Table of Contents

Introduction to Critical Infrastructure Preparedness
Homeland Security Presidential Directives (HSPD)
What Is Critical Infrastructure?
What Is the Private Sector?
What Is the Public Sector?
What Is Critical Infrastructure Protection?
What Is Critical Infrastructure Preparedness?
Critical Infrastructure Functions
Origins of Critical Infrastructure
Regulations and Legislation
What Are the Categories of the Laws Listed?
Border Security and Immigration
Communications and Network Security
Cyberterrorism
Infrastructure
Domestic Safety and Security
Economic and Financial Security
Emergency Preparedness and Readiness
Medical and Health Care Security
Transportation Security (Includes Maritime Security)
Hazardous Materials
National Response Plan (NRP)
What Is the National Response Plan (NRP)?
NRP Training
How Does the NRP Tie in with Emergency Management?
NRP Subcategories
Emphasis on Local Response
What Is the Purpose of the NRP?
Tie between NRP and NIMS
Multiagency Command Structure Coordination
Coordination Responsibilities
Updates to the NRP
Incident Command Structure of the NRP
Levels of Authority
Key Concepts in the Implementation of the NRP
Roles and Responsibilities
Roles of the Federal Government
NRP Emergency Support Functions (ESFs)
Scope of ESFs
National Incident Management Systems (NIMS)
What Is NIMS?
Compliance
Flexibility
Standardization
NIMS Represents Best Practices
Components of NIMS
Command and Management
Preparedness
Benefits from Using NIMS
Resource Recovery
Communications and Information Management
Supporting Technologies
Ongoing Management and Maintenance
Command Structuring under NIMS
Incident Command System (ICS)
ICS Features
Common Terminology
Organizational Resources
Manageable Span of Control
Accountability
Integrate Communications Capabilities
Incident Action Plan
Management Command, Coordination, and Control Structures
Unified Command
Area Command
Multiagency Coordination Systems
Emergency Operations Centers
Incident Responsibilities
Postincident Responsibilities
Public Information Systems
Joint Information Systems (JIS)
Joint Information Centers (JIC)
JIC Levels
JIC Organizational Structure
Preparedness and Readiness
Preparedness Organizations
Preparedness Planning and Coordination
Types of Preparedness Plans
Emergency Operations Plan
Training and Exercise Drills
Personnel Qualification and Certification
Equipment and Hardware Certification
Mutual-Aid Agreements
Standby Contracts
Publication Management
Resource Management
Effectively Managing Resources
Communications and Information Management Principles
Incident Command Systems (ICS)
What Is NIMS and ICS?
What Is an Incident?
What Is an Incident Command System (ICS)?
What Is NIMS ICS?
History of ICS
FIRESCOPE
National Interagency Incident Management System (NIIMS)
Weaknesses Addressed by Using an ICS
Benefits of Using an ICS
ICS Framework
Applications for the Use of ICS
ICS Management Characteristics
Understanding the ICS Organization
ICS Management Functions
ICS Sections
What Is Span of Control?
ICS Position Titles
ICS Organizational Components
Unified Command
The Incident Commander
Command Staff
General Staff
Operations Section
Planning Section
Incident Action Plan
Logistics Section
Finance/Administration Section
ICS Area Command
Communications within the ICS
Incident Facilities
Differences between NIMS ICS and FIRESCOPE/NIIMS ICS
NIMS ICS Training
How ICS Integrates with Critical Infrastructure
Emergency Preparedness and Readiness (EMR)
Office for Domestic Preparedness
First Responder
First Responder Classifications
Guideline Classifications
North American Emergency Response Guidebook (NAERG)
Awareness Level Guidelines
Performance Level Guidelines
Operational Levels Defined
Level A: Operations Level
Level B: Technician Level
Know Protocols to Secure, Mitigate, and Remove Hazardous Materials
Additional Protective Measures
Understand Development of the Incident Action Plan
Know and Follow Procedures for Protecting a Potential Crime Scene
Know Department Protocols for Medical Response Personnel
National Fire Prevention Association 472
Occupational Safety and Health Administration Hazardous Waste Operations and Emergency Response
Skilled Support Personnel
Specialist Employee
Department of Transportation (DOT) Hazardous Materials (HAZMAT) Classifications
Importance of Implementing an Emergency Response Plan
Security Vulnerability Assessment (SVA)
What Is a Risk Assessment?
Methods of Assessing Risk
Threat Risk Equations
Comparison of Quantitative vs. Qualitative Risk Assessments
Challenges Associated with Assessing Risk
Other Factors to Consider When Assessing Risk
What Is an SVA?
Reasons for Having an SVA
What Is a Threat?
What Is Vulnerability?
Countermeasures
Vulnerability Assessment Framework (VAF)
Reasons for Using the VAF
Federal Information Systems Control Auditing Manual (FISCAM)
General Methodologies of FISCAM Auditing
What Are General Controls?
What Are Application Controls?
