Supplemental Tool: NPPD Resources to Support Vulnerability Assessments



Similar documents
CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Infrastructure Protection Gateway

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

GAO CRITICAL INFRASTRUCTURE PROTECTION. DHS Could Better Manage Security Surveys and Vulnerability Assessments. Report to Congressional Requesters

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

CYBER SECURITY GUIDANCE

Which cybersecurity standard is most relevant for a water utility?

Homeland Security Lessons Learned: An Analysis from Cyber Security Evaluations

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Department of Homeland Security

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Resilient and Secure Solutions for the Water/Wastewater Industry

NIPP Partnering for Critical Infrastructure Security and Resilience

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS

Chemical Security Assessment Tool (CSAT)

Building Insecurity Lisa Kaiser

Water Security in New Jersey: Partnership and Services

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

No. 33 February 19, The President

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

Federal Cybersecurity Programs

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Critical Infrastructure Security and Resilience

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

National Cybersecurity Assessment and Technical Services

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC

Article IV Membership and Member Representatives

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Best Practices: Meeting CFATS Performance Requirements A Town Hall Meeting

Threat and Hazard Identification and Risk Assessment

CSAT Security Vulnerability Assessment

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

Defense Industrial Base Sector-Specific Plan An Annex to the National Infrastructure Protection Plan. U.S. Department of Defense

Resources and Capabilities Guide

Water Sector Approach to Cybersecurity Risk Management

Cybersecurity & the Department of Homeland Security

Cybersecurity Resources

State Homeland Security Strategy (2012)

Preventing and Defending Against Cyber Attacks November 2010

Nuclear Reactors, Materials, and Waste Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

National Cybersecurity & Communications Integration Center (NCCIC)

CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool

OFFICE OF HOMELAND SECURITY AND PREPAREDNESS

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security

Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

November is National Critical Infrastructure Security & Resilience Month

Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems-----Nov 17-19, Washington, DC

DHS, National Cyber Security Division Overview

Healthcare and Public Health Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

CRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1

Rethinking Cyber Security for Industrial Control Systems (ICS)

CHAPTER 6 THE ROLE OF THE PRIVATE SECTOR IN EMERGENCY PREPAREDNESS, PLANNING, AND RESPONSE By Evan Wolff and George Koenig

Department of Homeland Security

Roadmaps to Securing Industrial Control Systems

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

El Camino College Homeland Security Spring 2016 Courses

Bottom-Up Review Report

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Emergency Services Sector Cyber Risk Assessment

Cybersecurity Enhancement Account. FY 2017 President s Budget

Preventing and Defending Against Cyber Attacks June 2011

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Webinar: Creating a Culture of Cybersecurity at Work

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

Department of Homeland Security Federal Government Offerings, Products, and Services

Transcription:

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

NPPD Resources to Support Vulnerability Assessments Assessing vulnerabilities of critical infrastructure is an important step in developing security solutions and managing critical infrastructure risk. The Department of Homeland Security s (DHS) National Protection and Programs Directorate (NPPD) works with owners and operators to conduct vulnerability assessments of select critical infrastructure to inform its internal risk management processes and provide technical assistance to its State, local, tribal, and territorial (SLTT) and private sector partners to enable their own risk assessments and security plans. NPPD provides additional resources, typically in the form of informational material on known vulnerabilities, to help owners and operators understand vulnerabilities at a more general level. The Homeland Security Act of 2002 and Presidential Policy Directive 21 (PPD-21) direct the DHS Secretary to conduct comprehensive assessments of the vulnerabilities of the Nation s critical infrastructure, in coordination with the Sector-Specific Agencies (SSAs) and in collaboration with SLTT entities and critical infrastructure owners and operators. This supplement provides information on Federal resources that are used by DHS and available to SLTT governments and critical infrastructure owners and operators to identify and assess critical infrastructure vulnerabilities. Cyber Resilience Review (CRR) The DHS Office of Cybersecurity and Communications conducts voluntary assessments to help evaluate and enhance cybersecurity capacities and capabilities within the critical infrastructure sectors and SLTT governments through its CRR process. The goal of the CRR is to understand and measure key cybersecurity capabilities and provide meaningful maturity indicators of an organization s operational resilience and ability to manage cyber risk to its critical services during normal operations and times of operational stress and crisis. To schedule a CRR, or to request additional information, please email the Cyber Security Evaluation program at CSE@hq.dhs.gov. Enhanced Critical Infrastructure Protection (ECIP) Security Surveys ECIP Security Surveys are voluntary, non-regulatory assessments of the overall security posture of the Nation s critical infrastructure. Security Surveys collect, process, and analyze facility data to develop a detailed assessment of physical security, security management, security force, information sharing, protective measures, dependencies, and preparedness. The resulting survey information is provided to owners and operators and may be shared with SSAs and other Federal, State, local, and private sector representatives, as appropriate, through interactive dashboards. In addition to providing a facility and sector security overview, the dashboards highlight areas of potential concern and feature options NPPD Resources to Support Vulnerability Assessments 1

