementation 1 Jun 07
Data integration Work with DHS components, States, SSAs to identify additional data
integration and utilization requirements
iCAV System Enhancement Fully implement a Services Oriented Architecture (SOA) fulfilling mission
requirement for collaboration Continue ACAMS integration (expected completion 15 July)
Training Continue ACAMS Train-the-Trainer curriculum development Develop CBT ACAMS refresher training IICP System training
Roll Out Continue limited National roll out
38
Questions?
