BUILDING PUBLIC-PRIVATE PARTNERSHIPS FOR A STRONGER...
Transcript of BUILDING PUBLIC-PRIVATE PARTNERSHIPS FOR A STRONGER...
BUILDING PUBLIC-PRIVATE
PARTNERSHIPS FOR A STRONGER
COMMUNITY
Greater Tampa Bay Association
of
Contingency Planners Meeting
March 31, 2010
O.T. Gagnon III
Protective Security Advisor
Central Florida District
Office of Infrastructure Protection
2
Overview
► Protective Security Advisor (PSA) Program
► Critical Infrastructure Protection Web-Site
► Homeland Security Information Network-Critical Sectors (HSIN-CS)
► Ready.gov (Ready Business)► Private Sector Preparedness (PS-Prep)► State & Local Partnerships► Questions & Answers
3
Protective Security Advisor (PSA) Program
► Provide an Infrastructure Protection (IP) security expert as the link between State, local, tribal, and territorial organizations and DHS IP resources.
► Assist with ongoing State and local Critical Infrastructure/Key Resource (CIKR) security efforts interacting with State Homeland Security Advisors and other State, local, tribal, territorial and private sector organizations.
► Support the development of the national risk picture by identifying, assessing, monitoring, and minimizing the risk to critical assets at the State, local, and regional level.
4
Protective Security Advisor (PSA) Program (continued)
► Coordinate vulnerability assessments and training, support incident management and serve as a vital channel of communication for officials and private sector owners and operators of CIKR assets seeking to communicate with DHS.
► Liaisons at the Federal Emergency Management Agency Joint Field Office and in the State and county Emergency Operations Centers, providing expert knowledge of the impacted infrastructure, maintaining communication with CIKR owners and operators, and prioritizing and coordinating response, recovery, and restoration efforts for critical infrastructure.
5
Protective Security Advisor (PSA) Program (continued)
Texas
Gulf Coast Florida
Mid-Atlantic
Northeast
Anchorage
Portland
Seattle
Sacramento
San Francisco
Salt Lake City
Denver
Las Vegas
Los Angeles
San Diego
Honolulu
Phoenix
Albuquerque
El Paso
Oklahoma City
San Antonio
Houston
Dallas
Des MoinesOmaha
Kansas City
Minneapolis
Little Rock
Springfield
Chicago
Milwaukee
Grand Rapids Detroit
Cleveland
CincinnatiIndianapolis
Louisville
Nashville
Memphis
ColumbiaAtlantaBirmingham
Mobile
Jackson
Baton RougeNew Orleans
Tampa
Miami
Charlestown
Pittsburgh
Buffalo
AlbanyBoston
NorfolkRichmond
Baltimore
Washington, D.C.
San Juan
Guam U.S. Virgin
Islands
St. Louis
Harrisburg
Tallahassee
Topeka
Raleigh
Cheyenne
Denton
Helena
Manchester
Williston
Bismarck
Pierre
Portland
Philadelphia
Dover
New Haven
Newark
New York City
Providence
Boise
Today there are 93 PSAs serving in 70 Districts in 50 States and one Territory
6
Critical Infrastructure Protection Web-Site
http://www.dhs.gov/files/programs/critical.shtm
7
Critical Infrastructure Protection Web-Site (continued)
► Provides stakeholders and the public with easily accessible information about their role in safeguarding critical infrastructure and key resources (CIKR)
► Features a link to the new CIKR Resource Center, which includes information about how to sign up for free Web-based seminars on the tools, trends, issues, and best practices for infrastructure protection and resilience
► Contains resources concerning potential vulnerabilities for chemical facilities
8
Critical Infrastructure Protection Web-Site (continued)
► Provides information about DHS’ ongoing CIKR efforts—including the National Infrastructure Protection Plan (NIPP), the U.S. Government’s unified approach, coordinated by DHS, to ensure protection and resiliency of CIKR through partnerships with thousands of public and private members
► Offers details about the National Response Framework, which outlines guidance for all response partners to prepare for and provide a unified response to disasters and emergencies
9
Homeland Security Information Network- Critical Sectors
(HSIN-CS)
► Primary objectives of HSIN-CS is to generate effective risk management decisions, and to encourage collaboration and coordination on plans, strategies, protective measures, and response/recovery efforts between government, operators, and owners in the public and private sectors.
► DHS has designated the HSIN-CS to be its primary information-sharing platform between the CIKR sectors.
► Enables DHS and the critical sector stakeholders to communicate, coordinate, and share information
10
Homeland Security Information Network- Critical Sectors
(HSIN-CS)
► Access a single DHS source for infrastructure protection alerts, information bulletins and analysis related to individual sectors
► Engage in secure discussions and document sharing with a vetted sector peer group
► Contribute to and benefit from strategic and tactical information sharing on an ongoing/periodic basis
► Conduct effective ongoing situational awareness ► Access timely information on recommended pre-incident
prevention and preparedness practices and activities ► Respond more effectively both during an incident as well as
in its aftermath
11
Ready.gov (Ready Business)
► Ready Business outlines commonsense measures business owners and managers can take to start getting ready.
► Provides practical steps and easy-to-use templates to help you plan for your company's future.
► Recommendations reflect the Emergency Preparedness and Business Continuity Standard (NFPA 1600) developed by the National Fire Protection Association and endorsed by the American National Standards Institute and the Department of Homeland Security.
