DHS Shares “Partnership Quarterly” News

The Partnership Quarterly includes critical infrastructure security and resilience articles, highlights cross-sector initiatives, and identifies training and exercise opportunities, new tools, and resources.  Below are this edition’s articles:

Critical Infrastructure Security and Resilience Month

November is Critical Infrastructure and Resilience Month

Message from Caitlin Durkovich, Assistant Secretary for the Office of Infrastructure Protection – Critical Infrastructure Security and Resilience Month Toolkit Now Available!

November is Critical Infrastructure Security and Resilience Month and I am asking for your assistance in amplifying the message of how critical infrastructure security and resilience is a national priority in building a safer and more secure Nation.

I invite you to visit the Critical Infrastructure Security and Resilience Webpage to download the toolkit. Once again, it contains suggestions on how to engage partners, answers to frequently asked questions, and social media resources; as well as updated templates for written documents such as a press releases, blogs, newsletter articles and proclamations. Read the presidential proclamation.

During November, we are focusing on engaging and educating public and private sector partners about the systems and resources that support our daily lives, to include energy, water, transportation and communications. We are sharing this toolkit and asking for your participation to serve as force multipliers, because we know that when it comes to the security and resiliency of our infrastructure, no one entity can do it alone and that all of you are critical voices of credibility in your local communities.

Highlighting the importance of critical infrastructure security and resilience can be straightforward. Adding a story in an internal newsletter, pushing messages via a blog or on social media, talking about the importance of infrastructure resiliency to your stakeholders, and encouraging elected and community leaders to support efforts related to managing risks can go a long way to creating a more resilient Nation.

Thank you in advance for continuing to work in partnership with DHS and the Federal government. Together we recognize that securing critical infrastructure is a national priority that requires planning and coordination across the whole community. All levels of government and the private sector must continue to work together to address risks to our infrastructure and to ensure that we build in security and resilience for future generations.

Secretary Johnson and Assistant Secretary for Infrastructure Protection Durkovich Ring in Critical Infrastructure Security and Resilience Month

On October 30, 2015, Office of Infrastructure Protection (IP) Assistant Secretary Durkovich joined Secretary Johnson at the New York Stock Exchange to draw national awareness to the transition from Cyber Security Awareness Month to Critical Infrastructure Security and Resilience Month.

During the visit with the Stock Exchange, they met with members of the Bankers and Brokers Group, which includes chief security officers for some of the world’s largest financial companies. They were particularly interested in learning more about the connection between cybersecurity and critical infrastructure security, as well as how to develop a qualified cybersecurity future workforce in schools and universities.

Regional Director for IP’s Protective Security Advisor (PSA) Program Frank Westfall, helped arrange the event through his ongoing relationship with the Stock Exchange. IP has PSAs in every state in the U.S. who work closely with critical infrastructure partners in their regions to advocate the use of tools, technology and procedures that can make infrastructure more resilient against a wide range of evolving risks. These and other voluntary partnerships with the public and private sectors have proven to be a key to implementing the DHS mission over the past 12 years.

Secretary jay Johnson and Assistant Secretary Caitlin Durkovich ring in Critical Infrastructure Security and Resilience MonthFrom left to right: DHS Protective Security Advisor Frank Westfall, NYSE Employee Jody Gilardi, Assistant Secretary for Infrastructure Protection Caitlin Durkovich, Secretary of Homeland Security Jeh Charles Johnson, and New York Stock Exchange President and CEO Tom Farley.

Protected Critical Infrastructure Information Program Marks 10 Years

The Protected Critical Infrastructure Information Program (PCII) reached an important anniversary in September, commemorating 10 years collecting data, and connecting all levels of government and industry to facilitate information sharing of valuable critical infrastructure information in a secure environment.

For 10 years, the Department of Homeland Security has built a nationwide PCII Program with strategies to serve our critical infrastructure community. More than 10,000 PCII Authorized Individuals use the PCII Program for countless critical infrastructure programs that protect food and agriculture, communications, the electric grid, healthcare, manufacturing, commercial facilities, water facilities, energy, transportation, national events, and our national monuments and parks.

A major accomplishment in the program’s first decade is the creation of trusted collaborative environments. Members from diverse communities have developed relationships built on trust and they continue that relationship building by sharing exceptional data to enhance their plans for protecting critical assets. Shared data analytics add value to decision-making capabilities such as those designed for risk management and the level of protection required for continuity of operations, recovery, and resilience.

As a result of this impressive collaboration, the PCII program has been able to accomplish the goal of providing nationwide uniformity in the protection of sensitive critical infrastructure information, enabling an increasingly connected critical infrastructure community that can share valuable information in secure environments. Within the next decade, the PCII Program will continue to evolve and implement innovations to benefit both government and industry.

“Looking to the future, the PCII Program intends to develop strategies for automated sharing, creative oversight, and encouraging and facilitating partnerships to meet the daily challenges of integrating PCII into critical infrastructure programs,” said Tammy Barbour, Program Manager for the PCII Program. “Working together, all levels of government and industry have the ability to implement methods that sustain our citizens’ confidence in the nationwide systems and assets that safeguard our economy, public welfare, and national security.”

