Cybersecurity is of critical importance to securing our nation, which is why it’s one of the top five mission areas for Homeland Security. As part of a broad, government-wide cybersecurity initiative, DHS leads the national effort to secure federal civilian agency and critical infrastructure systems and networks.
In the here and now, we face significant risks, not just to our computers but also to the essential services on which our society depends. That’s why DHS analysts and systems work around the clock with federal, state, and local government, as well as private sector partners to prevent, detect, and respond to a broad array of ever-evolving cyber threats.
But we cannot let these urgent threats lead us to lose sight of the bigger picture. In addition to the critical operational activity we are engaged in on a daily basis, DHS has a responsibility to help create a fundamentally safer and more secure cyber environment in the long term.
Today I am sharing with you a vision for such an environment. We are releasing a white paper, “Enabling Distributed Security in Cyberspace”, which explores technical options for creating a safer, more secure and resilient network of networks. Specifically, the paper looks at how prevention and defense can be enhanced through three security building blocks: automation, interoperability, and authentication. If these building blocks were incorporated into cyber devices and processes, cyber stakeholders would have significantly stronger means to identify and respond to threats—creating and exchanging trusted information and coordinating courses of action in near real time.
The white paper reflects the substantive contributions of thirteen federal agencies that gathered at a federal workshop in Washington last year. The white paper is intended to stimulate thought and discussion. DHS intends to leverage the expertise of representatives from industry, academia and other government agencies as we work to understand cyber threats and manage risk in cyberspace.
I also welcome your thoughts and suggestions. Together, we can do more to keep America safe, secure, and resilient in cyberspace. I look forward to receiving your input.
Philip Reitinger
Deputy Under Secretary, National Protection and Programs Directorate
You can e-mail comments on this white paper to cyberfeedback@dhs.gov.
Showing posts with label critical infrastructure protection. Show all posts
Showing posts with label critical infrastructure protection. Show all posts
Wednesday, March 23, 2011
Wednesday, December 22, 2010
Enhancing Critical Infrastructure Resilience
Written by: Todd M. Keil, Assistant Secretary for Infrastructure Protection
There can be no doubt that the nature of our world today is one of constant, rapid change. Events and disruptions to everyday operations happen—some that we can predict or forecast, others that we cannot. As a result, the owners and operators of the Nation's critical infrastructure need to be resilient and able to recover from any type of hazard.
Resilience
"What do we really mean when we talk about resilience?" What actions can the homeland security enterprise take to promote greater resilience?" The 2010 DHS Quadrennial Homeland Security Review identifies four strategic goals of resilience: (1) Enhanced preparedness, (2) Effective emergency response, (3) Rapid recovery, and (4) hazard mitigation. These four goals encompass the actions that will be necessary to manage the consequences of any incident and to quickly restore operations.
Based on these goals and the strategic direction provided by the QHSR, I initiated an IP Resilience Initiative in August to unify critical infrastructure activities around this important document. I am encouraged by what we have found so far, though there is surely more that we and our partners can and must do. I would like to talk briefly about three current IP programs that help our government and private sector partners to strengthen the resilience of critical infrastructure throughout the Nation.
(1) RRAP
One of our most important resilience initiatives is the Regional Resiliency Assessment Program. The RRAP evaluates critical infrastructure in specific geographic regions to examine vulnerabilities, threats, and potential consequences from an all-hazards perspective. RRAP assessments identify regional critical infrastructure dependencies that could be affected by events or disasters, and also evaluate a system’s ability to quickly recover. This practical, real-world approach to resilience is leading to tangible, on-the-ground results. For example, we are pairing Protective Security Advisors with Regional Directors and mission collaboration teams to help regions uncover critical infrastructure dependencies, cascading effects, and gaps in capabilities, as well as synergies derived from tapping into shared resources that they may not have known were available to them. My hope is that the RRAP will continue to grow and become a model for how to implement meaningful critical infrastructure security activities.
(2) PS-Prep
I also want to acknowledge another Department-wide effort of which IP is a part—the Private Sector Preparedness Accreditation and Certification Program, or PS-Prep. PS-Prep, codified in the 9/11 Act, establishes a remarkable public-private partnership. It's a voluntary program that enables private sector entitites to be certified - by objective third party entities - as meeting DHS preparedness standards. PS-Prep provides a tangible way for DHS and its partners to identify and recognize specific companies as compliant with resilience-based standards—and we are excited about the feedback we have been receiving from the private sector. The three standards of PS-Prep go right to the heart of resilience, addressing organizational preparedness, and emergency and business continuity. Given that companies of all kinds are eligible for certification, this program goes well beyond critical infrastructure security and demonstrates how raising awareness of critical infrastructure resilience can spill over into resilience among all types of companies and their communities.
