Critical Infrastructure Assurance:

June 9, 2003Updated July 2004

Slide 1

Critical Infrastructure Assurance:

The US Experience


Slide 2

OverviewOverview Critical Infrastructure Protection (CIP) History

National Security Telecommunications Advisory Committee (NSTAC)

National Infrastructure Advisory Council (NIAC)

Partnership for Critical Infrastructure SecurityRelationships in transitionAccomplishmentsInformation Sharing & Analysis Centers

CIP Sector Lead AgenciesHistorical RolesTransitions to Dept. of Homeland Security

CIP Challenges


Slide 3

www.pcis.orgwww.pcis.org

PDD-63Critical

Infrastructures

PDD-63Critical

Infrastructures

WaterWater

TransportationTransportation

Oil & GasOil & GasBanking & FinanceBanking & Finance

Electric PowerElectric Power

Emergency ServicesEmergency Services

Government ServicesGovernment Services

TelecommunicationsTelecommunications

Critical InfrastructuresCritical Infrastructures


Slide 4


Critical InfrastructuresCritical Infrastructures

Added Critical InfrastructuresAdded Critical Infrastructures

Chemical Industry and Hazardous Materials

Chemical Industry and Hazardous Materials

AgricultureAgriculture Key National Assets*Key National Assets*

Public HealthPublic Health

Postal and ShippingPostal and Shipping

FoodFood

Defense Industrial BaseDefense Industrial Base


Slide 5


National Security InterestNational Security Interest

are critical to safety, security, our way of life depend on commercial networks are interdependent are largely owned and operated by private companies cannot entirely depend on the Federal government for

defense against cyber attacks

Infrastructures…

Government needs industry in a true public-private partnership


Slide 6


The Business CaseThe Business Case

Businesses dependent on the Internet for survival

Vulnerabilities threaten economic survivability/competitiveness

InterdependencySupply chainPartnersCustomersInfrastructure industries

Companies are on the front lines of defense

Industry needs government in true public-private partnership


Slide 7


Critical Infrastructure AssuranceCritical Infrastructure Assurance

Partnership for Critical Infrastructure Security

“Efforts to promote and assure reliable provision of critical infrastructure services in the face of emerging risks to economic and national security”


Slide 8


HistoryHistory

• 1982 National Coordination Center for Telecommunications / National Security Telecommunications Advisory Committee

• 1997 President’s Commission on Critical Infrastructure Protection

• 1998 Presidential Decision Directive 63

Critical Infrastructure Assurance Office (CIAO)National Infrastructure Protection Center (NIPC)Office of National Coordinator

• 1999 Partnership for Critical Infrastructure Security; Financial Services Information Sharing and Analysis Center (ISAC)

• 2000 Telecom ISAC

• 2001 IT-ISAC; Worldwide-ISAC; ES-ISAC; Special Advisor to the President for Cyberspace Security

• 2002 Surface Transportation ISAC; Energy ISAC; more

• 2003 Department of Homeland Security


Slide 9


National Security Telecommunications National Security Telecommunications Advisory Committee (NSTAC)Advisory Committee (NSTAC)

Provides industry-based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy

• Information Sharing• Education, Training, &

Awareness• Network Convergence• R&D Exchange• Information Assurance• Infrastructure Protection• Cyber Security & Crime

• Network Security• Widespread Telecommunications

Service Outages• Intrusion Detection• National Coordinating

Mechanism• Telecommunications Legislation

and Regulation• Telecom ISAC


Slide 10


National Infrastructure Advisory Council National Infrastructure Advisory Council (NIAC)(NIAC)

Enhance public and private partnership in protecting information systems for critical infrastructures

Propose and develop ways to encourage private industry to perform periodic risk assessments

Monitor development of private sector ISAC’s (Information Sharing and Analysis Centers)

Foster improved cooperation among ISAC’s

Advise the President through the Secretary of Homeland Security as well as lead agencies with critical infrastructure responsibilities, sector coordinators, and the ISACs


Slide 11


Cross-sector CollaborationCross-sector Collaboration

Partnership for Critical Infrastructure Security

(PCIS)

http://www.pcis.org

• Participation by leaders from government, industry & academia

• Coordinates cross-sector initiatives and compliments public-private efforts

• Board of Directors majority always critical infrastructure “sector coordinators”

http://www.pcis.org/




Slide 12


PCIS MissionPCIS Mission

Coordinate cross-sector initiatives and cross-sector initiatives and complement public-private efforts to public-private efforts to promote and assure reliable provision of promote and assure reliable provision of critical infrastructure services in the face of critical infrastructure services in the face of emerging risks to economic and national emerging risks to economic and national security.security.