DHS Participates in Gulf Cooperation Council, Counterterrorism and Border Security Forum

Department of Homeland Security Office of Infrastructure Protection, Deputy Assistant Secretary, Robert Kolasky, was part of a U.S. Government delegation to Riyadh, Saudi Arabia, on August 17-18, 2015, and participated in a forum with member states of the Gulf Cooperation Council (GCC), including Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates.

The DHS delegation, which included counterterrorism experts from Customs and Border Protection, Transportation Security Administration, Immigrations and Customs Enforcement and United States Coast Guard provided an opportunity to discuss regional security concerns – including aviation and border security, countering violent extremism, foreign fighters, countering improvised explosive devices (IEDs), and critical infrastructure security and resilience – with GCC member states.

Kolasky outlined the U.S. approach to critical infrastructure security and resilience at the event, including highlighting the Department’s infrastructure security strategy to risk management, public-private partnerships, information sharing, and the benefits of an all-hazards approach. Gulf country representatives discussed challenges presented by attacks on oil infrastructure, IEDs, cybersecurity, nuclear facility security, emerging challenges in space, and the pirate hazard off the coast of Yemen.

“At the end of day, the most memorable part was the spirit of cooperation amongst the seven countries that participated as well as the urgency of the imperative to counter terrorism in both the Middle East and in the United States” said Kolasky. “It was heartening to see the degree to which international partnerships already exist while recognizing that we need to do more, working together, to deter and eventually defeat emerging and enduring terrorist groups.”

As a result of the forum, increased focus on critical infrastructure security between the United States. and the GCC will include ideas for sharing information and best practices regarding critical infrastructure security and resilience; additional meetings between the United States and the GCC Committee for the Protection of Petroleum, Industrial, and Vital Installations to exchange information and best practices; and U.S. government participation in a counter-IED conference in Bahrain this November.

Enhancing National Preparedness to Space-Weather Events

On Thursday, October 29, 2015, the White House Office of Science and Technology Policy (OSTP) Director John Holdren announced the release of the National Space Weather Strategy and the National Space Weather Action Plan. These two documents were developed by an interagency group of experts, with input from stakeholders outside the Federal government, to clearly articulate how the Federal government will work to enhance national space-weather preparedness by coordinating, integrating, and expanding existing policy efforts; engaging a broad range of sectors; and collaborating with international counterparts. Read the White House blog to find out more about the efforts to Enhancing National Preparedness to Space-Weather Events.

Fifth Annual Building Resilience Through Public-Private Partnerships Conference – The Way Forward

Join us in a national dialogue between experts and practitioners from across the homeland security enterprise. Take part in interactive discussions to share and learn how communities around the country are applying lessons learned from past disasters to improve future planning. Explore the important roles of technology, philanthropy, and academia in driving resilience and innovation. Don’t miss this opportunity to connect and collaborate with colleagues from the public and private sectors and strengthen efforts to make our communities more resilient.

Register Today!

  • December 10-11, 2015 Hilton New Orleans Riverside Hotel, New Orleans, La.

DHS Continues Efforts to Quantify and Manage GPS-related Vulnerabilities

Over the past year, DHS has undertaken a significant effort to better understand vulnerabilities linked to the Global Positioning System (GPS) and the positioning, navigation, and timing (PNT) data the GPS system provides to the Nation, including the critical infrastructure community.

DHS is concerned about GPS because, while it is a highly dependable system, its satellite signal is relatively weak, making it easily interrupted by radio frequency interference. Additionally, GPS signals can be manipulated to provide the recipients of PNT data information that is inaccurate. Critical infrastructure is also highly dependent on GPS data, with every sector using GPS in some facet of its operations. The use of GPS for timing is especially concerning because these operations require highly precise information; often have no alternate capability that is independent of GPS-derived PNT; and, in some cases, the IT infrastructure that acquires and uses the GPS signals lacks fundamental information assurance capabilities. Finally, there is also concern stemming from research in the academic community that GPS equipment could experience persistent impacts from manipulated GPS signals.

To address these issues, DHS is testing GPS receivers, focusing on stationary timing equipment to understand their vulnerabilities with initial results expected in the coming months. Second DHS has developed two best practices guides focused on timing receiver operations and expect to publish additional material soon. Finally, DHS is working directly with members of the critical infrastructure community to fully understand how GPS is used and steps that are taken to ensure use of PNT is robust and resilient.

Best practices documents are available via the US-CERT Website or via the GPS community of interest on Homeland Security Information Network. Please stay tuned for more information on this effort in the coming months.

Critical Infrastructure and Climate Adaptation

Reproduced with permission from the CIP Report, August 2015

Addressing the potential impacts of climate change on critical infrastructure requires managing the complex and interdependent risks facing this Nation. Over the past several decades, focus has heightened on changing waterways, shifting temperature patterns, air quality conditions, lost land, extreme weather events, and how these issues are affecting the environment, economy, national security, and overall public wellbeing.

