Embed Size (px)
Citation preview
NCR HIRAUpdate
October 31, 2006
2
Objectives
• Provide an Update on the Resolution of Issues from the Last NCR Meeting
• Provide the Status of Each Deliverable• Outline Next Steps for Each Deliverable• Review Project Timeline • Review the HIRA process – Bob Fletcher• Present Next Steps for NCR• Review Meeting Schedule
3
Resolution of Issues from Last NCR Meeting
• Security issue—Steve Kral is working with SPG and SRA Security to resolve– Draft NDA in legal review– Draft protocols for document handling
provided
• Tiering in Vulnerability Sheets – changed
4
Four Deliverables
1. HIRA Stakeholder Outreach
2. Hazard Identification, Risk Assessment, Impact Analysis (HIRA)
3. Critical Infrastructure Protection/Resiliency Strategy Benchmarking Report (CISB Report)
4. Outline for Development of NCR CIP/R Strategy
5
Deliverable 1 Update: HIRA Stakeholder Outreach
• Outreach to the NCR jurisdictions is completeCounties/Cities Meeting Date Confirmed
– Fairfax County Sept. 14 Completed– Prince William County Oct. 13 Completed– District of Columbia Oct. 24 Completed– Arlington County Oct. 17 Completed– City of Falls Church Sept. 29 Completed– City of Alexandria Oct. 18 Completed– Loudoun County Oct. 13 Completed– City of Manassas Oct. 2 Completed– Manassas Park Oct. 4
Completed– Montgomery County Oct. 4 Completed– Prince George’s County Oct. 4
Completed – City of Fairfax Oct. 5 Completed
6
Deliverable 1 Update: HIRA Stakeholder Outreach, Cont’d
• Conducting informational interviews with NCR leadership to aid in the HIRA creation:SPG Members
• Contacted by SRA: 7• Interviews Completed: 2• Scheduled: 5• Unscheduled: 0
CAOs• Contacted by SRA: 12• Interviews Completed: 1• Scheduled: 1• Unscheduled: 10
7
Next Steps: HIRA Stakeholder Outreach and Governance Group
• Complete informational interviews with NCR leadership
8
Deliverable 2 Update: Hazard Identification, Risk Assessment, Impact Analysis (HIRA)
• Data Collection– Open source, ongoing as needed– Jurisdictions, ongoing– Federal, ongoing
• Analysis Process • Hazards Analyzed as “Regional” • Draft Section – Hazards
– GIS Maps on Hazards for Jurisdictions
9
Deliverable 2 Update: HIRANext Steps
• Conduct Analysis on Vulnerabilities– Reach out to federal/state/local/private sector SMEs
• Health/Pandemic—Dr. Matt Minson, MD DHMH; Dr. Rick Alcorta, MIEMSS; Dr. Jeffrey Elting, Washington Hospital Association (invited)
• Transportation—John Contestabile, MDOT • Water—Stuart Freudberg, MWCOG; Steve Gerwin, WSSC• Power—George Gacser, PEPCO • Interoperability—John Contestabile, MDOT • Information Technology—Wanda Gibson, ESF#2 Chair• Environmental/HAZMAT—Al Williams, MDE• Emergency Services—Doug Bass, Fairfax; Mark Penn,
Alexandria• Government Facilities—GSA representative sought
10
Deliverable 2 Update: HIRANext Steps, Cont’d
• Model the Vulnerabilities
• Continue to Develop GIS Maps for the Hazards and Vulnerabilities
• Continue to Develop the HIRA Report
11
Deliverable 3 Update: Critical Infrastructure
Protection/Resiliency Strategy Benchmarking Report
• Researching the list of approved strategies
• Provided a draft Benchmarking Report Outline on Oct. 13, 2006
• Provided a draft Impact of Loss Metrics model on Oct. 13, 2006
• Met with CIP RPWG on Oct. 27, 2006, to review deliverables and steps forward
12
Next Steps: Critical Infrastructure Protection/
Resiliency Strategy Benchmarking Report
• Continue open-source research of CIP/R Strategies
• Follow-up on selected strategies with interviews
• Provide second draft on Impact of Loss Metrics
• Develop the CISB Report
13
Deliverable 4 Update: Outline for Development of NCR CIP/R Strategy
• Outline will be partially based upon lessons learned from the other three Deliverables
• Outline will be constructed in tandem with development of the other Deliverables
14
Next Steps: Outline for Development of NCR CIP/R Strategy
• Awaiting the further development of the HIRA and the CISB Report
15
Schedule Review
16
HIRA Process
17
RISK VULNERABILITYTHREAT CONSEQUENCE=
(Most effective NCR risk mitigation strategies present in these variables)
= XX
This is the DHS definition, which we break into components to examine specifically the CONSEQUENCES that we desire to avoid/mitigate, defining CONSEQUENCE as (Impact – Detection/Response Capability) * (Asset Defenses). However, NCR can only impact Detection/Response Capability and select portions of Asset Vulnerability.
