Critical Releases in Homeland Security: June 27, 2007

"Protecting the Nation's agriculture and food critical infrastructure and key resources (CI/KR) is an important responsibility shared by Federal, State, local, and tribal governments and private industry. Because of the open nature of many portions of the Food and Agriculture Sector, attacks against the Nation by using food or agricultural infrastructure or resources as weapons could have a devastating impact on public health and the economy. Traditional physical security practices alone cannot protect the sector. A protection plan for food and agriculture infrastructure and resources must focus on planning and preparedness, as well as early awareness of an attack. Science-based surveillance measures are essential to recognizing a possible attack on the sector so that rapid response and recovery efforts can be implemented to mitigate the impact of an attack. A protection plan must also be coordinated closely with response and recovery plans. The National Infrastructure Protection Plan (NIPP) provides the unifying structure for the integration of existing and future CI/ KR protection efforts into a single national program. The cornerstone of the NIPP is its risk management framework. Risk, in the context of the NIPP, is defined as the potential for loss, damage, or disruption to the Nation's CI/KR resulting from destruction, incapacitation, or exploitation during some future manmade or naturally occurring event. The framework applies to the general threat environment, as well as to specific threats or incident situations."

"The Banking and Finance Sector accounts for more than 8 percent of the U.S. annual gross domestic product and is the backbone for the world economy. As direct attacks and public statements by terrorist organizations demonstrate, the sector is a high-value and symbolic target. Additionally, large-scale power outages, recent natural disasters, and a possible flu pandemic demonstrate the wide range of potential threats facing the sector. With this understanding, financial regulators and private sector owners and operators work collaboratively to maintain a high degree of resilience in the face of a myriad of potential disasters, be they intentional or unintentional, manmade or natural. This collaboration has led to a comprehensive framework for a strong public-private sector partnership. This partnership has developed several programs that currently provide protection and crisis management, which are continuously improving. Working through this public-private partnership, the Department of the Treasury, as the Sector-Specific Agency (SSA) for the Banking and Finance Sector, has developed this Sector-Specific Plan (SSP) in close collaboration with the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security (FSSCC). This SSP, along with the SSPs from the 16 other critical infrastructures identified in Homeland Security Presidential Directive 7 (HSPD-7), are part of the overall National Infrastructure Protection Plan (NIPP). This SSP contains the Banking and Finance Sector's strategy for working collaboratively with public and private sector partners to identify, prioritize, and coordinate the protection of critical infrastructure. This SSP also summarizes the extensive activities the sector has undertaken already to reduce vulnerabilities and share information."

From the Executive Summary: "The terrorist attacks of September 11, 2001, and the unprecedented impact of Hurricane Katrina on the communications infrastructure significantly redefined the Communications Sector threat environment. The importance of communications to the Nation's health and safety, economy, and public confidence cannot be overstated. To implement the NIPP, Sector-Specific Agencies (SSAs) for each of the 17 critical infrastructure and key resources (CI/KR) sectors are partnering with State, local, and tribal governments, and industry to create and implement Sector-Specific Plans (SSPs). The National Communications System (NCS), within the DHS, serves as the SSA for the Communications Sector. The development and implementation of the Communications SSP provides an opportunity for industry and government sector security partners to take advantage of the infrastructure protection framework it provides. For government partners, the processes outlined in this plan support their missions to execute command, control, and coordinate, to provide national, economic, and homeland security, and to ensure public health and safety. For private sector partners, the protection of critical infrastructure is important for the security of their employees, assets, business continuity, and services provided to customers."

"This Defense Industrial Base (DIB) Sector-Specific Plan (SSP), developed in collaboration with industry and government security partners, provides sector-level critical infrastructure and key resources (CI/KR) protection guidance. The DIB SSP outlines the Department of Defense (DoD) approach to executing Sector-Specific Agency (SSA) responsibilities assigned by Homeland Security Presidential Directive 7 (HSPD-7), Critical Infrastructure Identification, Prioritization, and Protection, December 17, 2003, and follows the 2006 CI/KR Protection SSP Guidance established by the Department of Homeland Security (DHS). It complements other DoD critical infrastructure policy. This section describes the DIB Sector and the taxonomy used to classify the DIB products and services. It identifies security partners in government and the private sector, and discusses their roles and responsibilities. The section includes the DIB Sector's goals and desired long-term security posture and provides a value proposition for security partners. This section discusses the information parameters, requirements, and methodologies that DoD and the DIB owners/operators use to identify their assets, systems, networks, and critical functionality. The section focuses on the process to identify those assets, systems, networks, and functions that, if damaged, would result in unacceptable consequences to the DoD mission, national economic security, public health and safety, or public confidence."

