CI-2 Continuity Planning: Considerations for...
Transcript of CI-2 Continuity Planning: Considerations for...
Eric KretzDirector
Continuity of Operations DivisionNational Continuity Programs (NCP)
Federal Emergency Management Agency (FEMA)
CI-2 Continuity Planning: Considerations for Government Buildings and Cyber Incidents
2
Steve Jobs
Innovator, Entrepreneur, Visionary
Revolutionized personal computing, mobile phones, the music industry, and the way people read, play and work
Uncanny ability to plan and prepare his businesses for future success
By developing continuously evolving technology combined with innovative marketing, they created powerful brand and product following
3
Agenda
Continuity Policies and Directives
Continuity Training
Continuity Webinar Series
Continuity Workshops
Eagle Horizon 2012
Resilient Accord
4
NSPD-51/HSPD-20 (Oct 2008)
Establishes a national policy on the Continuity of Federal government structures and operations
Mandates incorporation of continuity requirements into department and agency daily operations
Requires that all planning be based on the assumption that NO warning will be given
Requires coordination of Federal plans with State, local, territorial, tribal, and private sector plans
5
Federal Continuity Directives 1 & 2
Issued by the Secretary, DHS, on February 8, 2008
Provides direction for the development of continuity plans and programs for the FEB
Provides guidance for Identifying Mission Essential Functions (MEFs) and Primary Mission Essential Functions (PMEFs)
Sets criteria for what a “continuity facility”
must provide
Establishes minimum continuity communications requirements
Emphasizes the management of vital records as an essential element of continuity planning
6
Continuity Guidance Circulars (CGC) 1 & 2
CGC 1 Issued by the Administrator, FEMA, on January 21, 2009
CGC 1 provides Continuity guidance on:
Continuity Program Management information for non-federal agencies
Elements and components of a viable continuity capability
Coordination of interdependencies
Continuity plan operational phases and implementation
CGC 2 Issued by the Assistant Administrator, FEMA, NCP on July 22, 2010
CGC 2 provides Continuity guidance on:
Identifying Mission Essential Functions
Conducting a Business Process Analysis and a Business Impact Analysis
7
Design and conduct annual, integrated full-scale and tabletop interagency Continuity of Operations (COOP) workshops for Federal D/A HQ and regional components
116 COOP workshops (tabletop to full-scale) completed in Fiscal Year (FY) 2009 and 2010
Eagle Horizon 2010 held May 17-18, 2010, featured 64 D/A, 225 controllers, and more than 10,000 participants
Provide Continuity training to Federal, state, territorial, tribal, and local government entities
98 continuity-specific resident instructional courses through 12 classroom and independent study courses in FY 2011
Develop and maintain the Continuity Excellence Series, Levels I and II
Mary Weindorf
8
Continuity Training
Develop and present resident classroom and online training
Training courses address the full spectrum of COOP preparedness,
from Continuity awareness (introductory material) and exercise design (targeted to continuity program managers) to planning documentation and alternate site preparedness and activities
Train-the-Trainer courses are used to facilitate dissemination of material to government and other organizations Nationwide
Conducted 161 resident Train-the-Trainer courses reaching more than 3,000 Continuity professionals, and trained an additional 58,229
professionals through online classes in FY 2010
Trained over a 150,000 Continuity professionals in FY 2011
Mary Weindorf
9
Continuity Excellence Series
Established in April 2008
Designed for continuity professionals throughout the Federal Government, and among our partners at the State, territorial, tribal, and local governments
Dedicated to enhancing the excellence in the development and implementation of Continuity programs
Level I, Professional Continuity Practitioner
Level II, Master Continuity Practitioner
NCP Course Manager, Willie York at
10
Continuity Practitioner Level I
Fundamentals of Emergency Management
IS 700.a: Introduction to National Incident Management System (NIMS) or IS 700
IS 800.b: A National Response Framework (NRF), An Introduction
E 136 or IS 139: Exercise Development Course/Exercise Design Course/or COOP Exercise Design/Development T-t-T Course
