goto Indian Health Service home page Indian Health Service: The Federal Health Program for American Indians and Alaska Natives

 
Advanced  Search
IHS HOME ABOUT IHS SITE MAP HELP
goto Health and Human Services home page goto Health and Human Services home page

Resources for
IHS Management

 IHS Emergency Services
Photo collage of different seasons and times of day Photo collage of different seasons and times of day
 
Home
Emergency Medical Services (EMS)
Emergency Medical Services for Children (EMSC)
Emergency Management (EM)
Security Program Services (SPS)
Trauma Services (TS)
Situation Reports
Staff
Federal Government Agencies
State Emergency Management
Other Links
 
These plug-ins
may be required
for the content
on this page:

Link to MicroSoft Word Plug-in MS Word
Link to Adobe Acrobat Plug-in Acrobat

IHS Plug-in Page

Use site contact
if unable to view
a particular file

Questions or Comments.
Please contact the
Site Manager.
 
Security Program Services

IHS Security Program Services (SPS) supports the Agency in an effort to establish more secure facilities and by developing, managing and promoting security policies, procedures, techniques, and services; and supports testing, evaluation and validation of processes and systems. The Indian Health Service has a responsibility under Homeland Security Presidential Directives (HSPD) to ensure that the Agency minimizes the negative effects of security and infrastructure compromise. Specifically, HSPD 7 establishes a directive that establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.

SPS Program Objectives

  • Ensure program management and implement standards to promote security.
  • Maintain a strategy that creates awareness and compliance.
  • Improve business processes to align security with Agency goals.
  • Train staff in sound security practices.

Operations Security (OPSEC)

"Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion." George Washington

This quote from George Washington shows that operational security, otherwise known as OPSEC, was important even in the early days of this country. Washington realized that when one gathers information, even seemingly insignificant things may be the crucial pieces of the puzzle to put together a clear picture of someone's operations. OPSEC is one of the critical aspects of the IHS Security Program. Everyone is encouraged to guard sensitive information that may reveal our operations to entities outside of the agency. Evacuation plans, continuity of operations plans and emergency plans all have sensitive information that may have adverse consequences if revealed to an "attacker" of the agency. We encourage everyone to guard this information and share it only with people who have a need to know.

Everyone should also guard information such as pass words, access to facilities, files and databases. Even things such as announcing that you are "going on vacation" may be an alert for someone that could invade your home.

What can I do to help thwart any further attempts to harm the U.S.A.?

Practice OPSEC at work and at home. OPSEC is a five step process:

  1. Identification of the critical information to be protected. It is the information that is critical to the success of your mission or objective.
  2. Analysis of the threats. If adversaries can obtain the critical information, they can use it against you or your agency for their own benefit and represent a threat. You want to know who your adversaries are, what information they need about you, and how they will collect it.
  3. Analysis of the vulnerabilities. Critical information that has been identified should be protected. Look for detectable activities that you or your agency that can be interpreted or pieced together by adversaries to derive critical information about you or your agency.
  4. Assessment of the risks. Risk is the measure of harm or adverse impact that vulnerability or a combination of vulnerabilities may cause if exploited by an adversary.
  5. Application of the countermeasures. Once risk is determined, measures should be taken to reduce risk. It is important to control all OPSEC indicators and not arbitrarily eliminate them.

      6. We can all incorporate OPSEC into our everyday work routine. Practicing operations security will help you accomplish your goals. When you do something, ask yourself, "What could an adversary glean from the knowledge of this activity? Is it revealing information about what we do and how we do it?" It is helpful to view yourself and what you're doing as an adversary would. For example, what can be gained by observing your actions or reading what you place on a website?

      For more information go to the following website for the Interagency OPSEC Support Staff: http://www.ioss.gov/

      Critical Infrastructure Protection (CIP)

      The Presidential Decision Directive 63 makes every department and agency of the federal government responsible for protecting its own critical infrastructure. This effort established to address continuing government wide security concerns, establish policies and standards for security in and protection of federal facilities and monitor agency compliance. Most of the agencies reported shared security responsibilities between the agency and GSA. Types of security responsibilities include performing security assessments, providing security funding, providing security forces and security technology, and coordinating security efforts among and within agencies. In May 1998, Presidential Decision Directive 63 was issued with the intent to eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructure. Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. It makes every department and agency of the federal government responsible for protecting its own critical physical infrastructure. This would include the buildings that house critical cyber based systems.

      The following is an excerpt from the Presidential Decision Directive NSC-63 which was signed in May of 1988:

      "Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private. Many of the nation's critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks. Addressing these vulnerabilities will necessarily require flexible, evolutionary approaches that span both the public and private sectors, and protect both domestic and international security.

      Because of our military strength, future enemies, whether nations, groups or individuals, may seek to harm us in non- traditional ways including attacks within the United States. Because our economy is increasingly reliant upon interdependent and cyber-supported infrastructures, non-traditional attacks on our infrastructure and information systems may be capable of significantly harming both our military power and our economy.

      President's Intent

      It has long been the policy of the United States to assure the continuity and viability of critical infrastructures. I intend that the United States will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems."

      Because the Indian Health Service provides emergency services, including health services and assists in providing and maintaining water systems throughout "Indian Country" we oversee a significant portion of critical infrastructure throughout the United States. Therefore, CIP is an important role of the IHS Security Program. The Security program works with federal and tribal programs to protect critical infrastructure.

       
Accessibility  --  Disclaimers  --  Website Privacy Policy  --  Freedom of Information Act
Kids Page  --  No Fear Act  --  Frequently Asked Questions  --  USA.gov  --  HHS