CARVER+Shock Vulnerability Assessment Tool



Similar documents
The Integrated Physical Security Handbook II Second Edition

FDA s Vulnerability Assessment Software tool

CARVER+Shock. Jeffrey J. Danneels Department Manager Sandia National Laboratories Albuquerque, NM

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

How To Become A National Security Consultant

Vulnerability Assessment. U.S. Food Defense Team

A 6-Step How-To Guide to Contracting for Cloud Services Includes a 137-Element Contracting Checklist

Qualifications FISK CONSULTANTS

OVERVIEW OF THE ADMINISTRATION S FY 2005 REQUEST FOR HOMELAND SECURITY By Steven M. Kosiak

Course Title: HSE-101 Introduction to Homeland Security Prerequisites: None Credit Hours: 3 lectures, 3 hours

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Ten Steps for Preventing a terrorist Attack

How To Plan A Crisis Management Program

Flooding Emergency Response Exercise

LNG and Petrochemical Security Risk Assessment and Management

Risk & Vulnerability Assessment Training

Terrorism. Facing Fear 6 8. Tough Issues LESSON PLAN 3. Key Terms and Concepts. Purpose. Objectives

El Camino College Homeland Security Spring 2016 Courses

London 2012 Olympic Safety and Security Strategic Risk. Mitigation Process summary Version 2 (January 2011) Updated to reflect recent developments

How To Implement International Terrorism Agreements

Food Safety vs. Food Defense: Differences and Similarities

Guide to Physical Security Planning & Response

4 Insurance 5 Availability of alternate sources for critical supplies/services

STATE OF MARYLAND Strategy for Homeland Security

FUNDING FOR DEFENSE, HOMELAND SECURITY AND COMBATING TERRORISM SINCE 9-11: WHERE HAS ALL THE MONEY GONE?

Training Opportunities

FUNDING FOR DEFENSE, MILITARY OPERATIONS, HOMELAND SECURITY, AND RELATED ACTIVITIES SINCE

Emergency Response Network in Your Community. Paul Haley Emergency Management Coordinator City of Trenton

Department of Homeland Security Office for Domestic Preparedness. Campus Preparedness Assessment Process

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

BUILDING DESIGN FOR HOMELAND SECURITY. Unit I Building Design for Homeland Security

HOMELAND SECURITY INTELLIGENCE RPAD 556

Integrated Emergency Management and the Prior Notification of the Transportation of Radioactive Material

NCUA LETTER TO CREDIT UNIONS

Ohio Homeland Security Strategic Plan

BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

COMMUNITY RESIDENTIAL POLICY SCHEDULE

BUILDING A SECURITY CONSCIOUS BUSINESS CONTINUITY MANAGEMENT (BCM) PROGRAM


Cybersecurity Converged Resilience :

NIMS ICS 100.HCb. Instructions

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett

Introduction. Overview. Why? Integrating Service Learning into Education of Nurses on Preparedness for Mass Casualties.

Curriculum Vitae EXPERIENCE WORK HISTORY

WENTWORTH MILITARY ACADEMY JUNIOR COLLEGE Lexington, MO Course Syllabus

Introducing Catastrophe Risk man-made hazards*

University of Maryland University College. American Military University. Henley-Putnam University

UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC

An Introduction to. Business Continuity Planning

State of Ohio Homeland Security STRATEGIC PLAN

Homeland Security Illinois Homeland Security Conference April 2, A National Awareness A National Team A National Project

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

Theme: The Growing Role of Private Security Companies in Protecting the Homeland.

Assessment Profile: Establishing Curricular Categories for Homeland Security Education

Cyber Adversary Characterization. Know thy enemy!

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

Application of Technology to Create an Integrated, Multidisciplinary Approach to Safe and Secure Ports

School Safety & Emergency Preparedness. Presented by Dr. Joe Melita Professional Standards & Special Investigative Unit

NEBRASKA STATE HOMELAND SECURITY STRATEGY

Purpose of the Governor s strategy. Guiding Principles

Globalization of Security Threat Groups (CJSA 2371) Online. Credit: 3 semester credit hours (3 hours lecture)

Anti-Terrorism Officer (ATO) Course Seminar Description & Outline

APPENDIX G-Emergency Response Plan Template

From Big Data to Rich Data How Data Analytics Add Value to Security Risk Management. Patrick Hennies, Rainer Rex 15th European ASIS, 04/08/2016

White Paper: Cyber Hawk or Digital Dove

CBO. Federal Funding for Homeland Security: An Update. What Is Homeland Security?

