Asis-Critical Infrastructure Resource Guide

ASIS International

Critical Infrastructure Resource Guide

Copyright © 2007 by ASIS International ASIS International (ASIS) disclaims liability for any personal injury, property or other damages of any nature whatsoever, whether special, indirect, consequential or compensatory, directly or indirectly resulting from the publication, use of, or reliance on this document. In issuing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity. Nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstance. All rights reserved. Permission is hereby granted to individual users to download this document for their own personal use, with acknowledgement of ASIS International as the source. However, this document may not be downloaded for further copying or reproduction nor may it be sold, offered for sale, or otherwise used commercially.

Table of Contents Introduction ....................................................................................................................................................................1 Critical Infrastructure Working Group Contributors ...............................................................................................2 ASIS International Staff ........................................................................................................................................2 1.0 Agriculture and Food Sector.....................................................................................................................................3 1.1 Sector Overview ..................................................................................................................................................3 1.2 Professional Development Resources ................................................................................................................4 1.2.1 Government Resources...............................................................................................................................4 1.2.2 Government Resources – Canada ..............................................................................................................5 1.2.3 Industry Resources......................................................................................................................................5 1.2.4 Best Practices and Assistance ....................................................................................................................6 2.0 Banking and Finance Sector ....................................................................................................................................9 2.1 Sector Overview ..................................................................................................................................................9 2.2 Professional Development Resources ..............................................................................................................10 3.0 Chemical Sector.....................................................................................................................................................13 3.1 Sector Overview ................................................................................................................................................13 3.2 Professional Development Resources ..............................................................................................................14 3.2.1 Web Links..................................................................................................................................................14 3.2.2 Government Agencies / Resources ...........................................................................................................15 3.2.3 Publications and Misc. Resources .............................................................................................................17 4.0 Commercial Facilities Sector..................................................................................................................................19 4.1 Sector Overview ................................................................................................................................................19 4.2 Professional Development Resources ..............................................................................................................20 4.2.1 Guides, Resources, and Documents by Organization ...............................................................................20 4.2.2 Web links ...................................................................................................................................................21 4.2.3 Security Management Articles (month, year, page) ...................................................................................21 4.2.4 Books.........................................................................................................................................................22 4.2.5 Videotapes / DVD: .....................................................................................................................................25 4.2.6 Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS): ..........................................................................25 5.0 Dams Sector ..........................................................................................................................................................28 5.1 Sector Overview ................................................................................................................................................28 5.2 Professional Development Resources ..............................................................................................................29 6.0 Defense Industrial Base Sector..............................................................................................................................34 6.1 Sector Overview ................................................................................................................................................34 6.2 Professional Development Resources ..............................................................................................................35 7.0 Drinking Water and Water Treatment Sector .........................................................................................................37 7.1 Sector Overview ................................................................................................................................................37 7.2 Professional Development Resources ..............................................................................................................38 7.2.1 Federal Lead Agency Affiliation .................................................................................................................38 7.2.2 Industry Associations and Affiliations.........................................................................................................38 7.2.3 Academic and Research............................................................................................................................39 8.0 Emergency Services Sector ...................................................................................................................................40 8.1 Sector Overview ................................................................................................................................................40 8.2 Professional Development Resources ..............................................................................................................41 8.2.1 Resources: ................................................................................................................................................42 9.0 Energy Sector ........................................................................................................................................................43 9.1 Sector Overview ................................................................................................................................................43 9.2 Professional Development Resources ..............................................................................................................45 9.2.1 Electricity Sector Organizations (North America):......................................................................................46 9.2.2 Electricity Sector Support Organizations (North America) .........................................................................46 9.2.3 References: ...............................................................................................................................................47 9.2.4 Security Support Programs:.......................................................................................................................48 9.2.5 Oil and Natural Gas Professional Development Resources ......................................................................50

10.0 Government Facilities Sector ...............................................................................................................................55 10.1 Sector Overview ..............................................................................................................................................55 10.2 Professional Development Resources ............................................................................................................56 10.2.1 Guides, Resources, and Documents by Organization .............................................................................56 10.2.2 Web links .................................................................................................................................................57 10.2.3 Security Management Articles (month, year, page) .................................................................................57 10.2.4 Books.......................................................................................................................................................58 10.2.5 Videotapes / DVD ....................................................................................................................................61 10.2.6 Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS) .........................................................................61 11.0 Information Technology Sector ............................................................................................................................64 11.1 Sector Overview ..............................................................................................................................................64 11.2 Professional Development Resources ............................................................................................................65 11.2.1 Web Sites ................................................................................................................................................65 11.2.2 Credit Bureaus:........................................................................................................................................67 11.2.3 Books:......................................................................................................................................................67 12.0 National Monuments and Icons Sector ................................................................................................................68 12.1 Sector Overview ..............................................................................................................................................68 12.2 Professional Development Resources ............................................................................................................69 12.2.1 Museums, Libraries, Cultural Properties and other National Icons: .........................................................70 12.2.2 Other Resources, Guides, etc…..............................................................................................................71 13.0 Nuclear Reactors, Materials, and Waste Sector...................................................................................................72 13.1 Sector Overview ..............................................................................................................................................72 13.2 Professional Development Resources ............................................................................................................73 14.0 Postal and Shipping Sector ..................................................................................................................................75 14.1 Sector Overview ..............................................................................................................................................75 14.2 Professional Development Resources ............................................................................................................76 14.2.1 Regional Cargo Security Councils: ..........................................................................................................77 14.2.2 Cargo Theft Task Forces: ........................................................................................................................78 15.0 Public Health and Healthcare Sector ...................................................................................................................80 15.1 Sector Overview ..............................................................................................................................................80 15.2 Professional Development Resources ............................................................................................................81 15.2.1 Books, Publications, and News Clips:......................................................................................................82 16.0 Telecommunications Sector .................................................................................................................................83 16.1 Sector Overview ..............................................................................................................................................83 16.2 Professional Development Resources ............................................................................................................84 17.0 Transportation Systems Sector ............................................................................................................................85 17.1 Sector Overview ..............................................................................................................................................85 17.2 Professional Development Resources ............................................................................................................86 17.2.1 Books, Publications, and News Clips.......................................................................................................89 18.0 Additional Resources .........................................................................................................................................102 18.1 Universities / Colleges ...................................................................................................................................103 18.2 Government Organizations............................................................................................................................105 18.3 Government Publications / Newsletters.........................................................................................................107 18.4 Business Associations / Nongovernmental Organizations.............................................................................111 18.5 Resource Database.......................................................................................................................................113

Introduction “The September 11, 2001, attacks demonstrated the extent of our vulnerabilities to the terrorist threat. In the aftermath of these tragic events, we, as a Nation, have demonstrated firm resolve in protecting our critical infrastructures and key assets from further terrorist exploitation.

In this

effort, government at all levels, the private sector and concerned citizens across the country have begun an important partnership and commitment to action.” - President George W. Bush, “The National Strategy for the Physical Protection of Critical Infrastructure and Key Assets,” February 2003

The ASIS International Critical Infrastructure Working Group (CIWG) initially convened at the ASIS Annual Seminar and Exhibits in San Diego, CA in September 2006. As the CIWG structure and purpose evolved, it was determined that this particular working body could provide a specialized resource to ASIS members who serve the nation’s 13 critical infrastructures and four key assets as defined by the U.S. Department of Homeland Security (DHS). Moreover, it was envisioned that the CIWG would be a viable link to both private and public sector entities associated with issues relevant to critical infrastructure protection, disaster resilience, and continuity of operations. The organizational structure of the CIWG is representative of all 17 critical infrastructures and key assets. Members are ASIS volunteers who are generally nominated to serve this working group from the existing Councils. As such, the CIWG is a common mechanism for inter council cooperation in protecting the vital interests of our nation through information sharing, educational programs, and resources. This guide represents a work product that can be used as a current resource document for the critical infrastructures and key assets. It is not intended to supplant or supersede existing publications, resources, or documents that have been promulgated by government agencies or industry associations. Rather, it is a useful compendium of information that can be easily accessed and utilized in the critical infrastructure protection arena. This effort could not have been realized without the dedication and commitment of the CIWG volunteers and ASIS staff who worked tirelessly in producing this resource for the infrastructure communities and the Society at large. Our gratitude is extended to all who have been involved in supporting this project. We welcome your comments, suggestions and recommendations regarding this document and how we can best serve you.

Robert D. Hulshouser, CPP ASIS Critical Infrastructure Working Group Chair

ASIS International Critical Infrastructure Resource Guide

1

[Return to Table of Contents]

Critical Infrastructure Working Group Contributors Michael A. Crane, CPP, IPC International Corporation, Council Vice-President Robert D. Hulshouser, CPP, Las Vegas Valley Water District, Chairman Deborah L. Allen, CPP, Potash Corporation Kent D. Bowen, AT&T—Asset Protection Larry E. Brown, First Citizens Bank Ciro J. Cardelli, CPP, Shands Jacksonville Medical Center Scott R. Derby, Museum of Fine Arts, Boston James Keith Flannigan, International Dynamics Research Joseph R. Granger, CPP, United Space Alliance Gene P. Gwiazdowski, CPP, Calvert Cliffs Nuclear Power Plant J. Michael Harris, CPP, RDR, Inc. Mary B. Hostert, Allegheny Energy Keith L. Kambic, CPP, US Equities Asset Management, LLC Donald E. Knox, CPP, State Farm Insurance Ronald Lander, CPP, Ultrasafe Security Solutions Luis H. Morales, CPP, Duke Energy Corporation Ronald J. Niebo, NERC Henri R. Nolin, CPP, Sun State Specialty K-9s Kevin O’Brien, The Bank of New York Mark O’Connor, DHL Logistics Canada NE USA Bernard J. Scaglione, CPP, New York Presbyterian Hospital Michael J. Steinle, Tetra Tech EM, Inc. Ray VanHook, CPP, McCormick Place/Navy Pier Robert D. Voss, AGL Resources, Inc. John Walsh, U. S. Department of Homeland Security, Great Lakes Area Scott A. Watson, CPP, S.A. Watson & Associates, LLC Brit R. Weber, Michigan State University Terry F. Whitley, Shell Oil Company

ASIS International Staff Susan Melnicove

Education Department Director

Valerie Melencio O

Council Manager

Evangeline Pappas

Educational Publications Manager

Vinn Truong

Educational Publications Assistant


2


Agriculture and Food Sector

1.0 Agriculture and Food Sector 1.1 Sector Overview The Agriculture and Food Sector has the capacity to feed and clothe people well beyond the boundaries of the Nation. The sector is almost entirely under private ownership and is composed of an estimated 2.1 million farms, and approximately 880,587 firms and 1,086,793 facilities. This sector accounts for roughly one-fifth of the Nation’s economic activity and is overseen at the Federal level by the U.S. Department of Agriculture (USDA) and the Department of Health and Human Services’ (HHS) Food and Drug Administration (FDA). The USDA is a multifaceted department that directly impacts the lives of all U.S. citizens. One of its key roles is to ensure that the Nation’s food and fiber needs are met. USDA is also the steward of our Nation’s 192 million acres of national forests and rangelands, and it is the country’s largest conservation agency, encouraging voluntary efforts to protect soil, water, and wildlife on the 70 percent of America’s lands that are in private hands. The FDA is responsible for the safety of 80 percent of all of the food consumed in the United States. While the FDA’s mission is to protect and promote public health, that responsibility is shared with: Federal, State, and local agencies; regulated industry; academia; health providers; and consumers. FDA regulates $240 billion of domestic food and $15 billion of imported food. In addition, roughly 600,000 restaurants and institutional food service providers, an estimated 235,000 grocery stores, and other food outlets are regulated by State and local authorities that receive guidance and other technical assistance from FDA. The Agriculture and Food Sector is dependent upon the Drinking Water and Wastewater Treatment Systems Sector for clean irrigation and processed water; the Transportation Systems Sector for movement of products; the Energy Sector to power the equipment needed for agriculture production and food processing; and the Banking and Finance, Chemical, Dams and other sectors as well. *

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.


3



1.2 Professional Development Resources 1.2.1 Government Resources Departmental agencies, regional locations, and links to vital information accompanied by a brief description of what information will be found. Animal and Plant Health Inspection Service (APHIS), U.S. Department of Agriculture – Contains information regarding potential disease outbreaks, response protocols, and mitigation strategies. Association of American Feed Control Officials (AAFCO) – Provides information for developing and implementing uniform and equitable laws, regulations, standards and enforcement policies for regulating the manufacture, distribution and sale of animal feeds; resulting in safe, effective, and useful feeds. Association of American Plant Food Control Officials (AAPFCO) – Promotes cooperation with members of the industry to promote the safe and effective use of fertilizers and protection of soil and water resources. Centers for Disease Control and Prevention (CDC) – Contains pathogen-specific information to protect human health. Center for Food Safety & Applied Nutrition (CFSAN), U.S. Food and Drug Administration (FDA) – Contains information regarding food safety incidents, recalls, and compliance obligations. Department of Homeland Security (DHS) – Contains information regarding Homeland Security Presidential Directives, the National Incident Management System, the National Response Plan, and threat levels. Environmental Protection Agency (EPA) – Contains information regarding chemical response issues. Federal Bureau of Investigation (FBI) – Contains threat information and information for local law enforcement relative to agriculture. Transportation Security Administration (TSA) – Contains relevant information regarding a broad base of transportation issues including air, pipelines, rail, and trucking. United States Department of Agriculture (USDA) – Contains notices regarding agriculture and food security issues as well as best practices. United States Coast Guard – Contains regulations and best practices for securing port facilities.


4



1.2.2 Government Resources – Canada Canadian Food Inspection Agency – Dedicated to safeguarding food, animals, and plants, which enhances the health and well-being of Canada’s people, environment, and economy; and to ensure that food safety emergencies are effectively managed. Transport Canada – Develops and administer policies, regulations, and services for the best transportation system for Canada; providing one that is safe and secure, efficient, affordable, integrated, and environmentally friendly.

1.2.3 Industry Resources Similar to Government Resources cited above, but by the different industry associations/worldwide resources that may have developed. Agriculture and Food Transporters Conference (AFTC), American Trucking Association – Promotes security of food and feed in transit via information exchange and best practices. Agriculture Retailers Association (ARA) – Ensures that the legislative and regulatory issues of importance to ARA members are reported in a timely manner to the various audiences with whom the association relates. Within this section, viewers can read up-to-date news announcements on agriculture, retail, and distribution issues. AIB International – Provides support to protecting the safety of the food supply chain and delivering high value technical and educational programs. American Feed Industry Association (AFIA) – Supports the feed industry through information campaigns and best practices. American Meat Institute – Provides best practices covering a broad range of issues relating to safety and security in the meat industry. Provides a forum for discussion and information exchange. CropLife America – CropLife America is the national trade organization representing the nation’s developers, manufacturers, formulators, and distributors of plant science solutions for agriculture and pest management in the U.S. Food and Agriculture Sector Coordinating Council (FASCC) – FASCC is comprised of up to 21 representatives from the Food and Agriculture Sector. The self-governing body represents the Food and Agriculture Sector to the government and makes policy and strategy recommendations to the Federal government. Food Processors Association (FPA) – Promotes sound public policy, champions initiatives that increase productivity and growth, and helps protect the safety and security of the food supply through scientific excellence. Grocery Manufacturers Association (GMA) – Promotes sound public policy, champions initiatives that increase productivity and growth, and helps to protect the safety and security of the food supply through scientific excellence.


5



International Dairy Foods Association – Provides Legislative Leadership, best practices, and promotion of dairy foods. National Cattlemens’ Beef Association – Provides information regarding security relative to beef production as well as data regarding outbreaks and various types of pathogens. National Oilseed Processors Association (NOPA) – Through its various committees, the Association cooperates with the U.S. Departments of Agriculture, State, and Commerce, as well as other independent and private organizations, both national and international, concerned with oilseed products. National Pork Producers Council – Conducts public policy outreach on behalf of its 44 affiliated state association members. Enhances opportunities for the success of U.S. pork producers and other industry stakeholders by establishing the U.S. pork industry as a consistent and responsible supplier of high quality pork to the domestic and world market. The Fertilizer Institute (TFI) – Provides safety and security best practices and promotes the safe use of fertilizer.

1.2.4 Best Practices and Assistance Sample checklists, audits, matrixes, etc. American Feed Industry Association (documents available through www.afia.org) Safe Feed/Safe Food Guidelines Guide to Biosecurity Awareness BSE Compliance Guide American Trucking Association – USDA in partnership with Agriculture and Food Transporters Conference (updated 18 Dec 2006). Guide for Security Practices in Transporting Agriculture and Food Commodities. The Fertilizer Institute (documents available through www.tfi.org) "America's Security Begins With You" “You, too, can work for a drug free America: Keep Anhydrous Ammonia Safe and Secure!” Security Code of Management Practices


6



U.S. Food and Drug Administration (FDA): Strategic Partnership Program Agroterrorism (SPPA) Initiative ALERT Food Defense Awareness Training Protecting the Food Supply from Intentional Adulteration: An Introductory Training Session to Raise Awareness – This training is available online and is being hosted by the Food and Drug Administration (FDA). U.S. Department of Agriculture (USDA), Food Safety and Inspection Service (FSIS), Industry Security Guidelines: Developing a Food Defense Plan for Meat and Poultry Slaughter and Processing Plants | PDF | Developed in consultation with very small, small, and large meat and poultry processors, this guide provides an easy, practical, and achievable three-step method for creating a food defense plan. By completing pages 13 -16 of this guide, you will have a plan specific for your operation. Emergency Guidance for Retail Food Establishments | PDF | Practical guidance for retail grocery and food service establishments to plan and respond to emergencies that create the potential for an imminent health hazard. Elements of a Functional Food Defense Plan | PDF | This information serves as guidelines for completing the food defense plan profile extension questions. FSIS Model Food Security Plans – The following plans identify the types of preventive steps that establishment operators may take to minimize the risk that their products will be subject to tampering or other malicious criminal activity: Egg Processing Facilities (Apr 2005) | PDF | Import Establishments (Apr 2005) | PDF | Meat and Poultry Processing Facilities (Apr 2005) | PDF | Meat and Poultry Slaughter Facilities (Apr 2005) | PDF | FSIS Notice 28-06, PBIS Profile Extension Instructions on Food Defense Plans for Meat and Poultry Establishments | PDF | FSIS Safety & Security Guidelines for the Transportation & Distribution of Meat, Poultry, & Egg Products | PDF | En Espanol | Chinese | Vietnamese | Korean | This brochure for the food industry provides recommendations to ensure the security of food products through all phases of the distribution process. FSIS Security Guidelines for Food Processors | PDF | En Espanol | Chinese | Vietnamese | Korean | These guidelines assist federal and state inspected plants that produce meat, poultry, and egg products in identifying ways to strengthen their biosecurity protection. Guidelines for the Disposal of Intentionally Adulterated Food Products and the Decontamination of Food Processing Facilities | PDF | This document is intended to serve as a resource guide for the U.S. Department of Agriculture's (USDA) Food Safety and Inspection Service (FSIS) and the Department of Health and Human Services' Food and Drug Administration (FDA) field personnel located in District Offices and at food processing facilities.


7



Industry Self-Assessment Checklist for Food Security | PDF | FSIS created this selfassessment instrument to provide a tool for establishments to assess the extent to which they have secured their operations. Keep America's Food Safe | PDF | En Espanol | This guidance is designed to assist transporters, warehouses, distributors, retailers, and restaurants with enhancing their security programs to further protect the food supply from contamination due to criminal or terrorist acts.


