Office of Infrastructure Protection (OIP) Strategic Drivers HSPD-5 HSPD-7 HSPD-8 The Homeland Security Act of 2002 established an Assistant Secretary for Infrastructure Protection, with responsibility for assessing vulnerabilities of key resources and critical infrastructures and developing a comprehensive national plan. In 2006, P.L. 109-295, Section 550 directed regulation of high risk chemical facilities. HSPD-9 National strategies for Homeland Security, Cyber Security, and Physical Protection of CI/KR provided high level goals and priorities for the Office of Infrastructure Protection HSPDs 5-9 & 19 provide inter-related and focused policy guidance in the areas of incident management, critical infrastructure protection, and national preparedness. HSPD-7 is a central policy driver of IP plans and programs Secretary’s 2 nd Stage Review “ 2SR” established the Preparedness Directorate, which aligns IP with other DHS preparedness partners The 2005 hurricanes affirmed the Preparedness Directorate’s important mission and IP’s central role in preparedness HSPD-19
A safe, secure, and resilient national infrastructure through public and private partnerships.
Lead the coordinated national effort to reduce the risk to our critical infrastructures and key resources posed by acts of terrorism, as well as enable national preparedness, timely response and rapid recovery in the event of an attack, natural disaster or other emergency .
Understand and share risk and other information about terrorist threats and other hazards to our national CI/KR.
Build and sustain effective CI/KR partnerships and coordination mechanisms.
Build and implement a sustainable, national CI/KR risk-management program.
Ensure efficient use of resources for KI/KR risk reduction.
Provide a foundation for continuously improving national CI/KR preparedness.
Promote an OIP culture of organizational excellence and a quality work environment that value and support our workforce.
As the operational framework for IP activities, the NIPP will:
Detail the national architecture we will use to protect our CI/KR sectors (governance, information sharing, risk analysis, protective measures, and performance measurement)
Provide a clear division of labor between IP and our Federal State, local, tribal, and private sector partners
Form the basis for a risk-based CI/KR protection requirements determination and prioritization process
Inform the annual Federal budget process in the IP mission area
Physical Physical Human Cyber Assess Risks (Consequences, Vulnerabilities & Threats) Implement Protective Programs Measure Effectiveness Prioritize Identify Assets, Systems, Networks, and Functions Set Security Goals The NIPP’s risk management framework establishes the process for combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of national or sector risk that drives CI/KR risk reduction activities. Continuous improvement to enhance protection of CI/KR
Regulate security activities for chemical industry
Oversee inspector cadre
Review chemical site security plans, conduct inspections, and audit sites
Infrastructure Information Collection Division
Infrastructure information Collection Program
Infrastructure Critical Asset Viewer
National Infrastructure Inventory
Infrastructure Analysis & Strategies Division*
National Infrastructure Simulation & Analysis Center
Strategic Homeland Infrastructure Risk Assessment
Tier 1 & 2 Analysis
Committee on Foreign Investment in the US Support
CI/KR Protective Security Coordination Division
Protective Security Advisor
Buffer Zone Protection Program
Office for Bombing Prevention
Site Assistance Visits
CI/KR Contingency Planning and Incident Management Division
National Infrastructure Coordinating Center
Readiness/Continuity of Operations
Incident Management Support
CI/KR Partnership and Outreach Division
National Infrastructure Protection Plan Program Management Office
NIPP Education & Awareness
Protected Critical Infrastructure Information
National Infrastructure Advisory Council
Critical Infrastructure Warning Information Network
Homeland Security Information Network-Critical Sectors
- - - - - - - - - - - -
Sector Specific Agencies
Office of the Assistant Secretary for Infrastructure Protection *Note: The Infrastructure Analysis & Strategy Division represents a partnership between OIP and the Critical Infrastructure Threat Analysis Division within the Office of Intelligence and Analysis. This partnership, named HITRAC, is led by M.Smislova (I&A) and B.Wales (OIP) serves as D.Director.