While no single weather event can be attributed directly to climate change, there is broad scientific understanding that it can exacerbate the impact, frequency, and intensity of extreme weather events that do occur. Consider extreme drought conditions: when unexpected heavy rainfall occurs in drought-ridden areas, the desiccated ground is unable to absorb much water, resulting in intense runoff that can overwhelm an area’s capacity to retain water. In such conditions, severe floods—like those experienced in Colorado in 2013—can occur. Other factors, like early snow melt, greater ratio of rain to snow, and greater evaporation, can exacerbate drought severity by robbing the land of a lasting water supply during drier seasons. These shifting weather patterns not only exacerbate extreme weather incidents, but also contribute to broader environmental impacts, such as rising sea levels, saltwater intrusion, harm to fisheries, and loss of land.

Continue reading this article in The CIP Report.

CFATS Personnel Surety Program Information Collection Request Approved

The Chemical Facility Anti-Terrorism Standards (CFATS) Program achieved a major milestone on August 27, 2015, when the Office of Management and Budget (OMB) approved the Department’s Information Collection Request (ICR) for the CFATS Personnel Surety Program. CFATS is a risk-based regulatory program that sets the standards for security at the Nation’s high-risk chemical facilities and personnel surety is a key aspect of facility security.

Approval of the CFATS Personnel Surety Program (ICR will allow the Infrastructure Security Compliance Division (ISCD) of the Office of Infrastructure Protection to work with facilities in CFATS Tiers 1 and 2, those with the highest risk, to ensure that facility personnel and unescorted visitors with access to restricted areas or critical assets at those facilities are vetted for terrorist ties. Many facilities have already made America more secure by putting security measures in place to verify identity, check criminal history, and validate legal authorization to work. The ability to check for terrorist ties is a huge step toward full implementation of the CFATS regulation.

“The CFATS Personnel Surety Program is the product of eight years of extensive dialogue with industry, Congress, and other stakeholders to develop a program that holds security value while also taking into account the unique business circumstances of those we regulate,” said Dave Wulf, Director, ISCD, Office of Infrastructure Protection.

DHS will soon roll out the program to facilities in a phased manner. After an Implementation Notice is published in the Federal Register, CFATS personnel will work directly with individual chemical facilities in Tiers 1 and 2 to supplement security plans to include terrorist screening-related measures. The Department intends to seek approval to collect information from Tier 3 and Tier 4 facilities in a future ICR.

In recent years, the CFATS program has made progress inspecting facilities, approving security plans, and building relationships with Congress, industry, labor, and other stakeholders. The Personnel Surety Program fills the remaining gap in the full implementation of this important national security program.

To download a fact sheet on the CFATS Personnel Surety Program, visit the CFATS Knowledge Center. More information on CFATS is available on the DHS Chemical Security Webpage. Responses to comments received during the public comment periods on the ICR are all posted publicly at the regulations.gov website in docket number DHS-2012-0061. Please direct inquiries to cfats@hq.dhs.gov.

Critical Infrastructure Cyber Community Voluntary Program’s Fall Outreach Lineup

The Critical Infrastructure Cyber Community (C3) Voluntary Program had a number of outreach activities planned for the fall. On October 8, in honor of National Cyber Security Awareness Month, the C3 Voluntary Program participated alongside representatives from the National Cyber Security Alliance, the Council of Better Business Bureaus, and the Federal Trade Commission in a Webinar entitled, “Creating a Culture of Cybersecurity at Work.” The C3 Voluntary Program highlighted the Small and Midsize Business (SMB) Toolkit, a suite of resources designed to help SMBs recognize and address their cybersecurity risks and tools business leaders can use to discuss cybersecurity with their workforce.

The SMB Toolkit was also featured at two SMB Roadshow events this month. The C3 Voluntary Program and DHS Private Sector Office launched a series of nationwide events, aimed at increasing cybersecurity awareness, risk management, and use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework among our Nation’s SMB leaders. On October 6, the SMB Roadshow made an appearance at the Fourth Annual U.S. Chamber of Commerce Cybersecurity Summit in Washington, D.C. The SMB Roadshow continued on October 16, with an appearance at Roger Williams University School of Law Cybersecurity and Law Enforcement Conference in Rhode Island. The final event in the series was held Nov 3-4, 2015 in San Diego, Calif.

For more information about upcoming events and the SMB Toolkit, visit Voluntary Program Webpage or e-mail ccubedvp@hq.dhs.gov.

Second Edition of the National Preparedness Goal Released

The DHS Federal Emergency Management Agency (FEMA) and its partners released the Second Edition of the National Preparedness Goal which describes a vision for preparedness nationwide and identifies the core capabilities necessary to achieve that vision across the five mission areas: Prevention, Protection, Mitigation, Response and Recovery. The goal itself is succinct and remains unchanged:

“A secure and resilient nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk.”

The Second Edition of the National Preparedness Goal represents a refresh from the 2011 version and incorporates critical edits identified through real world events, lessons learned, and continuing implementation of the National Preparedness System. In refreshing the National Preparedness Goal, FEMA and its whole community partners, including individuals, communities, the private and nonprofit sectors, faith-based organizations, and all levels of government, focused on assessing the existing core capabilities. Resulting updates to the core capabilities include changes to select titles and definitions and the addition of one new core capability—Fire Management and Suppression.

