|
Prevention
The first stage of emergency management is prevention. Prevention is
an on-going activity meant to reduce the risk of health, life, property
and the environment from hazards. The goal of prevention is to identify
and minimize risks to protect the agency from disaster. Prevention involves
making sure that your agency is prepared to handle an emergency (through
an Emergency Management Plan or Continuity of Operations Plan), has
the resources to operate during an emergency, and has the proper systems
available to continue operations in the event that normal facilities
are rendered unavailable.
- Best
Practices for Government Intervention to Enhance the Security of National
Critical Infrastructures - This report from the DHS National Infrastructure
Advisory Council focuses on how selected sectors differ in their physical
and cybersecurity needs, the advantages and disadvantages of market
intervention, and identifying the conditions under which government
intervention should occur.
- Blue Ribbon Panel on Bridge and Tunnel
Security - This joint FHWA/AASHTO study provides national recommendations
for improving the security of our nation's bridges and tunnels.
- Critical
Foundations--The Report of the President's Commission on Critical
Infrastructure Protection: October 13, 1997 - The report addresses
the following critical infrastructures: energy; banking and finance;
transportation; vital human services; and, telecommunications. Transportation
is covered in Chapters 1, 3, 7, 9 and Appendix A, but appears throughout
the report as a critical security area.
- Cybersecurity
- DHS
Protected Critical Infrastructure Information Program - TSA isn't
the only part of DHS that focuses on infrastructure protection. The
Protected Critical Infrastructure Information (PCII) Program is designed
to encourage private industry and others with knowledge about our
critical infrastructure to share sensitive and proprietary business
information about this critical infrastructure with the Government.
PCII is used in pursuit of a more secure homeland, focusing primarily
on analyzing and securing critical infrastructure and protected systems,
developing risk assessments and vulnerabilities and assisting with
recovery.
- FEMA
Mitigation Best Practices Portfolio - This portfolio is a collection
of ideas, activities, projects, and funding sources that can help
reduce or prevent the impacts of disasters. This Web page also invites
users to submit their own mitigation best practices for review and
possible inclusion in the portfolio.
- Hazardous
Materials Safety & Security Field Operational Test - Following
the September 11, 2001 terrorist attacks on the U.S., the Department
of Transportation was asked to identify areas within the transportation
system that were vulnerable to terrorist attack. FMCSA conducted a
field operational test (FOT) to quantify the security costs and benefits
of an operational concept that applied technology and improved enforcement
procedures to hazmat transportation.
- Preventing Damage to Buildings
- Responding
to Threats: A Field Personnel Manual (NCHRP Report 525 Volume
1) - This document includes a draft template that contains basic security
awareness training. It emphasizes noticing and reporting behavior
that may be part of the planning stages of an event, and explains
how an increased level of attention on the part of employees can deter
criminal and terrorist plans prior to implementation.
- Risk Assessment and Reduction
Risk Assessment and Reduction
- ASIS
General Security Risk Assessment Guidelines - ASIS International
(ASIS), in response to a concerted need for guidelines and standards
regarding security issues in the U.S., has created the ASIS Commission
on Guidelines. Its first mission is "to advance the practice
of security through the development of risk mitigation guidelines."
- Cross
Sector Interdependencies and Risk Assessment Guidelines - This
report from the DHS National Infrastructure Advisory Council concluded
that cross-sector crisis management coordination is fundamental to
the rapid restoration of critical infrastructure(s) and integral to
sustain the public's confidence in those infrastructures.
- DHS
IAIP Risk Analysis and Management for Critical Asset Protection (RAMCAP)
- This effort, led by the American Society of Mechanical Engineers
working for DHS IAIP, is intended to give the federal government a
means of evaluating risk across the country.
- Transportation Agency-Owned Communication System Vulnerability Reduction
(Fall 2005) - This project looked at typical telecommunications systems
implemented by transportation agencies and actions that could be taken
to reduce the risks they face from natural and deliberate disasters.
- TMC Vulnerability Reduction (Fall 2005) - This project develops
a risk assessment methodology tailored to the unique characteristics
of transportation management facilities and provides potential countermeasures
for improving their physical security. Typical implementation costs
are included.
- TSA
Transportation Security Self-Assessment Risk Module (VSAT) - TSA
is developing a suite of transportation asset risk self assessment
tools.
- TSA
Risk Assessment Program - This website provides information on
other risk management tools TSA is developing.