Voluntary Private Sector Preparedness
Accreditation and Certification Program
PS-Prep
13
Implementing Recommendations of the 9/11 Commission
Act of 2007 (Public Law 110-53)
Mandated Action
Directs DHS to establish a “Voluntary Private Sector Preparedness Accreditation and Certification Program”
Improve Private Sector Preparedness in► Disaster Management► Emergency Management ► Business Continuity
Program Requirements► Select preparedness standards for accreditation► Establish accreditation and certification program► Small business provision
14
Program Coordination, Management
and Oversight Structure
The Act designates specific DHS program offices
– The Administrator of FEMA
– The Assistant Secretary for Infrastructure Protection
– The Assistant Secretary for the Private Sector
– The Under Secretary for S&T (DHS Standards Executive)
DHS designated FEMA as Program lead
– FEMA Administrator or designee is Council Chair
– Standards Executive (DHS S&T) is Council Executive Secretary
15
Key Program Requirements
• Voluntary participation
• Provide method to independently certify preparedness of private sector entities (3rd party certification)
• Administered by non-governmental entity
• DHS designates one or more standards
• Separate classifications and certification methods for small business
• Integrate and leverage existing regulatory requirements and programs, if feasible
• DHS maintain a listing of certified entities and make public a list of consenting participants
16
PS-Prep Certification Program
Private Sector
Entitiesthat apply for Voluntary
Preparedness Certification
Certifying Bodies ISO/IEC 17021 +
Accreditor (ANAB)
ISO/IEC 17011
ANSI-ASQ National Accreditation Board (ANAB) contracted by DHS to Implement and manage Accreditation and Certification portion of Program
Accredits Certifying Bodies
Certifies Private Sector Entities to an approved standard
ANAB Trains and Accredits Auditors to Certify Private Sector Businesses
Receives recognition of compliance to a standard
17
Proposed Certification Standards
On October 16, 2009 DHS announced the intent to adopt three standards:
NFPA 1600- Standard on Disaster / Emergency Management and Business Continuity Programs, 2007 Edition. “ …a common set of criteria for preparedness, disaster management, emergency management, and business continuity.”
BS25999 - Business Continuity Management. “…defines requirements for a management systems approach to business continuity, and integrates risk management disciplines and processes.”
ASIS SPC.1-2009 - Organizational Resilience: Security Preparedness, and Continuity Management Systems “…defines requirements for a management systems approach to organizational resilience.”
18
Proposed Certification Standards
Why these three standards?
►Meet the target criteria set forth in Pub.L.110-53
►Are not industry specific
►Scalability
19
Proposed Certification Standards
• FEMA held a series of public meetings around the country in November and December to allow the public to engage in dialogue with DHS program managers
• Comment period closed on January 15
• FEMA is currently reviewing all comments received. Once complete, DHS will announce the formal adoption of standards
20
Next Steps
• Once standards are adopted, ANSI-ASQ National Accreditation Board (ANAB) will develop the accreditation and certification program
• At the same time, Office of Infrastructure Protection will begin work with CIKR owners/operators on sector-specific implementation guidance
• ANAB will train and accredit certifying bodies; private sector entities will be able to apply for certification.
21
Critical Infrastructure / Key Resources (CIKR)Sector-Specific Certifying Framework
DHS Office of Infrastructure
Protection Intends to Collaborate with
Sectors to:
18 CIKR Sectors• Agriculture and Food
• Defense Industrial Base
• Energy
• Healthcare and Public Health
• National Monuments and Icons
• Banking and Finance
• Water
• Chemical
• Commercial Facilities
• Critical Manufacturing
• Dams
• Emergency Services
• Nuclear Reactors, Materials, and Waste
• Information Technology
• Communications
• Postal and Shipping
• Transportation Systems
• Government Facilities
► Identify guidelines, best practices,
relevant regulations and agreed
codes of practice that already apply
to the sector
► Cross-map to standards
► Develop framework/guidance for
use by Certifying Bodies and Critical
Infrastructure sector in applying
standards
22
NERC Security Guideline: Emergency Plans
A broad description of the Emergency Management
Organization (EMO) should be considered for
inclusion in an overall company emergency plan.
5.8.3.4 The emergency
operations/response plan shall assign
responsibilities for carrying out specific
actions in an emergency.
NERC Security Guideline: Business Continuity
It is good practice to locate alternate facilities for
critical functions sufficiently distant from the primary
location to ensure rapid continuity of operations.
In addition, the company should consider its
vulnerabilities and its need to recover key financial,
information technology, and business systems, which
are typically located in, or close to, the company
headquarters facility.
5.8.3.8 The continuity plan shall
identify stakeholders that need to be
notified, the critical and time-sensitive
applications, alternative work sites, vital
records, contact lists, processes, and
functions that shall be maintained, as well
as the personnel, procedures, and
resources that are needed while the entity
is recovering.
FERC: NERC COM-002-2
Ensure Balancing Authorities, Transmission
Operators, and Generator Operators have adequate
communications and that these communications
capabilities are staffed and available for addressing a
real-time emergency condition. Ensure
communications by operating personnel are effective.
5.10.4 The Emergency communications
and warning protocols, systems,
processes, and procedures shall be
developed, periodically tested, and used to
alert people potentially impacted by an
actual or impending emergency.
Energy-Electricity Sector Example
23
Improved
Internal
Processes
Legal Liability
Protections
Rating Agency
Acknowledgement
Supply
Chain
Resilience
Insurance
Benefits
Business
Survival
Minimizing
Impact of
Business
Disruptions
Potential Benefits of Preparedness
Lower
Operating
Expenses
Improved
External
Relationships
Potential Benefits of Preparedness
24
PS-Prep Resource Center
www.fema.gov/privatesectorpreparedness
25
State & Local Partnerships
Florida’s Domestic Security Strategy
Goal 3: PROTECT Florida’s citizens, visitors, and critical infrastructure.
26