(3) Information Sharing
In my view, part of critical infrastructure resilience is empowering owners and operators to make decisions in an evolving threat environment. This requires DHS to share security and risk information. IP has long recognized the importance of information sharing to maintaining strong partnerships. We have built an entire critical infrastructure information sharing environment to support the critical infrastructure community, and this environment can—and will—be a key component of IP’s resilience programs. Recently, IP hosted several webinars, briefings, and other events across the country to ensure that our partners have the information that they need about the risks we face—and about how to manage those risks. More about critical infrastructure information sharing.
The Future of the IP Resilience Initiative
Through the RRAP, PS-PREP, and our information sharing programs, IP is promoting resilience among our critical infrastructure partners. We also know that this handful of programs is not enough. Accordingly, the Resilience Initiative is, in part, focusing on developing further efforts that support rapid recovery of critical infrastructure and identifying gaps in programming so that we will be better able to develop solutions to address those gaps with the help of our partners. This organic approach to resilience, in my view, is not an academic exercise done in a vacuum. Instead, it utilizes the Department-driven definitions of resilience, as well as information and feedback from our partners and other stakeholders.
As Critical Infrastructure Protection Month 2010 draws to a close, I am looking forward to our work on this exciting initiative in 2011.
For more information about critical infrastructure programs, visit www.dhs.gov/criticalinfrastructure
There can be no doubt that the nature of our world today is one of constant, rapid change. Events and disruptions to everyday operations happen—some that we can predict or forecast, others that we cannot. As a result, the owners and operators of the Nation's critical infrastructure need to be resilient and able to recover from any type of hazard.
Resilience
"What do we really mean when we talk about resilience?" What actions can the homeland security enterprise take to promote greater resilience?" The 2010 DHS Quadrennial Homeland Security Review identifies four strategic goals of resilience: (1) Enhanced preparedness, (2) Effective emergency response, (3) Rapid recovery, and (4) hazard mitigation. These four goals encompass the actions that will be necessary to manage the consequences of any incident and to quickly restore operations.
Based on these goals and the strategic direction provided by the QHSR, I initiated an IP Resilience Initiative in August to unify critical infrastructure activities around this important document. I am encouraged by what we have found so far, though there is surely more that we and our partners can and must do. I would like to talk briefly about three current IP programs that help our government and private sector partners to strengthen the resilience of critical infrastructure throughout the Nation.
(1) RRAP
One of our most important resilience initiatives is the Regional Resiliency Assessment Program. The RRAP evaluates critical infrastructure in specific geographic regions to examine vulnerabilities, threats, and potential consequences from an all-hazards perspective. RRAP assessments identify regional critical infrastructure dependencies that could be affected by events or disasters, and also evaluate a system’s ability to quickly recover. This practical, real-world approach to resilience is leading to tangible, on-the-ground results. For example, we are pairing Protective Security Advisors with Regional Directors and mission collaboration teams to help regions uncover critical infrastructure dependencies, cascading effects, and gaps in capabilities, as well as synergies derived from tapping into shared resources that they may not have known were available to them. My hope is that the RRAP will continue to grow and become a model for how to implement meaningful critical infrastructure security activities.
(2) PS-Prep
I also want to acknowledge another Department-wide effort of which IP is a part—the Private Sector Preparedness Accreditation and Certification Program, or PS-Prep. PS-Prep, codified in the 9/11 Act, establishes a remarkable public-private partnership. It's a voluntary program that enables private sector entitites to be certified - by objective third party entities - as meeting DHS preparedness standards. PS-Prep provides a tangible way for DHS and its partners to identify and recognize specific companies as compliant with resilience-based standards—and we are excited about the feedback we have been receiving from the private sector. The three standards of PS-Prep go right to the heart of resilience, addressing organizational preparedness, and emergency and business continuity. Given that companies of all kinds are eligible for certification, this program goes well beyond critical infrastructure security and demonstrates how raising awareness of critical infrastructure resilience can spill over into resilience among all types of companies and their communities.
(3) Information Sharing
In my view, part of critical infrastructure resilience is empowering owners and operators to make decisions in an evolving threat environment. This requires DHS to share security and risk information. IP has long recognized the importance of information sharing to maintaining strong partnerships. We have built an entire critical infrastructure information sharing environment to support the critical infrastructure community, and this environment can—and will—be a key component of IP’s resilience programs. Recently, IP hosted several webinars, briefings, and other events across the country to ensure that our partners have the information that they need about the risks we face—and about how to manage those risks. More about critical infrastructure information sharing.