Changes made to the core capabilities will be reflected in the ongoing refresh efforts of the National Planning Frameworks and Federal Interagency Operational Plans for each of the mission areas.

For a copy of the document and related resources, go to FEMA’s National Preparedness Goal Webpage.

DHS and EPA Tour Loudoun Water Potomac Water Supply Facility

American Water Works Association and Loudoun Water invited colleagues from the U.S. Department of Homeland Security Office of Infrastructure Protection (IP) and the U.S. Environmental Protection Agency (EPA) to tour the new Loudoun Water Potomac Water Supply construction project in Loudoun County. IP Assistant Secretary Caitlin Durkovich, Sector Outreach and Programs Division Director Linda Solheim and staff from the Dams Sector, Water Sector, the Office of Cyber and Infrastructure Analysis as and EPA participated in the tour which offered a rare opportunity to see first-hand the construction of the new Potomac River intake, a raw water transmission line and water treatment plant.

Entrance to the new Potomac River Intake
Entrance to the new Potomac River Intake. Source: DHS Photo

By 2040, the demands of Loudoun Water customers will increase by 40 million gallons per day. In order to meet this demand, Loudoun Water is investing in the development of its own infrastructure and water supply providing for a reliable, sustainable, and secure water supply for their customers.

The tour highlighted the innovative approaches Loudoun Water is taking to increase storage capacity while protecting the delicate ecosystem of the Potomac River and the designs being utilized to address aesthetics and functionality while maintaining reliability. Topics such as regional water supply, regulatory compliance, construction, security, and finance were also discussed.

Governments and Businesses Discuss Managing Cyber Risk at New Jersey C3 Voluntary Program Event

On September 16 and 17, the Critical Infrastructure Cyber Community (C3) Voluntary Program and the New Jersey Office of Homeland Security and Preparedness (NJOHSP) came together for a two day event to discuss the cybersecurity risks faced by State, local, tribal, and territorial (SLTT) governments and small and medium-sized businesses (SMB), as well as to highlight resources to help organizations identify and mitigate those risks. More than 145 attendees, representing governments and enterprises around the Nation, descended on Hamilton, New Jersey for the event. An additional 45 audience members attended virtually, via webinar.

The workshop opened with welcome remarks from NJOHSP Director Chris Rodriguez, who highlighted New Jersey’s efforts to address cyber threats, specifically through the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), the state’s “one-stop shop” for cybersecurity information sharing, threat analysis, and incident reporting. Mr. Chris Duvall, Section Chief of DHS Cybersecurity and Communications Industry Engagement and Resilience branch, familiarized the audience with the C3 Voluntary Program, including resources available for all industries on the C3 Voluntary Program website. Raúl Perales, Assistant Secretary for the Private Sector Office, praised NPPD’s efforts to strengthen nationwide cybersecurity preparedness and information sharing. He emphasized the importance of public and private sector coordination, including working with SLTT governments and SMBs, to mitigate cyber risks. Lastly, five panels discussed topics including the NIST Cybersecurity Framework; resources for local governments and SMBs; cyber threat information sharing; and cybersecurity in the C-Suite. This was the fourth in a series of C3 Voluntary Program regional events, which have reached hundreds of cybersecurity stakeholders from a wide range of industries.

For more information about upcoming events visit C3 Voluntary Program website or e-mail ccubedvp@hq.dhs.gov

Dams Sector Holds Joint Meeting and Approves Publications

During the first week of September, the Dams Sector Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) hosted a joint Critical Infrastructure Partnership Advisory Council (CIPAC) meeting at the Lower Colorado River Authority Redbud Center in Austin, Texas. This joint meeting, conducted three times per year, provides collaboration between the Dams Sector owners and operators and government officials on security and resilience programs on physical and cyber threats. When asked how the meetings went, one sector partner said, “Over the past several years the Dams Sector has developed a strong collaborative relationship among the public and private sectors. The triannual meetings provide an opportunity to foster the collaborative environment and continue to move the sector forward. The approval of several publications at this meeting was a significant accomplishment that will benefit the community at large”.

Upstream face of Tom Miller Dam, part of the Lower Colorado River Authority.
Upstream face of Tom Miller dam, part of the Lower Colorado River Authority. Source: DHS Photo
Downstream face of Tom Miller Dam
Downstream face of Tom Miller dam, part of the Lower Colorado River Authority. Source: DHS Photo

The Council voted on and approved four documents: the Roadmap to Secure Systems in the Dams Sector, Dams Sector Cybersecurity Framework Implementation Guidance, Dams Sector Security Guidelines and Dams Sector Information Sharing Resource Guide. A variety of sector programs and initiatives were discussed, such as the 2015 Dams Sector-Specific Plan update, Dams Sector Cybersecurity Guidelines, and Dams Sector Tabletop Exercise Toolbox. There were a number of major takeaways from this successful and productive meeting:

  • The Dams Sector will be conducting an Information Sharing Drill in the Spring of 2016 to test the newly approved Information Sharing Resource Guide.
  • The Cybersecurity Working Group will have weekly or biweekly calls to finish up a third document they are working on.
  • The Information Sharing Working Group is working on a Marketing Strategy for promotion and wider distribution of Dams Sector products.
  • The Security Education Working Group will be finishing up the Suspicious Activity Reporting Guide.
  • The next meeting is scheduled for February 2016 in Washington, D.C.

State, Local, Tribal and Territorial Government Coordinating Council News

CCubed SLTT Resources

State, Local, Tribal, and Territorial (SLTT) Governments play a critical role in our Nation’s cybersecurity. However, when it comes to mitigating cyber risk in the face of constrained resources, many local governments are not sure where to begin.

To get SLTT Governments started, the Department of Homeland Security’s Critical Infrastructure Cyber Community (C3) Voluntary Program has developed two new resources:

  • SLTT Toolkit, a free, downloadable packet of resources specifically designed to help SLTT governments recognize and address their cybersecurity risks, including discussion points for government leaders, steps to evaluate a cybersecurity program, and a list of hands-on resources.
  • Geographically Specific Resources, a catalog of cybersecurity websites from various levels of government across the Nation that can help government leaders and stakeholders alike begin to identify, plan for, and address their cybersecurity risks.

Feel free to share far and wide with your colleagues and stakeholders. For more information, visit the C3 Voluntary Program website or email CCubedVP@hq.dhs.gov.

Texas Conducts Resilience Focused Workshops and Exercises

Critical Supply Chain Workshops Held During Preparedness Month

On September 30th, more than 80 private and public sector stakeholders attended the first Critical Supply Chain (Oil and Gas) Workshops in Midland, Texas. The workshop, hosted by the Permian Basin Regional Planning Commission, is the start of a pilot program for Critical Supply Chains developed in partnership with the SLTTGCC, Texas Office of Homeland Security, the Texas Oil and Gas Association, and DHS. The goal of the Critical Supply Chain Workshop series is to enhance the resilience and security of the oil and gas supply chains to natural and technological hazards and human-caused threats. The workshops are designed to engage both private and public sector stakeholders in an effort to identify operational concerns, best practices, and proposed solutions to resolve or mitigate supply chain resilience and security issues.

Resilience Implementation Process Pilot Conducted in Austin, Texas

The City of Austin, Texas conducted a pilot of the Resilience Implementation Process in partnership with DHS, the Texas Office of Homeland Security, and the Johns Hopkins University’s Applied Physics Laboratory (JHUAPL). The pilot ran from September 2014 to May 2015

Texas has sought to build a cyclical, cornerstone, critical infrastructure exercise and modeling program based on the Resilience Implementation Process (RIP) developed by JHUAPL. The Resilience Implementation Process is used to develop increased understanding of dependencies, interdependencies, and points of vulnerability in a defined geographical region. The process began in 2014 with two regional critical interdependency workshops for the City of Austin and Travis County.

Identified interdependencies were then examined through an Homeland Security Exercise Evaluation Program -compliant regional tabletop exercise, termed a Capabilities Analysis Exercise (CALEX). The May 23, 2015 exercise used a terrorist incident scenario impacting Austin. The products and results of the interdependency workshop and CALEX were then used to construct a Resilience Analysis Framework based on a measurable set of capabilities-based criteria designed to achieve functional resilience. Ultimately, the conduct of the CALEX and development of the Resilience Analysis Framework resulted in the creation of a prioritized list of actionable items and potential remedies to strengthen preparedness, response and resilience, in support of all hazards safety, security, and economic and environmental objectives. For futher information contact SLTTGCC@hq.dhs.gov or Kevin.Clement@dps.texas.gov or visit www.PreparingTexas.org

SLTTGCC Chair Receives Top Award

Curtis Parsons, the State, Local, Tribal, and Territorial Government Coordinating Council Chair, was named Michigan’s Professional Emergency Manager of the Year on October 8, 2015 at the Michigan State Police Emergency Management and Homeland Security conference in Boyne Falls, Mich.

The Michigan Emergency Management Association hosts annual conferences to further educate and train emergency management coordinators. In his announcement statement, State Police Lt. Mark Martinez said Parsons “sets the bar high as an emergency management leader in Michigan, as well as across the country.”

Martinez said Parsons’s work to plan and put on a full-scale active shooter exercise at Addison High School set him apart from other nominees. Parsons spearheaded an active shooter scenario during school hours last year at the suggestion of Addison Superintendent Steve Guerra, to add in the real-world factor of having students in the building during the exercise. Since that exercise at Addison, Martinez said, Parsons has been a sought-after guest speaker. According to Parsons, it was the first active shooter drill in a “live, occupied school in the state.”

The drill also paved the way to getting a uniform response system – “Alert, Lockdown, Inform, Counter, and Evacuate” – adopted by all the county schools.

Lt. Kevin Mark, who nominated Parsons for the award, said the panel looks to find not only an emergency manager with distinguished service, but who goes “above and beyond.” Mr. Mark stated that “Curtis has done diligent work in Lenawee County, but to take on the additional role of the boards he sits on at the Federal level – when you represent the State at the Federal level, that makes you more distinguished.”

Mark said Parsons’s active efforts to encourage resident’s participation in the county Code Red emergency alert system helped the panel select him from the more than 100 professional emergency managers across the State. Mr. Parsons, the Lenawee County’s Emergency Management Coordinator for nearly seven years, said he was surprised and humbled by the award.

Portions of this article were published in The Daily Telegraph, Adrian, Mich.

Lt. Kevin Marks, left presents Mr. Curtis Parsons, right with the award for Michigan's Professional Emergency Manager of the YearLt. Kevin Marks (left) of the Michigan State Police, presents Mr. Curtis Parsons (right) with the award for Michigan’s Professional Emergency Manager of the Year. Source: DHS Photo

New Regional Consortium Coordinating Council Member

Logo for Southeast Wisconsin Homeland Security Partnership, Inc

Interview with Steven M. Kay, Membership Chair, Southeast Wisconsin Homeland Security Partnership (SWHSP)

How and when was the SWHSP formed?

After September 11th, in the early history of Homeland Security, it became evident that there was a tremendous disconnect in awareness and preparedness between the various levels of government as well as between the public and private sectors. Our first Chairperson worked for the State of Wisconsin on a project building a portfolio of Wisconsin-based companies which had technology and/or services with applications in the Homeland Security world. It took about two years of efforts working with both public and private organizations before we were able to develop the Milwaukee County Regional Homeland Security Partnership. We quickly realized the need to expand to contiguous counties and incorporated the Southeast Wisconsin Homeland Security Partnership on September 9, 2004 as a 501c3 organization. This was the first time in Wisconsin that public responder groups, the volunteer community and private businesses were able to sit at the table and learn from each other about capabilities, concerns, and resources.

What community does the Southeast Wisconsin Homeland Security Partnership, Inc. (SWHSP) serve?

SWHSP serves the seven-county southeastern region of Wisconsin which includes: Kenosha, Milwaukee, Ozaukee, Racine, Walworth, Washington and Waukesha. Membership is as diverse as the economic base in the region. Member organizations include national insurance carriers, banking institutions, global manufacturers, local utility providers, regional health organizations, statewide logistics companies, weather forecasters, national communications companies, local government representatives, state agencies, Federal civilian and military agencies, and several non-governmental organizations. SWHSP provides a platform for the public, private and non-profit communities to bring awareness, issues and solutions to the Homeland Security world jointly as true partners.

What is an example of a critical infrastructure challenge your stakeholders have recently faced, and what resources were you able to provide?

SWHSP has been in operation during real-world events. Our members have responded to provide goods and services during extreme snowfalls, fires, flooding, extended power outages, simulated “dirty bomb” exercises, and hurricane support (outside our region). Pandemic preparedness and anti-terrorism response remain active priorities, with annual public-private exercises that have extended to partnering with law enforcement and the Wisconsin National Guard. Rail safety is coordinated with our Local Emergency Planning Committees. We continue to work on our inter- and intra-sector communications processes to improve timely and effective information sharing.

What are your future goals for your partnership?

SWHSP actively participates in and continues to lead in generating interest and development of public-private partnerships (PPP) in counties outside of our region and across Wisconsin. We are expanding our efforts to link to additional emergency preparedness and response, security, business continuity and healthcare PPPs to provide for greater community resilience.

In what ways has your membership in the Regional Consortium Coordinating Council (RC3) facilitated the work of SWHSP in your critical infrastructure and resilience efforts at the local and regional level? What do you think is the primary benefit to organizations in becoming a member of the RC3?

We have had other groups around the state come to us and ask about helping them get started. We have sent members off to other cities or counties to help generate the enthusiasm for setting up a public-private partnership. They see us as a bit of a model. We can bring that to the RC3.

One of the things we have done is when we see other groups that have crisis communications approaches that look good, we have invited them in to come speak to us. We do not always assume we have the right way. We have a good way, and we can continue to get better.

SLTTGCC and Regional Consortium Coordinating Council Collaboration

SLTTGCC and RC3 Collaborate on Regional Overview Project

The State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC) and the Regional Consortium Coordinating Council (RC3) continue to collaborate on a project to document the current state of the critical infrastructure mission implementation across the Nation. The Regional Overview of Critical Infrastructure Programs engages critical infrastructure professionals through council-sponsored questionnaires and Virtual Roundtable Webinars. Since the project was launched in January 2015, the Councils have engaged over half of the FEMA Regions (Regions I-VIII) to detail the structure and mission of programs and partnerships, NIPP 2013 implementation focus areas, primary critical infrastructure activities, and major needs and challenges. The remaining regions will be engaged throughout 2015 to complete a summary of critical mission implementation across the Nation, examine progress to earlier studies and findings by the Councils, and develop findings related to advancing the critical infrastructure mission.

In addition to highlighting themes and trends related to management, staffing, primary activities, and needs and challenges of critical infrastructure programs and partnerships, the project is gathering success stories in critical infrastructure activities and perspectives on Federal critical infrastructure programs, tools, and capabilities. The following provides initial insights into these two topics. For additional information, please contact the Councils (email addresses listed below).