Provide the DHS enterprise solution for the collection and sharing of infrastructure data
Create more relevant infrastructure information
Develop persistent awareness of the nations infrastructure (support to the NICC)
Enable timely decisions to protect, secure, analyze, and restore the nations infrastructure
Enable informed actionable decisions to protect, secure, analyze, and restore the nations infrastructure
Lead the Department’s efforts to provide standardized, relevant, and customer-focused infrastructure information to homeland security partners.
Ensure infrastructure information collection processes, procedures, and tools support the implementation and sustainment of a comprehensive risk-management program
Develop an infrastructure information collection management process to coordinate requirements to support our mission partners and customers.
Provide leadership, collaboration, and support in establishing partnership within the infrastructure information management community .
Ensure appropriate open access to OIP CI/KR infrastructure information
Instill discipline in the design and implementation of processes and technologies to collect infrastructure information
Provide a work environment that values and encourages our workforce and drives organizational excellence
Mission Vision Goals
IICD Organization Roles & Responsibilities Administrative Assistant Division Director Deputy Division Director
Mission Management: Develop policies and procedures for the submission and dissemination of infrastructure data
Requirements Management: Establish and implement a Requirements Process and approval board to consolidate and prioritize information and intelligence requirements. Defines ‘what’ to collect
Collection Management: Establish and implement a process for collection of information based on requirements and available resources; identify sources of industry-accepted information. Defines ‘how’ to collect data.
Establish data format standards to facilitate information collection, exchange, and dissemination
Coordinate with external partners (SASSD, PSCD) to disseminate information and ensure requirements are met
Provides capability and functionality requirements, and data standards to for tool design and development.
IT/System support to ensure coordination and integration of projects with DHS-level IT requirements. Includes
Certification & Accreditation
Approval Board (EAB, ERB)
Project Evaluation and Assessment supports PMs and COTRs is managing contract costs and schedules, establishing performance-based metrics and milestones, and coordinating with DHS PA&E to achieve project approvals
Business Support Team: Develops division funding requirements for out-years and implements procurement actions.
Human Resource support to ensure personnel vacancies are filled with qualified applicants; coordinates professional development and training courses for employees.
Policy Support: Field external information requests and assists in developing strategic guidance/ vision
IICP Program Management Office Information Management Branch Mission Support Branch
Manage development of the Geospatial tools to support DHS’ Infrastructure Protection, Security, and Restoration mission areas.
Provide PM support for iCAV.
Provide geospatial services to IP:
Contract GA Support - (ESRI)
Collaborate with the DHS GMO to establish geospatial data format standards to facilitate information collection, exchange, and dissemination
Identify and prioritize capability and functionality requirements for tool development.
Project Task Managers and COTRs manage program and contract schedules and costs using EVMS.
Develop and implement procurement actions to enable tool development.
Geospatial Program Office
Manage infrastructure information collection programs and the projects to development and maintain their respective technology components:
Help Desk Support
Develop a process-oriented approach for tools requirements and align with data classifications and policies specified by the Information Management Branch
Manage the integration of infrastructure information collection tools and all investment documentation requirements
Develop and implement procurement actions to enable tool development.
Support the technological development of IICP tools and integration with project management disciplines, including EVMS.
D S s
Overview of Risk Analysis CONSEQUENCE (C) (a.k.a. Criticality) – Estimate of what could happen to people, the economy, national psyche, or mission capability VULNERABILITY (V) Estimate of how easy or difficult it would be to successfully attack the asset and, in so doing, yield the most severe consequences THREAT (T) Application of threat to the asset, in terms of enemy Capability and Intent, well-informed by both consequence & vulnerability values “ [W]e cannot protect every single person against every single threat at every moment and in every place. We have to, with our finite resources and our finite number of employees, we have to be able to focus ourselves on those priorities which most demand our attention. And that means we have to focus on risk. And what does that mean? It means we look to consequence, it means we look to vulnerability, and it means we look to threat.” Secretary Chertoff, July 25, 2005
Infrastructure Information Collection Program (IICP)
Collects, catalogs, and maintains standardized and quantifiable risk-related infrastructure information to enable the execution of national risk management.