8


Banking and Finance Sector

2.0 Banking and Finance Sector 2.1 Sector Overview The Banking and Finance Sector, the backbone of the world economy, is a large and diverse sector primarily owned and operated by private entities. In 2005, the sector accounted for more than 8.1 percent of the U.S. gross domestic product. Financial services firms provide a broad array of financial products for their customers. These products: (1) allow customers to deposit funds and make payments to other parties, (2) provide credit and liquidity to customers, (3) allow customers to invest funds for both long and short periods, and (4) transfer financial risks among customers. The financial institutions that provide these services are all somewhat different, each within a specific part or parts of the financial services marketplace. Financial institutions operate to provide customers the financial products that they want, ensure the institution’s financial integrity, protect customers’ assets, and guarantee the integrity of the financial system. As such, financial institutions and financial markets that they organize manage a wide variety of financial and certain non-financial risks. In addition to the actions of financial institutions, direct financial regulation applies to many, but not all, financial services providers. The U.S. system of financial regulation is complex and exists at both the Federal and State levels. The regulatory systems for financial services firms manage and regulate various forms of risk and guard against prohibited practices. *

*



9



2.2 Professional Development Resources These links are to agencies that are government, private, and government/private partnerships. Additionally, most links are to pages that offer links to other agencies with Financial Institution security advice. American Bankers Association (ABA) – Founded in 1875 and now based in Washington, DC, the American Bankers Association represents banks of all sizes on issues of national importance for financial institutions and their customers. The ABA, on behalf of the more than two million men and women who work in the nation's banks, brings together all categories of banking institutions to best represent the interests of this rapidly changing industry. Its membership--which includes community, regional and money center banks and holding companies, as well as savings associations, trust companies, and savings banks--makes ABA the largest banking trade association in the country. Bank Security Best Practices for New York City – The New York Bankers Association (NYBA) and its members are committed to the safety of bank customers and employees. The association is also committed to working with law enforcement to help prevent bank robberies and when they occur to facilitate the timely apprehension and prosecution of criminals. As part of its efforts to ensure bank security in New York City, NYBA’s New York City Bank Security Task Force has developed these Best Practices. These guidelines, however, are not intended to be an exclusive list of the various ways in which banks in New York City can develop and implement effective safety procedures. BITS Financial Services Roundtable – BITS is a nonprofit, CEO-driven industry consortium whose members are 100 of the larges financial institutions in the United States. BITS was formed by the CEOs of these institutions to serve as the strategic “brain trust” for the financial services industry in the ecommerce, risk management, payments and technology arenas. BITS addresses emerging issues where financial services, technology and commerce intersect, acting quickly to address problems and galvanize the industry. Federal Deposit Insurance Corporation (FDIC) – An independent agency created by the Congress that maintains the stability and public confidence in the nation’s financial system by insuring deposits, examining and supervising financial institutions, and managing receiverships. FDIC Quick Links – The FDIC’s resource page contains links to FDIC Regulations, newsletter, and links to other agencies. FDIC Regulations – The FDIC offers summery version of Regulation H, which defines the bank security officer and offers insight into the Bank Secrecy Act. This link will offer an overview of the Bank Secrecy Act as well as links to other Bank Secrecy Act resources. Additional information that can be found at www.fdic.gov/regulations/examinations/bsa is relative to the Patriot Act, Terrorist Financing and the Bank Secrecy Act statute.


10



The Federal Reserve – the Federal Reserve System is the central bank of the United States. It was founded by Congress in 1913 to provide the nation with a safer, more flexible, and more stable monetary and financial system. Over the years, its role in banking and the economy has expanded. Today, the Federal Reserve’s duties fall into four general areas: Conducting the nation’s monetary policy by influencing the monetary and credit conditions in the economy in pursuit of maximum employment, stable prices, and moderate long-term interest rates. Supervising and regulating banking institutions to ensure the safety and soundness of the nation’s banking and financial system and to protect the credit rights of consumers. Maintaining the stability of the financial system and containing systemic risk that may arise in financial markets. Providing financial services to depository institutions, the U.S. government, and foreign official institutions, including playing a major role in operating the nation’s payments system. The Financial and Banking Information Infrastructure Committee (FBIIC) – FBIIC is chartered under the President's Working Group on Financial Markets, and is charged with improving coordination and communication among financial regulators, enhancing the resiliency of the financial sector, and promoting the public/private partnership. Treasury's Assistant Secretary for Financial Institutions chairs the committee. Financial Crimes Enforcement Network (FinCen) – the mission of the Financial Crimes Enforcement Network is to safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity. Bank secrecy forms and filing requirements are available at www.fincen.gov/reg_bsaforms.html. Financial Services Information Sharing and Analysis Center (FS/ISAC) – Launched in 1999, FS-ISAC was established by the financial services sector in response to 1998's Presidential Directive 63. That directive--later updated by 2003's Homeland Security Presidential Directive 7-mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure. Constantly gathering reliable and timely information from financial services providers, commercial security firms, federal, state, and local government agencies, law enforcement and other trusted resources, the FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information to your organization. This information includes analysis and recommended solutions from leading industry experts. Financial Services Sector Coordinating Council – The Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security is a group of more than 30 privatesector firms and financial trade associations that works to help reinforce the financial services sector’s resilience against terrorist attacks and other threats to the nation’s financial infrastructure. Formed in 2002, FSSCC works with the Department of Treasury, which has direct responsibility for infrastructure protection and homeland security efforts for the financial services sector, while also serving under the overall guidance of the Department for Homeland Security. ID Theft – the President’s Task Force on Identity Theft was established by Executive Order 13402 on May 10, 2006, launching a new era in the fight against identity theft. Recognizing the heavy financial and emotional toll that identity theft exacts from its victims, and the severe burden it places on the economy, President Bush called for a coordinated approach among government agencies to combat this crime.


11



Identity Theft Assistance Center (ITAC) – the Identity Theft Assistance Center is a cooperative initiative of the financial services industry to address and reduce the human and economic consequences of fraud and identity theft. Since 2004, ITAC has helped thousands of victims restore their financial identities. Interagency Guidelines Establishing Information Security Standards | PDF | This guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designing and implementing information security programs. Securities Industry and Financial Markets Association (SIFMA) – Represents the industry, which powers the global economy. Born of the merger between The Securities Industry Association and The Bond Market Association, SIFMA is the single powerful voice for strengthening markets and supporting investors the world over. Our dynamic, new organization is passionately dedicated to representing more than 650 member firms of all sizes, in all financial markets in the U.S. and around the world. We are committed to enhancing the public’s trust and confidence in the markets, delivering an efficient, enhanced member network of access and forward-looking services, as well as premiere educational resources for the professionals in our industry and the investors whom they serve. U.S. Treasury – the mission of the Department of the Treasury is to promote the conditions for prosperity and stability in the United States and encourage prosperity and stability in the rest of the world. Terrorist Financing – the Office of Terrorism and Financial Intelligence (TFI) marshals the department's intelligence and enforcement functions with the twin aims of safeguarding the financial system against illicit use and combating rogue nations, terrorist facilitators, money launderers, drug kingpins, and other national security threats.


12


Chemical Sector

3.0 Chemical Sector 3.1 Sector Overview The Chemical Sector is an integral component of the U.S. economy, employing nearly 1 million people, and earning revenues of more than $460 billion per year. The Chemical Sector can be divided into one of four main segments, based on the end product produced: (1) basic chemicals, (2) specialty chemicals, (3) life sciences, and (4) consumer products. There are well over one hundred thousand “chemical facilities” in the United States, encompassing everything from production facilities to hardware stores. The great majority of Chemical Sector facilities are privately owned, requiring DHS to work closely with the private sector and its industry associations in order to identify assets, assess risks, prioritize assets, develop and implement protective programs, and measure program effectiveness. The Chemical Sector is dependent on, depended on by, and overlaps with a wide range of other sectors including: Transportation Systems for the movement of raw materials and finished products Energy for power and feedstock materials, as well as being a customer of certain chemicals Drinking Water and Water Treatment Systems for chemical process operations and as a customer for critical chemicals Agriculture and Food as a customer for fertilizers, pesticides, and other chemicals Information Technology and Telecommunications for critical services Many other CI/KR sectors

All of these sectors are working together to ensure that their efforts support each other. *

*



13


Chemical Sector

3.2 Professional Development Resources 3.2.1 Web Links American Chemistry Council (ACC), Arlington, VA

www.americanchemistry.com www.api.org

American Petroleum Institute (API), Washington, DC Association of Oil Pipelines (AOPL), Washington, DC

www.aopl.org

Domestic Petroleum Council (DPC), Washington, DC

www.dpcusa.org

Energy Security Council (ESC), Houston, Texas

www.energysecuritycouncil.org

International Association of Drilling Contractors (IADC), Houston, Texas

www.iadc.org

Independent Petroleum Association of America (IPAA), Washington, DC

www.ipaa.org

National Ocean Industries Association (NOIA), Washington, DC

www.noia.org

National Petrochemical and Refiners Association (NPRA), Washington, DC

www.npra.org

Offshore Operators Committee (OOC), Metairie, LA

www.offshoreoperators.com www.usoga.com

US Oil and Gas Association (USOGA), Jackson, MS

www.wspa.org

Western States Petroleum Association (WSPA), Sacramento, CA United States – Natural Gas, Propane, and Other American Gas Association (AGA), Washington, DC

www.aga.org www.apga.org

American Public Gas Association (APGA), Washington, DC

www.cganet.com

Compressed Gas Association (CGA), Chantilly, VA Gas Processors Association (GPA), Tulsa, OK

www.gasprocessors.com

Interstate Natural Gas Association of America (INGAA), Washington, DC

www.ingaa.org

National Propane Gas Association (NPGA), Washington, DC

www.npga.org

United States – Retail National Association of Convenience Stores (NACS), Alexandria, VA Petroleum Marketers Association of America (PMAA), Arlington, VA


www.nacsonline.com www.pmaa.org

14


Chemical Sector

Society of Independent Gasoline Marketers of America (SIGMA), Reston, VA

www.sigma.org

United States – Transportation www.ilta.org

Independent Liquid Terminals Association (ILTA), Washington, DC National Tank Truck Carriers (NTTC), Alexandria, VA

www.tanktruck.netl

United States – Other American Society of Mechanical Engineers (ASME)

www.asme.org www.iso.org

International Organization for Standardization (ISO), Geneva, Switzerland

www.nma.org

National Mining Association (NMA), Washington, DC Canada Canadian Association of Petroleum Producers (CAPP), Calgary, Alberta

www.capp.ca www.cepa.com

Canadian Energy Pipeline Association (CEPA), Calgary, Alberta

www.cga.ca

Canadian Gas Association (CGA), Ottawa, Ontario

www.tc.gc.ca

Transport Canada (TC), Ottawa, Ontario

3.2.2 Government Agencies / Resources Central Intelligence Agency – The World Factbook Coast Guard (USCG) – HomePort Customs and Border Protection (CBP): Customs Trade Partnership Against Terrorism Program (C-TPAT) Frequent Traveler Programs Department of Energy (DOE) – Energy Sources Department of Homeland Security (DHS): Buffer Zone Protection Program (BZPP) | PDF | Critical Infrastructure Partnership Advisory Council (CIPAC) Homeland Security Information Network (HSIN)


15


Chemical Sector

Homeland Security Operations Center (HSOC) National Infrastructure Advisory Council (NIAC) National Infrastructure Protection Plan (NIPP) National Response Plan (NRP) Department of Transportation (DOT): Maritime Administration Pipeline and Hazardous Materials Safety Administration National Pipeline Mapping System Office of Hazardous Materials Safety Office of Pipeline Safety Energy Information Administration (EIA) - Energy Security Environmental Protection Agency (EPA) Federal Bureau of Investigation (FBI): Infragard Program Internet Crime Complaint Center (ICCC) Houston Private Sector Information Sharing Joint Terrorism Task Force Los Angeles Private Sector Information Sharing National Petroleum Council (NPC), Washington, DC Overseas Security Advisory Council (OSAC), Washington, DC Transportation Security Administration (TSA) – Pipeline Security Division Canada – Government Agencies/Resources Canadian Security Intelligence Service, Ottawa, ON Natural Resources Canada Royal Canadian Mounted Police (RCMP)


16


Chemical Sector

3.2.3 Publications and Misc. Resources Industry / Association American Chemistry Council (ACC), Responsible Care Security Code American Petroleum Institute (API): Security Guidelines for the Petroleum Industry | PDF | American Petroleum Institute (API) / National Petrochemical and Refiners Association (NPRA): NPRA Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries | PDF | ASTM International Standards The Illuminating Engineering Society of North America (IESNA) – IESNA Lighting Handbook National Fire Protection Association (NFPA): NFPA 730 – Guide for Premises Security NFPA 731 – Standard for the Installation of Electronic Premises Security Systems U.S. Government Chemical Facility Anti-Terrorism Standards (CFATS) – 6 CFR Part 27 (DHS) Department of Transportation (DOT) – 49 CFR: Hazardous Materials Security Liquefied Natural Gas Facilities: Federal Safety Standards – 49 CFR Part 193 Subpart J Protection of Security Sensitive Information (SSI) –49 CFR Part 1520 Maritime Transportation Security Act (MTSA) – 33 CFR: Part 101 – General Provisions Part 103 – Area Maritime Security Part 104 – Vessel Security Part 105 – Facility Security


17


Chemical Sector

National Archives and Records Administration (NARA) – Code of Federal Regulations Protection of Information Critical Energy Infrastructure Information (CEII) Navigation and Inspection Circular (NVIC) 10-04: Guidelines for Handling Security Sensitive Information (SSI) | PDF | Protected Critical Infrastructure Information Program (PCII) Protection of Sensitive Security Information – 49 CFR Part 1520 USCG, Sensitive Security Information (SSI) Regulation FAQ | PDF | Rail Security Rail Transportation Security, DHS Proposed Rule – 49 CFR Parts 1520 and 1580 Surface Transportation and Rail Security Act of 2007 | PDF | Transportation Worker Identification Credential (TWIC) – 49 CFR Parts 10, 12, and 15 - USCG


18


Commercial Facilities Sector

4.0 Commercial Facilities Sector 4.1 Sector Overview Facilities associated with the Commercial Facilities Sector operate on the principle of open public access, meaning that the general public can move freely throughout these facilities without the deterrent of highly visible security barriers. The majority of the facilities in this sector are owned and operated by the private sector, with minimal interaction with the Federal Government and other regulatory entities. For the most part, commercial facility owners and operators must be responsible for assessing and mitigating their specific facility vulnerabilities and practicing prudent risk management and mitigation measures. The Commercial Facilities Sector consists of the following eight subsectors: 1. Public Assembly (e.g., arenas, stadiums, aquariums, zoos, convention centers); 2. Sports Leagues (e.g., professional sports leagues and federations); 3. Resorts (e.g., casinos); 4. Lodging (e.g., hotels, motels, conference centers); 5. Outdoor events (e.g., theme and amusement parks, fairs, campgrounds, parades); 6. Entertainment and Media (e.g., motion picture studios, broadcast media); 7. Real Estate (e.g., office and apartment buildings, condominiums, self-storage); and 8. Retail (e.g., retail centers and districts, shopping malls). *

*



19



4.2 Professional Development Resources 4.2.1 Guides, Resources, and Documents by Organization Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks (NIOSH) Risk Management Guidance for Health, Safety, and Environmental Security under Extraordinary Incidents (ASHRAE) A Guide to Strengthen Emergency Management of High-Rise and High-Risk Buildings (Ontario Fire Marshal) Security and Safety in Los Angeles High-Rise Buildings After 9/11 (RAND) FEMA: Risk Management Series: 426: Reference Manual to Mitigate Potential Terrorist Attacks against Buildings 427: Primer for Design of Commercial Buildings to mitigate terrorist attacks 429: Insurance, Finance and Regulation primer for terrorism risk management in buildings E155: Building Design for Homeland Security, Student manual Comparison of structural performance of multi-story buildings under extreme events (American Institute of Steel Construction, Inc.) Evacuation Planning for Occupants with Disability (National Research Council Canada) Precautions to minimize effects of a Chemical, Biological, Radiological or Nuclear Event on Buildings and Infrastructure: (Office of Deputy Prime Minister, UK) Task Force on Tall Buildings: The Future. (Council on Tall Buildings and Urban Habitat) Suspicious Package Response Planning Guide: (Solicitor General Canada) Protecting Buildings from a Biological or Chemical Attack: Actions to be taken before or during a release DoD Minimum Anti-Terrorism Standards for Buildings: Unified Facilities Criteria: Dept. of Defense Building Air Quality: A Guide for Property Owners and Facility Owners: CDC Facilities Standard for the Public Buildings Service Balancing Security and Openness: General Services Administration


20



Sustainable Building Technical Manual: Green Building Design, Construction and Operations, EPA Guide to Threat and Risk Assessment Involving On-Site Physical Security Examination: RCMP Strategic National Guidance: The Decontamination of Buildings and Infrastructure Exposed to Chemical, Biological, Radiological, or Nuclear (CBRN) substances or material: Office of the Deputy Prime Minister: UK.

4.2.2 Web links American Hotel & Lodging Association ASIS International Commercial Real Estate Council

www.ahla.com www.asisonline.org/councils/CRE.xml

Building Owners and Managers Association International Building Security Council

www.boma.org www.buildingsecuritycouncil.org

Construction Specifications Institutes (CSI)

www.csinet.org

Council on Tall Buildings and Urban Habitat

www.ctbuh.org

FacilitiesNet

www.facilitiesnet.com

International Council of Shopping Centers

www.icsc.org

International Facility Management Association (IFMA)

www.ifma.org

National Apartment Association

www.naahq.org

National Association of Industrial and Office Properties

www.naiop.org

National Association of Realtors National Fire Protection Association (NFPA)

www.realtor.org/commercial www.nfpa.org

National Multi Housing Council

www.nmhc.org

The Real Estate ISAC

www.reisac.org

The Real Estate Roundtable

www.rer.org

4.2.3 Security Management Articles (month, year, page) Spotlight on Security for Real Estate Managers, Second Edition (Book Review). March 2006, 112. The Challenge of Making Safer Structures. March 2005, 42. High Rise Security and Fire Life Safety, Second Edition (Book Review). July 2004, 144. Kilroy Has Left the Building (Working Wise) [Penn Plaza, New York]. June 2004, 31.


21



Take the Guesswork Out of Guest Control. June 2003, 60. Make Planning a Priority. May 2003, 71. Emergency Preparedness (Book Review). Dec 2002, 124. Los Angeles Tackles High-Rise Security (News and Trends). Sept 2002, 20. A New Forum for Security. June 2002, 71. The Jewel in the Crown [Crown Center Plaza, Kansas City, MO]. Sept 2000, 108. Condo Can Do [Capri Gardens Condominium Association, Miami, FL]. Jan 2000, 68. Tenants Anyone? (Spotlight). April 1999, 15. Security Planning Guidebook: Safeguarding Your Tenants and Property (Book Review). Aug 1996, 118. Building Security Relationships. July 1996, 103. Taking Life Safety to New Heights (Amoco Building, Chicago, IL). June 1996, 40.

4.2.4 Books Archibald, R., & Medby, J. Security and Safety in Los Angeles High-rise Buildings After 9/11. Santa Monica, CA: Rand Corporation, 2002. This analysis, commissioned by the Building Owners and Managers Association of Greater Los Angeles, includes Key Considerations for Building Security; Learning from Three Case Studies; Key Resource Guide on High-Rise Building and Multi-Tenant Security. December 2006, ASIS International . Planning Considerations for High-Rise Buildings; Potential Roles for Government; and Recommendations for Los Angeles. Azano, Harry J. Fire Safety and Security for High-Rise Buildings. Crete, IL: Abbott, Langer & Associates, 1995. TH/9445/H63A99/1995. Available to borrow from the ASIS Resources Center. Contents: 1) Recent high-rise disasters; 2) The challenge of high-rise buildings; 3) The role of the security force; 4) Understanding fire; 5) Attacking fire; 6) Sprinkler and standpipe systems; 7) Fire extinguishers and fixed systems; 8) Fire alarm systems; 9) The threat of arson and bombs; 10) High-rise safety program; Conclusion. Craighead, Geoff. High-Rise Security and Fire Life Safety, 2nd Ed. Woburn, MA: Butterworth-Heinemann, 2003. TH/9445/H63C88/2003. Available for purchase from the ASIS Online Bookstore. Includes how to conduct security and fire life safety surveys, effectively manage security programs, and prepare for high-rise emergencies. This new edition includes an analysis of the September 11, 2001, attacks on, and the collapse of, the Word Trade Center towers. Topics include high-rise building


22



development and utilization, building emergency planning; laws, codes, and standards; liaison with law enforcement and fire authorities; high-rise assets; and security and fire life safety threats. DoD Minimum Anti-Terrorism Standards for Buildings: Washington, DC: Department of Defense, 2003.