Continuity of Operations Planning. A step by step guide for business

CyberSecurity Solutions. Delivering

UCF Office of Emergency Management Strategic Plan

Department of Defense INSTRUCTION

EMERGENCY ASSESSMENT AND RESOURCES

v. 03/03/2015 Page ii

Security Vulnerability Assessment

Education & Training Plan Homeland Security Specialist Certificate Program with Externship

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

CRS Report for Congress

Department of Criminal Justice CRJ 325 Incident Management and Planning

UNION COLLEGE INCIDENT RESPONSE PLAN

A Free Software for Food Industries to Ensure Food Safety: CARVER + Shock Vedpal Yadav and Alka Sharma

HURRICANE DISASTER PREPARATION CHECKLIST AND BUSINESS CONTINUITY PLAN

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

DEPARTMENT OF HOMELAND SECURITY

DEPARTMENT OF HOMELAND SECURITY

Prepared by Rod Davis, ABCP, MCSA November, 2011

THE FEDERAL BUREAU OF INVESTIGATION S WEAPONS OF MASS DESTRUCTION COORDINATOR PROGRAM

Emergency Management Plan

DEVELOPMENT OF A RISK ASSESSMENT PROGRAM AGAINST TERRORISM IN REPUBLIC KOREA

Office of Professional & Continuing Education 301 OD Smith Hall Auburn, AL Contact: Shavon Williams

Transcription:

Published by: Government Training Inc. ISBN: 978-09832361-7-7 CARVER+Shock Vulnerability Assessment Tool A Six Step Approach to Conducting Security Vulnerability Assessments on Critical Infrastructure This excerpt contains: Table of Contents List of Illustrations Author s Introduction Author profiles Additional Security Book available from Government Training Inc. Table of Contents 1 Introduction and History of CARVER CARVER as an Offensive Targeting Tool used by US Special Forces Historical use of CARVER+Shock 2 Step One - Conducting Risk-based analysis Risk Management and Sun Tzu Know Yourself Know Your Enemy Know Your Environment Fundamentals of Risk Management Risk based decision making model 3 Step Two - Know Yourself, Conducting the System Characterization Breaking large systems into small pieces Examples of System Characterization Agriculture

Energy: Schools: 4 Step Three: Know Your Enemy, Conducting an All Perils Assessment What is a Threat Developing the Threat Assessment c Determining Probability Design Basis Threat What is a Hazard 5 Step Four - Know Your Environment Conducting a Security Assessment Assessment Execution ONSITE SURVEY 6 Step Five - CARVER+Shock Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability, Shock (1) Planning Developing Definitions and Scoring Parameters Conducting the Assessment c Examples (1) Energy (2) Agriculture (3) Transportation (4) Buildings and Soft Targets 7 Step Six - Mitigating the Risk Analyzing the results Conducting Root Cause Analysis for Vulnerabilities Appendices Appendix 1 Appendix 2 Appendix 3 Glossary

List of diagrams and charts CARVER Matrix Target Analysis 8 CARVER Matrix Defensive Analysis 9 Risk-based analysis 14 Calculating Risk 19 Risk-based decision making tool 25 Identifying critical nodes chart 27 Target systems chart 29 Systems characterization chart 35 Developing the threat assessment chart 43 Determining probability chart 47 Threat profile chart 47 All perils list chart 50 Security assessment worksheet 55 Criticality assessment worksheet 63 Accessibility scale worksheet 64 Recuperability scale worksheet 65 Vulnerability scale worksheet 67 Effects rating scale worksheet 68 Recognizability scale worksheet 69 Assessment spreadsheet 74 Target description spreadsheet 75 Calculation of final values spreadsheet 76 Examples Energy 77 Examples Agriculture 78 Examples Transportation 79 Examples Buildings and soft targets 80 Examples office buildings 81 Mitigating the risk analysis spreadsheet 82 Security vulnerability assessment questionnaire 89 Threat analysis questionnaire 101 Environmental analysis questionnaire 103

Introduction by the Authors: This book is not about CARVER it is about Security Vulnerability Assessments (SVA) on critical infrastructure. We use CARVER as the logical starting point. It has served as the standard for SVA for years. Just as with any process, we learn. We learn from mistakes, attacks (unfortunately) and combined experience of the experts who use, apply and adapt RVA methodologies to meet the exigencies of their assigned assessment. The goal of this book is to provide the security reader with background on CARVER, one of its very successful morphs into CARVER + Shock and then demonstrate how these methodologies can be applied and adapted to the reader s needs. We provide a six-step process that can be applied by an experienced security expert or a novice involved with their first assessment. At each stage of the assessment, the reader is provided with checklists, best practices, and useful scenarios that will instruct on readiness to proceed to the next step. At the completion of the checklists and steps the security practitioner will have a best practice risk vulnerability assessment in place.

1. Introduction and History of CARVER. Objectives of this handbook To familiarize Risk Managers with the Risk-based Decision Making Model and enable them to analyze the effects of consequence, threat, and vulnerability when planning for, executing and recovering from a security incident. To learn how to: Plan, Prepare, Conduct, and Report a Vulnerability Assessment Employ the principles of the CARVER Methodology Use the results of a VA to develop Countermeasures CARVER as an Offensive Targeting Tool used by U.S. Special Forces What is CARVER Offensive Target Analysis Tool Used by Army Special Forces for mission planning Based on a Commander s requirement/objective Identifies the critical component of an asset that meets that requirement How does a small group of men disable a national level critical infrastructure? During DESERT STORM, U.S. Special Operations Forces were tasked to disable the Iraqi Air Defense System. To do this, they applied the factors of CARVER to break this large system into smaller pieces and eventually identified small buried communications bunkers, which they destroyed before the air war commenced. These small, surgical strikes disabled the entire system as it prevented radar sites from directing fire from missile batteries at the oncoming aircraft.