Complete attendance in Pandemic Influenza (PI), Determined Accord Workshop, or IS 520: Introduction to Continuity of Operations Planning for Pandemic Influenza, and IS 522: Exercising Continuity Plans for Pandemic Course (both Independent Study courses are required) or Resilient Accord: Cyber Security Workshop or Guardian Accord: Terrorism Awareness Workshop
** NARA/CoSA Vital Records Training (optional, recommended)
IS 546.a: COOP Awareness
IS 547.a: Introduction to COOP
IS 242 or equivalent E/L/G course: Effective Communication
E/L/G 548 or IS 548: COOP Manager’s T-t-T Course or E/G/L 549: Continuity of Operations (COOP) Program Manager Course or MGT 331 University of Maryland: Preparing the States
E/L/G 550: COOP Planner’s T-t-T Workshop, or IS 550 Continuity Planner’s Workshop or L552: Continuity of Operations for Tribal Governments
IS 100 or IS 100.b:
Introduction to Incident Command System (ICS), or ICS 200:
Incident Command System (ICS) for Single Resources and Initial Action Incidents
IS 230 or equivalent E/L course:
Principles of Emergency Management or IS 230.a:
11
Continuity Practitioner Level II
Attain Continuity Excellence Series –
Level I
IS 130:
Exercise Evaluation and Improvement Planning, or E132 (limited to EMI Resident MEPP candidates), or G130: Exercise Evaluation
IS 240 or equivalent E/L/G course:
Leadership and Influence
E/L/G 551 or IS 551: Devolution Planning Workshop
E/L 156 or IS 156: Building Design for Homeland Security T-t-T Course for Continuity of Operations, or E/L 155: Building Design for Homeland Security
E/L 262: Instructional Delivery for Subject Matter Experts or G265: Instructional Delivery Skills (formerly G261: Instructional Presentation Skills), or E 605: Instructional Delivery, or E/L 141: Instructional Presentation and Evaluation Skills course.
Instruct E/L/G or IS 548 COOP Managers T-t-
T Course
Facilitate E/L 550 or IS 550 COOP Planner’s T-t-T Workshop or E/L/G or IS 551: Devolution Planning Workshop, or Determined Accord Pandemic Preparedness Workshop for Continuity Managers, or facilitate Resilient Accord, Guardian Accord, or the Reconstitution Planning Workshop
Written Comprehensive Exam (150 questions) –
Applicants are eligible to take the comprehensive exam once they have met all other Level II requirements
Continuity Practitioner Certificates
FEMA Emergency Management Institute issues all certificates
Certificate requests to:[email protected]
12
Certificates AwardedCertificates FY08 FY09 FY10 FY11 Total To Date
Professional Continuity Practitioner –
Level I 9 81 190 292 572*Master Professional Continuity Practitioner –
Level II
0 9 21 49 79*
*As of October 2011
13
TrainingCertificates Inception -
FY08 FY09 FY10 FY 11 Total To Date
IS 139: Exercise Design 45,108 10,232 11,535 11,968 78,843
IS 520: Pandemic Influenza (PI) Planning 0 5,158 8,353 2,835 16,346
IS 522: Pandemic Influenza (PI) Exercises 0 0 732 2,086 2,818
IS 546: COOP Awareness Course 40,219 14,177 85 3 54,484
IS 546a: COOP Awareness Course 273 2,343 24,750 159,458 186,824
IS 547: Introduction to COOP 26,727 8,284 2,055 30 37,096
IS 547a:Introduction to COOP 0 0 7,217 8,628 15,845
IS 548: COOP Managers T-t-T Course 0 1,681 3,498 3,030 8,209
IS 551: Devolution Planning Workshop 0 0 0 1,902 1,902
E/L 156: Building Design for Continuity of Operations Train-the-Trainer (Risk Management Series)
278 163 201 59 701
14
TrainingCertificates Inception -
FY08 FY09 FY10 FY 11 Total To Date
E/L 548: COOP Manager’s Train-the-
Trainer 3,858 787 831 495 5,971
E/L 550: Continuity Planners Workshop Train-the-Trainer 357 568 575 528 2,028
E/L 551: Devolution Planning Workshop Course T-t-T 0 46 433 369 848
L 552: Continuity of Operations for Tribal Govt. 0 14 68 21 103
Determined Accord 4,691 1,477 696 253 7,117
Resilient Accord 0 0 418 613 1,031
Reconstitution 0 0 0 398 398
Guardian Accord 0 0 0 147 147
Webinar Participants 0 0 0 567 567
TOTALS 12,1511 44,930 61,447 193,483 421,371
*As of October 2011
15
Continuity Webinar Series
Conducted monthly and address continuity-
related topics presented by Continuity and Emergency Managers from varied backgrounds and experiences
Provide a forum for discussing the roles and resources necessary to establish and implement effective continuity programs and plans
Free to the public
Use current technology to reach out to the Continuity community
Recorded for future playback and placed on the official Continuity Webinar Series homepage (includes schedule): http://www.fema.gov/about/org/ncp/coop/