Categories of Success Stories

  • Integrating the private sector into fusion centers and emergency operations centers for enhanced situational awareness and allocation of response resources
  • Enhancing cybersecurity preparedness by collecting cybersecurity program best practices or hosting conferences
  • Deploying operational mechanisms and tools to support critical infrastructure response and resilience (e.g., geospatial tools and formal public-private collaborative spaces)
  • Diversifying information-sharing mechanisms through the use of informal networks, portals, briefings, and analytic products during emergency and steady-state operations

Federal Programs, Tools, and Capabilities

  • Protective Security Advisors are consistently cited as integral to program operations and valued for their assessments, information sharing, and access to training.
  • IP Gateway is commonly used to identify and analyze critical infrastructure. Improvement suggestions include providing additional tools, detail, and functions to SLTT administrators.
  • DHS components are heavily leveraged for their expertise, products, and program and initiative coordination. FEMA, NPPD, and I&A resources are the most leveraged by critical infrastructure programs.
  • InfraGard chapters are widely regarded as trusted sources of high-value critical infrastructure information products and services, especially for cybersecurity.
  • Federal cybersecurity resources should support program development and advance and real-time awareness of cyber issues across all stakeholders.

Get Involved!

SLTTGCC and RC3 members are looking for more participants to engage in the Regional Overview project. If you or another member of your agency or partnership would like to contribute your critical infrastructure knowledge by answering a brief questionnaire or discussing issues with us on a Virtual Roundtable, or if you would like to learn more about the project’s findings, please contact: SLTTGCC@hq.dhs.gov or RegionalCCC@gmail.com.

Joint Critical Infrastructure Webinar Recording Available

In September 2015, the DHS Office of Infrastructure Protection, in coordination with the DHS Office of Cybersecurity and Communications, held the Joint Critical Infrastructure Partnership (JCIP) Webinar, which focused on cybersecurity resilience, response, and continuity planning. The JCIP Webinar Series is produced in partnership with the InfraGard National Members Alliance, the Regional Consortium Coordinating Council (RC3), and the State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC).

The Webinar sessions focused on the Identification of Cyber Threats and Hazards. On September 9, the RC3 hosted presentations by Tim Casey, Senior Risk Analyst at Intel Corporation; Mary Ellen Seale, Deputy Director of the DHS National Cybersecurity Center; and Doug DePeppe, Founder of Eosedge Legal. More than 650 partners registered to attend the sessions.

IP Gateway Transitioning to HSIN Single Sign-on

The IP Gateway is in the process of transitioning to the Homeland Security Information Network (HSIN) platform, to support the administration of user access to the capabilities within the system. By leveraging HSIN’s Identity Credential and Access Management services, users will soon be able to access the IP Gateway using their HSIN account credentials. The implementation of this new process (generally referred to as HSIN Single Sign-on or SSO) has been tentatively scheduled for November 2015.

Until the HSIN SSO capability is fully implemented, IP Gateway users will continue to log into the system as they would normally. IP is working with HSIN to make this transition as seamless as possible for all parties involved, and will continue to provide email updates (via the IP Gateway Helpdesk) as new information becomes available. If you have any questions or concerns, please do not hesitate to reach out to the helpdesk at IPGatewayHelpDesk@hq.dhs.gov for further assistance.

Sacramento International Airport Conducts Full-Scale Exercise

In one of the largest endeavors undertaken by a U.S. airport, the Sacramento International Airport (SMF), in conjunction with the California Governor’s Office of Emergency Services (CalOES) and the Department of Homeland Security, Office of Infrastructure Protection, recently conducted a full-scale exercise to test emergency response to an active shooter and improvised explosive device (IED) scenario. This exercise took place on Wednesday, September 23, 2015 from 12:00 AM to 3:00 AM, and brought together over a dozen organizations, including airport officials; local, State, and Federal response agencies; and a plethora of actors and observers. In total, over 345 individuals participated in this exercise.

The exercise began with an active shooter entering the airport at the ticketing counter in Terminal A, shooting blanks and dropping fake improvised explosive devices (IEDs) as he worked his way up through the Transportation Security Administration (TSA) Security Checkpoint and toward the Terminal A Gates. A radio call for assistance initiated emergency response from airport and local law enforcement and prompted the establishment of a Unified Command and a Joint Information Center (JIC) to develop public messaging, as well as the relocation and reconstitution of the Airport’s Departmental Operations Center (DOC). Law enforcement and Fire/EMS officials responded to the emergency by neutralizing the active shooter and triaging victims while SWAT cleared the terminal and the Bomb Squad rendered the IEDs safe. The various aspects of this complex exercise allowed local, state, and federal agencies to test standard operating procedures and emergency response plans as agency evaluators identified strengths and any potential areas for improvement.

Conducted during September’s National Preparedness Month, this exercise, and exercises in general, serve as excellent examples of how critical infrastructure can plan and prepare for emergencies. While the scenario faced in this exercise is more extreme than most stakeholders face, it strengthens the realization that emergencies may arise at any time and it is essential to stay prepared.

Additional information for this exercise can be obtained from IP.Exercise@hq.dhs.gov, and is highlighted in several news articles:

White Paper: Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository

The Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) is pleased to share with you a new white paper from the Cyber Incident Data and Analysis Working Group (CIDAWG) that addresses the kinds of data that should be shared into an anonymized and trusted cyber incident data repository to support the cyber risk analysis needs of insurers, chief information security officers (CISOs), Chief Security Officers (CSOs), and other cybersecurity professionals.