Unified

Facilities

Criteria.

This document seeks to minimize the likelihood of mass casualties from attacks against DoD personnel in the buildings in which they work and live. Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biological, or Radiological Attacks. Washington, DC. National Institute for Occupational Safety and Health, 2003. This document provides detailed, comprehensive information on selecting and using filtration and aircleaning systems in an efficient and cost-effective manner. Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks. Washington, DC: National Institute for Occupational Safety and Health, 2002. Prevention is the cornerstone of public and occupational health. This document provides preventive measures that building owners and managers can implement promptly to protect building air environments from a terrorist release of chemical, biological, or radiological contaminants. A Guide to Emergency Evacuation Procedures for Employees with Disabilities. Sacramento, CA: State of California, 1999. Prepared by the Emergency Response Task Force and the California Highway Patrol for the State of California, State Personnel Board, Statewide Disability Advisory Council. Fennelly, Lawrence J., Handbook of Loss Prevention and Crime Prevention, 4th Ed. New York: Butterworth-Heinemann, 2004. HV/8290/H23/2004. This revised volume brings together the expertise of more than 40 security and crime prevention experts who provide practical information and advice. This new edition covering the latest on topics ranging from community-oriented policing to physical security, workplace violence, information security, homeland security, and a host of special topics. See pp. 370-387 for Chapter 25, “High-Rise Security and Fire Life Safety” and Chapter 26, “Multiresidential Security.” Fennelly, Lawrence J,. Spotlight on Security for Real Estate Managers. Chicago, IL: Institute for Real Estate Management, 2005. HV/8290/F33/2005. The goal of this book is to help real estate managers understand the issues that form the basis of liability claims and provide some tools than can be used to minimize the likelihood of crime occurring on the properties they manage and be prepared to deal with the consequences in the event a crime occurs at or near their property. The information here will assist the real estate manager in evaluating the security needs of a property and identifying security measures that will meet those needs within the available budget. While some chapters focus on a single property type, most of the strategies presented in the text can be adapted of considered for all types of properties.


23



Kitteringham, Glen. Security and Life Safety for the Commercial High-Rise. Alexandria, VA: ASIS International, 2006. TH/9445/H6K62/2006. Since September 11, 2001, the high-rise industry has been reviewing security and life safety procedures and practices and taking steps to improve security based on building size and importance, geographic location, potential risk to occupants, and risk of attacks. The risk assessment guidelines presented in this book are oriented toward protection of a site's personnel and physical assets. They would also generally apply to protection of computer data, hardware, and software. The security guidance discussed in this book will assist individual companies to assess their properties and determine how best to protect their assets. Ontario Office of the Fire Marshal. A Guide to Strengthen Emergency Management of High-Rise and High- Risk Buildings, Ontario, Canada: Ontario Office of the Fire Marshal, 2002. This guide has been developed as part of the provincial government's commitment to improve Ontario's emergency preparedness and to help owners and operators of large buildings improve occupant safety and security. Protection of Assets Manual. ASIS International, Alexandria, VA. 2004 (with revisions and updates), Volume 4, Chapter 1, pp. 1-35. HV/8290/P975/VOL 4. This comprehensive source covers all aspects of security including access control, training, employee awareness, internal and external theft and fraud, security and civil law, investigations, ethics, alcohol and drug abuse, and more. All business managers and protection professionals with an assets protection responsibility will find this information pertinent in each subject area, and helpful in effectively tackling critical security issues and organizing special research projects. This manual also serves as a central library reference for students pursuing a program in security or assets protection. Risk Management Series: Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks. Washington, DC, Federal Emergency Management Agency, Washington, DC, 2003. This primer introduces a series of concepts that can help building designers, owners, and State and local governments mitigate the threat of hazards resulting from terrorist attacks on new buildings. FEMA 427 specifically addresses four high-population, private-sector building types: commercial office, retail, multifamily residential, and light industrial. This manual contains extensive qualitative design guidance for limiting or mitigating the effects of terrorist attacks, focusing primarily on explosions, but also addressing chemical, biological, and radiological attacks. Sampson, Rana. Drug Dealing in Privately Owned Apartment Complexes. ProblemOriented Guides for Police: Problem-Specific Guides Series, No. 4. Washington, DC: Department of Justice, 2006. This guide focuses on drug dealing in privately owned apartment complexes. The guide makes a clear distinction between open- and closed-drug markets, provides information on what is known about each market type, and provides questions to ask when analyzing each market. It also proposes various responses designed to closed-drug markets and provides a full range of problem-specific measures to determine the effectiveness of those responses.


24



Security Planning Guidebook: Safeguarding your Tenants and Property. Washington, DC: Building Owners and Managers Association International, 1995. HV/7431/S42/1995. Available to borrow from the ASIS Resources Center. Contents: Introduction; Security incidents; Evaluating your security needs; In-house vs. contract security? Working with police, fire dept and others; Tenant communications; Liability and insurance issues; Developing a security and safety communication plan; Putting the plan into action; Appendices: sample plan, crisis communications plan, bomb threats.

4.2.5 Videotapes/DVD: Emergency Response: Life Safety and Evacuation [videotape: 20 min.]. Emotion Pictures, LLC. 2002. VHS//E543/2002. Demonstrates what the person in charge of life safety for building occupants needs to know, and how to conduct a thorough and complete evacuation. Includes interactions with emergency responders, practicing the plan and ensuring that building occupants understand it, checking life safety systems and exit paths, and more. Also includes a 26-page Instructor's Guide. High-rise Evacuation [videotape: 22 min.]. Quincy, MA: National Fire Protection Association, 2002. VHS//H638/2002. Includes a 12-page instructor's pamphlet. This program is intended to be used regularly as part of a complete evacuation training course that includes a review of building emergency plans. It emphasizes the important role people can take in ensuring fire safety in high rises and in their ability to evacuate safely if fire occurs. The film presents safety features of high-rise buildings and how they contribute to safe evacuation in a fire emergency. The narrator gives the viewer a tour through the building, demonstrating its potential to contain a fire and limit its spread. Because a fire safety plan is dependent upon proper human response, a fire emergency scenario is presented, in which a good plan is carried out quickly and correctly. Lessons From Ground Zero: Evacuation [videotape: 23 min.]. Virginia Beach, VA: Coastal Human Resources, 2002. VHS//L641/2002. This video is the first part of a Lessons From Ground Zero training documentary. It provides first-hand accounts from those who experienced the World Trade Center evacuations on February 26, 1993 and September 11, 2001. It shows how critical changes implemented after the 1993 bombing expedited the evacuation on September 11th and highlights the importance of evacuation plans and fire drills, proper use of fire extinguishers, and necessity of working radios, operational flashlights, fully stocked first aid kits and accurate building maps.

4.2.6 Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS): Building a National Response Plan (2005) Session ID: S10 Participants: Carlos Villarreal (speaker), Geoffrey T Craighead, CPP (moderator) Large companies that have many locations across the United States must have a robust and flexible plan in place to prevent, respond to, and recover from an incident. This session details what one commercial real estate company did to create a national response plan to critical incidents. Hear how the program got started, how it was implemented and tested, and how it is being maintained. Examples of emergency plans, monitoring systems, and notifications protocols will be given.


25



CPTED & Security in the Commercial High-Rise (2004) Session ID: S37 Participants: Glen W Kitteringham, CPP (speaker), William J McShane, CPP (moderator) Security basics are covered including a discussion of policies and procedures, an examination of the physical facilities (3 buildings), a discussion of building residents and users, and a CPTED review and analysis of three specific areas of study within the properties. The First 90 Days After 9/11 (2002) Session ID: S71 Participants: Mark E Raybould, CPP (speaker), Mark T Wright (speaker), Charles J Mattes, CPP (speaker) Hear first-hand from four security professionals who have direct responsibilities for billion dollar assets in major markets like New York Chicago Los Angeles and Houston what immediate challenges they faced and the escalation strategies they implemented during the first 90 days following 9/11 and beyond to protect lives and buildings. You will walk away with valuable and practical information to help you manage facilities after catastrophic events. High-Rise Environments - Protection and Survivability (2002) Session ID: S23 Participants: Phillip Banks, CPP (speaker), Arik S Garber, CPP (moderator), The aftermath of the terrorist events of September 2001 as well as the continuing nation-wide threat environment has resulted in a demand for increased high-rise building security and safety planning. This response includes among other things increased screening of tenants and visitors as well as deliveries coming into the building and advanced emergency planning and preparedness. This session highlights methodologies that will increase your level of survivability from a terrorist attack or a naturally occurring disaster. High Rise Fire - Lessons Learned in Chicago (2004) Session ID: S6 Participants: Carlos Villarreal (speaker), Nancy A. Renfroe, CPP (moderator) This session is two-fold. First, there is a review of the tragic fire that occurred in a downtown Chicago high-rise office building, taking six lives. Then, the next section teaches how to take training to a higher awareness. There is a discussion of new methods to better train personnel to handle fire conditions and what type of fire safety training really works for building occupants. Detailed fire safety presentations do not always communicate the right message. High Rise Fire Simulations: Moving Beyond Fire Drills (2004) Event: 50th Annual Seminar Session ID: S23 Participants: Steve Cichon (speaker), Charles K Hutchinson (speaker), Michael Crocker, CPP (moderator) The theme of this presentation is high-rise fire safety. This training moves beyond the conventional fire drill to a new training platform. This is a simulation conducted in real buildings in a training platform. This includes a zero visibility environment with a building in fire mode. Responders must use building systems and equipment, elevator and fire panel operations, and traffic management. The fire simulation tests all levels of the responder abilities. This presentation is an overview of a highly intense training format that brings together the private and public sector in a unique cross-training environment. Securing an Office Building (2003) Session ID: S24 Participants: Mark E Raybould, CPP (speaker), Louis G Caravelli, CPP (speaker), Carlos Villarreal (moderator)


26



Learn what best practices are being used to address the new threat issues everyone in commercial real estate security is facing. This session will review past standards and discuss the new way of securing an office building. Issues including threat levels, access control systems, CCTV coverage, emergency planning and staffing will be discussed in great detail. Best practices on how to build and review your building's plan also will be discussed during this every informative program. Security and Safety Concerns: High Rise Buildings After 9/11 (2003) Session ID: S32 Participants: Robert A Cizmadia, CPP (speaker), Robert L Pearson (moderator) The density of populations and high-rise buildings within our cities provides the motivation for considering the assessment of security and safety of these architectural wonders. This presentation is targeted towards security and facility managers, property owners, tenants, and architects of such buildings. The content of this presentation will focus on taking an integrated approach in addressing security of high-rise buildings from a security management operational administrative technological and educational awareness perspective.


27


Dams Sector

5.0 Dams Sector 5.1 Sector Overview The Dams Sector encompasses major infrastructure assets that harness the water resources of the Nation and enable water management, balancing droughts and floods throughout the U.S. These dams, locks, pumping plants, canals, and levees provide water supply, power generation, navigable waterways, flood protection, and unique environmental stability and enhancement to habitats across the country. Ten percent of American cropland is irrigated using water stored behind dams. Hydropower facilities generate more than 60 percent of the electricity used along the Pacific coast. More than 12,000 miles of navigable waterways in the U.S. provide routes for transportation of mass quantities of commodities within the country and more than $70 billion worth of cargo is shipped along the waterways annually. There are approximately 78,000 dams included in the National Inventory of Dams, and almost 60 percent of them are privately owned. The Dams Sector has interdependencies with a wide range of other sectors, including: The Agriculture and Food Sector as a continued source of water for irrigation and water management The Transportation Systems Sector uses dams and locks to manage navigable waters throughout inland waterways The Drinking Water and Water Treatment Systems Sector by supplying potable water to concentrated populations and commercial facilities in the U.S. The Energy Sector by providing approximately 8 to 12 percent of the Nation’s power needs with hydropower dams The Emergency Services Sector relies on Dams Sector assets for firefighting water supply, emergency water supply, and waterborne access in the event of a significant disaster *

*



28


Dams Sector

5.2 Professional Development Resources American National Standards Institute-Homeland Security Standards Panel (ANSI-HSSP) – ANSI-HSSP has as its mission to identify existing consensus standards, or, if none exist, assist the Department of Homeland Security (DHS) and those sectors requesting assistance to accelerate development and adoption of consensus standards critical to homeland security. The ANSI-HSSP promotes a positive, cooperative partnership between the public and private sectors in order to meet the needs of the nation in this critical area. American Public Works Association (APWA) – An international educational and professional association of public agencies, private sector companies, and individuals dedicated to providing high quality public works goods and services. Association of State Dam Safety Officials (ASDSO) – A national non-profit organization of state and federal dam safety regulators, dam owners and operators, engineering consultants, manufacturers and suppliers, academia, contractors and others interested in dams safety. Our vision is to lead the US dam safety community with a strong, unified voice and effective programs and policies toward the furtherance of dam safety. Dam Safety Program Management Tools (DSPMT) – The purpose of the DSPMT is to provide dam safety program managers with the answers to the following questions: How well are our dam safety programs being implemented? Are we doing too much in some areas and not enough in others? Are we spending our scarce resources in the right places? Are we improving? Earthquake Engineering Research Institute (EERI) – A national, nonprofit, technical society of engineers, geoscientists, architects, planners, public officials, and social scientists. EERI members include researchers, practicing professionals, educators, government officials, and building code regulators. Electric Power Research Institute (EPRI) – With major locations in Palo Alto, California; Charlotte, North Carolina; and Knoxville, Tennessee, was established in 1973 as an independent, nonprofit center for public interest energy and environmental research. EPRI brings together members, participants, the Institute's scientists and engineers, and other leading experts to work collaboratively on solutions to the challenges of electric power. These solutions span nearly every area of electricity generation, delivery, and use, including health, safety, and environment. EPRI's members represent over 90 percent of the electricity generated in the United States. International participation represents nearly 15 percent of EPRI's total research, development, and demonstration program. (Membership required) Federal Bureau of Investigation (FBI) – Our mission is to help protect you, your communities, and your businesses from the most dangerous threats facing our nation—from international and domestic


29


Dams Sector

terrorists to spies on U.S. soil…from cyber villains to corrupt government officials…from mobsters to violent gangs…from child predators to serial killers. Learn more here about our work with law enforcement and intelligence partners across the country and around the globe. Federal Emergency Management Administration (FEMA), National Dam Safety Program – Although the Federal Government owns or regulates only about 5 percent of the dams in the United States, many of these dams are significant in terms of size, function, benefit to the public, and hazard potential. Since the implementation of the Federal Guidelines for Dam Safety in 1979, the federal agencies have done an exemplary job in ensuring the safety of dams within their jurisdiction. They accomplish this by sharing resources whenever and wherever possible to achieve results and improvements in dam safety. Many of the federal agencies also maintain very comprehensive research and development programs and training programs, and have now incorporated security considerations and requirements into these programs to protect their dams against terrorist threats. National Dam Safety Review Board – The Review Board provides the Director of FEMA with advice in setting national dam safety priorities and considers the effects of national policy issues affecting dam safety. Review Board members include FEMA, the Chair of the Board, and representatives from four federal agencies that serve on the Interagency Committee on Dam Safety (ICODS), five state dam safety officials, and one member from the private sector. Interagency Committee on Dam Safety (ICODS) – Established in 1980, encourages the establishment and maintenance of effective federal programs, policies, and guidelines to enhance dam safety and security. ICODS serves as the permanent forum for the coordination of federal activities in dam safety and security. FEMA also chairs ICODS. ICODS Agencies: Department of Agriculture Agricultural Research Service Natural Resources Conservation Service Forest Service Department of Defense, Army Corps of Engineers Department of Energy Department of the Interior Bureau of Indian Affairs Bureau of Land Management Bureau of Reclamation Fish and Wildlife Service National Park Service Department of Labor, Mine Safety and Health Administration Federal Energy Regulatory Commission Department of State, International Boundary and Water Commission Nuclear Regulatory Commission Tennessee Valley Authority


30


Dams Sector

Federal Energy Regulatory Commission (FERC) – Hydropower – The Commission's responsibilities include: Issuance of licenses for the construction of a new project; Issuance of licenses for the continuance of an existing project (relicensing); and Oversight of all ongoing project operations, including dam safety inspections and environmental monitoring. Homeland Security Information Center (HSIC) – The Homeland Security Information Center at NTIS is an invaluable resource for scientific and technical information from the U.S. Government, its contractors, and complementary material from international sources. The HSIC is categorized into these major security concerns: health & medicine, food & agriculture, bio and chemical warfare, preparedness and response, and safety training. Products are available in a variety of formats: electronic download, online access, computer products, multimedia, microfiche, and paper. International Association of Emergency Managers (IAEM) – The International Association of Emergency Managers (IAEM) is a non-profit educational organization dedicated to promoting the goals of saving lives and protecting property during emergencies and disasters. The International Journal on Hydropower and Dams – A bi-monthly publication, read in 176 countries, dealing with all technical, environmental, social and economic aspects of hydro plants and multipurpose water resources development projects. It combines business news with state-of-the-art technology. Each issue has a regional focus, and special technical themes of interest to engineers in all the related disciplines. National Emergency Management Association (NEMA) – NEMA is the professional association of and for state emergency management directors. National Hydropower Association (NHA) – The National Hydropower Association, founded in 1983, is the only trade association in the United States dedicated exclusively to advancing the interests of hydropower energy in North America. Located in Washington, D.C., NHA is a member-driven association that accomplishes its policy work and outreach through the initiatives of its standing committees. National Performance of Dams Program – Formally launched in 1994, the NPDP is an effort to establish within the dam engineering and safety community the ability to learn from the in-service performance of dams, supporting improvements in dam design, operation, engineering, and public policy. National Society of Professional Engineers (NSPE) – The National Society of Professional Engineers (NSPE) is the recognized voice and advocate of licensed Professional Engineers. Founded in 1934, NSPE strengthens the engineering profession by promoting engineering licensure and ethics, enhancing the engineer image, advocating and protecting PEs' legal rights at the national and state levels, publishing news of the profession, providing continuing education opportunities, and much more. NSPE serves some 50,000 members and the public through 53 state and territorial societies and more than 500 chapters. Sandia National Laboratories, Security Risk Assessment Methodology for Dams (RAM-D) – Developed by Sandia National Laboratories for the Interagency Forum for Infrastructure Protection (IFIP). The IFIP is a consortium chartered in 1997 to promote information exchange among dam owners and operators for the focused purpose of identifying effective means of countering the potential threat to the security of our nation's more than 75,000 dams. The RAM-DSM is an adaptation of the security


31


Dams Sector

principles, processes, and procedures developed to protect nuclear materials. The RAM-DSM includes tools developed to address issues that are specific to dam facilities. Security Management Solutions (SMS) – Dam Assessment Matrix for Security and Vulnerability Risk (DAMSVR) methodology was developed under the direction of FERC. SMS was contracted to pull together existing methodologies from FERC and Bureau of Reclamation, develop a new methodology, and field test the product. Since the completion of the process, SMS has developed a full range of training to support DAMSVR studies. The Infrastructure Security Partnership (TISP) – A national public-private partnership, TISP is the recognized leader promoting collaboration to improve the resilience of the nation's critical infrastructure against the adverse impacts of natural and man-made disasters. U.S. Army Corps of Engineers, Institute for Water Resources (IWR) – IWR was established to provide the U.S. Army Corps of Engineers with forward-looking insights and analyses on emerging national water resources issues Risk Assessment Methodology for Dams (RAM-D) – The Corps has been integrally involved in the creation and implementation of this unique assessment tool designed to help operators of dams, hydroelectric facilities, and power plants make their sites less attractive targets to terrorists. RAM-D helps operators identify who might attack a facility, what resources they might have available, and what steps might be taken to prevent an attack. Operators can use RAM-D to determine where to place sensors, cameras, or lights, or whether to invest in walls, barriers, higher fences, better doors, extra training, or improved policies. The Corps is working to improve the use of RAM-D, while also evaluating other tools and concepts to improve risk assessment efforts and reduce vulnerabilities. U.S. Coast Guard (USCG) – a military, multi-mission, maritime service and one of the nation’s five Armed Services. Its mission is to protect the public, the environment, and U.S. economic interests in the nation’s ports and waterways, along the coast, on international waters, or in any maritime region as required to support national security. U.S. Department of Agriculture (USDA), USDA Dam Safety Committee (USDADSC) – Establishment is in the public's interest in that it will strengthen dam safety efforts in the Department and support the Executive Branch in the implementation of the "Federal Guidelines for Dam Safety." U.S. Department of Energy (DOE), Infrastructure Security and Energy Restoration (ISER) – A division of the DOE’s Office of Electricity Delivery and Energy Reliability leads the federal government's effort to ensure a robust, secure, and reliable energy infrastructure. United States Society on Dams (USSD) – To be the nation's leading organization of professionals dedicated to advancing the role of dams for the benefit of society. USSD is dedicated to: Advancing the knowledge of dam engineering, construction, planning, operation, performance, rehabilitation, decommissioning, maintenance, security, and safety; Fostering dam technology for socially, environmentally, and financially sustainable water resources systems;


32


Dams Sector

Providing public awareness of the role of dams in the management of the nation's water resources; Enhancing practices to meet current and future challenges on dams; and Representing the United States as an active member of the International Commission on Large Dams (ICOLD).