webinars.shtm
Can also be viewed on a mobile device by downloading and Apple (iPhone or iPad) or Android application
FEMA External Affairs announces webinars via distribution lists, Facebook, and Twitter
16
Continuity Workshops
Conduct full scale, functional, and table top interagency Continuity workshops in the National Capital Region (Washington, DC Metropolitan Area) and within the 10 FEMA regions
Plan and conduct Regional Continuity Workshops for Federal, State, territorial, tribal, and local agencies through the 28 Federal Executive Boards (FEBs)
Plan and conduct annual, integrated Continuity exercise for the FEB Departments/Agencies (D/As) (Eagle Horizon)
Conduct biennial assessments of 64 Department and Agency continuity capabilities based upon criteria established in FCDs and provide
report to the National Continuity Coordinator
Plan and conduct annual, integrated FEMA Headquarters Continuity
workshops
Assess all FEMA regional offices and provide regional quarterly metrics
Plan and conduct FEMA Telework Workshops
17
NLE 2012 Exercise Elements
Four main exercise elements within March –
June 2012 timeframe and with common scenario and governance structure
Information Exchange (Intel/ Law enforcement)
Cyber Effects/Cyber Storm
Cyber Event with Physical Effects (Capstone Exercise)
Continuity Exercise/Eagle Horizon 2012o An operations based Continuity exercise that provides the
opportunity to evaluate the continuity capability of the Federal
Executive Branch departments and agencies
Some D/As will play in all exercises, all D/As must play in the last 2 exercises
18
NLE 12 Overarching Objectives
Examine the National Cyber Incident Response Plan in guiding the
Nation to prepare for, respond to and recover from a significant
cyber event
Review and evaluate existing cyber related authorities and/or policies
Evaluate government roles and responsibilities in coordinating national cyber response efforts and their nexus with physical response efforts, including allocation of resources
Examine the ability to share information across all levels of government and with the private sector (classified and unclassified) as well as the general public to create and maintain cyber incident situational awareness, and coordinate response and short�term recovery efforts
Assess key decision points and decision making in a significant cyber event
19
Eagle Horizon 2012 Objectives
Evaluate the continuity capability of D/As including communications and the performance of essential functions through the implementation of
continuity, devolution and reconstitution plans from activation, until the resumption of normal operations in accordance with Federal continuity directives, during a significant cyber event
Examine broader national continuity capabilities, specifically communications, with State, territorial, tribal, local, and private sector partners
Implement devolution and reconstitution plans and evaluate the capability of Federal D/As to transfer statutory authority and responsibility for essential functions from the primary operating staff and facilities to alternate facilities
D/As may assess additional capabilities based on agency-specific requirements, as long as they can be accomplished within the common scenario
20
NLE/EH 2012 Integration
EH 2012 is fully integrated into NLE 2012 planning and provides
the opportunity for Federal, Regional, State, territorial, tribal, and local organizations to exercise continuity planning responses within the overarching cybersecurity scenarios
EH 2012 will be a Full-Scale Exercise (FSE) scheduled for June 2012 with required participation by Federal Executive Branch D/As
EH 2012 is a mandatory annual exercise directed by National Security Presidential Directive –
51/Homeland Security Presidential Directive –
20 (NSPD-51/HSPD-20)
21
EH 2012 Overview
The EH 2012 linkage with NLE 2012 requires departments and agencies to exercise objectives related to alert and notification, continuity communications, devolution, and reconstitution
EH 2012 will incorporate implementation of Continuity, Devolution, and Reconstitution Plans and capabilities to test implementation
against significant Critical Infrastructure and Key Resources degradation in the communication, energy, and information technology sectors
All D/As will receive an evaluation of their continuity programs
with the results submitted through the Readiness Reporting System
22
