Post on 05-Jun-2018
GOVERNOR’S OFFICE OF
Overview of California’s Critical Infrastructure Protection Program
Brian L. Keith Deputy Director, Critical Infrastructure Protection
California Office of Homeland Security
Chemical Facilities Anti-Terrorism Standards (CFATS) Workshop
July 31, 2008
California Critical Infrastructure
Facts
Water — 34 lakes and reservoirs; 1468 dams, 140 of which have a capacity greater than 10,000 acre-feet; 701 miles of canals and pipelines; and 1595 miles of levees
Transportation — 50,000 lane miles of highways; 257 public use airports, 42 are certified for air carrier operations; 186,076 miles of public roads;12,000 bridges and 120,000 miles of major railroad tracks
Agriculture — 74,000 farms, and $26 billion in farming related sales since 2002
Finance — 6619 commercial banks with deposits of $753 billion; 562 credit unions with $115 billion in assets
Oil and Natural Gas — 6,000 miles of hazardous liquid pipelines; 21 refineriesand 100 terminal facilities
Electrical Power — 500 power plants; 25,000circuit mile “electron highway”
Chemical — Approximately 2,500 “high risk” facilities
California's Strategy
Prevent terrorist attacks within the United States;
Reduce America’s vulnerability to terrorism; and
Minimize the damage and recover from attacks that do occur.
Critical Infrastructure- How do we: Identify Prioritize Protect
National Asset Database (NADB)
This inventory can be used to determine which assets systems, or networks are nationally critical, state critical, or locally critical based on the most current risk profile.
The NADB identifies baseline criteria that serve as a guide for integrating existing methodologies or modifying them so they can be used to support national-level comparative risk assessments within and between the 17 Critical Infrastructure/Key Resource Sectors.
Soon to be replaced by DHS’s Infrastructure Critical Asset Viewer (ICAV)
Automated Critical Asset Management System (ACAMS)
ACAMS is a secure, Web-based information management tool designed specifically to capture, store, and view critical asset data.
Sector Partnerships and Communication Networks
Automated Critical Asset Management System
(ACAMS)Constellation/ACAMS is a secure, Web-based
information management tool designed specifically to capture, store, and view critical asset data. Features include:
Critical asset inventory and prioritization modeling
Asset manager questionnaires Critical asset assessments Site specific pre-incident security enhancement
plans Buffer Zone Plans Building inventories Site specific post-occurrence/response plans
ACAMS focus is on two key functions:
Collecting and communicating information for prevention
Strategic pre-incident planning measures to assist in an effective response to critical incidents including, but not limited to terrorism.
California Critical Infrastructure ProtectionHow do we manage Risk?
To determine risk, we are working with security partners to assess consequences, vulnerabilities, and threats associated with the asset, system, or network.
Threat
Vulnerabilities Consequence______
RISK = f (T) (V) (C)
Risk can be calculated for an asset, system, or network at the national, sector, regional, or local level.
The result is a comprehensive, systematic assessment of risk.
What is the Protected Critical Infrastructure Information (PCII)
Program?
The PCII Program is an information sharing and protection tool that encourages the private sector to voluntarily share sensitive information with the government with the assurance that the information, if it satisfies the requirements of the Critical Infrastructure Act of 2002 will be protected from public disclosure through the Freedom of Information Act, State and local sunshine laws, and use in civil litigation.
In 2005, the California legislature passed AB1495 which provides similar protection from the California Public Records Act.
In August 2006, California became among the nation’s first PCII accredited states.
Critical Infrastructure-How do we:Identify Prioritize Protect
Conduct Statewide Data Calls for Tier 1 & Tier 2 Assets
National Center for Risk and Economic Analysis of Terrorism Events (CREATE) consequence studies
Sandia National Labs Selection Criteria
The NIPP – The Role of Private Sector
Owners and operators generally represent
the first line of defense for the CI/KR under
their control.
Private sector owners and operators are
responsible for taking action to support risk
management planning and investments in
security as a necessary component of
prudent business planning and operations.
Public/Private Partnerships
Homeland Security Advisory Committee (HSAC)
Business Executives for National Security (BENS)
Infragard
Model Program -Ventura County Economic Development Association (VCEDA) TRIAD Initiative
Business Continuity Planning
1. Carefully assess how your company functions, both internally and externally, to determine which staff, materials, procedures and equipment are absolutely necessary to keep the business operating.
2. Review your business process flow chart if one exists
3. Identify operations critical to survival and recovery4.
5. Include emergency payroll, expedited financial decision-making and accounting systems to track and document costs in the event of a disaster
6. Establish procedures for succession of management. Include at least one person who is not at the company headquarters, if applicable
Critical Infrastructure-How do we: Identify Prioritize Protect
Suggested Physical Protective Measures through the Buffer Zone Protection Program (BZPP)
DHS Comprehensive Review Program for Tier 1 sites
Various other sector specific grant programs (IPP) involving Railroads, Seaports, Mass Transit, Chemical Industry, and others.
Provide awareness level training to Private Sector (PSCT) Training. Long Beach, Oakland
Information Sharing through the STTAC, RTTACS, and TLO Program
How do we Counter the Threat?
RTTACs
• RTTACs are comprised of law enforcement, fire and emergency personnel and have an analytical focus.
• RTTACs are either co-located or have close relationship with FBI to augment analytical capabilities.
• RTTACs are or will be housed in regional fusion centers (LA-JRIC, SC-CCIC, SD-LECC)
• RTTACs coordinate & train Terrorism Liaison Officers (TLOs) assigned within their jurisdiction
• RTTACs also have critical infrastructure focus and liaison (80% in private hands)
Examples of Protective Security Implementation
CitiesSectors Events
Augment guard force Increase check pointsIncreased vigilance
Deploy sensors Human intelligenceDeploy additional law
enforcement
Air defenseEstablish buffer zone Establish barriers
Don’t publicize VIP
attendance
Harden critical structural
components
Disperse hazardous
components
Principles of ProtectiveSecurity
Defend
Devalue
Detect
Deter
Critical Infrastructure-How do we: Measure Effectiveness
Developing metrics to measure capabilities, preparedness efforts, training
Using Risk Mitigation Reports to drive grant funding:
Investment justifications
Assisting Private Sector with Business Continuity Plans to ensure Resiliency in the business community
Assisting state and local governments with Continuity of Operations Continuity of Government Planning (COOP/COG)
Repeating the Risk Management cycle