33


Defense Industrial Base Sector

6.0 Defense Industrial Base Sector 6.1 Sector Overview The Defense Production Act of 1950, Executive Order 12919, and Department of Defense (DOD) Directive 5000.60 are all focused primarily on ensuring adequate industrial capacity for national security. Presidential Decision Directive 63 identified national defense as a special function of interest in the context of critical infrastructure protection in 1998. The July 2002 National Strategy for Homeland Security, the February 2003 National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, and HSPD-7 identify the Defense Industrial Base (DIB) as a critical infrastructure sector and assign the responsibility for ensuring DIB functionality to the DOD. The DIB Sector includes DOD, government, and the private sector worldwide industrial complex with the capabilities of performing research and development, design, production, and maintenance of military weapons systems, subsystems, components, or parts to meet military requirements. The DIB Sector includes more than 100,000 companies and their subcontractors who perform under contract to DOD, and companies providing incidental materials and services to DOD, as well as government-owned/ contractor-operated and government-owned/ government-operated facilities. DIB companies include domestic and foreign entities, some with operations located in many countries. The DIB Sector is dependent upon a number of other sectors, including Energy, Telecommunications, and Transportation Systems. The DIB Sector provides defense-related products and services that are essential to mobilize, deploy, and sustain military operations. The DIB Sector does not include commercial infrastructure that provides power, communications, transportation, and other utilities that DOD war fighters and support organizations use to meet their operational needs. These activities, including cyber, are addressed to DOD’s broader Defense Critical Infrastructure Program (DCIP) and are integrated in all DIB Sector activities. *

*



34



6.2 Professional Development Resources The following are some typical contact elements for professional security associations and working groups with common interests in the National Industrial Security Program, Defense Department, Intelligence Community and National Security topics. This list is only a sampling. There are many other resources and security associations that may also be of benefit.

ASIS International – With more than 34,000 members, ASIS is the largest international organization for professionals responsible for security, including managers and directors of security. In addition, corporate executives and other management personnel, as well as consultants, architects, attorneys, and federal, state, and local law enforcement, are becoming involved with ASIS to better understand the constant changes in security issues and solutions. ASIS is dedicated to increasing the effectiveness and productivity of security practices by developing educational programs and materials that address broad security concerns, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. By providing members and the security community with access to a full range of programs and services, and by publishing the only monthly magazine focused strictly on the issues and concerns of security, Security Management, ASIS leads the way for advanced and improved security performance. Annual Membership Fee: $150.00 Central Florida Industrial Security Awareness Council – Good source for automated information systems security plans and links to Defense Security Service and FSO topics. Annual Membership Fee: None Chief Security Officer (CSO) – A resource for security executives. Annual Membership Fee: None Extranet for Security Professionals (XSP) – An ‘on-line’ tool for security professionals to collaborative and discuss issues of common interest. All information is 128 bit encrypted and the XSP operated at a “FOR OFFICIAL USE ONLY” level. Registration is limited to individuals who hold at least a Secret security clearance. Although no classified information may be placed on the network, everyone with access to the network is a cleared individual. Some useful features include a collaboration realm where questions may be posed to and answered by the XSP community, posting of the latest versions of government regulations, manuals, and forms, a bulletin board for job posting, recruiting, equipment sharing, and general items of interest, and a calendar of security related events. Annual Membership Fee: None Homeland Security Information Network (HSIN) – Critical Infrastructure Pilot. Annual Membership Fee: None Industrial Security Working Group (ISWG) – Separate community on OPMIS/XSP. A working group of industrial security directors and mangers involved with SCI programs and the Intelligence Community. ISWG collaborates and directly interacts with IC agencies establishing national security


35



policies and directives. Meetings always include the most senior level government security directors from all IC agencies. Minimum access requirement for participation is TS/SI/TK. Participants are typically the Security Directors or most senior security officials from companies working on IC contracts. Meetings are held at a classified level. National ISWG meetings alternate between East Coast and West Coast companies with facilities large enough to host gatherings of 200-300 attendees. Annual Membership Fee: None National Classification Management Society (NCMS) – NCMS was founded in 1964 by a group of government & industry security classification managers and administrators recognizing the importance of establishing a national scope society to advance the practice of Classification Management as a profession. Today, the Society has nearly 2,000 members in the United States and overseas including representatives from NATO countries. Within the U.S., members come from the Department of Energy, Department of Defense, Department of State, National Aeronautics and Space Administration, Federal Bureau of Investigation, National Security Agency, General Accounting Office--virtually every Federal agency that deals with classification--and from the civilian contractors who work with these agencies. As the Society has grown over the years, its focus has also expanded. NCMS now provides professional development for its members in the field of classification management, information security, personnel security, computer security, operations security (OPSEC), facility security, and technology security. Annual Membership Fee: $60.00


36


Drinking Water and Water Treatment Sector

7.0 Drinking Water and Water Treatment Sector 7.1 Sector Overview HSPD-7 designates the Environmental Protection Agency (EPA) as the Federal lead for the Drinking Water and Water Treatment Systems (Water) Sector’s critical infrastructure protection activities. All activities are carried out in consultation with DHS and the EPA’s Water Sector partners. The Water Sector includes both drinking water and wastewater utilities. There are approximately 160,000 public drinking water systems and more than 16,000 wastewater systems in the United States. Approximately 84 percent of the U.S. population receives their drinking water from these systems and more than 75 percent of the U.S. population has its sanitary sewage treated by these wastewater systems. In collaboration with the entire Water Sector, a broad-based strategy to address the security needs is being implemented. This work includes, but is not limited to, providing support to utilities by preparing vulnerability assessment and emergency response tools, providing technical and financial assistance, and exchanging information. *

*



37



7.2 Professional Development Resources This CIWG resource listing is intended to serve the water and wastewater infrastructures. The list is a directory that can be utilized as a resource in matters relevant to critical infrastructure protection (CIP), disaster preparedness and resilience, and continuity of operations. This resource represents an initial effort to compartmentalize essential CIP information for both small and large water and wastewater utilities.

7.2.1 Federal Lead Agency Affiliation U. S. Environmental Protection Agency (EPA)

7.2.2 Industry Associations and Affiliations

American Public Works Association (APWA) American Water Works Association (AWWA) – The AWWA Web site provides sites and links relative to security issues. The AWWA, The American Society of Civil Engineers (ASCE), and the Water Environment Federation (WEF) have corroborated on a major infrastructure security enhancement program for the water and wastewater sectors. The AWWA has an established Security Committee that serves as an association resource for its members and member organizations. The AWWA is active in encouraging and supporting the Water and Wastewater Agency Response Network (WARN) initiative. In essence, this program seeks to establish mutual aid and assistance networks for water and wastewater utilities on a statewide basis for response to disasters and other emergencies. ASIS International The Association of Contingency Planners (ACP) Association of Metropolitan Water Agencies (AMWA) European Water Association InfraGard (sponsored by the FBI) – This program provides for joint public and private partnering in protecting the nation’s infrastructures. The Infrastructure Security Partnership (TISP) – As quoted from Regional Disaster Resilience: A Guide for Developing an Action Plan, “The Infrastructure Security Partnership (TISP) was established following the tragic events of September 11, 2001, as a national forum for public and private-sector organizations to collaborate on issues regarding the resilience of the nation’s critical


38



infrastructure against the adverse impacts of natural and man-made disasters.” TISP membership represents 100 organizations representing more than 1.5 million people and firms. National Association of Water Companies (NAWC) National Infrastructure Protection Plan (NIPP) National Rural Water Association (NRWA) Water ISAC (Information Sharing and Analysis Center)

7.2.3 Academic and Research Crisis and Emergency Management Newsletter, Institute for Crisis, Disaster, and Risk Management, George Washington University. Natural Hazards Observer, Natural Hazards Center, University of Colorado at Boulder, 482 UCB, Boulder, CO 80309-0482 U.S. Department of Homeland Security – Resources in terms of information and connectivity with other infrastructures are substantive. Items of interest are: “National Strategy for Physical Protection of Critical Infrastructures and Key Assets” Information Sharing and Analysis Homeland Security Advisory System Protected Critical Infrastructure Information (PCII) Program Homeland Security Information Network. Water ISAC (Information Sharing and Analysis Center)

The above listed resources are intended to provide appropriate members of the infrastructure community with information and assistance of both short and long term benefit. This list is not necessarily comprehensive or definitive – it is merely an aid to the CIP process.


39


Emergency Services Sector

8.0 Emergency Services Sector 8.1 Sector Overview The Emergency Services Sector (ESS) is a system of response and recovery elements that forms the Nation’s first line of defense and prevention and reduction of consequences from any terrorist attack. It is a sector of trained and tested personnel, plans, redundant systems, agreements, and pacts that provide life safety and security services across the Nation via the First-Responder Community comprised of Federal, State, local, tribal, and private partners. The ESS is representative of the following first-responder disciplines: emergency management, emergency medical services, fire, hazardous material, law enforcement, bomb squads, tactical operations/special weapons assault teams, and search and rescue. All first-responders within the ESS are individuals possessing specialized training from one or more of these disciplines. The ESS has numerous interdependencies with all CI/KR sectors. Most significantly, it is the primary protector for all other CI/KR, including nuclear reactors, chemical plants, and dams. All other CI/KR depend on the ESS to assist with planning, prevention, and mitigation activities, as well as respond to day-to-day incidents and catastrophic situations. *

*



40



8.2 Professional Development Resources Department of Homeland Security Critical Infrastructure Sector Partnership – Information on DHS’s partnership with other governmental and private sector organizations relating to critical infrastructure protection. Critical Infrastructure Partnership Advisory Council (CIFAC) – The CIPAC represents a partnership between government and critical infrastructure/key resource (CI/KR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection. Daily Open Source Infrastructure Report – The DHS Daily Open Source Infrastructure Report is collected each weekday as a summary of open-source published information concerning significant critical infrastructure issues. National Infrastructure Protection Plan – The National Infrastructure Protection Plan (NIPP) provides a coordinated approach to critical infrastructure and key resource protection roles and responsibilities for federal, state, local, tribal, and private sector security partners. National Strategy for the Physical Protection of Critical Infrastructures and Key Assets – This document identifies a clear set of national goals and objectives and outlines the guiding principles that will underpin DHS efforts to secure the infrastructures and assets vital to our national security, governance, public health and safety, economy, and public confidence. Protected Critical Infrastructure Information (PCII) Program – This DHS program encourages private industry to voluntarily share their sensitive and proprietary business information with the federal government. Infragard – InfraGard is a Federal Bureau of Investigation (FBI) sponsored program and is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. While under the direction of NIPC, the focus of InfraGard was cyber infrastructure protection. After September 11, 2001 NIPC expanded its efforts to include physical as well as cyber threats to critical infrastructures. InfraGard’s mission expanded accordingly. Infragard Infrastructure Areas ISAC Council - The mission of the Information Sharing and Analysis Centers Council (ISAC Council) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government. ISAC Council White Papers


41



8.2.1 Resources: ASIS Business Continuity Guideline | PDF | A guideline that encompasses all elements of disaster management and recovery. ASIS Disaster Preparation Guide | PDF | This guide was prepared to assist its members and others engaged in disaster planning. It was created with business and industry in mind. ASIS Emergency Planning Handbook – Provides guidance and direction to corporate security supervisors/managers who have emergency planning responsibilities. It imparts planning guidance in summary form that can be adapted to and supplemented by company procedures and policies. ASIS General Security Risk Assessment Guideline | PDF | A seven-step process that creates a methodology by which security risks at a specific location can be identified and communicated, along with appropriate solutions. ASIS Threat Advisory System Response Guideline | PDF | A guideline to provide private business and industry with possible actions that could be implemented based on the Alert Levels of the Department of Homeland Security. Critical Incident Protocol: A Public Private Partnership | PDF | Office of Domestic Preparedness – This publication discusses the essential and beneficial process of the public and private sectors working together to plan for emergencies. Important elements include planning, mitigation, business recovery, lessons learned, best practices, and plan exercising. Emergency Management Guide for Business and Industry | PDF | Federal Emergency Management Agency – This guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities, or any organization where a sizable number of people work or gather. Homeland Security Exercise and Evaluation Program (HSEEP), Office of Domestic Preparedness – HSEEP is both doctrine and policy for designing, developing, conducting, and evaluating exercises. HSEEP is a threat- and performance-based exercise program that includes a cycle, mix, and range of exercise activities of varying degrees of complexity and interaction. HSEEP includes a series of four reference manuals to help states and local jurisdictions establish exercise programs and design, develop, conduct, and evaluate exercises. Volume I: HSEEP Overview and Exercise Program Management (Feb 2007) Volume II: Exercise Planning and Conduct (Feb 2007) Volume III: Exercise Evaluation and Improvement Planning (Feb 2007) Volume IV: Sample Documents and Formats (Introduction) (Feb 2006)


42


Energy Sector

9.0 Energy Sector 9.1 Sector Overview The U.S. energy infrastructure fuels the economy of the 21st century. Without a stable energy supply, health and welfare is threatened and the U.S. economy cannot function. More than 80 percent of the country’s energy infrastructure is owned by the private sector. The energy infrastructure is divided into three inter-related segments: electricity, petroleum, and natural gas. The U.S. electricity segment contains 5,000 power plants with approximately 905 gigawatts of generating capacity. Approximately 50 percent of electricity is produced by combusting coal (primarily transported by rail), 20 percent in nuclear power plants, and 18 percent by combusting natural gas. The remaining generation is provided by hydroelectric plants (7 percent), oil (2 percent), and by renewable (solar, wind, and geothermal) and other sources (3 percent). Electricity generated at power plants is transmitted over 158,000 miles of high-voltage transmission lines. Voltage is stepped down at more than 63,000 substations before being distributed to 131 million customers over millions of miles of lower voltage distribution lines. The electricity infrastructure is highly automated and controlled by utilities and regional grid operators using sophisticated energy management systems that are supplied by supervisory control and data acquisition (SCADA) systems to keep the system in balance. The petroleum segment entails the exploration, production, storage, transport, and refinement of crude oil. The crude oil is refined into petroleum products that are then stored and distributed to key economic sectors throughout the U.S. Key petroleum products include motor gasoline, jet fuel, distillate fuel oil, residual fuel oil, and liquefied petroleum gases. Both crude oil and petroleum products are imported, primarily by ship, as well as produced domestically. Currently, 63 percent of the crude oil required to fuel the U.S. economy is imported. In the Unites States, there are more than 500,000 crude oil producing wells, 30,000 miles of gathering pipeline, and 74,000 miles of crude oil pipeline. There are 152 petroleum refineries, 95,000 miles of product pipeline, and 2,000 petroleum terminals. Petroleum also relies on sophisticated SCADA and other systems to control production and distribution; however, crude oil and petroleum products are stored in tank farms and other facilities. Natural gas is also produced, piped stored, and distributed in the U.S. Imports of liquefied natural gas (LNG) are increasing to meet growing demand. There are more than 383,000 gas production and condensate wells and 45,000 miles of gathering pipeline in the country. Gas is processed (impurities removed) at 726 gas-processing plants and there are more than 254,000 miles of interstate pipeline for the transmission of natural gas. Gas is stored at 410 underground storage fields and 96 LNG storage facilities. Finally, natural gas is


43


Energy Sector

distributed to homes and businesses over 981,000 miles of distribution pipelines. The heavy reliance on pipelines highlights the interdependency with the Transportation Sector and the reliance on the Energy Sector for power means that virtually all sectors have dependencies on the sector. The Energy Sector is well aware of its vulnerabilities and is leading a significant voluntary effort to increase its planning and preparedness. Cooperation through industry groups has resulted in substantial information sharing of effective and best practices across the sector. Many sector owners and operators have extensive experience abroad with infrastructure protection and have more recently focused their attention on cyber security. *

*



44


Energy Sector

9.2 Professional Development Resources The energy infrastructure defines today’s economy and determines our society’s prosperity. This infrastructure is composed of three energy sources: electricity, natural gas, and petroleum. The social impact of a disruption to any of these sources will have a significant impact. The energy sector is separated into three distinct sub-sectors – Electricity, Nuclear, and Energy-Oil and Gas – because of their individual magnitudes caused by the complexity of their delivery systems, diversity of asset owners and marketers, and their extensive effects on all other infrastructures. The Electricity Sector is a major component and includes the generation, transmission, and distribution of electricity. The use of electricity is ubiquitous, spanning all sectors of the U.S. economy, and electric generation accounted for roughly 40 percent of all energy consumed in North America. Electricity system facilities are dispersed throughout the North American continent. Although most assets are privately owned, no single organization represents the interests of the entire sector. The North American Electric Reliability Council (NERC), through its eight Regional Reliability Councils, provides a platform for ensuring reliable, adequate, and secure supplies of electricity through coordination with many asset owners. It is also the lead organization for developing and enforcing operating reliability standards and security guidelines for both physical and cyber facilities. Industry trade associations support and assist NERC in its reliability and security activities. The following references provide a compilation of the publicly available security documents relevant to the Electricity Sector. Users are encouraged to contact their associations to obtain security documents that are limited to participating members.


45


Energy Sector

9.2.1 Electricity Sector Organizations (North America): American Public Power Association (APPA) 2301 M Street, NW Washington, DC 20037-1484 202.467.2900 Office 202.467.2910 FAX www.appanet.org Canadian Electric Association (CEA) 350 Sparks Street, Suite 907 Ottawa ON K1R 7S8 613.230.9263 Office 613.230.9326 FAX www.canelect.ca

National Rural Electric Cooperative Association (NRECA) 4301 Wilson Blvd. Arlington, VA 22203 703-907-5500 Office www.nreca.org North American Electric Reliability Council (NERC) Princeton Forrestal Village 116-390 Village Boulevard Princeton, New Jersey 08540-5721 609.452.8060 Office 609.452.9550 FAX www.nerc.com

Edison Electric Institute (EEI) 701 Pennsylvania Avenue, N.W. Washington, D.C. 20004-2696 202-508-5000 Office 202-508-5503 FAX www.eei.org

9.2.2 Electricity Sector Support Organizations (North America) Electricity Sector Information Sharing and Analysis Center (ESISAC) Fully sponsored by NERC 609.452.1422 7x24 609.452.9550 FAX esisac.com Electric Power Research Institute (EPRI) 3420 Hillview Avenue Palo Alto, CA 94304 650.855.2000 Office my.epri.com/portal/server.pt? National Association of Regulatory and Utility Commissioners (NARUC) 1101 Vermont Avenue, N.W. Suite 200 Washington, DC 20005, USA 202.898.2200 Office 202.898.2213 FAX www.naruc.org


North American Energy Standards Board (NAESB) 1301 Fannin, Suite 2350 Houston, TX 77002 713.356.0060 Office 713.356.0067 FAX www.naesb.org Public Safety Canada (PS) Formerly Public Safety and Emergency Preparedness Canada (PSEPC) 269 Laurier Avenue West Ottawa, Canada K1A 0P8 613.991.3301 Office 613.998.9589 FAX www.publicsafety.gc.ca/index-en.asp

46


Energy Sector

9.2.3 References: Electricity Sector Information and Analysis Center (ESISAC) Guidelines Security Guideline for the Electricity Sector -- Physical Response Threat Alert System and Cyber Response Guidelines for the Electricity Sector Vulnerability and Risk Assessment Emergency Plans Continuity of Business Operations (updated on 6/1 to Continuity of Operations) Communication Physical Security Cyber Security – Risk Management Cyber Security – Access Control Cyber Security – IT Firewalls Cyber Security – Intrusion Detection Employment Background Screening Protecting Potentially Sensitive Information Securing Remote Access to Electronic Control and Protection Systems Threat and Incident Reporting Physical Security – Substations Patch Management for Control Systems Control System – Business Network Electronic Connectivity Physical Response

North American Electric Reliability Corporation (NERC) Standards CIP-001-1 CIP-002-1 CIP-003-1 CIP-004-1 CIP-005-1 CIP-006-1 CIP-007-1 CIP-008-1 CIP-009-1

Sabotage Reporting Critical Cyber Asset Identification Security Management Controls Personnel and Training Electronic Security Perimeter(s) Physical Security of Critical Cyber Assets System Security Management Incident Reporting and Response Planning Recovery Plans for Critical Cyber Assets

NERC Assessment Methods Risk Assessment Methodologies for the Electricity Sector w/ Appendices A to H


47


Energy Sector

NERC Support Documents Energy Sector Specific Plan – Final from DHS expected shortly, reference to be provided. Influenza Pandemic Planning, Preparation, and Response Reference Guide | PDF | Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group | PDF |

American Public Power Association (APPA) Product Store – Safety and Security APPA Emergency Management Checklist Security Checklist and Guidance Manual

9.2.4 Security Support Programs: Sponsoring Organization: APPA Program: Demonstration of Energy-Efficient Developments (DEED) Description: DEED is a Research & Development program, created for APPA member utilities. DEED focuses grants and scholarships in various areas of electric utility operations, including physical and cyber security. Sponsoring Organization: APPA Program: IT Committee and Listserver Description: Provides and shares information on IT Issues, including IT security information at regularly scheduled meetings at APPA Business and Finance Conferences. Sponsoring Organization: APPA Program: Reliable Public Power Provider Program (RP3) Description: RP3 recognizes APPA member utilities that meet stringent guidelines and levels of attainment in the areas of Reliability, Safety, Cyber Security, Mutual Aid, Disaster Management, R&D, and System Improvement. Sponsoring Organization: APPA Program: Security Committee and Listserver Description: Provides and shares information within the APPA member communities. Holds meetings at the APPA Engineering & Operation Conference, and helped create the APPA Security Checklist & Guidance Manual. Sponsoring Organization: EEI Program: IT Working Group Description: Provides information and develops strategies to help electric utilities address cyber security threats; holds meetings with other EEI working groups and interested energy sector organizations, and prepares white papers on software patch management and risk vulnerability assessments.


48


Energy Sector

Sponsoring Organization: EEI Program: Security Committee Description: Holds workshops and forums to facilitate security information exchange among its members, NERC, American Gas Association, and government agencies. Sponsoring Organization: EEI and a large group of electric utilities Program: Spare Transformer Sharing Agreement Description: A significant group of utility transmission facility owners developed and signed a Spare Transformer Sharing Agreement designed to require participants to maintain a specified number of high-voltage spare transformers and to provide them to other participants in the event of an act of terrorism. Sponsoring Organization: EPRI Program: Electricity Infrastructure Security Assessment Description: Provides a preliminary analysis of potential terrorist threats to the North American electricity system, together with some suggested countermeasures. Sponsoring Organization: EPRI Program: Infrastructure Security Initiative Description: Develops strategies to strengthen and protect electric power infrastructure and outline plans for rapid recovery from terrorist attacks. Sponsoring Organization: NAESB Program: Energy Sector Business Practices and Electronic Communications Standards Description: Develops and promotes standards for the wholesale and retail natural gas and electricity industries through companies and organizations that participate in the retail and wholesale of natural gas and electricity markets. Sponsoring Organization: NARUC Program: Technical Briefs Description: Identifies key strategies for consideration in dealing with challenges within each of the electricity, natural gas, water, and telecommunications sectors. Provides introductory overviews, suggested protocols, and additional resources on critical infrastructure protection issues. See www.naruc.org/cipbriefs Sponsoring Organization: NERC Program: Critical Infrastructure Protection Committee (CIPC) Description: The Critical Infrastructure Protection Committee coordinates NERC's security initiatives and is comprised of industry experts in the areas of cyber, physical, and operational security. Sponsoring Organization: NERC Program: Electricity Sector Information Sharing and Analysis Center (ESISAC) Description: Gathers, disseminates, and interprets security-related information amongst industry, government, and all the sector entities. Sponsoring Organization: NERC Program: Industry-wide critical spare equipment database Description: Informs companies of the location and technical characteristics of available spare transformers.


49


Energy Sector

9.2.5 Oil and Natural Gas Professional Development Resources I. PLANS AND PROCEDURES A. Industry 1) “Security Guidelines: Natural Gas Industry, Transmission and Distribution,” September 6, 2002, AGA / INGAA / APGA. 2) “Security Guidelines for the Petroleum Industry,” April 2005, American Petroleum Institute. www.api.gov 3) “Security Vulnerability Assessment for the Petroleum & Petrochemical Industry,” October 2004. www.api.gov 4) “Cryptographic Protection of SCADA Communications Part 1 – Background, Policies, and Test Plan,” American Gas Association (AGA) Report No. 12, Part 1, March 2006. www.aga.com B. Government 1) “Pipeline Security Information Circular,” September 5, 2002, U.S. Department of Transportation. 2) “Energy Sector-Specific Plan for Critical Infrastructure Protection,” U.S. Department of Energy, final version yet to be released (as of April 2007). 3) “Transportation Sector Specific Plan, Pipeline Modal Implementation Plan,” U.S. Department of Homeland Security, Transportation Security Administration, final version yet to be released (as of April 2007). See sections 3.5 and 3.6. 4) “National Infrastructure Protection Plan,” U.S. Department of Homeland Security, 2006. 5) “National Response Plan,” U.S. Department of Homeland Security, May 25, 2006. 6) Pipeline Security Smart Practices – Corporate Security Review Program (CSR) onsite review document utilized by DHS TSA when evaluating natural gas company security programs. Also used to identify and share smart practices observed throughout the industry. For additional information contact [email protected] II. REGULATIONS A. United States Department of Homeland Security 1) Chemical Facility Anti-Terrorism Standards (CFATS) – CFATS enacted by Section 550 of the Homeland Security Appropriations Act of 2007, was published in the Federal Register as an interim final rule on April 4, 2007. The Federal rule implements riskbased performance standards for high-risk chemical facilities. Refer to 6 CFR Part 27. Note that rulemaking is still pending (as of April 2007) on threshold chemical quantities that trigger action (not necessarily coverage) under the rule, as are further clarifications on applicability to the oil and natural gas sector. B. United States Department of Transportation 1) Liquefied Natural Gas Facilities: Federal Safety Standards – Existing regulatory standards, including security provisions, enforced by the Pipeline and Hazardous Materials Administration (PMSA). Refer to 49 CFR Part 193, specifically, subpart J. 2) Implementation of National Maritime Security Initiatives – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Parts 2, 101 &102.


50


Energy Sector

3) Area Maritime Security – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 103. 4) Maritime Security – Vessels - Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 104. 5) Facility Security – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 105. 6) Outer Continental Shelf Facility Security – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 106. 7) Automatic Identification System; Vessel Carriage Requirement – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Parts 26, 161, 164, & 165. 8) Transportation Worker Identification Credential (TWIC) Implementation in the Maritime Sector | PDF | Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Parts 101, 103, 104, 105, 106, & 125; 46 CFR Parts 10, 12, & 15. C. Federal Protection of Sensitive Information 1) Federal Energy Regulatory Commission (FERC) – Regulates commercial aspects of interstate transportation of natural gas. FERC regulations provided for certain restrictions on Critical Energy Infrastructure Information (CEII.) 2) Sensitive Security Information (SSI) – Federal regulations exist protecting certain transportation-related information records. Refer to 49 CFR Part 1520. SSI is a protection frequently used by DHS / TSA. 3) Protected Critical Infrastructure Information (PCII) – PCII is an information-protection tool established by DHS that facilitates information sharing between the government and the private sector. III. KEY INFORMATIONAL WEB SITES A. Federal 1) Homeland Security Information Network (HSIN) – Federally sponsored information sharing portal for critical infrastructure protection, including oil and natural gas sector. HSIN is an internet-based information sharing tool providing security-related information -requires membership (password protected.) 2) National Pipeline Mapping System (NPMS) – Federally sponsored mapping system showing regulated liquids and natural gas transmission pipelines; maintained by U.S. Department of Transportation, Pipeline and Hazardous Materials Administration (PHMSA). 3) Government Accounting Office (GAO) – Copies of reports and testimonies. 4) Daily Open Source Infrastructure Report 5) National Infrastructure Protection Plan 6) National Strategy for the Physical Protection of Critical Infrastructures and Key Assets 7) United States Computer Emergency Readiness Team (US-CERT) – Established to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.


51


Energy Sector

8) DHS TSA Suspicious Incidents Reports (SIR) – Classified as Sensitive Security Information (SSI). Weekly reports of suspicious activity reported by the six transportation sectors, Aviation, Maritime, Highway, Pipelines, Rail/Transit, and Cargo/Supply Chain. For more information contact [email protected]

B. Industry —Also refer to industry web sites listed in IV.B below— IV. AGENCIES AND ORGANIZATIONS A. Federal 1) U.S. Department of Homeland Security, Transportation Security Administration, Transportation Sector Network Management, Pipeline Division – Coordinates security preparedness of the nation's hazardous liquid and natural gas pipelines. 2) U.S. Department of Homeland Security, Homeland Security Operations Center (HSOC) – Serves as critical national center for homeland security information sharing and domestic incident reporting. HSOC represents over 35 agencies and is staffed 24/7. The HSOC also includes the National Infrastructure Coordinating Center (NICC), which has primary responsibility for coordinating communications with the Nation’s critical infrastructure during an incident. 3) DHS Transportation Security Operations Center (TSOC) – Serves as critical national center for transportation security information sharing and domestic incident reporting. TSOC is staffed 24/7. For additional information contact [email protected] 4) DHS Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) – HITRAC is a DHS entity that conducts integrated threat analysis for all critical infrastructure sectors. HITRAC works with the intelligence and law enforcement communities to integrate and analyze intelligence on security threats to homeland infrastructure. For additional information contact [email protected] 5) FBI Joint Terrorism Task Force (JTTF) – Contact local FBI office for additional information on your local JTTF. 6) U.S. Department of Transportation, Pipeline and Hazardous Materials Administration (PHMSA) – Regulates pipeline safety of nation’s hazardous liquid and natural gas pipelines. Coordinates with DHS/TSA on matters pertaining to pipeline security. 7) U.S. Department of Energy, Office of Electricity Deliverability & Energy Reliability, Infrastructure Security and Energy Reliability Division (ISER) – Coordinates energy and security reliability efforts. 8) DHS Protective Security Advisors – To partner with state and local governments, as well as the private sector, DHS has place security specialists in communities throughout the country to assist local efforts to protect critical assets and provide local perspective to national efforts. 9) Information Sharing and Analysis Center (ISAC) Council 10) Information Sharing and Analysis Center (ISAC) White Papers 11) InfraGard – InfraGard is a Federal Bureau of Investigation (FBI) program and is an effort to gain support from the information technology industry and academia for the FBI’s investigative efforts in the cyber arena. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters.


52


Energy Sector

12) Infragard Infrastructure Areas B. Industry 1) American Gas Association (AGA), Natural Gas Security Committee (NGSC) – the AGA is a trade association representing natural gas local distribution companies across the U.S. with a standing committee (NGSC) dealing with security matters. For additional information contact [email protected] . 2) Interstate Natural Gas Association of America (INGAA), Security Committee – INGAA is a trade association representing interstate natural gas transmission and storage companies across the U.S. with a standing committee dealing with security matters. 3) ASIS Utilities Security Council C. Government / Industry Coordination 1) Critical Infrastructure Partnership Advisory Council (CIPAC) -CIPAC, which has been exempted from the requirements of the Federal Advisory Committee Act, is the mechanism used for dialogue on key infrastructure issues between government and owner/operators. CIPAC is a non-decisional body and includes sector and government members. 2) Oil and Natural Gas Sector Coordinating Council (ONG SCC) – A private forum for coordination of oil and gas security issues across the broad oil and natural gas sector. Involves a broad spectrum of industry associations and provides a forum for interfacing with corresponding Government Coordinating Council (GCC). Various SCCs serve as the government’s principal point of contact into each sector. The Oil and Natural Gas SCC utilizes HSIN as a communication interface/tool. For more information e-mail [email protected] . 3) Government Coordinating Council (GCC) – Comprised of representatives across various levels of government as applicable to security of a given sector. GCC’s are chaired by the designated Sector-Specific Agency (SSA) for each sector, such as Energy and Transportation. 4) National Infrastructure Advisory Council (NIAC) – A FACA advisory committee that provides the Federal government with advice regarding critical infrastructure security across all sectors. Members of the committee are appointed by the President from industry, academia, and state/local governments. Note that the ONG SCC formed a working group with the NIAC on issues regarding pandemic preparedness. D. State and Local Government – Refer to also to law enforcement, emergency management, and homeland security officials in your state/local jurisdiction. 1) Buffer Zone Protection Program – Provides federal resources to identify and mitigate vulnerabilities to critical infrastructure. E. Other Professional Organizations 1) ASIS General Security Risk Assessment Guideline | PDF | A seven-step process that creates a methodology by which security risks at a specific location can be identified and communicated, along with appropriate solutions. 2) ASIS Threat Advisory System Response Guideline | PDF | A guideline to provide private business and industry with possible actions that could be implemented based on the Alert Levels of the Department of Homeland Security.


53


Energy Sector

3) ASIS Business Continuity Guideline | PDF | A guideline that encompasses all elements of disaster management and recovery. 4) ASIS Emergency Planning Handbook – Provides guidance and direction to corporate security supervisors/managers who have emergency planning responsibilities. It imparts planning guidance in summary form that can be adapted to and supplemented by company procedures and policies. 5) ASIS Disaster Preparation Guide | PDF | This guide was prepared to assist its members and others engaged in disaster planning. It was created with business and industry in mind. 6) Federal Emergency Management Agency (FEMA), Emergency Planning Guide for Business and Industry | PDF | This guide provides step by step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather. 7) Office of Domestic Preparedness, Critical Incident Protocol: A Public Private Partnership |PDF | This publication Critical Incident Protocol: A Public and Private Partnership discusses the essential and beneficial process of the public and private sectors working together to plan for emergencies. Important elements include planning, mitigation, business recovery, lessons learned, best practices, and plan exercising. 8) Homeland Security Exercise and Evaluation Program (HSEEP), Office of Domestic Preparedness – HSEEP is both doctrine and policy for designing, developing, conducting and evaluating exercises. HSEEP is a threat- and performance-based exercise program that includes a cycle, mix and range of exercise activities of varying degrees of complexity and interaction. HSEEP includes a series of four reference manuals to help states and local jurisdictions establish exercise programs and design, develop, conduct, and evaluate exercises. Volume I: Exercise Overview and Doctrine Volume II: Exercise Evaluation and Improvement Volume III: Exercise Program Management and Exercise Planning Process Volume IV: Sample Exercise Documents and Formats


54


Government Facilities Sector

10.0 Government Facilities Sector 10.1 Sector Overview U.S. citizens regularly interact with government at all levels and depend on the provision of various government services, all of which are supported by an array of facilities owned, leased, or operated by government entities. Ensuring the continuity of these functions and services through protection of their associated government assets is vital to homeland security. The Government Facilities Sector includes a wide variety of buildings, owned and leased by Federal, State, Territorial, local, or tribal governments, located domestically and overseas. Many government facilities are open to the public for business activities, commercial transactions, or recreational activities. Others not open to the public contain highly sensitive information, materials, processes, and equipment. This includes generaluse office buildings and special-use military installations, embassies, courthouses, national laboratories, and structures that may house critical equipment and systems, networks, and functions. In addition to physical structures, the sector considers cyber elements that contribute to the protection of sector assets (e.g., access control systems and closed-circuit television systems) as well as the protection of individuals who possess tactical, operational, or strategic knowledge or perform essential functions. *

*



55



10.2 Professional Development Resources 10.2.1 Guides, Resources, and Documents by Organization Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks (NIOSH) Risk Management Guidance for Health, Safety, and Environmental Security under Extraordinary Incidents (ASHRAE) A Guide to Strengthen Emergency Management of High-Rise and High-Risk Buildings (Ontario Fire Marshal) Security and Safety in Los Angeles High-Rise Buildings After 9/11 (RAND) FEMA: Risk Management Series: 426: Reference Manual to Mitigate Potential Terrorist Attacks against Buildings 427: Primer for Design of Commercial Buildings to mitigate terrorist attacks 429: Insurance, Finance and Regulation primer for terrorism risk management in buildings E155: Building Design for Homeland Security, Student manual Comparison of structural performance of multi-story buildings under extreme events (American Institute of Steel Construction, Inc.) Evacuation Planning for Occupants with Disability (National Research Council Canada) Precautions to minimize effects of a Chemical, Biological, Radiological or Nuclear Event on Buildings and Infrastructure: (Office of Deputy Prime Minister, UK) Task Force on Tall Buildings: The Future. (Council on Tall Buildings and Urban Habitat) Suspicious Package Response Planning Guide: (Solicitor General Canada) Protecting Buildings from a Biological or Chemical Attack: Actions to be taken before or during a release DoD Minimum Anti-Terrorism Standards for Buildings: Unified Facilities Criteria: Dept. of Defense Building Air Quality: A Guide for Property Owners and Facility Owners: CDC Facilities Standard for the Public Buildings Service Balancing Security and Openness: General Services Administration Sustainable Building Technical Manual: Green Building Design, Construction and Operations, EPA


56



Guide to Threat and Risk Assessment Involving On-Site Physical Security Examination: RCMP Strategic National Guidance: The Decontamination of Buildings and Infrastructure Exposed to Chemical, Biological, Radiological, or Nuclear (CBRN) substances or material: Office of the Deputy Prime Minister: UK.

10.2.2 Web links American Hotel & Lodging Association ASIS International Commercial Real Estate Council

www.ahla.com www.asisonline.org/councils/CRE.xml

Building Owners and Managers Association International Building Security Council

www.boma.org www.buildingsecuritycouncil.org

Construction Specifications Institutes (CSI)

www.csinet.org

Council on Tall Buildings and Urban Habitat

www.ctbuh.org

FacilitiesNet

www.facilitiesnet.com

International Council of Shopping Centers

www.icsc.org

International Facility Management Association (IFMA)

www.ifma.org

National Apartment Association

www.naahq.org

National Association of Industrial and Office Properties

www.naiop.org

National Association of Realtors National Fire Protection Association (NFPA)

www.realtor.org/commercial www.nfpa.org

National Multi Housing Council

www.nmhc.org

The Real Estate ISAC

www.reisac.org

The Real Estate Roundtable

www.rer.org

10.2.3 Security Management Articles (month, year, page) Spotlight on Security for Real Estate Managers, Second Edition (Book Review). March 2006, 112. The Challenge of Making Safer Structures. March 2005, 42. High Rise Security and Fire Life Safety, Second Edition (Book Review). July 2004, 144. Kilroy Has Left the Building (Working Wise) [Penn Plaza, New York]. June 2004, 31. Take the Guesswork Out of Guest Control. June 2003, 60.