NLE/EH 2012 Concept
3-day concept
Day 1: PMEF/MEF at Alternate Facilities –
Scenario Play
Day 2: PMEF/MEF from Devolution Facilities –
Scenario Play
Day 2: Alt ERG member training, Reconstitution Exercise at Continuity Facility
Day 3: Evaluation Coordination/Submissions
23
EH 2012 Evaluation
Continuity portion will be externally evaluated
Devolution will be externally evaluated
D/As Continuity plans will be evaluated 30-60 days prior to the actual exercise
External Continuity evaluation will have Category I,II and III agencies externally evaluated by a FEMA NCP lead evaluator
Cat IV’s agencies will partner together and exchange evaluators for both evaluations
24
EH 2012 Evaluation Process
Evaluators will assess continuity capabilities at exercise locations
Evaluation process uses the Readiness Reporting System (RRS), Participant Questionnaires, General Observation Forms, and the NLE 2012 Exercise Evaluation Guides
FEMA NCP will prepare an assessment and After Action Report/Improvement Plan (AAR/IP) for the National Continuity Coordinator
25
EH 2012 Training Activities
FEMA NCP supports NLE 2012 and EH 2012 with Building Block training activities that includes seminars, tabletop exercises and support to D/A internal exercises
Controller and Evaluator Training
Continuity Program Manager Course
Continuity Planning Workshop
Devolution, Reconstitution and Resilient Accord Workshops
26
The Relationship between Cyber and Continuity
Cyber threats will cause COOP and Devolution Plans to be activated due to:
Rolling power blackouts will cause traffic signal outages, resulting in commuter challenges
Power blackouts will cause communication outages when servers and telephone switchboards lose power
Generators may go down when diesel fuel is not delivered due to the traffic problems, and immediate demand diverts orders to other agencies
Power outages may disable some physical security systems
Door locks may be inoperative
27
FEMA worked in Collaboration with DHS to develop Resilient Accord
The Resilient Accord Workshop is 6-hour tabletop workshop with the following objectives:
Increase organizational awareness about the importance of including cybersecurity considerations into continuity planning
Discuss how cyber disruptions may impact the performance of essential functions and identify solutions to address vulnerabilities in existing continuity plans
Establish or enhance relationships between information technology professionals, emergency managers, and continuity planners
28
Collaboration with DHS NCSD
DHS National Cyber Security Division (NCSD) is a partner in the creation of this continuity workshop that is designed for continuity managers to refine continuity plans and programs to include cybersecurity planning
The mission of NCSD is to work collaboratively with public, private and international entities to secure cyberspace and America’s cyber assets
For organizations working to develop a comprehensive Business Continuity Plan, which incorporates Business Impact Analysis and Threat Analysis, DHS NCSD can serve as the subject matter experts for defining cyber risks and vulnerabilities
29
Cyber Attacks Continue to Affect Continuity Planning
U.S. is the most targeted country for cyber attacks
Essential Functions are becoming ever more dependent on IT systems that are vulnerable to various threats
Continuity Managers should include cyber threats as part of the Business Process Analysis and Business Impact Analysis
Cyber threats were not always identified in many Business Impact Analysis reviewed
National Planning Scenario #15: Cyber Attack
National Level Exercise (2012) will be based on a cyber incident
Better coordination between information technology professionals and continuity planners bridges the gap and enhances successful performance of mission essential functions
30
Things to Consider…
The continuity manager understands the organization’s mission essential functions and the impact of losing this capability
IT personnel, with input from subject matter experts, understand the technical requirements to support performance of mission essential functions
Mission essential functions cannot be successfully accomplished without the cooperative and collaborative input from both the continuity and IT personnel
31
Understand Cyber-linkages
Cyber-linkages between sectors raise the risk of cascading failures throughout the Nation
During an incident, the private sector is often first to detect a problem.