IICP will integrate at least four existing projects to reduce duplication and facilitate information collection through the implementation of a distributed architecture
Automated Critical Asset Management Systems (ACAMS)
Web-based tool enabling collection of infrastructure and risk information from
Owners/operators, law enforcement and first responders at State and Local level
A focused CI/KR information management system in which quantifiable variables required for risk analysis, CIP planning, and decisions are collected, consolidated, and presented to inform DHS leadership and other CIP partners
Capabilities and Functions:
Integrates existing collection processes
Drive asset information collection through standard risk methodologies
Data standards established for information collected
Incentives to CI/KR owners and operators to submit information on their assets
Infrastructure data is accessible via a common graphics user interface
Infrastructure data is accessible to meet the mission requirements of DHS components and inform long term CIP strategic planning
Establish requirements-based Collection Management process
Constellation/ACAMS is a web-enabled system focused at the state and local level for the collection and effective use of asset data, protection information, and incident response and recovery plans pertaining to infrastructure.
Purpose to facilitate the identification, prioritization and collection of CI/KR assets.
Focus on collecting and communicating necessary local information required by incident commander both pre-incident (protection plans, operational guides) and post-incident (response, recovery)
Program capabilities include:
Comprehensive Training program
Open source information and news feeds (Constellation)
Library of vulnerability and risk assessments and reports
Information to support strategic planner and tactical commanders
A core asset management system that implements a database for critical asset information focusing on the unique requirements and information needs of first responders
Vulnerability and consequence scoring tools that aid the user’s subjective analysis of criticality
An integrated information portal, Constellation, tying together critical assets data and reporting about the current threat environment
A complete reporting capability to answer both local and national-level data calls on critical assets
Automated generation of Buffer Zone Protection Plans (BZPPs)
Automated generation of pre-incident operational plans for local police and first responders
Electronically available resources for first responders, such as the Field Operations Guide (FOG) and the Response Information Folder (RIF)
Integrated Geospatial Information System for use in collection process and analysis
Constellation/ACAMS Incorporates these Principles in an Information System for Identifying, Prioritizing and Cataloging Critical Assets – Focusing on the Information Needed by First Responders:
Inventory Process Asset Management Questionnaire Stage Initial Assessment Visit Highly Critical Assets Non - Critical And Uncategorized Assets Small Number of Critical Sites – Highly Detailed High Number of Sites - Only Basic Information Collected
IICS End State FY08 (IOC) Enterprise Service Bus Core messaging and interaction services are provided by a single set of integrated components Geospatial Viewer Supports multi-perspective, multi-device location-based end user interfaces. Common, interoperable geospatial functionality is packaged as discrete services which can be reused across the Department Process Management Utility services are invoked in a particular sequence to provide meaningful location-based business functionality Utility Services Common, interoperable tool functionality is packaged as discrete services which can be reused across Federal, State and Local governments and sectors System Integration Access to DHS and HLS enterprise geospatial applications and data sources is provided via standards-based interfaces NOC COP ViSAT Sector RAT State VAT Others Services Analytical Tools PDA DAMS / RAM-W Enterprise Coverage Repositories Ops Data
Infrastructure Situational/Strategic Awareness
Lexis Nexis Sector DB LENS Imagery Elevation NICC NOC COP USACE GIS-Analysis/Mapping (iCAV) (Unclas/Secret/Top Secret) Future integration – Development by DHS, NGA, National Labs etc Threat iCAV - Current Implementation ACAMS LandScan HSIP Gold Enterprise Infrastructure Data Warehouse Orchestration Transformation Security Management Transport Presentation Smooth user feel, easily downloadable products, and role based
Common Graphics User Interface
Single Sign On to multiple tools
Secure Web Based Portal
Google like search/categorization
Timeline Apr May Jun Sep FY07 Aug Jul Oct FY08 Sep FY08 1
Replicate ACAMS (PSC)
Establish IICS dev sys.
SECURITY MD 1400 Customer Engagement Policy Development 15