The Future of the IP Resilience Initiative
Through the RRAP, PS-PREP, and our information sharing programs, IP is promoting resilience among our critical infrastructure partners. We also know that this handful of programs is not enough. Accordingly, the Resilience Initiative is, in part, focusing on developing further efforts that support rapid recovery of critical infrastructure and identifying gaps in programming so that we will be better able to develop solutions to address those gaps with the help of our partners. This organic approach to resilience, in my view, is not an academic exercise done in a vacuum. Instead, it utilizes the Department-driven definitions of resilience, as well as information and feedback from our partners and other stakeholders.
As Critical Infrastructure Protection Month 2010 draws to a close, I am looking forward to our work on this exciting initiative in 2011.
For more information about critical infrastructure programs, visit www.dhs.gov/criticalinfrastructure
Friday, December 10, 2010
December Is Critical Infrastructure Protection Month
So, what exactly is Critical infrastructure? Quite simply, critical infrastructure is something that touches your every day life. From the bridges you cross, to the food you eat, to the water you drink, to the buildings you work in. Critical infrastructure encompasses the assets, networks, and functions—both physical and virtual—that are essential to the security, economic welfare, public health, and safety of the United States. This includes:
- Emergency Services
- Energy
- Postal and Shipping
- National Monuments and Icons
- Commercial Facilities
- Dams
- Government Facilities
- Transportation Systems, including Bridges and Tunnels
- And so much more...
Here at DHS, the Office of Infrastructure Protection oversees the national program created to protect our critical infrastructure and strengthen its resilience and ability to recover quickly from catastrophic events.
Because most U.S. critical infrastructure is privately owned, this federal effort is an unprecedented network of public-private partnerships involving thousands of stakeholders in the United States and abroad.
President Obama's proclamation calls upon “the people of the United States to recognize the importance of protecting our Nation’s resources and to observe this month with appropriate events and training to enhance our national security and resilience.”
Through the leadership of the Office of Infrastructure Protection, DHS is honoring President Obama's proclamation with a host of initiatives and resources, including the expansion of essential programs such as the Regional Resiliency Assessment Program, Chemical Facility Anti-Terrorism Standards, bombing prevention programs and tools, commercial facilities training and resources, risk management and analysis, contingency planning and incident management, and much more.
Throughout the month of December, the Office of Infrastructure Protection will be providing updates, comprehensive overviews, and tons of helpful information. Please visit us at http://www.dhs.gov/criticalinfrastructure to sign up for updates and to learn more about what we're doing at DHS to protect the critical infrasture that ensures the security, welfare, and safety of your community.
-- Guest Blog from the Office of Infrastructure Protection, External Communications, DHS
Monday, May 3, 2010
Underscoring Strong Public-Private Partnership
Protective Security Advisors (PSAs) from the Office of Infrastructure Protection are hitting the pavement this week to reach out to nearly 300 individual sports league venues around the country as part of our coordinated campaign to raise awareness and enhance the safety and security of critical infrastructure within the commercial facilities sector.
We’ve asked the PSAs, who are our representatives in the field, to meet with facility security directors and owners and operators to provide them with the information and resources they need to enhance protection. These visits will serve as a foundation for stronger working relationships and future collaboration with security forces in the sports league and public assembly subsectors.
The comprehensive outreach effort is designed to get tools and resources into the field as a follow-up to the two-day conference and table-top exercise that we hosted last week in Northern Virginia. The event brought together approximately 200 members of professional sports leagues, industry associations, academia, private sports event security companies, law enforcement agencies, and other federal partners.
Participants included representatives from organizations such the National Football League, Major League Baseball, U.S. Tennis Association, National Basketball Association, National Hockey League, Indy Racing League, Major League Soccer, National Association of Stock Car Auto Racing, and the International Association of Assembly Managers.
The sports leagues/public assembly subsectors initiative is the second of a series of engagements with private sector partners within the commercial facilities sector. The first initiative was with the retail and lodging subsectors in November, 2009. Our office plans to continue these types of events in the future, focusing on the remaining commercial facilities subsectors: real estate, outdoor events, gaming, and entertainment and media, and the remaining public assembly subsector and cultural properties partners.