Caveats with Using an SVA
How the SVA Is Used
Audience of an SVA
Initial SVA Plan
Necessary Steps of an SVA
Critical Success Factors
VAF Methodology
Initial Steps of the VAF
VAF Step 1: Establish the Organization Minimum Essential Infrastructure (MEI)
VAF Step 2: Gather Data to Identify MEI Vulnerabilities
VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities
Standards and Guidelines
About the National Fire Prevention Association (NFPA)
North American Electric Reliability Council (NERC)
American Gas Association (AGA)
Instrumentation, Systems, and Automation Society (ISA)
American Petroleum Institute (API)
Chemical Industry Data Exchange
ISO 15408
NIST PCSRF
Health Insurance Portability and Accountability Act (HIPAA)
Patient Safety and Quality Improvement Act (PSQIA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act
The American National Standards Institute (ANSI)
Federal Information Processing Standards (FIPS)
National Standards Systems Network
BSR/ASCE/AEI XX-2006
BSR T1M1-27-200X
BSR X9.49-200X
ASTM F1756-97A (2002)
Information Sharing and Analysis Centers (ISAC)
What Is a Critical Infrastructure Asset?
What Is an ISAC?
Advantages of Belonging to an ISAC
Access to ISAC Information
Expanded ISAC Services
Surface Transportation ISAC (ST-ISAC)
Public Transportation ISAC (PT-ISAC)
American Public Transportation Association (APTA)
Association of American Railroads (AAR)
Transportation Technology Center, Inc. (TTCI)
Railinc
Water ISAC
Association of State Drinking Water Administrators (ASDWA)
Water Environment Research Foundation (WERF)
Association of Metropolitan Water Agencies (AMWA)
Association of Metropolitan Sewage Agencies (AMSA)
National Association of Water Companies (NAWC)
American Water Works Association (AWWA)
AWWA Research Foundation (AWWARF)
Financial Services ISAC (FS-ISAC)
Science Applications International Corporation (SAIC)
Electricity Sector ISAC (ES-ISAC)
Emergency Management and Response ISAC (EMR-ISAC)
Information Technology ISAC (IT-ISAC)
National Coordinating Center for Telecommunications (NCC-ISAC)
Communications Resource Information Sharing (CRIS)
Government Emergency Telecommunications Service (GETS)
Telecommunications Service Priority (TSP)
Shared Resources High Frequency Radio Program (SHARES)
Network Reliability and Interoperability Council (NRIC)
National Security Telecommunications Advisory Committee (NSTAC)
Wireless Priority Services (WPS)
Alerting and Coordination Network (CAN)
Energy ISAC
Chemical Sector ISAC (CHEM-ISAC)
Chemical Transportation Emergency Center (CHEMTREC)
Healthcare Services ISAC (HCISAC)
Highway ISAC
Cargo Theft Information Processing Systems (CargoTIPS)
American Trucking Associations (ATA)
HighwayWatch
Food and Agriculture ISAC
Food Marketing Institute (FMI)
Multi-State ISAC (MS-ISAC)
ISAC Council (ISAC-ISAC)
World Wide ISAC (WW-ISAC)
Real Estate ISAC (RE-ISAC)
The Real Estate Roundtable
Research and Educational Networking ISAC (REN-ISAC)
Biotechnology and Pharmaceutical ISAC (BioPharma ISAC)
Maritime ISAC (M-ISAC)
Maritime Security Council (MSC)
Marine Transportation System National Advisory Council
Supervisory Control and Data Acquisition (SCADA)
What Are Control Systems?
Types of Control Systems
Components of Control Systems
Vulnerability Concerns about Control Systems
Adoption of Standardized Technologies with Known Vulnerabilities
Connectivity of Control Systems to Unsecured Networks
Implementation Constraints of Existing Security Technologies
Insecure Connectivity to Control Systems
Publicly Available Information about Control Systems
Control Systems May Be Vulnerable to Attack
Consequences Resulting from Control System Compromises
Wardialing
Wardriving
Warwalking
Threats Resulting from Control System Attacks
Issues in Securing Control Systems
Methods of Securing Control Systems
Technology Research Initiatives of Control Systems
Security Awareness and Information Sharing Initiatives
Process and Security Control Initiatives
Securing Control Systems
Implement Auditing Controls
Develop Policy Management and Control Mechanisms
Control Systems Architecture Development
Segment Networks between Control Systems and Corporate Enterprise
Develop Methodologies for Exception Tracking
Define an Incident Response Plan
Similarities between Sectors
Critical Infrastructure Information (CII)
What Is Critical Infrastructure Information?
How Does the Government Interpret CII?
Exemption 3 of the Freedom of Information Act
Exemption 4 of the Freedom of Information Act
Section 214 of the Homeland Security Act
Enforcement of Section 214 of the Homeland Security Act
What Does Sensitive, But Unclassified Mean?
Information Handling Procedures
Freedom of Information Act
Need-to-Know
 “For Official Use Only” (FOUO)
Enforcement of FOUO Information
Reviewing Web Site Content
Export-Controlled Information
Enforcement of Export-Controlled Information
Source Selection Data
Enforcement of Source Selection Data
Privacy Information
Enforcement of Privacy Information
Unclassified Controlled Nuclear Information (UCNI)
Enforcement of UCNI
Critical Energy Infrastructure Information (CEII)
Enforcement of CEII
Lessons Learned Program
INFRAGARD
Index