"Information technology (IT) is central to our Nation's security, economy, and public health and safety. Businesses, governments, academia, and private citizens are increasingly dependent on IT Sector functions and services as are all other critical infrastructure sectors' products and services. The Sector has diverse global operations that are interdependent and interconnected with those of other infrastructure sectors. These operations face numerous, multifaceted, global threats every day. Individual IT Sector entities proactively manage risk to their own operations and those of their customers, through constant monitoring and mitigation activities designed to prevent daily incidents from becoming significant disruptions to national security, the economy, and public health and safety. Although the IT infrastructure has a certain level of inherent resilience, its interdependent and interconnected structure presents challenges and opportunities for coordinating public and private sector preparedness activities. Various efforts championed by the public and private sectors have been undertaken to address infrastructure protection and cyber security. The Homeland Security Act of 2002 required the first-ever all-encompassing coordinated national critical infrastructure and key resources (CI/KR) protection effort. Homeland Security Presidential Directive 7 (HSPD-7) identifies 17 CI/KR sectors, including the IT Sector, and requires Federal agencies, coordinated by the Department of Homeland Security (DHS), to identify, prioritize, and coordinate the protection of the Nation's critical infrastructure. The National Infrastructure Protection Plan (NIPP) and its complementary Sector-Specific Plans (SSP) provide a consistent, unifying structure for integrating existing and future CI/KR protection efforts. They also provide the core processes and mechanisms to enable government and private sector security partners to work together to implement CI/KR protection initiatives."

"The comprehensive increase in measures to enhance aviation security following September 11, 2001, led to significant improvements in existing security processes, operations, and technologies in each area of the aviation transportation system. These efforts led to the current security posture of a multilayered, scalable, and flexible aviation security system that is responsive to varying threat levels as well as to the entire range of identified threats. This has effectively reduced vulnerabilities within the aviation transportation system. However, the ever-changing aviation threat environment continues to challenge the Federal Government and private industry to implement additional effective and efficient security measures. As directed by the National Infrastructure Protection Plan (NIPP), the Transportation Sector- Specific Plan (TSSP) represents the combined planning contributions of the sector's security partners to develop a system wide approach to reducing the security risks within and across the transportation modes. The aviation mode's security partners include the Department of Homeland Security's (DHS) Transportation Security Administration (TSA), the Department of Transportation's (DOT) Federal Aviation Administration (FAA), airlines, the Department of Defense (DoD) airports, flight crews, air cargo industry members, State and local law enforcement, and passengers."

"The fundamental challenge to securing the freight rail network is to protect against a constantly changing, unpredictable threat environment without impeding the continuous movement and free flow of commerce. While there is no specific threat or intelligence points to freight rail transportation, the potential exists for using the freight rail system as a target for terrorism or as a delivery system for a weapon of mass effect. The efficient operation of our critical interstate freight rail network requires a uniform nationwide approach to railroad security. The Department of Homeland Security (DHS) will continue to work with its private sector, and Federal, State, and local partners to achieve the transportation sector goals outlined in this document. The freight rail mode will continue to apply the National Infrastructure Protection Plan (NIPP) risk management framework for developing programs and initiatives to enhance the protection of Critical Infrastructure and Key Resources (CI/KR). As outlined in chapter 1 of the Transportation Sector-Specific Plan (TSSP), the transportation sector identified three goals to help achieve the sector vision of a "secure, resilient and efficient transportation network." The freight rail mode will focus on these goals when identifying key assets and will evaluate consequence, vulnerability, and threat information to adequately assess risks facing the system. Initial security gaps have been identified, and security programs have been developed and implemented to mitigate these risks. The government continuously evaluates security gaps in freight rail, as in all modes. Mitigation strategies are updated as gaps are identified."

"The Highway Infrastructure and Motor Carrier Modal Annex to the Transportation Sector Specific Plan (TSSP) describes how transportation sector goals and objectives will be achieved to protect the highway transportation system. These assets include, but are not limited to, signature bridges, major tunnels, operations and management centers, trucks carrying hazardous materials (HAZMAT), other commercial freight vehicles, Motorcoaches, school buses, and key intermodal freight transfer facilities. All of these components help create what is referred to as the Highway Transportation System. While the in-vehicle and highway facilities infrastructure optimizing the movement of people, services, and cargo through the Highway Transportation System are robust, some are essential in facilitating Federal and State services to maintain the health of the public, economic vitality, telecommunications, electricity, and other essential services. Even temporary debilitation of a bridge or tunnel could result in regional shutdowns, diversions, or costly repairs with potentially severe results. Security of the highway transportation system is a shared responsibility among Federal, state, and local governments and private stakeholders. Measures to secure the assets of the Highway Transportation System must be implemented in a way that balances cost, efficiency, and preservation of commerce in this Nation. The Highway Infrastructure and Motor Carrier Annex will require periodic updates to reflect current conditions, enhanced strategies, new programs, and Government Coordinating Council (GCC)/Sector Coordinating Council (SCC) scope of planning for the following year. Federal, State, local and tribal government agencies, along with private stakeholders, will lead the national effort to maintain the capability to move freely and facilitate interstate commerce in all conditions. Vehicles that use the highways are potential targets and weapons that terrorists or criminals could use to attack critical infrastructure or other assets."

"Salt water covers more than two-thirds of the earth's surface. These waters comprise an immense maritime domain, a continuous body of water that is the earth's greatest defining geographic feature. Ships that ply the maritime domain are the primary mode of transportation for world trade, carrying more than 80 percent of the world's trade by volume. United States maritime trade is integral to the global economy, representing more than 20 percent of global maritime trade. Through the Maritime Transportation System (MTS), the maritime mode is the primary transportation mode providing connectivity between the U.S. and global economies; 99 percent of overseas trade by volume enters or leaves the U.S. by ship. The MTS enables the U.S. to project military presence across the globe, creates jobs that support local economies, and provides a source of recreation for all Americans. The Nation's economic and military security are fundamentally linked to the health and functionality of the MTS. The security of the MTS is paramount to protecting the Nation and its economy, but it presents daunting and unique challenges to managers of the Maritime Mode. Security of the MTS is intrinsically linked to the security of the maritime domain which contains critical infrastructure and key resources (CI/KR) from many of the other critical infrastructure sectors and Transportation Sector modes. Providing for the security of the MTS depends upon understanding the diverse array of activities in the maritime domain through the transparency of all sector and transportation modal infrastructure and security activities."

"The mass transit and passenger rail industry and their Federal, State and local partners face many challenges in their efforts to provide a secure and protected public transportation environment. The systems are open, serving millions of passengers every day. The networks cover wide geographical areas providing numerous points of access, transfer, connection to other means of transportation, and egress, leading to high passenger turnover difficult to monitor effectively. As the public and private partners move forward with implementing the plan to secure the mass transit and passenger rail systems, new challenges arise. In this context, public and industry partners seek to provide a secure environment for passengers and employees through training, public outreach, procedures and hardening of physical assets and expanding visible/covert, random, and unpredictable security measures. This plan for mass transit and passenger rail security sets out to achieve the objectives and priorities enumerated in the Transportation Systems Sector Security Plan (TSSP), the Presidential Executive Order 13416, "Strengthening Surface Transportation Security," as well as other national and regional strategies to mitigate transportation risk. Within the GCC/SCC framework, mass transit and passenger rail governmental and industry partners have devised, and are implementing, a plan consistent with the approach set out in the NIPP. This plan aims to enhance security through collaborative efforts nation-wide and in regional areas throughout the Nation to employ the full spectrum of security resources in the most effective manner possible. Essential components of the plan include maximizing the power of information, using risk-based principles in conducting assessments of assets and systems, and applying the results to ensure domain awareness and to identify and implement security programs and concrete and specific criteria to measure the effectiveness of these programs. These efforts are advanced in the context of an ever-changing threat environment and encompass proactive measures to reduce vulnerabilities in general and improve overall preparedness to meet a range of contingencies, including response to specific threat intelligence and security incidents."

"Each day, thousands of businesses and millions of people rely on the safe, secure, and efficient movement of commodities through the transportation system. Manmade or natural disruptions to this critical system could result in significant harm to the social and economic well-being of the country. The Nation's pipeline system is a mode of transportation with unique infrastructure security characteristics and requirements. As required by Executive Order 13416, the Pipeline Modal Annex implements the Transportation Sector Specific Plan (TSSP) and was developed to ensure the security and resiliency of the pipeline sector. The vision of this plan is to ensure that the pipeline sector is secure, resilient, and able to quickly detect physical and cyber intrusion or attack, mitigate the adverse consequences of an incident, and quickly restore pipeline service. The core of the plan is a pipeline system relative risk assessment and prioritization methodology. This methodology provides a logical prioritization process to systematically list, analyze and sort pipeline systems and critical pipeline components within those pipeline systems. By prioritization, security resources can be effectively used to manage risk mitigation in order to protect critical pipelines from terrorist threats. The methodology is based on the Transportation Sector Systems-Based Risk Management (SBRM) methodology, which is in turn based on the Risk Management Framework presented in the NIPP."

"The Transportation Systems Sector - a sector that comprises all modes of transportation (Aviation, Maritime, Mass Transit, Highway, Freight Rail, and Pipeline) - is a vast, open, interdependent networked system that moves millions of passengers and millions of tons of goods. The transportation network is critical to the Nation's way of life and economic vitality. Ensuring its security is the mission charged to all sector partners, including government (Federal, State, regional, local, and tribal) and private industry stakeholders. Every day, the transportation network connects cities, manufacturers, and retailers, moving large volumes of goods and individuals through a complex network of approximately 4 million miles of roads and highways, more than 100,000 miles of rail, 600,000 bridges, more than 300 tunnels and numerous sea ports, 2 million miles of pipeline, 500,000 train stations, and 500 public-use airports. The sector's security risks are evident by attacks either using or against the global transportation network, including not only the September 11, 2001, attacks on the World Trade Center and the Pentagon, but also more recent attacks on transportation targets such as the 2005 London bombings, the coordinated attack on four commuter trains in Madrid in 2004, and the 2006 plot uncovered in the United Kingdom targeting airlines bound for the United States. These recent attacks are a sobering reminder that the transportation system remains an attractive target for terrorists post-September 11. Hurricane Katrina and other disasters (natural and industrial) also highlight the risk to the sector that is not directly related to terrorism. Taken together, the risk from terrorism and other hazards demands a coordinated approach involving all sector stakeholders."

"There are approximately 160,000 public drinking water utilities and more than 16,000 wastewater utilities in the United States. About 84 percent of the U.S. population receives its potable water from these drinking water utilities and more than 75 percent has its sanitary sewage treated by these wastewater utilities. The drinking water and wastewater sector (Water Sector) is vulnerable to a variety of attacks, including contamination with deadly agents and physical and cyber attacks. If these attacks were to occur, the result could be large numbers of illnesses or casualties or denial of service that would also affect public health and economic vitality. Critical services such as firefighting and health care (hospitals), and other dependent and interdependent sectors such as energy, transportation, and food and agriculture, would suffer negative impacts from a denial of Water Sector service. In collaboration with the entire sector, a broad-based strategy to address security needs is being implemented. This work includes providing support to utilities by preparing vulnerability assessment and emergency response tools, providing technical and financial assistance, and exchanging information. Each section of the Water Sector-Specific Plan (SSP), as defined by the Department of Homeland Security (DHS) in its 2006 Sector-Specific Plan Guidance, is described below. This section of the SSP provides an overview of the Water Sector. Each drinking water or wastewater utility is considered an asset that comprises many components. The discussion includes an explanation of the Environmental Protection Agency's (EPA's) relationships, as the Sector-Specific Agency (SSA), with the private sector, State and local agencies, other Federal departments and agencies, and the public; a description of the relevant Water Sector authorities; a summary of its vision and goals; and explanation of its value proposition."