This collaborative engagement demonstrates the value of our public-private partnership — borne out of the Department’s National Infrastructure Protection Plan (NIPP) — and our shared commitment to secure these venues and other critical infrastructure so vital to the safety and security of the American people.
If you would like more information about the NIPP and other important critical infrastructure initiatives currently underway at DHS, please visit www.dhs.gov/criticalinfrastructure.
Todd Keil is the Assistant Secretary, Office of Infrastructure Protection
Wednesday, April 28, 2010
DHS Hosts Sports Leagues Conference and Table-Top Exercise
The focus on safety and security for commercial facilities and infrastructure like sports stadiums and arenas is an important piece of homeland security. Anytime you have a large gathering of people – on the scale of the Super Bowl, a World Series game, NASCAR race, Presidential Inaugural or other major event – there is cause for concern that terrorists or others with nefarious intent may attempt to cause disruption or gain notoriety before a wide audience.
Today, representatives from professional sports leagues, industry associations, academia, and private sports event security companies joined with top Homeland Security and law enforcement agency officials to share information, establish protocols, and conduct an intensive table-top exercise (TTX) sponsored by the DHS National Protection and Programs Directorate’s Office of Infrastructure Protection. The two-day event began yesterday with a conference that featured a series of briefings and discussions in Northern Virginia among public and private sector partners.
The Sports Leagues Conference and TTX is designed to give key security players an opportunity to share best practices and explore the inherent challenges to keeping large public facilities safe. Nearly 200 individuals participated, including sports league security representatives from the National Football League (NFL); Major League Baseball (MLB); National Basketball Association (NBA); National Hockey League (NHL); National Association for Stock Car Auto Racing (NASCAR); Indy Racing League; Major League Soccer; U.S. Tennis Association; and the National Collegiate Athletic Association.
Did you know that…
· MLB had 73 million fans at their events in 2009
· NBA had 21 million fans at their events during the 2008-09 season
· NHL had 21 million fans at their events during the 2008-09 season
· NFL had 17 million fans at their events in 2009
· NASCAR can have up to 400,000 fans at a single event
And there are…
· 70 stadiums utilized by the NFL, MLS, and MLB
· 42 arenas associated with the NBA and the NHL
· 31 racetracks (NASCAR and Indycar)
Today’s TTX challenged participants from the private sector and all levels of government– federal, state, local tribal and territorial– to look at their respective roles and responsibilities and develop ways to work together more effectively. The collaborative process and shared commitment is vital to protect the people attending high-profile sporting and related events that can also be high-target opportunities for terrorists or other criminals.
If you’d like more information about important critical infrastructure initiatives currently underway at DHS, please visit www.dhs.gov/criticalinfrastructure.
Rand Beers is the Under Secretary of the National Protection and Programs Directorate
Today, representatives from professional sports leagues, industry associations, academia, and private sports event security companies joined with top Homeland Security and law enforcement agency officials to share information, establish protocols, and conduct an intensive table-top exercise (TTX) sponsored by the DHS National Protection and Programs Directorate’s Office of Infrastructure Protection. The two-day event began yesterday with a conference that featured a series of briefings and discussions in Northern Virginia among public and private sector partners.
The Sports Leagues Conference and TTX is designed to give key security players an opportunity to share best practices and explore the inherent challenges to keeping large public facilities safe. Nearly 200 individuals participated, including sports league security representatives from the National Football League (NFL); Major League Baseball (MLB); National Basketball Association (NBA); National Hockey League (NHL); National Association for Stock Car Auto Racing (NASCAR); Indy Racing League; Major League Soccer; U.S. Tennis Association; and the National Collegiate Athletic Association.
Did you know that…
· MLB had 73 million fans at their events in 2009
· NBA had 21 million fans at their events during the 2008-09 season
· NHL had 21 million fans at their events during the 2008-09 season
· NFL had 17 million fans at their events in 2009
· NASCAR can have up to 400,000 fans at a single event
And there are…
· 70 stadiums utilized by the NFL, MLS, and MLB
· 42 arenas associated with the NBA and the NHL
· 31 racetracks (NASCAR and Indycar)
Today’s TTX challenged participants from the private sector and all levels of government– federal, state, local tribal and territorial– to look at their respective roles and responsibilities and develop ways to work together more effectively. The collaborative process and shared commitment is vital to protect the people attending high-profile sporting and related events that can also be high-target opportunities for terrorists or other criminals.
If you’d like more information about important critical infrastructure initiatives currently underway at DHS, please visit www.dhs.gov/criticalinfrastructure.