Slide 13


Pre-DHS PCIS RelationshipsPre-DHS PCIS Relationships

State and LocalGovernments

State and LocalGovernments

Critical Infrastructure Industry SectorsCritical Infrastructure Industry Sectors

LawLaw EnforcementEnforcement

FBIFBI

NIPCNIPC

Federal Departments and AgenciesFederal Departments and Agencies

CIAOCIAO

President of the President of the United StatesUnited States

Advisory CommitteesAdvisory Committees

PCISPCISPCISPCIS


Slide 14


Key PCIS AccomplishmentsKey PCIS Accomplishments

• Brought together critical infrastructure sector leaders• Identified public policy needs

•Three white papers•Congress drafted new legislation after attending PCIS meeting

• Coordinated industry input to National Strategy to Secure Cyberspace

• Developed cross-sector information sharing taxonomy• Published Critical Infrastructure Protection awareness

resource repository• Stay Safe Online campaign


Slide 15


National Strategy to Secure CyberspaceNational Strategy to Secure Cyberspace

Five National PrioritiesNational Cyberspace Response System National Cyberspace Threat and Vulnerability Reduction Program National Cyberspace Awareness & EducationSecuring Government Cyber Systems

Public-private partnership Primarily market-based approach Multi-level risk assessments National Security and

International Cooperation


Slide 16


Stay Safe Online CampaignStay Safe Online Campaign

• Security education for homes, small businesses

• “Top Ten” tips, Tech Talks, security guides, links

• 105 companies; 15 Federal agencies

• 6+ million page views since Feb 7 rollout (2 million per month)

• National Cyber Security Alliance (NCSA)—educational foundation of PCIS

Poster contest winners meet Tom Ridge in West Wing Apr 18, 2002

www.staysafeonline.info

http://www.staysafeonline.info/


Slide 17


PCIS Current PrioritiesPCIS Current Priorities

• Cross-sector information exchange

• Outreach to new sectors

• Risk Assessment Guidebook

• Effective Practices Compendium

• Digital control systems security R&D


Slide 18


Information Sharing and Information Sharing and Analysis Centers (ISACs)Analysis Centers (ISACs)

• Vital part of Critical Infrastructure Protection (CIP)

• Gather, analyze, and disseminate information on security threats,vulnerabilities, incidents, countermeasures, and best practices

• Early and trusted advance notification of member threats and attacks

• Organized by industry: cross-sector awareness, outreach, response and recovery


Slide 19


The ISACs (Cont.)The ISACs (Cont.)

• ISAC Benefits:•Early notification

•Relevant information

•Industry-wide vigilance

•Subject matter expertise

•Anonymous information sharing

•Trending, metrics, benchmark data


Slide 20


CIP Relationship TransitionsCIP Relationship Transitions


Slide 21

www.ntia.doc.govwww.ntia.doc.gov

U.S. CIP Effort: Sector Lead AgenciesU.S. CIP Effort: Sector Lead Agencies• Commerce Information and Communications

• Treasury Banking and Finance

• EPA Water Supply

• Transportation Aviation Highways (including trucking and intelligent transportation

systems) Mass Transit Pipelines Rail Waterborne Commerce

• Justice/FBI Emergency Law Enforcement Services

• FEMA Emergency Fire Service Continuity of Government Service

• HHS Lab Services Public Health Services, including Prevention, Surveillance and Personal Health Services

• Energy Electric Power Oil and Gas Production and Storage ------------------------------------------------------------------------------

CIAO Critical Infrastructure Assurance OfficeNIPC National Infrastructure Protection Center


Slide 22

www.ntia.doc.govwww.ntia.doc.gov

New Sector Lead AgenciesNew Sector Lead Agencies

• DHS Information & Communications Transportation (aviation, rail, mass transit,

waterborne commerce, pipelines, and highways (incl. Trucking & intelligent transportation systems)

Postal and Shipping Emergency Services Continuity of Government

• Treasury Banking and Finance

• HHS Public Health Food (all except for meat and poultry)

• Energy Electric power, oil & gas production and storage

• EPA Water Chemical Industry and Hazardous Materials

• USDA Agriculture Food (meat and poultry)

• DOD Defense Industrial Base


Slide 23


Critical Infrastructure Protection ChallengesCritical Infrastructure Protection Challenges

• Government in transition/turmoil• New sectors• Physical and cyber strategies to merge• War on terrorism• Balancing budgets/priorities

242424

www.pcis.org

Critical Infrastructure Assurance:

Documents

Transcript of Critical Infrastructure Assurance: