The SLTTGCC Cybersecurity Working Group and the RC3 Cyber Working Group have partnered to sponsor an informational webinar series on Federal cyber programs and activities. Its goal is to provide council members, as well as public and private partners at the regional, State, and local levels, information on cyber initiatives across government. This series is open to all, and recipients are encouraged to share this information with their colleagues.
This series will serve as a way for partners to keep a finger on the pulse of initiatives, like the implementation of the Information Sharing and Analysis Organizations Executive Order, establishment of cyber-focused public-private partnerships, and available programs and best practices that can help public and private infrastructure stakeholders develop or strengthen their own cyber initiatives. The webinars will be hosted and moderated by the RC3 and SLTTGCC Cyber Working Group chairs.
The series launched on February 25, 2016, with a presentation delivered by the Federal Trade Commission’s (FTC) lead counsel regarding the implications of the Third Circuit Court’s 2015 ruling on the FTC’s authority to regulate cybersecurity in the case of FTC v. Wyndham Worldwide Corporation.
The series is scheduled to continue with sessions on March 24, 2016, and April 7, 2016. Formal announcements for those dates will be sent after the initial session. For additional information, please contact Sector.Partnership@hq.dhs.gov.
SLTTGCC and RC3 Showcase Activities of Critical Infrastructure Programs
The SLTTGCC and the RC3 are nearing completion of the Regional Overview of Critical Infrastructure Programs, a project to document the current state of critical infrastructure mission implementation across the Nation. The councils engaged critical infrastructure professionals in 2015 through council-sponsored questionnaires and Virtual Roundtable Webinars to detail the structure and mission of programs and partnerships, critical infrastructure activities, and major needs and challenges.
As depicted by the blue shading in Figure 1, the project identified the most common types of critical infrastructure security and resilience activities implemented by SLTT agencies, consistent with the National Infrastructure Protection Plan (NIPP) 2013.
Figure 1: SLTT Critical Infrastructure Activities Consistent with NIPP 2013
Set Goals and Objectives: Critical infrastructure programs most often formalize their program strategies by incorporating critical infrastructure security and resilience provisions into overarching homeland security strategies or emergency response plans. These strategic documents are valued as a means to more clearly define critical infrastructure security and resilience goals and objectives, establish a common understanding of the program among partners, and make strategic decisions. Increasingly, the dynamic threat landscape (including cybersecurity and natural disasters) and lifeline sector resilience are influencing program strategic focus. However, constrained resources limit plan implementation in some jurisdictions.
Identify Infrastructure: Asset criteria and prioritization used by critical infrastructure programs are based on Federal standards, yet are often modified to address the assets most critical to the jurisdiction (e.g., dynamic threat environment, population density, economic drivers). Many programs are transitioning to use of the IP Gateway, though some programs are adopting separate in-house or commercially-based solutions. Constrained resources affect the amount of time and effort many jurisdictions can focus on identification of critical infrastructure.
Assess, Analyze, and Manage Risk: The level of focus on assessments varies greatly between jurisdictions, with some expanding capabilities and others relying solely on the Protective Security Advisors (PSAs) to conduct onsite assessments. Expanded capabilities include supporting State and local onsite assessment teams, conducting assessments on local priorities (e.g., education institutions and major public events), and charging fusion centers with analyzing threats and dependencies. Regardless of the level of focus, jurisdictions stress the importance of PSAs and are integrating results from the Regional Resiliency Assessment Program and the Threat and Hazard Identification and Risk Assessment.
Develop Public-Private Partnerships and Share Information: Fusion Centers and Emergency Operations Centers (EOCs) are actively collaborating with private sector critical infrastructure partners to share information and jointly respond during special events and emergency incidents. Fusion Centers produce intelligence summaries, event analysis, suspicious activity reports, real-time bulletins, and alerts, many of which are shared with critical infrastructure partners. Many EOCs are formally integrating the private sector, either through establishing private sector seats at the EOC or creating a companion business EOC. These partnerships facilitate the sharing of information and rapid allocation of public and private sector resources during incidents. In addition to fusion centers and EOCs, SLTT critical infrastructure programs are hosting joint exercises with and disseminating sector-specific fact sheets to their private sector partners.
If you want to find out more about our project, please email SLTTGCC@hq.dhs.gov.