Rand Beers is the Under Secretary of the National Protection and Programs Directorate
Thursday, December 3, 2009
Focus on Philadelphia
When you think about Critical Infrastructure and Key Resources (CIKR), you probably think about all of the things in the U.S. that are essential to our national security, economic vitality, public health and safety, and our way of life.
Assets like energy grids, banking and finance systems and transportation networks, for example, likely quickly come to mind. Much of this infrastructure is owned and operated by the private sector, and today in New York City Secretary Napolitano met with leaders from a variety of industries to discuss her dedication to continuing to work with private sector partners to ensure the security of our nation’s CIKR.
But CIKR encompasses a diverse range of 18 unique sectors that touch the lives of the American people every day, and in different ways. And while communications systems, for example, are certainly a sector of CIKR, so too are some assets that probably don’t immediately leap to mind.
National monuments and icons could be an example. This diverse array of sites and landmarks that represent our nation’s core principals, tradition and heritage may not get you to work or turn on your lights, but they represent the foundation upon which our country was built. An incident at these historic resources could not just mean the potential loss of life or property, but also the loss of the symbols that represent our country’s values.
The Department of Homeland Security works with our federal, state local and private sector partners to protect our monument and icon CIKR from either manmade or natural disasters, while still ensuring open and free access.
More than 1.3 million people visit our national monuments and icons each day. In Philadelphia – our Nation’s first seat of federal government and home to numerous historic sites – more than 2 million visitors swung by the Liberty Bell Center in 2008, while Independence Hall reported more than 700,000 guests.
Check out this video to learn more about how DHS is partnering with local officials in Philadelphia to ensure that our national monument and icon critical infrastructure is protected.
Assets like energy grids, banking and finance systems and transportation networks, for example, likely quickly come to mind. Much of this infrastructure is owned and operated by the private sector, and today in New York City Secretary Napolitano met with leaders from a variety of industries to discuss her dedication to continuing to work with private sector partners to ensure the security of our nation’s CIKR.
But CIKR encompasses a diverse range of 18 unique sectors that touch the lives of the American people every day, and in different ways. And while communications systems, for example, are certainly a sector of CIKR, so too are some assets that probably don’t immediately leap to mind.
National monuments and icons could be an example. This diverse array of sites and landmarks that represent our nation’s core principals, tradition and heritage may not get you to work or turn on your lights, but they represent the foundation upon which our country was built. An incident at these historic resources could not just mean the potential loss of life or property, but also the loss of the symbols that represent our country’s values.
The Department of Homeland Security works with our federal, state local and private sector partners to protect our monument and icon CIKR from either manmade or natural disasters, while still ensuring open and free access.
More than 1.3 million people visit our national monuments and icons each day. In Philadelphia – our Nation’s first seat of federal government and home to numerous historic sites – more than 2 million visitors swung by the Liberty Bell Center in 2008, while Independence Hall reported more than 700,000 guests.
Check out this video to learn more about how DHS is partnering with local officials in Philadelphia to ensure that our national monument and icon critical infrastructure is protected.
Thursday, November 19, 2009
CIKR
I know we throw a lot of acronyms out there – even after just a few months in government, you can’t resist! – but this is one that has meaning for all of us. CIKR stands for “Critical Infrastructure and Key Resources” – an umbrella term referring to the assets of the United States essential to the nation's security, public health and safety, economic vitality, and way of life. Simply put, it’s power grids and water filtration plants; national monuments and government facilities; telecommunications and transportation systems; chemical facilities and much more.
The vast majority of our national CIKR is privately owned and operated, which means ensuring its protection and resiliency involves an unprecedented partnership between government and the private sector. This partnership is at the heart of the National Infrastructure Protection Plan, which establishes a unique coordination and information-sharing framework that unifies protection of our nation’s CIKR into an integrated plan. The partnership now includes more than 200 trade associations from every CIKR sector, representing more than 4 million members.
Check out the video below to learn more about how this public-private groundbreaking partnership works to safeguard the nation’s Critical Infrastructure and Key Resources.
The vast majority of our national CIKR is privately owned and operated, which means ensuring its protection and resiliency involves an unprecedented partnership between government and the private sector. This partnership is at the heart of the National Infrastructure Protection Plan, which establishes a unique coordination and information-sharing framework that unifies protection of our nation’s CIKR into an integrated plan. The partnership now includes more than 200 trade associations from every CIKR sector, representing more than 4 million members.
Check out the video below to learn more about how this public-private groundbreaking partnership works to safeguard the nation’s Critical Infrastructure and Key Resources.
Subscribe to:
Posts (Atom)