The Office of Infrastructure Protection

Size: px

Start display at page:

Download "The Office of Infrastructure Protection"

Baldwin Wheeler
8 years ago
Views:

1 The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Infrastructure Information Collection Division August 2015 Michael A. Norman

2 Overview IP Mission What is the IP Gateway Assessment & Survey Tools IP Dashboards Integrated applications 2

3 Office of Infrastructure Protection Mission The mission is to lead the national effort to protect critical infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community. 16 Sectors Chemical Communications Sector Dams Emergency Services Financial Services Government Facilities Information Technology Transportation Systems Commercial Facilities Critical Manufacturing Defense Industrial Base Energy Food and Agriculture Healthcare and Public Health Nuclear Reactors, Materials, and Waste Water and Wastewater Systems Source Department of Homeland Security 3

4 What is the IP Gateway Enables users to collect, manage, protect, and share infrastructure data through a single platform Enables users to compile and share data between the associated applications, resulting in more effective data analysis Maximizes the availability of data for cross-government sharing Provides a consistent methodology to support asset-toasset comparison and robust analytics Methodology is already integrated into multiple IT tools Survey tools Site visits Situational awareness tools Web-based dashboards Source Department of Homeland Security 4

5 IP Core Assessment Methodology Methodology Provides data to support a better understanding of security, resilience, and risk of critical infrastructure Methodology focuses on the comparative analysis of like assets using the DHS Infrastructure Taxonomy in 218 groups based on the 16 sector structure Cross sector assessment, structured data collection, non-subjective, focused on scalable approach to support Tactical, Operational, and Strategic requirements Integrated data collection, data analytics, planning, and incident response Physical & Cyber Security and Resilience Critical Infrastructure Dependencies Partners Public Safety Canada Federal, State, Local, Territorial, and Tribal Homeland Security Source George Mason University 5

6 Several Assessment Tools Building block approach to assessing Critical Infrastructure Several physical & cyber security & resilience assessment tools developed using the same methodology Rapid Survey Tool (physical, cyber, resilience, dependency, threat) Standard Survey Tool (Physical Security, Security Force, Security Management, Information Sharing, Protective Measures, Security Activity Background) Expanded Survey Tool (Physical Security, Security Force, Security Management, Information Sharing, Protective Measures, Security Activity Background and Significant Areas & Assets) Cyber Survey Tool (Cybersecurity Management, Cybersecurity Forces, Cybersecurity Controls, Incident Response, Dependencies) Information collected through other assessments can feed other follow on assessments Consistent collection of basic elements of information, consequence, security, resilience, etc. Support post data collection robust analytics Rapid Survey Tool Standard Survey Tool Expanded Survey Tool Cyber Survey Tool 6

7 Standard - Infrastructure Survey Tool 6 Major Components (Physical Security, Security Force, Security Management, Information Sharing, Protective Measures, Security Activity Background) 42 Subcomponents (e.g., Access Control, Building Envelope) 1500 variables that generate a Protective Measure Index and Resilience Measure Index scoring from Protective Measure Index Physical Security Protective Measure Index Access Control Protective Measure Index 7

8 Assessment and Survey Dashboards Options for Consideration Source Department of Homeland Security 8

9 Rapid Physical-Cyber Infrastructure Survey High-level survey of key information for critical infrastructure assets Used by State and local assessors Provides data to support a better understanding of risk, resilience, and protection of critical infrastructure Collects information about the physical and cyber characteristics of critical infrastructure Assessment comprised of select high-level questions from the Standard and the Cyber Assessment Dependency information capturing core asset functions Can be used to inform Federal, State, and local partners of the need to conduct a full IST or Cyber Assessment 9

10 Rapid Physical-Cyber Infrastructure Survey Generates Information Centers Contain recommendations for enhancing an asset s security and resilience profile Comparison of Like assets Questions are linked to a reference library that provides information and guidance to assessors and owners and operators Source Department of Homeland Security 10

11 Rapid Physical-Cyber Infrastructure Survey Source Department of Homeland Security 11

12 Cyber Infrastructure Survey Tool Used by the Cybersecurity and Communications (CS&C s) Cyber Security Advisors Collects information about critical infrastructure cyber systems System Access Controls System Accreditation and Audits Information Protection Used to identify and document critical cyber security information System-level configurations and functions Cyber security threats IT business continuity/disaster recovery information Key Cyber security and management personnel 12

13 Cyber Infrastructure Survey Tool Provides information to DHS, Sector Specific Agencies, and facility owner/operators to support planning and resource allocation Provides a benchmark for the overall cyber security posture for all sectors and demonstrates how assets and sectors are reducing risk Data will be integrated and available to: Special Events and Domestic Incident Tracker (SEDIT) Regional Resiliency Assessment Program (RRAP) Integrated Physical-Cyber Dashboards 13

14 Cyber Infrastructure Survey Tool Generates interactive online dashboards Provided to asset owners and operators Provides comparisons of collected data with like infrastructure assets Enables owners and operators to create scenarios that increase or decrease their cyber security posture Source Department of Homeland Security 14

15 Map View (easy click navigation) Source Department of Homeland Security 15

16 User-Friendly Navigation Source Department of Homeland Security 16

17 Critical Infrastructure Dependencies Three geographic pilot projects (Salt Lake City UT, Casco Bay ME, Tampa FL) 25 most critical infrastructure for each location Lifeline sector focus (Electricity, Water, Wastewater, Petroleum) 17

18 Future of Assessments More focus on cyber-physical integration More scalable assessments Expanding on dependency pilot and looking at interdependency integration Data analytics and making the information more usable and adaptive Information Sharing and value 18

19 Questions Source Department of Homeland Security 19

20 For more information visit: IP Gateway Help Desk: or

Critical Infrastructure Security and Resilience

U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International