57



Make Planning a Priority. May 2003, 71. Emergency Preparedness (Book Review) Dec 2002, 124. Los Angeles Tackles High-Rise Security (News and Trends). Sept 2002, 20. A New Forum for Security. June 2002, 71. The Jewel in the Crown [Crown Center Plaza, Kansas City, MO]. Sept 2000, 108. Condo Can Do [Capri Gardens Condominium Association, Miami, FL]. Jan 2000, 68. Tenants Anyone? (Spotlight). April 1999, 15. Security Planning Guidebook: Safeguarding Your Tenants and Property (Book Review). Aug 1996, 118. Building Security Relationships. July 1996, 103. Taking Life Safety to New Heights (Amoco Building, Chicago, IL). June 1996, 40.

10.2.4 Books Archibald, R., & Medby, J. Security and Safety in Los Angeles High-rise Buildings after 9/11. Santa Monica, CA: Rand Corporation, 2002. This analysis, commissioned by the Building Owners and Managers Association of Greater Los Angeles, includes Key Considerations for Building Security; Learning from Three Case Studies; Key Resource Guide on High-Rise Building and Multi-Tenant Security December 2006, ASIS International. Planning Considerations for High-Rise Buildings; Potential Roles for Government; and Recommendations for Los Angeles. Azano, Harry J. Fire Safety and Security for High-Rise Buildings. Crete, IL: Abbott, Langer & Associates, 1995. TH/9445/H63A99/1995. Available to borrow from the ASIS Resources Center. Contents: 1) Recent high-rise disasters; 2) The challenge of high-rise buildings; 3) The role of the security force; 4) Understanding fire; 5) Attacking fire; 6) Sprinkler and standpipe systems; 7) Fire extinguishers and fixed systems; 8) Fire alarm systems; 9) The threat of arson and bombs; 10) High-rise safety program; Conclusion. Craighead, Geoff. High-Rise Security and Fire Life Safety, 2nd Ed. Woburn, MA: Butterworth-Heinemann, 2003. TH/9445/H63C88/2003. Available for purchase from the ASIS Online Bookstore. Includes how to conduct security and fire life safety surveys, effectively manage security programs, and prepare for high-rise emergencies. This new edition includes an analysis of the September 11, 2001, attacks on, and the collapse of, the Word Trade Center towers. Topics include high-rise building


58



development and utilization, building emergency planning; laws, codes, and standards; liaison with law enforcement and fire authorities; high-rise assets; and security and fire life safety threats. DoD Minimum Anti-Terrorism Standards for Buildings: Washington, DC: Department of Defense, 2003.

Unified

Facilities

Criteria.

This document seeks to minimize the likelihood of mass casualties from attacks against DoD personnel in the buildings in which they work and live. Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biological, or Radiological Attacks. Washington, DC. National Institute for Occupational Safety and Health, 2003. This document provides detailed, comprehensive information on selecting and using filtration and aircleaning systems in an efficient and cost-effective manner. Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks. Washington, DC: National Institute for Occupational Safety and Health, 2002. Prevention is the cornerstone of public and occupational health. This document provides preventive measures that building owners and managers can implement promptly to protect building air environments from a terrorist release of chemical, biological, or radiological contaminants. A

Guide to Emergency Evacuation Procedures Sacramento, CA: State of California, 1999.

for

Employees

with

Disabilities.

Prepared by the Emergency Response Task Force and the California Highway Patrol for the State of California, State Personnel Board, Statewide Disability Advisory Council. Fennelly, Lawrence J., Handbook of Loss Prevention and Crime Prevention, 4th Ed. New York: Butterworth-Heinemann, 2004. HV/8290/H23/2004. This revised volume brings together the expertise of more than 40 security and crime prevention experts who provide practical information and advice. This new edition covering the latest on topics ranging from community-oriented policing to physical security, workplace violence, information security, homeland security, and a host of special topics. See pp. 370-387 for Chapter 25, “High-Rise Security and Fire Life Safety” and Chapter 26, “Multiresidential Security.” Fennelly, Lawrence J,. Spotlight on Security for Real Estate Managers. Chicago, IL: Institute for Real Estate Management, 2005. HV/8290/F33/2005. The goal of this book is to help real estate managers understand the issues that form the basis of liability claims and provide some tools than can be used to minimize the likelihood of crime occurring on the properties they manage and be prepared to deal with the consequences in the event a crime occurs at or near their property. The information here will assist the real estate manager in evaluating the security needs of a property and identifying security measures that will meet those needs within the available budget. While some chapters focus on a single property type, most of the strategies presented in the text can be adapted of considered for all types of properties.


59



Kitteringham, Glen. Security and Life Safety for the Commercial High-Rise. Alexandria, VA: ASIS International, 2006. TH/9445/H6K62/2006. Since September 11, 2001, the high-rise industry has been reviewing security and life safety procedures and practices and taking steps to improve security based on building size and importance, geographic location, potential risk to occupants, and risk of attacks. The risk assessment guidelines presented in this book are oriented toward protection of a site's personnel and physical assets. They would also generally apply to protection of computer data, hardware, and software. The security guidance discussed in this book will assist individual companies to assess their properties and determine how best to protect their assets. Ontario Office of the Fire Marshal. A Guide to Strengthen Emergency Management of High-Rise and High- Risk Buildings, Ontario, Canada: Ontario Office of the Fire Marshal, 2002. This guide has been developed as part of the provincial government's commitment to improve Ontario's emergency preparedness and to help owners and operators of large buildings improve occupant safety and security. Protection of Assets Manual. ASIS International, Alexandria, VA. 2004 (with revisions and updates), Volume 4, Chapter 1, pp. 1-35. HV/8290/P975/VOL 4. This comprehensive source covers all aspects of security including access control, training, employee awareness, internal and external theft and fraud, security and civil law, investigations, ethics, alcohol and drug abuse, and more. All business managers and protection professionals with an assets protection responsibility will find this information pertinent in each subject area, and helpful in effectively tackling critical security issues and organizing special research projects. This manual also serves as a central library reference for students pursuing a program in security or assets protection. Risk Management Series: Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks. Washington, DC, Federal Emergency Management Agency, Washington, DC, 2003. This primer introduces a series of concepts that can help building designers, owners, and State, and local governments mitigate the threat of hazards resulting from terrorist attacks on new buildings. FEMA 427 specifically addresses four high-population, private-sector building types: commercial office, retail, multifamily residential, and light industrial. This manual contains extensive qualitative design guidance for limiting or mitigating the effects of terrorist attacks, focusing primarily on explosions, but also addressing chemical, biological, and radiological attacks. Sampson, Rana. Drug Dealing in Privately Owned Apartment Complexes. ProblemOriented Guides for Police: Problem-Specific Guides Series, No. 4. Washington, DC: Department of Justice, 2006. This guide focuses on drug dealing in privately owned apartment complexes. The guide makes a clear distinction between open- and closed-drug markets, provides information on what is known about each market type, and provides questions to ask when analyzing each market. It also proposes various responses designed to closed-drug markets and provides a full range of problem-specific measures to determine the effectiveness of those responses.


60



Security Planning Guidebook: Safeguarding your Tenants and Property. Washington, DC: Building Owners and Managers Association International, 1995. HV/7431/S42/1995. Available to borrow from the ASIS Resources Center. Contents: Introduction; Security incidents; Evaluating your security needs; In-house vs. contract security? Working with police, fire dept and others; Tenant communications; Liability and insurance issues; Developing a security and safety communication plan; Putting the plan into action; Appendices: sample plan, crisis communications plan, bomb threats.

10.2.5 Videotapes / DVD Emergency Response: Life Safety and Evacuation [videotape: 20 min.]. Emotion Pictures, LLC. 2002. VHS//E543/2002. Demonstrates what the person in charge of life safety for building occupants needs to know, and how to conduct a thorough and complete evacuation. Includes interactions with emergency responders, practicing the plan and ensuring that building occupants understand it, checking life safety systems and exit paths, and more. Also includes a 26-page Instructor's Guide. High-rise Evacuation [videotape: 22 min.]. Quincy, MA: National Fire Protection Association, 2002. VHS//H638/2002. Includes a 12-page instructor's pamphlet. This program is intended to be used regularly as part of a complete evacuation training course that includes a review of building emergency plans. It emphasizes the important role people can take in ensuring fire safety in high rises and in their ability to evacuate safely if fire occurs. The film presents safety features of high-rise buildings and how they contribute to safe evacuation in a fire emergency. The narrator gives the viewer a tour through the building, demonstrating its potential to contain a fire and limit its spread. Because a fire safety plan is dependent upon proper human response, a fire emergency scenario is presented, in which a good plan is carried out quickly and correctly. Lessons From Ground Zero: Evacuation [videotape: 23 min.]. Virginia Beach, VA: Coastal Human Resources, 2002. VHS//L641/2002. This video is the first part of a Lessons From Ground Zero training documentary. It provides first-hand accounts from those who experienced the World Trade Center evacuations on February 26, 1993 and September 11, 2001. It shows how critical changes implemented after the 1993 bombing expedited the evacuation on September 11th and highlights the importance of evacuation plans and fire drills, proper use of fire extinguishers, and necessity of working radios, operational flashlights, fully stocked first aid kits and accurate building maps.

10.2.6 Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS) Building a National Response Plan (2005) Session ID: S10 Participants: Carlos Villarreal (speaker), Geoffrey T Craighead, CPP (moderator) Large companies that have many locations across the United States must have a robust and flexible plan in place to prevent, respond to, and recover from an incident. This session details what one commercial real estate company did to create a national response plan to critical incidents. Hear how the program got started, how it was implemented and tested, and how it is being maintained. Examples of emergency plans, monitoring systems, and notifications protocols will be given.


61



CPTED & Security in the Commercial High-Rise (2004) Session ID: S37 Participants: Glen W Kitteringham, CPP (speaker), William J McShane, CPP (moderator) Security basics are covered including a discussion of policies and procedures, an examination of the physical facilities (3 buildings), a discussion of building residents and users, and a CPTED review and analysis of three specific areas of study within the properties. The First 90 Days After 9/11 (2002) Session ID: S71 Participants: Mark E Raybould, CPP (speaker), Mark T Wright (speaker), Charles J Mattes, CPP (speaker) Hear first-hand from four security professionals who have direct responsibilities for billion dollar assets in major markets like New York Chicago Los Angeles and Houston what immediate challenges they faced and the escalation strategies they implemented during the first 90 days following 9/11 and beyond to protect lives and buildings. You will walk away with valuable and practical information to help you manage facilities after catastrophic events. High-Rise Environments - Protection and Survivability (2002) Session ID: S23 Participants: Phillip Banks, CPP (speaker), Arik S Garber, CPP (moderator), The aftermath of the terrorist events of September 2001 as well as the continuing nation-wide threat environment has resulted in a demand for increased high-rise building security and safety planning. This response includes among other things increased screening of tenants and visitors as well as deliveries coming into the building and advanced emergency planning and preparedness. This session highlights methodologies that will increase your level of survivability from a terrorist attack or a naturally occurring disaster. High Rise Fire - Lessons Learned in Chicago (2004) Session ID: S6 Participants: Carlos Villarreal (speaker), Nancy A. Renfroe, CPP (moderator) This session is two-fold. First, there is a review of the tragic fire that occurred in a downtown Chicago high-rise office building, taking six lives. Then, the next section teaches how to take training to a higher awareness. There is a discussion of new methods to better train personnel to handle fire conditions and what type of fire safety training really works for building occupants. Detailed fire safety presentations do not always communicate the right message. High Rise Fire Simulations: Moving Beyond Fire Drills (2004) Event: 50th Annual Seminar Session ID: S23 Participants: Steve Cichon (speaker), Charles K Hutchinson (speaker), Michael Crocker, CPP (moderator) The theme of this presentation is high-rise fire safety. This training moves beyond the conventional fire drill to a new training platform. This is a simulation conducted in real buildings in a training platform. This includes a zero visibility environment with a building in fire mode. Responders must use building systems and equipment, elevator and fire panel operations, and traffic management. The fire simulation tests all levels of the responder abilities. This presentation is an overview of a highly intense training format that brings together the private and public sector in a unique cross-training environment. Securing an Office Building (2003) Session ID: S24 Participants: Mark E Raybould, CPP (speaker), Louis G Caravelli, CPP (speaker), Carlos Villarreal (moderator)


62



Learn what best practices are being used to address the new threat issues everyone in commercial real estate security is facing. This session will review past standards and discuss the new way of securing an office building. Issues including threat levels, access control systems, CCTV coverage, emergency planning, and staffing will be discussed in great detail. Best practices on how to build and review your building's plan also will be discussed during this every informative program. Security and Safety Concerns: High Rise Buildings After 9/11 (2003) Session ID: S32 Participants: Robert A Cizmadia, CPP (speaker), Robert L Pearson (moderator) The density of populations and high-rise buildings within our cities provides the motivation for considering the assessment of security and safety of these architectural wonders. This presentation is targeted towards security and facility managers, property owners, tenants, and architects of such buildings. The content of this presentation will focus on taking an integrated approach in addressing security of high-rise buildings from a security management operational administrative technological and educational awareness perspective.


63


Information Technology Sector

11.0 Information Technology Sector 11.1 Sector Overview Cyberspace is the nervous system of the Nation’s critical infrastructures, the control system of our country and the global economy.

Cyberspace is

composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber-optic cables all powered by network, application, and security software. Collectively, these elements provide the vital flow of information that drives our critical infrastructures. Thus, the healthy functioning of cyberspace is essential to our economy and our national security. – National Strategy to Secure Cyberspace, Executive Summary

The Information Technology (IT) Sector has a key role in securing the Nation’s cyberspace. The IT Sector is composed of entities—owners and operators and their respective associations—who produce and provide hardware, software, and IT systems and services, including development, integration, operations, communications, and security. The IT Sector is comprised of, but not limited to, the following: Domain Name Systems root and Generic Top-Level Domain operators; Internet Service Providers; Internet backbone providers; Internet portal and e-mail providers; networking hardware companies; and other hardware manufacturers, software companies, security services vendors, communications companies that characterize themselves as having an IT role, edge and core service providers, and IT systems integrators. In addition, Federal, State, and local governments participate in the IT Sector as providers of government IT services that are designed to meet the needs of citizens, businesses, and employees. *

*



64



11.2 Professional Development Resources 11.2.1 Web Sites Annual Credit Report Request Service CA Security Advisor – CA’s Security Advisor is the place to check for current information on global threats that is researched and published via a network of rapid response centers around the world. Computer Associates' Security Advisor – News, threats, advisories & links. Federal Trade Commission Help Keep Kids Safe – Contains Internet safety tips

| Kids 0-7 yrs | Pre-teens | Teenagers |

Identity Theft Information ISS – Reference information on common exploits and intrusion methods. IT Security – A complete one-source location for information security news, products, whitepapers, events, and definitions. McAfee Threat Center – Includes links to tools & utilities, threat search, etc. NIST Computer Security Resource Center Reduce Credit Card and Insurance Offers SANS Institute – Source for information security training, certification & research. Automated Auditing in a Windows 2k Environment Avoiding Macro Viruses DDoS Roadmap: Steps 1 & 2 NOW! FBI’s “Hunting the Wiley Hacker” Presentation | PDF | Interfacing with Law Enforcement FAQ Intrusion Discovery – Windows 2000/XP Pocket Reference Guide | PDF | Intrusion Discovery – Linux Pocket Reference Guide | PDF | Ipv6 TCP-IP Pocket Guide | PDF | IT Code of Ethics Mistakes People Make that Lead to Security Breaches


65



Perl Script for Analyzing Network Traffic Recommendations for Thwarting Spyware Roadmap to Defeating DDoS SANS Free Resources – List of free resources for computer and Internet security. SANS Internet Storm Center - The Internet Storm Center gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries ... identifying the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe. SANS News Browser Service Security for Non-technical Executives The 7 Top Management Errors that Lead to Computer Security Vulnerabilities TCP/IP and Tcpdump Flyer | PDF | SecurityFocus – A vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. SecurityFocus Bugtraq SecurityFocus Vulnerabilities list Sophos' Security Information (includes latest threats, viruses, white papers) Symantec – Latest Threats, Vulnerabilities, Risks, etc (includes search function and links to removal tools, security updates, etc). TrendMicro TrendMicro HijackThis – Free Tool to scan PC file & registry settings TrendMicro HouseCall – Free online virus scanner. TrendMicro Latest Threat Advisories Windows Security – Aggregator of articles, news, patches, etc.


66



11.2.2 Credit Bureaus: Equifax (800) 525-6285 www.equifax.com Experian (888) 397-3742 www.experian.com TransUnion (800) 680-7289 www.transunion.com

11.2.3 Books: Cyber Threat Levels Response Handbook, by James P. Litchko, Ron Lander, & Lew Wagner (2004). Published by KNOW Book Publishing. ISBN-13: 978-0974004525. KNOW IT Security: Secure IT Systems Casino Style, by Jim Litchko (2004). Published by KNOW Book Publishing. ISBN-13: 978-0974884509. This book provides non-technical individuals with a quick, entertaining, and effective introduction on how to achieve successful IT security. Hacking Wireless Networks for Dummies, by Kevin Beaver, Peter T. Davis & Devin K. Akin (2005). Published by For Dummies. ISBN-13: 978-0764597305. Learn how to secure a basic wireless network by studying common attacks. Defeating the Hacker: A Non-technical Guide to Computer Security, by Robert Schifreen (2006). Published by Wiley. ISBN-13: 978-0470025550 Network Security Evaluation Using the NSA IEM, by Russ Rogers, et al. (2005). Published by Syngress. ISBN-13: 978-1597490351 Security Log Management: Identifying Patterns in the Chaos, by Jacob Babbin, et al. (2006). Published by Syngress. ISBN-13: 978-1597490429. Learn how to garner important information from voluminous computer security log files Perfect Passwords: Selection, Protection, and Authentication, by Mark Burnett and Dave Kleiman (2005). ISBN-13: 978-1597490412.


67


National Monuments and Icons Sector

12.0 National Monuments and Icons Sector 12.1 Sector Overview The National Monuments and Icons (NM&I) Sector encompasses a diverse array of assets located throughout the United States and its Territories. While many of these assets are listed in either the National Register of Historic Places or the List of National Historic Landmarks, all share three common characteristics: (1) they are a monument, physical structure, object, or geographic site; (2) they are widely recognized to represent the Nation’s heritage, traditions, or values, or widely recognized to represent important national cultural, religious, historical, or political significance; and (3) their primary purpose is to memorialize or represent some significant aspect of the Nation’s heritage, tradition, or values, and to serve as points of interest for visitors and educational activities. NM&I Sector assets are all physical structures, objects, or geographic sites. Included as part of each asset are the operational staff and visitors that may be impacted by an attack on the asset. There are minimal cyber and telecommunications issues associated with this sector because of the nature of the assets. There may be some information technology or telecommunications systems utilized at a few of the assets that will be considered during the vulnerability assessment process and the protective program implementation as appropriate. Some physical structures that could be considered as monuments or icons (e.g., Golden Gate Bridge, Sears Towers, Hoover Dam, U.S. Capitol) have been determined to be more appropriately assigned to other sectors, such as Transportation Systems, Commercial Facilities, Dams, and Government Facilities, because of their primary purpose. The NM&I Sector-Specific Plan is primarily focused on the identification, assessment, prioritization, and protection of nationally significant NM&I that may be attractive terrorist targets.*

* Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.