Historical use of CARVER+Shock Food safety concerns used to focus solely on accidental contamination. But in recent years, there has been concern that terrorists could intentionally introduce biological, chemical, or radiological agents into the U.S. food supply. A Security Vulnerability Assessment tool called CARVER + Shock helps food processors protect their products from deliberate contamination. CARVER was originally developed by the U.S. military to identify areas within critical or military infrastructure that may be vulnerable to an attack by U.S. Special Forces. The FDA and the U.S. Department of Agriculture adapted it for the food and agriculture sector. This approach allows food companies to analyze and identify critical areas that are the most likely targets of an attack, said Donald Kautter, Jr., Acting Supervisor of the Food Defense Oversight Team in FDA s Center for Food Safety and Applied Nutrition. FDA and other agencies have used the method to evaluate potential vulnerabilities in the supply chains of different foods and food processes. About the authors: Edward Clark Edward Clark is a Premier Instructor with Government Training Inc. In this capacity, Edward has demonstrated consistent excellence in training based on student evaluations of his Knowledge of the Subject Ability to instruct Quality of instruction Ability to maintain student interest Responsiveness to student inquiries Mr. Clark is the Senior Consulting Executive for Government Training Inc. He also serves as president of Executive Interface, LLC, a firm specializing in risk management and security training and operations. Mr. Clark offers 24 years of experience as a Special Forces Officer (Green Beret) to include commanding an unprecedented four operational detachments. Mr. Clark has 15 years of operational experience in combat and security assistance missions throughout the Middle East and Africa. He also brings over 25 years of formal training as an instructor, training developer and training manager to the project. Mr. Clark has just completed a major threat/risk assessment for a major US port. After 9/11 Mr. Clark was actively recruited to serve as the Director of the Homeland Security Threats Office. It was this assignment that drove him to reverse engineer the CARVER targeting tool to conduct vulnerability assessments on Nuclear Power Plants, Food and Agriculture commodities, and other national assets to include the Ground Based Mid Range Missile Defense System. The Department of Homeland Security (US Coast Guard) reached out to Mr. Clark to serve as their senior security consultant to assist them in evaluating over 4,000 facility security and emergency response plans as they implemented the Maritime Transportation Security Act of 2002 (MTSA 2002). In addition to his serving as the Lead Consultant to the White House Homeland Security Council s Bio-terrorism Team, he also applied his cutting edge techniques in developing US Northern

Commands Red Team Program and developing a comprehensive security plan for a $4 billion natural gas project in war-torn Nigeria. In support of DHS current trend to manage risk at a strategic level, Ed has project managed the development of a strategic risk management and trade resumption plan for one of the Nation s largest Port Areas. Mr. Clark possesses a BA in Criminal Justice, a Masters Degree in Computer Information Systems, is an expert in information security, and is a graduate of the following ICS courses: 100, 200, 300, 400, 700 and 800. Mr. Clark is a master trainer and has managed the business of training for both public and private entities. He is also a graduate of the US Army Senior Leaders Course on Chemical Biological Radiological, Nuclear and Explosive Attacks and a member of ASIS International. Don Philpott Don Philpott is Senior Managing Editor for Government Training Inc and also serves as editor of International Homeland Security Journal. He has been writing, reporting and broadcasting on international events, trouble spots and major news stories for almost 40 years. For 20 years he was a senior correspondent with Press Association -Reuters, the wire service, and traveled the world on assignments including Northern Ireland, Lebanon, Israel, South Africa and Asia. He writes for magazines and newspapers in the United States and Europe and is a regularly contributor to radio and television programs on security and other issues. He is the author of more than 80 books on a wide range of subjects and has had more than 5,000 articles printed in publications around the world. His most recent books are "Terror - Is America Safe?", The Wounded Warrior Handbook, Securing our Schools, The Integrated Physical Security Handbook, First and Second Editions, Workplace Violence Prevention and the Education Facility Security Handbook. He has written special reports on "Protecting the Athens Olympics", "The Threat from Dirty Bombs", "Anti-Terrorism Measures in the UK", "Nanotechnology and the U.S. Military" and "The Global Impact of the London Bombings." Born in the UK he is now an American citizen working out of Orlando, Florida. more

Additional Security Handbooks Available from Government Training The Integrated Physical Security Handbook The Integrated Physical Security Handbook, 2 nd Edition more

Securing our Schools Workplace Violence Grant Writer s Handbook for State and Local Public Safety Agencies

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information