to view the impact of potential enhancements to protective and resilience measures. The DHS Office of Infrastructure Protection (IP) conducts Security Surveys at the request of the participating facility. More information can be obtained through the local Protective Security Advisor or by emailing IPAssessments@hq.dhs.gov. Site Assistance Visits (SAVs) SAVs are voluntary vulnerability assessments that assist owners and operators of critical infrastructure to identify and document vulnerabilities, protective measures, planning needs, and options to protection from a wide range of hazards. Like the Security Survey, SAVs provide owners and operators with interactive dashboards showing a facility and sector security overview, areas of potential concern, and options to view the impact of potential enhancements to protective and resilience measures. In addition, SAVs provide narrative reports by subject matter experts, which explain options to enhance a facility s security and resilience. IP conducts SAVs at the request of a participating facility and in coordination with other Federal and SLTT government entities. More information can be obtained through the local Protective Security Advisor or by emailing IPAssessments@hq.dhs.gov. The Cyber Security Evaluation Tool (CSET ) CSET is a self-contained software tool that runs on a desktop or laptop. It evaluates the cybersecurity of an automated, industrial control or business system using a hybrid risk and standards-based approach. CSET helps asset owners assess their information and operational systems cybersecurity practices by asking a series of detailed questions about system components and architecture, as well as operational policies and procedures. These questions are based on accepted industry cybersecurity standards. Once the self-assessment questionnaire is complete, CSET provides a prioritized list of recommendations for increasing cybersecurity. You can access the CSET tool through the United States Computer Emergency Readiness Team s Website at www.us-cert.gov/control_systems. Chemical Security Assessment Tool (CSAT) Security Vulnerability Assessment (SVA) This tool is available only to chemical facilities that are subject to the Chemical Facility Anti-Terrorism Standards (CFATS) regulations. The CSAT SVA application: Collects basic facility identification information and information about the chemicals that a facility possesses. Collects information about assets at the facility that involve the chemicals of interest identified by DHS in Appendix A of the CFATS Authorization. 2 NIPP Supplement

Enables users to locate assets on an interactive map and apply DHS attack scenarios or define attack scenarios of their own to run against the facility s assets. This provides DHS with data on the vulnerability and potential consequences of such attacks. Users will assess the vulnerability of their facilities based on the security measures already in place at the facility. Collects information on relevant cyber systems that may affect the security of identified assets. For additional information, the CSAT Help Desk has a toll-free number for questions regarding the CSAT SVA application: 866 323 2957, between 7:00 a.m. and 7:00 p.m. (Eastern Time), Monday through Friday. The CSAT Help Desk is closed on Federal holidays. More details on CFATS, Chemical-Terrorism Vulnerability Information, and other related information is available on the DHS Website at http://www.dhs.gov/chemicalsecurity. Infrastructure Protection Report Series These reports identify common vulnerabilities by asset class within the sectors, as well as the types of terrorist activities that are likely to be successful in exploiting these vulnerabilities. They also identify security and preparedness best practices by asset class within the sectors. Brief integrated papers are currently available to Federal, SLTT, and private sector partners on the Homeland Security Information Network. NPPD Resources to Support Vulnerability Assessments 3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information