68



12.2 Professional Development Resources ASIS Business Continuity Guideline | PDF | A guideline that encompasses all elements of disaster management and recovery. ASIS Disaster Preparation Guide | PDF | This guide was prepared to assist its members and others engaged in disaster planning. It was created with business and industry in mind. ASIS Emergency Planning Handbook – Provides guidance and direction to corporate security supervisors/managers who have emergency planning responsibilities. It imparts planning guidance in summary form that can be adapted to and supplemented by company procedures and policies. ASIS General Security Risk Assessment Guideline | PDF | A seven-step process that creates a methodology by which security risks at a specific location can be identified and communicated, along with appropriate solutions. ASIS Threat Advisory System Response Guideline | PDF | A guideline to provide private business and industry with possible actions that could be implemented based on the Alert Levels of the Department of Homeland Security. Critical Incident Protocol: A Public Private Partnership | PDF | Office of Domestic Preparedness – This publication Critical Incident Protocol: A Public and Private Partnership discusses the essential and beneficial process of the public and private sectors working together to plan for emergencies. Important elements include planning, mitigation, business recovery, lessons learned, best practices, and plan exercising. Department of Homeland Security Critical Infrastructure Partnership Advisory Council Critical Infrastructure Sector Partnership Daily Open Source Infrastructure Report National Infrastructure Protection Plan National Strategy for the Physical Protection of Critical Infrastructures and Key Assets Protected Critical Infrastructure Information (PCII) Program Emergency Planning Guide for Business and Industry | PDF | Federal Emergency Management Agency – This guide provides step by step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather. Homeland Security Exercise and Evaluation Program (HSEEP), Office of Domestic Preparedness – HSEEP is both doctrine and policy for designing, developing, conducting and evaluating exercises. HSEEP is a threat- and performance-based exercise program that includes a


69



cycle, mix and range of exercise activities of varying degrees of complexity and interaction. HSEEP includes a series of four reference manuals to help states and local jurisdictions establish exercise programs and design, develop, conduct, and evaluate exercises. Volume I: Exercise Overview and Doctrine Volume II: Exercise Evaluation and Improvement Volume III: Exercise Program Management and Exercise Planning Process Volume IV: Sample Exercise Documents and Formats

12.2.1 Museums, Libraries, Cultural Properties and other National Icons: American Association of Museums – AAM is the only organization representing the entire scope of professionals and nonpaid staff who work for and with museums. It currently represent more than 15,000 individual museum professionals and volunteers, 3,000 institutions, and 300 corporate members. Every type of museum is represented including art, history, science, military and maritime, and youth museums, as well as aquariums, zoos, botanical gardens, arboretums, historic sites, and science and technology centers. ASIS Museum, Libraries and Cultural Properties Council – Part of ASIS International, this council serves as a credible and leading information source dedicated to education, outreach, and suggested practices for museums, libraries, cultural properties, and other similar industries. FBI Art Crime Team – Art and cultural property crime is a looming criminal enterprise with estimated losses running as high as $6 billion annually. To recover these precious pieces—and to bring these criminals to justice—the FBI uses a dedicated Art Crime Team of 12 Special Agents to investigate, supported by three Special Trial Attorneys for prosecutions…and it mans the National Stolen Art File, a computerized index of reported stolen art and cultural properties for the use of law enforcement agencies across the world. Heritage Preservation – Heritage Preservation is working to save the objects that embody our history, partnering with conservators, museums, civic groups, and concerned individuals across the nation who care about preserving pieces of our shared and individual pasts. They do this through conservation, education and preparation. National Stolen Art File – The NSAF is a computerized index of stolen art and cultural property as reported to the FBI by law enforcement agencies throughout the United States and the world. The NSAF consists of images and physical descriptions of stolen and recovered objects, in addition to investigative case information. The primary goal of the NSAF is to serve as a tool to assist investigators in art and cultural artifact theft cases and to function as an analytical database providing law enforcement officials with information concerning art theft.


70



12.2.2 Other Resources, Guides, etc… The Art Loss Register – The ALR offers the following services: registration of the legitimate ownership of works of art and other valuable possessions, registration of the loss of works of art and other valuable possessions, registration of fake and forged works of art and other valuable possessions, due diligence services, expert provenance research of works of art and other valuable possessions, specialist world war two provenance research, investigative and recovery work. Heritage Preservation Book Store Heritage Preservation Field Guide to Emergency Response The Emergency Response and Salvage Wheel International Committee on Museum Security – This committee serves to support the aims and objectives of ICOM, in particular with the reference to museum security, to formulate and carry out a program of activities related to museum security; to provide a forum for communication, co-operation and information exchange, between museums, professional museum workers and others concerned with museum security; to provide advice to ICOM on museum security and be a source of professional expertise to assist in the implementation of ICOM’s program; to represent the interests of museum security within ICOM; to cooperate with the National Committees and Affiliated Organizations in matters related to the Committees specific mandate; and to the broader interests of ICOM. International Foundation for Cultural Property Protection – The IFCPP is and organization that supports the profession of Cultural Property Protection. They provide training, guidelines, and certification for these professionals. The IFCPP also host an annual conference and training session. For more information visit www.ifcpp.org/conf.htm Museum Security Mailing List – Providing daily summaries of incidents involving cultural properties worldwide. Smithsonian Institution National Conference on Cultural Property Protection – This 3day conference in Washington, DC offers insight and proven solutions for new and seasoned professionals in the field of cultural property protection. Learn from the best, discover new trends, and take away effective tools for your organization. Network with national and international peers from small and large museums, libraries and cultural properties. Suggested Practices for Museum Security | PDF |


71


Nuclear Reactors, Materials, and Waste Sector

13.0 Nuclear Reactors, Materials, and Waste Sector 13.1 Sector Overview Nuclear power accounts for approximately 20 percent of the Nation’s electrical use, provided by 104 commercial nuclear reactors licensed to operate in the United States. The Nuclear Reactors, Materials, and Waste (Nuclear) Sectors includes: nuclear power plants; non-power nuclear reactors used for research, testing, and training; nuclear materials used in medical, industrial, and academic settings; nuclear fuel fabrication facilities; decommissioning reactors; and the transportation, storage, and disposal of nuclear material and waste. The Nuclear Sector has identified interdependencies with other CI/KR sectors, including: Energy as a supplier to the Nation’s electrical grid Transportation Systems through the movement of radioactive materials Chemical as related to hazardous chemicals at fuel cycle facilities Public Heath and Healthcare through a nuclear medicine, radiopharmaceuticals, and sterilization of surgical supplies Government Facilities through Federal and State facilities that use radioactive material for various purposes *

*



72



13.2 Professional Development Resources Canadian Radiation Alert/Expert System for Critical Infrastructure Monitoring Critical Infrastructure Partnership Advisory Council, U.S. Department of Homeland Security Critical Infrastructure Test Range, Idaho National Laboratory Guarding America: Security Guards and U.S. Critical Infrastructure | PDF | Homeland Security Presidential Directive/Hspd-7, www.whitehouse.gov | PDF | Homeland Security Presidential Directives, U. S. Environmental Protection Agency (EPA) HSPD-7: Critical Infrastructure Identification, Prioritization, and Protection | PDF | Infrastructure Work Group Helping Homeland Security, www.examiner.com Natural Disasters and Nuclear Critical Infrastructure Negotiations |Cat.inist | Inderscience | Operator Support for Ageing Nuclear Critical Infrastructure Systems | Cat.inist | Partnership for Critical Infrastructure Security (PCIS) Protecting the Nation’s Infrastructure, Idaho National Laboratory | PDF | Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options, Paul W. Parfomak (updated 26 Jan. 2007), Congressional Research Service | PDF | Department of Energy Department of Homeland Security Nuclear Energy Institute Nuclear Regulatory Commission

www.energy.gov www.dhs.gov www.nei.org www.nrc.gov

10 CFR 26 – Fitness for Duty Program 10 CFR 72 – Licensing Requirements for the Independent Storage of Spent Nuclear Fuel, HighLevel Radioactive Waste, and Reactor-Related Greater than Class C Waste 10 CFR 73 – Physical Protection of Plants and Materials 73.1

– Purpose and Scope (DBT)

73.21

– Safeguards Information


73



73.55

– Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage

73.56

– Personnel Access Authorization for Nuclear Power Plants

Appendix B ( to Part 73 ) – General Criteria for Security Personnel


74


Postal and Shipping Sector

14.0 Postal and Shipping Sector 14.1 Sector Overview The Postal and Shipping Sector is an integral component of the U.S. economy, employing more than 1.5 million people and earning revenues of more than $148 billion per year. The Postal and Shipping Sector moves hundreds of millions of messages, products, and financial transactions each day. Postal and shipping activity is differentiated from general cargo operations by its focus on small- and medium-size packages and by service from millions of senders to millions of destinations. The sector is highly concentrated, with a handful of providers holding roughly 96 percent of the market share. Sector-specific assets include: high-volume automated processing facilities; tens of thousands of local delivery units; many and varied collection, acceptance, and retail operations; mail transport equipment; and information and communications networks. Beyond physical and cyber assets, the most critical sector asset is public trust. The Postal and Shipping Sector has many dependencies and inter-relationships with a wide range of other sectors, including its potential role as a threat vector to other sectors and the general public. The Banking and Finance, Government Facilities, Commercial Facilities, and Public Health and Healthcare Sectors all rely heavily on the Postal and Shipping Sector for the shipment and delivery of critical documents and packages. The Postal and Shipping Sector itself relies on: 1) the Transportation Systems Sector for the movement of mail and packages by air, road, or rail, as well a being a major customer of the sector; 2) the Energy Sector for power, as well as being a customer of the sector; and 3) the Information Technology and Telecommunications sectors for supporting logistics operations and automatic identification and sorting; these sectors are also key customers. All of these sectors are working together to ensure that their efforts support each other. *

*



75



14.2 Professional Development Resources American Trucking Association (ATA) Security Council Business Alliance for Secure Commerce (BASC) – An international business alliance, created to promote secure international trade in cooperation with governments and international organizations. Canada Border Services Agency Customs Self Assessment (CSA) – As part of the Customs Action Plan, the Canada Border Services Agency (CBSA) introduced the Customs Self Assessment (CSA) program, a progressive trade option for clients who invest in compliance. Based on the principles of risk management and partnership, the CSA program will be of mutual benefit to the importing community and the CBSA. Clients will have the opportunity to significantly reduce the costs of compliance while enhancing their ability to comply with customs requirements. Partners in Protection (PIP) Canada Post Canadian Air Transport Security Authority (CATSA) Canadian International Freight Forwarders Association (CIFFA) International Federation of Freight Forwarders Association (FIATA) Pandemic Flu Preparedness TAMIFLU Toronto Pandemic Influenza Plan (TPIP) Transport Canada U.S. Customs and Border Protection Customs-Trade Partnership Against Terrorism (C-TPAT) Free and Secure Trade (FAST) U.S. Postal Service


76



14.2.1 Regional Cargo Security Councils: Eastern Region Transportation Security Council Chairman - Bill Downes ABF Freight System, Inc 110 East Jefryn Blvd Deer Park, NY 11729-5714 Office: 631 243-0800 Fax: 631 243-0811 Cell: 516 659-3844 Email: [email protected]

Southeast Transportation Security Council Chairman - James Phillips CNF Inc 215 West Orton Street Pallapooso, GA 30176 Tel: 770 574-8421 Fax: 770 574-8602 Email: [email protected]

Mid-Atlantic Transportation Security Council Chairman - Curtis Shewchuk CNF Inc 5065Tara Drive Fredericksburg, VA 22407-6545 Tel: 540 548-3119 Fax: 540 548-3089 Email: [email protected]

Southwest Transportation Security Council Chairman - JJ Coughlin CNF Inc 2360 Shorecrest Drive Rockwall, TX 75087 Tel: 972 772-3925 Fax: 972 772-3675 Cell: 214 649-6441 Email: [email protected]

Mid-South Cargo Security Council President - Jerry Keenum US Freightways 8100 West Sandidge Olive Branch, MS 38654 Tel: 662 893-8232 Fax: 662 893-8240 Email: [email protected]

Western States Cargo Security Council & CHP/FBI/CTIP Task Force Sgt Mark Gomez, CHP 1515 Clay Street - Suite 1602 Oakland, CA 94612 Tel: 510 622-4613 Cell: 510 715-6529 Email: [email protected]

Mid-West Cargo Security Council Chairman - Mike Kozak CNF Inc 12826 Artesian Street Lemont, IL 60439 Tel: 630 243-0879 Fax: 630 243-0930 Email: [email protected]

Western States Cargo Theft Association President - Robert Ghan 8500 Osage Avenue Los Angeles, CA 90045 Tel: 310 216-3996 Fax: 310 216-5768 Email: [email protected]


77



14.2.2 Cargo Theft Task Forces: Tennessee – Arkansas – Mississippi Memphis Auto/Cargo Theft Task Force Major Dewey Betts Memphis Police Dept (901) 327-5670 Special Agent Eddie Young, FBI

California (cont’d) BADCATS Los Angeles Police Department Burglary-Auto Division Captain Jerry Szymanski (213) 485-2527

Florida South Florida “TomCATS” Miami-Dade Police Department (305) 471-3400 Lieutenant Ed Petow

LAX Airport Crimes Unit Los Angeles Police Department Detective Mike Falvo (310) 348-3931

Florida Statewide Cargo Theft Task Force Florida Highway Patrol Lieutenant Bill Shiver (863) 499-2308 (863) 284-4222 Fax Alert (Fax Alert form required)

Pennsylvania FBI Interstate Theft Task Force Philadelphia, PA SA Pam Stratton (215) 418-4137

Georgia Georgia Statewide Cargo Theft Task Force Georgia Bureau of Investigation SSA Michael McDaniel (478) 987-4545 US Dept. of Agriculture OIG SSA Ken Golec (404) 730-3173 Ext. 237 California CargoCATS Los Angeles County Sheriff’s Office Sergeant Jim LeBlanc (310) 603-3132 California Highway Patrol - FBI Cargo Theft Interdiction Program (C-TIP) Sergeant John Antillion Southern Division (909) 481-4611 Investigator Glenn Sewell Northern Division (510) 622-4626 AirCATS San Francisco Airport San Mateo County Sheriff’s Office Detective Doug Steiner (650) 821-5268


Texas FBI Interstate Theft task Force Dallas, TX SA Kristi Ryan (214) 922-7630 New Jersey FBI Interstate Theft Task Force SSA Joseph Reilly (973) 792-3200 Detective Michael Palermo (973) 792-3215 New Jersey State Police Cargo Theft and Robbery Unit Lieutenant Dave Salzmann (732) 548-7153 New York FBI – Port Authority NY & NJ Police KAT-NET Cargo Theft Task Force John F. Kennedy Int’l Airport S/A Sean Cavanaugh (718) 995-5248 FBI Interstate Theft Task Force Brooklyn – Queens SSA George Wright (718) 286-7351 (718) 395-5816 pager

78



New York (cont’d) New York City Police Department Major Case Squad Sergeant Francis “Buddy” Murnane (718) 265-7327 Suffolk County Police Department Long Island New York Robbery Bureau Sergeant Al Feinstein (631) 852-6176 Illinois FBI Chicago Interstate Theft Task Force SA Bill Griffin (312) 786-2772 (312) 786-2525 telefax (312) 431-1333 24-hour number Downtown Chicago SA Chuck Pearson (708) 429-2227 Chicagoland area Nevada Las Vegas Metropolitan Police Department VIPER (Auto & Cargo) Task Force Lieutenant Larry Spinoza (702) 229-3576


79


Public Health and Healthcare Sector

15.0 Public Health and Healthcare Sector 15.1 Sector Overview The Public Health and Healthcare Sector constitutes approximately 15 percent of the gross national product. Operating in all U.S. States, Territories, tribal areas, cities, counties, and towns, the Public Health and Healthcare Sector is integral to the U.S. economy and plays a significant role in response and recovery across all other sectors in the event of a natural or manmade disaster. The Public Health and Healthcare Sector is highly decentralized. Sector entities work together under varying circumstances (e.g., managing supplies, providing clinical care), however, other than in catastrophic events, healthcare tends to be localized. The Public Health and Healthcare Sector has interdependencies across multiple sectors, including: The Transportation Systems Sector for the movement of supplies, pharmaceuticals, workforce members, and emergency response units The Agriculture and Food Sector for coordination of pandemic preparedness and other issues The Energy Sector for continuity of operations, electricity to maintain medical device systems, and enabling protection programs The Drinking Water and Water Treatment Systems Sector for the provision of healthcare, pharmaceutical operations, and sanitization The Emergency Services Sector for coordination with first-responders The Information Technology and Telecommunications Sectors for critical information systems and security services *

*



80



15.2 Professional Development Resources American Hospital Association (AHA) – The national organization that represents and serves all types of hospitals, healthcare networks, and their patients and communities. Through representation and advocacy activities, AHA ensures that members' perspectives and needs are heard and addressed in national health policy development, legislative and regulatory debates, and judicial matters. American Society for Healthcare Risk Managers (ASHRM) – ASHRM’s goal is to advance safe and trusted patient-centered healthcare delivery, promotes proactive and innovative management of organization-wide risk in the healthcare industry. ASIS Healthcare Security Council – The ASIS Councils have been established to serve the ASIS membership through identification of information regarding security issues in their specific concentration. Centers for Disease Control and Prevention (CDC) – The CDC is the sentinel for the health of people in the United States and throughout the world, striving to protect people’s health and safety, provide reliable health information, and improve health through strong partnerships. Department of Homeland Security – Serves to mobilize and organize our nation to secure the homeland from terrorist attacks. Homeland Security Exercise and Evaluation Program (HSEEP) – This Department of Homeland Security Web site helps interested individuals learn how to run a disaster exercise. Federal Emergency Management Administration (FEMA) – Establishes a comprehensive allhazards approach to enhance the ability of the United States to manage domestic incidents. FEMA’s Emergency Management Institute – Offers free training on the Incident Command System. International Association for Healthcare Security and Safety (IAHSS) – dedicated to professionals involved in managing and directing security and safety programs in healthcare institutions. Joint Commission on Accreditation of Healthcare Organizations (JCAHO) – The Joint Commission evaluates and accredits nearly 15,000 health care organizations and programs in the United States. An independent, not-for-profit organization, the Joint Commission is the nation’s predominant standards-setting and accrediting body in health care. HC-PRO – This site is the publication branch for the Joint Commission on Accreditation of Hospital Organization. HC Pro sells various publications regarding healthcare security, safety, and the Environment of Care. Healthy Americans – A non-profit organization with information on pandemic flu. Infragard – A non-profit organization that acts as an information exchange for terrorist attacks. The National Center for Disaster Preparedness – A research group dedicated to providing information and studies related to disaster preparedness. National Fire Protection Association (NFPA) – NFPA is a nonprofit organization dedicated to reducing the worldwide burden of fire and other hazards on the quality of life by providing and advocating consensus codes and standards, research, training, and education.


81



National Institute for Occupational Safety and Health (NIOSH) – The federal agency responsible for conducting research and making recommendations for the prevention of work-related injury and illness. Occupational Safety and Health Administration (OSHA) – OSHA's mission is to assure the safety and health of America's workers by setting and enforcing standards; providing training, outreach, and education; establishing partnerships; and encouraging continual improvement in workplace safety and health. Pandemic Flu – One-stop access to U.S. Government avian and pandemic flu information. Managed by the Department of Health and Human Services.

15.2.1 Books, Publications, and News Clips: Altered Standards of Care in Mass Casualty Events | PDF | United States Department of Health and Human Services. Agency for Healthcare Research (2005) Business Influenza Pandemic Checklist | PDF | The Economic Impact of Pandemic Influenza in the United States: Priorities for Intervention – Emerging Infectious Diseases 5.5 Sept.—Oct. 1999. Meltzer, Martin I, Nancy J. Cox, and Keiji Fukuda (1999). From Planning to Action – Critical Issues in Responding to Pandemic Influenza | PDF | Southeastern Center for Emerging Biologic Threats (2005). The Influenza Pandemic of 1918 – Stanford University (2005). National Strategy for Pandemic Influenza: Implementation Plan | PDF | Homeland Security Council (2006) Pandemic Influenza Plan – United States Department of Health and Human Services (2006) The Public/Private Response to Sudden Disease Outbreak | PDF | Final Report Prepared for Alfred P. Sloan Foundation, Institute of Public Health Law, CDC Foundation. Matthews, Gene (2006). Quarantine and Isolation: Lessons Learned from SARS | PDF | A Report to the Centers for Disease Control and Prevention. Responding to the Avian Influenza Pandemic Threat: Recommended Strategic Actions | PDF | World Health Organization (2005) Social, Economic, and Security Implications of Avian Influenza – Dobriznsky, Paula J., Nixon Center. Washington, D.C. Supplement D: Community Containment Measures, Including Non-Hospital Isolation and Quarantine | PDF | Public Health Guidance for Community-Level Preparedness and Response to Severe Acute Respiratory Syndrome (SARS) Version 2. United States Department of Health and Human Services. Centers for Disease Control and Prevention (2004).