A successful cyber attack on a power plant’s control system could impact several critical sectors, as detailed below:
Electric
Power Sector
Communications
Sector
Financial Sector
Emergency
Response
32
Public/Private Sector Partnership
Your organization cannot succeed in planning for cybersecurity if it works in isolation
Governmental organizations should enhance their partnership with the private sector
Public and private sector’s interests are intertwined with a shared responsibility for ensuring a secure and reliable infrastructure
The success of your continuity planning for cyber threats will be largely dependent on coordination with partners, customers, and stakeholders
The goal of this partnership is to identify continuity interdependencies associated with essential functions
33
Continuity Elements
Essential Functions
Orders of Succession
Delegations of Authority
Continuity Facilities
Continuity Communications
The following are the ten essential elements of a viable continuity of operations program. The ones in bold are the ones that would likely be impacted by a cyber incident.
Vital Records Management
Human Capital
Test, Training, and Exercise
Devolution
Reconstitution
34
Improving Continuity Planning
As organizations work to improve their continuity plans and programs, to include cybersecurity, continuity managers should:
Communicate to senior leadership the importance and value in establishing continuity plans that address cyber risk
Understand the challenges and incorporate methods used to enhance the organization’s ability to perform Mission Essential Functions
Collaborate with IT staff to identify a program’s risk and requirements to support essential functions
35
Contact InformationNational Continuity ProgramsDamon Penn, Assistant Administrator
(202) 646-4145
Ann Buckingham, Deputy Assistant Administrator
(202) 646-4516
Continuity of Operations DivisionEric Kretz, Director
(202) 646-3754
Tracy Queen, Deputy Director
(202) 646-4282
Continuity of Operations Division BranchesJames Opaczewski, Chief, STTL Branch
(202) 646-4128
David Webb, Chief, Federal Branch (202) 646-4303
Tracy Queen, Chief, FEMA Branch
(202) 646-4282
36
Regional Continuity ManagersRegion Name States Contact Info
I George Callahan Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont 617‐832‐4799
II Russell Fox New Jersey, New York, Puerto Rico, U.S. Virgin Islands 212‐680‐8504
III Barry Breslin Delaware, District of Columbia, Maryland, Pennsylvania, Virginia, West Virginia 215‐931‐5584
IV Joseph Canoles Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina,
Tennessee770‐220‐5453
V Rolando Rivero Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin 312‐408‐5590
VI Brad McDannald Arkansas, Louisiana, New Mexico, Oklahoma, Texas 940‐898‐5131
VII David Teska Iowa, Kansas, Missouri, Nebraska 816‐283‐7082
VIII Ken Hudson Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming 303‐235‐4658 –
IX James Macaulay American Samoa, Arizona, California, Hawaii, Guam, Nevada, Commonwealth of the
North Mariana Islands, Federated States of Micronesia, Republic of the Marshall Islands510‐627‐7009
X Erin Ward Alaska, Idaho, Oregon, Washington 425‐487‐[email protected]
37
Rick Rescorla
Security Chief for Morgan Stanley, World Trade Center
Implemented evacuation procedures that are credited with saving many lives
He died in the attacks of September 11, 2001, while leading the evacuation efforts
As a result of Rescorla's planning and exercise efforts, all but 13 of Morgan Stanley's 2,700 WTC employees survived