The new white paper on Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository is the second in the CIDAWG’s white paper series. It identifies 16 data categories that would support the kinds of analysis that could help insurers enhance their existing offerings while assisting CISOs, CSOs, and other cybersecurity professionals with their complementary cyber risk mitigation missions. The white paper builds on the CIDAWG’s previous white paper, released in June, on the Value Proposition for a Cyber Incident Data Repository.

Since 2012, NPPD has been engaging a diverse group of private and public sector cybersecurity stakeholders – including insurers, risk managers, CISOs, critical infrastructure owners, and social scientists – to examine the current state of the cybersecurity insurance market and how to best advance its capacity to incentivize better cyber risk management. Through last spring, NPPD held four public workshops to examine the existing cybersecurity insurance marketplace, describe obstacles to expanding and improving it, and identify key ideas for overcoming the most pervasive of those obstacles.

One of those key ideas – which insurers described during NPPD’s fourth workshop last April – was an anonymized and trusted cyber incident data repository which could foster the voluntary sharing of data about breaches, business interruption events, and industrial control system attacks needed for enhanced risk mitigation and risk transfer (insurance) approaches. As a follow-on to the workshops, NPPD accordingly established in February of this year the CIDAWG, comprised of insurers, CISOs and CSOs from various critical infrastructure sectors, to deliberate and develop key findings and conclusions about:

  • The value proposition for a cyber incident data repository;
  • The cyber incident data points that should be shared into a repository to support needed analysis;
  • Methods to incentivize such sharing on a voluntary basis; and
  • A potential repository’s structure and functions.

Conceptually, such a repository would aid insurers in delivering policies, at lower rates, to “best in class” clients – thereby contributing to and effectively informing the overall corporate risk management strategies of those clients. Such a repository also would support a host of advances for cyber risk management professionals generally, including enhanced cyber risk data and trend analysis, bolstered in-house cybersecurity programs, and improved cybersecurity solutions, products and services.

We highly encourage you to explore our updated cybersecurity insurance Webpage. It provides access to both the Readout Reports from NPPD’s four initial workshops as well as the CIDAWG’s Data Categories and Value Proposition white papers. It also describes the CIDAWG’s planned future efforts which will focus on How to Incentivize Voluntary Data Sharing and Repository Structure and Operations Requirements.

HHS Launches TRACIE Resource for Health and Emergency Preparedness Professionals

The U.S. Department of Health & Human Services’ (HHS) Office of the Assistant Secretary for Preparedness & Response (ASPR) announced on September 30 that the Technical Resources, Assistance Center, and Information Exchange (TRACIE) has been implemented. Health and emergency preparedness professionals now have access to the Nation’s first and most comprehensive system of resources designed specifically to help communities better prepare for and manage the health impacts of disasters. TRACIE features resource materials, a help line, just-in-time suggestions, and tools to share information gleaned from real-life experiences in preparing for, responding to and recovering from disasters. ASPR developed TRACIE with a network of experts nationwide to address needs identified by stakeholders charged with preparing for public health and health care system emergencies. Users can get advice, including just-in-time advice, from hundreds of health care, disaster medicine, public health and public safety professionals, through ASPR TRACIE. TRACIE’s free registration allows users to rate the usefulness of the technical resources, assistance center, and information exchange.

2015 Chemical Sector Summit: Presentations Now Available Online

The Department of Homeland Security and the Chemical Sector Coordinating Council co-hosted the 9th Annual Chemical Sector Security Summit on July 21-23, 2015, in Alexandria, Va. Highlights from this year’s summit included a regulatory update from Infrastructure Security Compliance Division’s Director, David Wulf; an Executive Order 13650: Improving Chemical Facility Safety and Security panel discussion; and a keynote address from Amy Pope, Deputy Homeland Security Advisor and Deputy Assistant to the President at the National Security Council.

Many of the presentations are now available online, including:

Featured Training

The DHS Office of Infrastructure Protection (IP) offers a wide array of training programs and resources, at no cost, to government and private sector partners. Web-based training, classroom courses, and associated training materials provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities. For further information, visit the DHS Critical Infrastructure Training Website.

Revised “Introduction to the National Infrastructure Protection Plan” Course Now Available

The Office of Infrastructure Protection (IP) is pleased to announce the revised independent study course, IS-860.c: Introduction to the National Infrastructure Protection Plan, is now available on the Federal Emergency Management Agency – Emergency Management Institute (EMI) Website.

The purpose of this course is to present an overview of the National Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure Security and Resilience, which provides the unifying structure for the integration of existing and future critical infrastructure security and resilience efforts into a single national program. This no-cost, Web-based course is designed for critical infrastructure security and resilience community partners and stakeholders, and takes approximately two hours to complete. Participants will receive a certificate and 0.2 continuing education units from EMI upon course completion. IP partners with EMI to deliver IS-860.c and sixteen other courses to the critical infrastructure, emergency management, and homeland security communities.

 

The July edition of The Partnership Quarterly can be found here.

Graphic: Learn more about critical infrastructure security and resilience at wwww.dhs.gov/criticalinfrastructure.

Advertisements

Comments are closed.