SRA DHS-Compatible Definition of Risk
18
RISK THREAT VULNERABILITY CONSEQUENCE== XX
THREAT:
Function of enemy intent, capabilities, desire, timing, and opportunity.
VULNERABILITY:
Function of detailed asset-specific data such as #/type of guards, static defenses, entry control, HAZMAT detection, etc.
CONSEQUENCE:
Function of early detection, immediate response, triage, medical capacity, etc.
Some long-term NCR role in terms of building codes, public-owned buildings, and general regulatory matters.
Direct NCR role in controlling / allocating public resources for tactical threat detection/defeat (police) and emergency response assets (fire, medical, etc.), and ID of CI resiliency gaps.
Minimal NCR role.
NCR Role in “Buying Down Risk”
Using SME input, postulate characteristics
of a Regional Event
Collect “Real-World” data from events considered
“Regional”Find Commonalities
among “Real-World” data sets
Refined Definition
Develop Working Definition of Regional
Event
Postulate Future Regional Events based on refined
definition
Inputs
Analysis
Outputs
Defining Regional Events
20
HIRA for Hazards Occurring Within NCR
Is Hazard NCR-Relevant?
Catalogue of All-Hazards
YESNO
Natural/Accident: Run Probabilistic Model (CAPRA)
Terrorism: Perform Consequences
Analysis Process
Sufficient Probability Data?(i.e, is threat Natural/ Accident or Terrorism?)
YES
NO
21
Terrorism: Process for Consequences Analysis
Terrorism Threats
Population Vulnerabilities
Asset Vulnerabilities
Population
Impact
Asset
Impact
= ConsequencesCurrentCapabilities{ }
Step One:
Using historical events and DHS planning scenarios, perform ‘Capabilities Gap Analysis’ by examining current capabilities to reduce the impact of threats against NCR population and assets
(NCR historical events and DHS planning scenarios)
(Analysis of NCR based on TCLs and EMAP standards)
22
17 CI Sectors
Most Critical
Systems
Step Two:
SMEs ID the NCR’s most critical assets by analyzing the most significant cascading impacts following possible impairment of NCR assets from identified threats.
NCR-Priority CI Sectors
NCR Key Assets
(SME analysis)(DHS NADB) (System-specific SME analysis)
The Most REGIONALLY
Critical Infrastructure
Assets
Terrorism: Process for Consequences Analysis
(e.g. WASA, WMATA)
23
Mitigation & Resiliency
Alternatives*
Capabilities Gaps
Vulnerabilities of Key CI Assets
=Prioritized Investment
Strategy
Step Three:
Having ID’d Capabilities Gaps and the Most Critical Assets of NCR’s Most Critical Systems, Analyze Mitigation and Resiliency Alternatives to address Capabilities Gaps and vulnerabilities of select Critical Infrastructure Assets.
Funding Constraints{ }
Terrorism: Process for Consequences Analysis
24
Examples of “Buying Down Risk”
Alternatives with Applicability to All Hazards
VULNERABILITY
Water Security MonitoringBiological Detectors
Security GuardsRadiation Detection Equip.
Back-up Power
CONSEQUENCE
Emergency Mobile LabsEmergency Medical Surge
Interoperable CommunicationsDebris Removal Capabilities
Food/H2O Supplies
THREAT
Counter SurveillanceLaw Enforcement
National IntelligenceMilitary Operations
Examples of “Buying Down Risk”
Alternatives Influenced by NCR Investment Strategy
VULNERABILITY
Water Security MonitoringBiological Detectors
Security GuardsRadiation Detection Equip,
Back-up Power
CONSEQUENCE
Emergency Mobile LabsEmergency Medical Surge
Interoperable CommunicationsDebris Removal Capabilities
Food/H2O Supplies
THREAT
Counter SurveillanceLaw Enforcement
National IntelligenceMilitary Operations
*Mitigation & Resiliency Alternatives
25
Next Steps for NCR
• Finalizing Data collection with Jurisdictions and the Federal partners– Cutoff date: Nov. 7, 2006
• Completing interviews with NCR leadership
• Contacting SMEs for input on analysis and modeling
26
Meeting ScheduleDATE TIME LOCATION9/28/06 1:00 – 4:00 PM MWCOG BOARDROOM
10/31/06 11:00 – 1:00 PM MWCOG TNG CTR (1ST FLOOR)
11/30/06 1:00 – 4:00 PM MWCOG BOARDROOM
1/04/07 1:00 – 4:00 PM MWCOG BOARDROOM
2/01/07 1:00 – 4:00 PM MWCOG BOARDROOM
3/01/07 1:00 – 4:00 PM MWCOG BOARDROOM (IF NEEDED)
4/05/07 1:00 – 4:00 PM MWCOG BOARDROOM (IF NEEDED)
NOTE: THE HIRA AND THE CISB TEAMS WILL MEET IN PERSON OR BY CONFERENCE CALL AT OTHER TIMES AS DETERMINED BY DOUG BASS (HIRA) AND CONSTANCE MCGEORGE (CISB).