Preventing Damage to Buildings
- Although the assets most often associated with transportation agencies
are roads, bridges, and tunnels, DOT operational capability depends
on things that go on in buildings, including headquarters facilities,
maintenance offices, and operations centers. Below are several resources
that should help to make sure that those buildings are as safe as
possible when we need them most. All can be found at http://www.fema.gov/fima/rmsp.shtm
- FEMA 426 - Reference Manual to Mitigate Potential Terrorist
Attacks Against Buildings
- FEMA 427 - Primer for Design of Commercial Buildings to Mitigate
Terrorist Attacks
- FEMA 429 - Insurance, Finance, and Regulation Primer for Terrorism
Risk Management in Buildings
- E155 - Building Design for Homeland Security
- FEMA 452 - Methodology for Preparing Threat Assessments for
Commercial Buildings
- FEMA 453 - Multihazard Shelter (Safe Havens) Design
- FEMA 455 - Rapid Visual Screening for Building Security
- FEMA 459 - Incremental Rehabilitation to Improve Security in
Buildings
- Blast
Mitigation - This website from the National Memorial Institute
for the Prevention of Terrorism contains a highly useful set of reports,
case studies, and links focused on mitigating blast effects on various
types of structures.
- DoD
Minimum Antiterrorism Standards for Buildings - The Department
of Defense has just approved its new "Minimum Antiterrorism Standards
for Buildings" for release to the general public. The standards
will be applied to all new buildings constructed on DoD installations,
will be applied to major retrofits of existing buildings on DoD installations,
as well as to leased commercial buildings that have a high concentration
of DoD employees. The Department of Defense produced this special
public version of its standards for the expressed purpose of sharing
non-sensitive infrastructure security knowledge for possible application
to commercial buildings where the private sector finds them applicable.
- Protecting
People and Buildings from Terrorism: Technology Transfer for Blast-effects
Mitigation - Report of the Committee for Oversight and Assessment
of Blast-effects and Related Research, Board on Infrastructure and
the Constructed Environment, National Research Council.
- The
Challenge of Making Safer Structures - This report, more than
two years in the making, is part of an ongoing NIST project that seeks
to construct a set of well-grounded data to serve as a foundation
for building high rises with improved structural integrity, better
fireproofing, and enhanced evacuation capabilities.
Cybersecurity
- CERT
Coordination Center - The CERT Coordination Center, part of the
Networked Systems Survivability Program of the Software Engineering
Institute, started in 1988 after the Morris Worm incident crippled
approximately 10 percent of all computers connected to the Internet.
The center develops incident-response teams, coordinates response
to large-scale incidents, trains incident-response professionals,
and researches security vulnerabilities, system improvements, and
the survivability of large-scale networks.
- Common
Vulnerability Scoring System - There has often been a lack cohesion
or interoperability among systems to rank information system vulnerabilities.
Also, existing systems tend to be limited in scope as to what they
cover, and these systems tend to be Internet-centric. The DHS National
Infrastructure Advisory Council commissioned this project to propose
an open and universal vulnerability scoring system to address and
solve these shortcomings, with the ultimate goal of promoting a common
understanding of vulnerabilities and their impact.
- Federal
Computer Incident Response Capability - The Federal Computer Response
Capability (fedCIRC) coordinates and analyzes computer security for
the federal government's civilian agencies and departments. Through
FedCIRC, federal agencies cooperate to handle security incidents,
share information, solve common security problems, and also collaborate
with National Infrastructure Protection Center to plan protection
strategies and deal with criminal threats to the critical information
infrastructure.
- National
Strategy to Secure Cyberspace - This document provides a framework
for improving cybersecurity.
- NIST
Recommended Security Controls for Federal Information Systems
- The purpose of Special Publication 800-53 is to provide guidelines
for selecting and specifying security controls for information systems
supporting the executive agencies of the federal government
- NIST
Risk Management Guide for Information Technology Systems
- NIST
Security Self-Assessment Guide for Information Technology Systems
- NIST Special Publication (SP) 800-26, Security Self-Assessment Guide
for Information Technology Systems, utilizes an extensive questionnaire
containing specific control objectives and techniques against which
an unclassified system or group of interconnected systems can be tested
and measured.
- Research
to Improve Freight Transportation Information Systems Security
- The vulnerability of U.S. freight transportation information systems
to terrorist cyberattack presents a potentially serious homeland security
concern, says a new report from the National Academies' Transportation
Research Board and Computer Science and Telecommunications Board.
The report outlines the research necessary to strengthen the security
of these systems, which facilitate the efficient movement and delivery
of goods and materials.
- Supervisory
Control and Data Acquisition (SCADA) Systems - The DOD's Technical
Support Working Group provides resources to help address the vulnerability
of SCADA systems, which have similarities to traffic control systems.
- The
Information, Systems, and Automation Society (ISA) - ISA is a
major standards developer in the supervisory control and data acquisition
(SCADA) industry. Their standards ISA-TR99.00.01-2004 and ISA-TR99.00.02-2004
may be highly useful in understanding how to protect traffic control
systems.
- U.S.
Computer Systems Are Vulnerable to Attack - Computer systems across
the country are increasingly vulnerable to cyber attacks, says a new
report from the National Academies' Computer Science and Telecommunications
Board. The report highlights previous Academy studies that call for
better authentication systems, training, and monitoring to help make
information systems more secure.
You will need the Adobe
Acrobat Reader to view the PDFs on this page.
|