82


Telecommunications Sector

16.0 Telecommunications Sector 16.1 Sector Overview The Telecommunications Sector is an integral component of the U.S. economy as it underlies the operations of all businesses, public safety organizations, and government. Over 25 years, the sector has evolved from predominantly a provider of voice services into a diverse, competitive, and interconnected industry using terrestrial, satellite, and wireless transmission systems. The transmission of these services has become interconnected; satellite, wireless, and wireline providers depend on each other to carry and terminate their traffic and companies routinely share facilities and technology with each other to ensure interoperability. A majority of the Telecommunications Sector is privately owned, requiring DHS to work closely with the private sector and its industry associations to identify infrastructure, assess risks, prioritize risks, develop protective programs, and measure program effectiveness. The Telecommunications Sector has critical interdependencies with: The Energy Sector for power to run cellular towers, central offices, and other critical communications facilities; The Information Technology Sector for critical control systems and services; and Other CI/KR sectors. All CI/KR have critical dependencies with the Telecommunications Sector. For example: The Banking and Finance Sector relies on telecommunications for the transmission of transactions and operations of financial markets; The Emergency Services Sector depends on telecommunications for directing resources, coordinating response, alerting the public, and receiving emergency 911 calls; and The Postal and Shipping Sector uses telecommunications for its control systems, tracking shipments, and regular communications requirements. *

*



83


Telecommunications Sector

16.2 Professional Development Resources Cellular Telecommunications and Internet Association (CTIA) – Represents wireless and Internet service providers. Federal Communications Commission, Bureau of Public Safety and Homeland Security – Promotes homeland security through network protection, interoperability, redundancy, and reliability. National Communications System – Manages national security and emergency preparedness communications for government agencies - manages government emergency telephone system (GETS), telephone service priority (TSP), and wireless priority services (WPS). National Telecommunications and Information Administration (NTIA) – Frequency assignment and spectrum management. NEUSTAR, Inc. – Database for obtaining information about wireless numbers ported from one carrier to another. Telecommunications Industry Association (TIA) – Represents smaller communications carriers throughout the US. U.S. Department of Homeland Security, Homeland Security Information Network (HSIN) – The Homeland Security Information Network (HSIN) allows all states and major urban areas to collect and disseminate information between federal, state, and local agencies involved in combating terrorism.


84


Transportation Systems Sector

17.0 Transportation Systems Sector 17.1 Sector Overview The Nation’s transportation system quickly, safely, and securely moves people and goods through the country and oversees. The Transportation Systems Sector consists of six key subsectors, or modes: Aviation includes aircraft, air traffic control systems, and approximately 450 commercial airports and 19,000 additional airfields. This mode includes civil and joint use military airports, helicopters, short takeoffs and landing ports, and seaplane bases. Highway encompasses more than 4 million miles of roadways and supporting infrastructure. Vehicles include automobiles, buses, motorcycles, and all types of trucks. Maritime Transportation Systems consists of about 95,000 miles of coastline, 361 ports, over 10,000 miles of navigable waterways, 3.4 million square miles of Exclusive Economic Zone to secure, and intermodal landside connections, which allow the various modes of transportation to move people and goods to, from, and on the water. Mass Transit includes multiple-occupancy vehicles, such as transit buses, trolleybuses, vanpools, ferryboats, monorails, heavy (subway) and light rail, automated guideway transit, inclined planes, and cable cars designed to transport customers on local and regional routes. Pipeline Systems include vast networks of pipeline that traverse hundreds of thousands of miles throughout the country, carrying nearly all of the Nation’s natural gas and about 65 percent of hazardous liquids, as well as various chemicals. Rail consists of hundreds of railroads, more than 143,000 route-miles of track, more than 1.3 million freight cars, and roughly 20,000 locomotives. *

*



85



17.2 Professional Development Resources American Association of State Highway and Transportation Officials (AASHTO) American Bus Association Security Information – For those cities containing bus services, the following motorcoach industry security information may be of value. Note: To access the complete version of the Anti-Terrorism Action Plan and other resources, you have to join the association. Aviation Safety Network – Providing everyone with a (professional) interest in aviation with up-to-date, complete and reliable authoritative information on airliner accidents and safety issues. British Transport Police – The national police force for the railways providing a policing service to rail operators, their staff and passengers throughout England, Wales and Scotland. The Force is also responsible for policing the London Underground system, the Docklands Light Railway, the Midland Metro Tram System and Croydon Tramlink. Center for Water Security – The overall mission of the Center for Water Security at the Great Lakes WATER Institute is "to ensure the security, quality and quantity of freshwater supplies serving the citizens of the U.S." CIP Report – A monthly, electronic newsletter for professionals in industry, government, and academia who have an interest in critical infrastructure protection (CIP). The newsletter provides the latest information about CIP including emerging legislation, government initiatives and leaders, and academic endeavors. Each issue focuses on an individual CIP sector and highlights sector initiatives, profiles sector leaders, and outlines the most important issues faced by the sector. Committee on Transportation and Infrastructure – Official web site of the U.S. House Committee overseeing transportation security and infrastructure issues. Critical Infrastructure Protection Center, U.S. Fire Administration (USFA) – This web page contains resources that will assist communities in deterring or preventing attacks against critical infrastructures by people (e.g., terrorists, other criminals, hackers, etc.), by nature (e.g., hurricanes, tornadoes, earthquakes, floods, etc.), and by hazardous materials accidents involving nuclear, biological, or chemical substances. Critical Infrastructure Protection Project (CIP Project), George Mason University – Project focus is on impediments to sound cyber security and risk management practices. Critical Infrastructure Protection Series, Center for Strategic & International Studies (CSIS) – The series reviews steps that the government and industry took to recover from the events of September 11 and subsequent anthrax attacks, what we have learned about our ability to withstand and recover from attacks of this kind, and what we must do to improve the security of our critical infrastructure. Deloitte – Various topics on supply chain security.


86



Federal Highway Administration (FHWA) GIS in Transportation – GIS Cafe article by Lili Eylon Office of Infrastructure – Provides leadership, technical expertise, and program assistance in: Federal-Aid Highway Programs; Asset Management; Pavements; and Bridges to help sustain America's mobility. Federal Transit Administration Office of Safety and Security – Concerned with matters relating to the safety and security of our nation's mass transit systems. Federal Transit Administration Updates Nationwide Transit Safety and Security Awareness Program Homeland Security Institute – This is an excellent, up-to-date reference site. E-newsletter is available for free. Formerly the ANSER Institute for Homeland Security. Information Sharing & Analysis – DHS sub-organization responsible for CI protection InfraGard. InfraGard's goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures. Infrastructure Policy Group – Reports issues and trends in infrastructure policy at the state government level. Institute for Biosecurity – An excellent focused site on the topic of bioterrorism with lots of links. International Cargo Security Council – Contains links to publications and web sites related to cargo security. Logistics Management National Consortia on Remote Sensing in Transportation (NCRST) – NCRST-Infrastructure is pursuing a broad program of research and outreach in identification and protection of critical transport infrastructure. National Transportation Library NCGIA CCTP Unit 3 Locating Transportation Data, by Val Noronha – In the NCGIA Core Curriculum for Technical Programs) NCGIA Core Curriculum in GISci – Detailed Outline. The entrance page for the NCGIA Core Curriculum in Geographic Information Science, the latest version of the NCGIA GIS Core Curriculum project NSDI FrameWork Transportation Standard Now Proposed as FGDC Standard – GIS Cafe article; summary of FGDC/NSDI standards for transportation NYPD Transit – Includes a history of policing the NYC Subway, a profile on the "Job of a Transit Cop," and unit profiles of the specialized Vandal and Homeless Outreach Squads. Also contains pages on


87



Transit Boroughs Manhattan, Bronx, Brooklyn and Queens, including information on patrol areas (known as transit districts) and the stations and subway lines they cover. Partnership for Critical Infrastructure Security – The Partnership for Critical Infrastructure Security is a non-profit organization run by companies and private sector associations representing critical infrastructure industries. It offers a forum for networking among government agencies and industry representatives on reducing vulnerabilities, mitigating risks, identifying strategic objectives and sharing information on security practices. Public Safety (PS) Canada – Canada’s lead department for public safety. PS build and implement national policies for emergency management and national security. Technical Support Working Group (TSWG) Infrastructure Protection – Informational Web site of the Technical Support Working Group of the Department of Defense, which conducts research and development projects for combating terrorism. The Infrastructure Security Partnership (TISP) – An association of associations offering help and advice primarily in engineering areas regarding homeland security and infrastructure protection, with links to member organizations. Transportation Research Board (TRB) – Part of the National Academies of Sciences. Transportation System Security – In light of the tragic events of September 11, 2001, enhancing the security of our transportation system is expected to be one of the highest priorities of transportation agencies. TRB and The National Academies have generated extensive information on this issue in recent years. This web site brings together much of this information. Also included are links to other related Web sites that contain discussions of issues, actions which can be taken, guidance and training opportunities. Transit Standards Consortium – Mass transit standards and improvements. Transportation and Infrastructure Research, Rand Corporation – RAND Europe, a division of RAND, specializes in transportation issues, including planning, policy, safety, and environmental considerations of air, water, and surface systems. Many RAND divisions participate in research on critical infrastructure, such as power grids or waterways. Transportation Security Administration (TSA) – The Transportation Security Administration protects the Nation's transportation systems to ensure freedom of movement for people and commerce. TRISOnline – The National Transportation Library provides this online database. Use it to retrieve bibliographic data on airport security, bus security, train security, etc. Tropical Shipping – From Canada to South Florida, Tropical Shipping operates state-of-the-art facilities in select seaside ports to meet your freight-shipping needs to and from the Caribbean and the Bahamas. Tutor2U – Inter-brand Consultancy.


88



U.S. Department of Homeland Security (DHS) U.S. Customs and Border Protection (CBP) U.S. Department of Transportation, Office of Inspector General Aviation and Special Programs Reading Room Surface and Maritime Reading Room U.S. General Accounting Office Reports on Airport Security Issues (Special Collection) Reports on Homeland Security Issues (Special Collection)

17.2.1 Books, Publications, and News Clips Air Cargo Security | PDF | U.S. Library of Congress, Congressional Research Service Report RL32022 by Bartholomew Elias updated September 11, 2003. Airline Passenger Security Screening: New Technologies and Implementation Issues, Committee on Commercial Aviation Security, Panel on Passenger Screening, National Materials Advisory Board, Commission on Engineering and Technical Systems, National Research Council. Washington, D.C. : National Academy Press, c1996. 74pp. Main Library Stacks TL553.5 .A37 1996 This book addresses new technologies being considered by the Federal Aviation Administration (FAA) for screening airport passengers for concealed weapons and explosives. The FAA is supporting the development of promising new technologies that can reveal the presence not only of metal-based weapons as with current screening technologies, but also detect plastic explosives and other non-metallic threat materials and objects, and is concerned that these new technologies may not be appropriate for use in airports for other than technical reasons. This book presents discussion of the health, legal, and public acceptance issues that are likely to be raised regarding implementation of improvements in the current electromagnetic screening technologies, implementation of screening systems that detect traces of explosive materials on passengers, and implementation of systems that generate images of passengers beneath their clothes for analysis by human screeners. Airport Security Special Collection – see Special Collection on Airport Security Airport Watch: Airport and Aircraft Security – Aviation crime prevention, like home or business crime prevention, is primarily a matter of anticipating risks and eliminating them. Most crimes occur because a criminal found an easy opportunity with little danger of being observed or caught. Removing opportunity prevents crime. Even in high-risk business settings, aggressive prevention programs reduce the risk of successful attacks. Article by Robert A. Gardner. Still available thanks to the Internet Archives.


89



Aviation Security – Civil aviation security exists to prevent criminal activity on aircraft and in airports. Criminal activity includes acts such as hijacking (air piracy), damaging or destroying aircraft and nearby areas with bombs, and assaulting passengers and aviation employees. Today, aviation security is high on the list of priorities of air travelers, the Federal Government, and the international air community. In the earliest days of aviation, however, aviation security was only a minor concern. Article on the history of aviation security by the U.S. Centennial of Flight Commission. Aviation Security Articles from the U.S. News & World Report – Type in "aviation security" to retrieve recent articles. Aviation Security: Counterterrorism Publications for Law Enforcement Officials Background Q&A: The UAE Purchase of American Port Facilities – Questions and answers about issues surrounding a purchase that would give a company from Dubai (in the United Arab Emirates) "control over facilities in six U.S. ports: New York, Miami, Newark-Port Elizabeth, Philadelphia, New Orleans, and Baltimore." Discusses security concerns (weapons of mass destruction and vulnerability of liquefied natural gas), the company (DP World), significance of operation of U.S. ports by foreign companies, and related topics. Provided by Council on Foreign Relations. Source: Librarians' Internet Index, Week of March 2, 2006. Basic Characteristics of Freight Rail Transportation in the United States | PDF | This report provides a preliminary assessment of the freight railroad system as a critical infrastructure of the U.S., and describes the system's ability to continue to operate after accidents, natural disasters, actions caused by trespassers and possible terrorist threats. Critical Infrastructure Assurance Office. January 1997. Books About Airport Security in the MSU Libraries Border and Transportation Security: The Complexity of the Challenge | PDF | Jennifer E. Lake et al., Congressional Research Service Domestic Social Policy Division (March 29, 2005). 19pp. Posted by the Federation of American Scientists. Discusses advance passenger and cargo manifests, the Container Security Initiative, the Customs-Trade Partnership Against Terrorism (C-TPAT), and other current programs. Lake, J., Robinson, W., and Seghetti, L. Domestic Social Policy Division. Border and Transportation Security: Overview of Congressional Issues | PDF | Summarizes the roles and responsibilities of federal agencies involved in border and transportation security, and discusses issues confronting the 109th Congress. Jennifer E. Lake, Congressional Research Service (Dec. 17, 2004). 25pp. Posted by the Federation of American Scientists. Border and Transportation Security: Possible New Directions and Policy Options | PDF | William H. Robinson et al. Congressional Research Service Domestic Social Policy Division, March 29, 2005. 24pp. Posted by the Federation of American Scientists. Discusses biometric identification, maritime domain awareness, smart containers, and other developing programs. Border and Transportation Security: Selected Programs and Policies | PDF | Lisa M. Seghetti et al. Congressional Research Service Domestic Social Policy Division, March 29, 2005. 28pp. Posted by the Federation of American Scientists. Cargo Security: High Tech Protection, High Tech Threats | PDF | "The $2.7 trillion transportation industry accounts for 17 percent of the U.S. economy. But an estimated $30 to $50


90



billion in cargo is stolen worldwide each year." Computer-savvy criminals, backed by syndicates and assisted by corporation insiders, are manipulating the new shipping technology for illicit gains. Security professionals must maintain the expertise to anticipate and prevent sophisticated theft at every link in the worldwide supply chain. Ed Badolato, President, CMS, Inc. Cargo Theft: America’s Most Serious Property Crime | PDF | Edward V. Badolato, Security Management Magazine (July 2000). Posted by Contingency Management Services, Inc. Cleveland Transit Authority: Integrating CCTV, Access Control and Life Safety [Access restricted to MSU faculty and students or Proquest subscribers] Article by John Mesenbrink appearing in Security 39, no. 3 (March 2002). Whether they take a bus to work, ride the train to the airport or travel among the 59 municipalities it serves, Greater Cleveland Regional Transit Authority's riders logged nearly 60 million trips a year. The RTA is one of the largest transit systems in the United States. That makes it especially difficult to provide a safe environment for its 4 million riders and 3,000 employees, and protect its many buildings, millions of dollars of physical assets and the more than $30 million it collects in fares every year. Coast Guard Must Ramp Up Security, Acquisition Efforts, GovExec.com (Feb. 13, 2003) – The Coast Guard should accelerate efforts to protect U.S. seaports from terrorism and move ahead on its $11 billion Deepwater acquisition project, senators from coastal states said Wednesday. Sen. Olympia Snowe, R-Maine, called on the Coast Guard to speed up security assessments of seaports and said she would try to increase funding for Deepwater, the service’s 30year upgrade of its offshore fleet, so the project could be finished in 10 years. Computer Assisted Passenger Pre-Screening – In the past 18 months, most airline passengers have been more than willing to sacrifice a little convenience in the name of safety. The Transportation Security Administration bets they are willing to sacrifice privacy as well. That's the premise anyway of TSA's Computer Assisted Passenger Pre-Screening (CAPPS) II program, which Lockheed Martin Corp. will develop in the coming months to serve as a watchdog for the aviation industry. The program, which will receive passenger data from airline systems, will search government watch lists, financial records and other databases, looking for suspicious activity. The system will then assign a red, yellow or green threat level to passengers. Red indicates that a passenger cannot board an airplane; yellow will trigger close scrutiny of a passenger. Beware of the Watchdog TSA Awards Passenger Screening Contract Senators Call for CAPPS Oversight Contraband, Organized Crime, and the Threat to the Transportation and Supply Chain Function | PDF | The National Cargo Security Council – a coalition of public and private transportation organizations - has retained FIA International Research Ltd. ("FIA") to examine how the transportation and supply chain function is impacted by cargo crime and the worldwide expansion of contraband markets in otherwise legal products... September 2001. Counter-Terrorism: Publications: Port Security – Collection of government publications on the security of U.S. ports. Topics include port and maritime security challenges, policy and practices,


91



identification systems, container security, potential impact of terrorist attacks on freight transport, role of government agencies (such as the U.S. Coast Guard), and more. Publications go back to 2002. From the Counter-Terrorism Training Coordination Working Group convened by the U.S. Department of Justice. Source: Librarians' Internet Index, Week of March 2, 2006. Detection of Explosives for Commercial Aviation Security, Committee on Commercial Aviation Security, National Materials Advisory Board, Commission on Engineering and Technical Systems, National Research Council. Washington, DC: National Academy Press, 1993. 87pp. This book advises the Federal Aeronautics Administration (FAA) on the detection of small, concealed explosives that a terrorist could plant surreptitiously on a commercial airplane. The book identifies key issues for the FAA regarding explosive detection technology that can be implemented in airport terminals. Recommendations are made in the areas of systems engineering, testing, and technology development. Detour Ahead: Critical Vulnerabilities in America's Rail and Mass Transit Security Programs, Transportation Research Board of the National Academies Press (2006). U. S. Congressman Bennie G. Thompson, ranking member of the U.S. House of Representatives’ Homeland Security Committee, has released a report that was prepared by the Democratic staff of the committee that examines the potential vulnerabilities of America’s rail and mass transit security programs. The report was produced to coincide with the first anniversary of the London public transportation bombings of July 7, 2005. DHS Plans Web site to Help Identify Transportation Vulnerabilities – The Department of Homeland Security plans to set up a free Web site that will allow owners and operators of transportation systems to voluntarily assess their security protections against terrorist attacks and receive recommendations on how to make improvements, the department announced this week. DHS is seeking public and industry comment on the Vulnerability Identification Self-Assessment Tool. The department submitted a request Wednesday to the Office of Management and Budget for emergency processing and approval authority to move forward on developing the tool. Comments are due to OMB by Sept. 9. The tool would be free to users and managed by the Transportation Security Administration. "After its inception, TSA faced the challenge of securing all of the different modes within the transportation sector," the Federal Register notice states. "A methodology was required in order to support inter- and intramodal analysis and decision-making. Millions of assets exist within the transportation sector, ranging from over 500,000 highway-bridges to over 19,000 general aviation airports. DOT Begins Recruiting Federal Security Directors for Airports, U.S. Department of Transportation (Jan. 8, 2002). News release. DOT Report Says U.S. Transit Systems Vulnerable to Terrorist Threat – According to recent report published by the U.S. Transportation Department, buses and trains in the United States are becoming inviting targets for terrorist acts. Excerpted from: ERRI DAILY INTELLIGENCE REPORT-ERRI Risk Assessment Services-Saturday, February 28, 1998 Vol. 4 – 059


92



DOT Taps Private Industry for Help in Building Transportation Security Administration, U.S. Department of Transportation (Jan. 16, 2002) – News release. Emergency Preparedness for Transit Terrorism [electronic resource], Annabelle Boyd and John P. Sullivan. Washington, D.C.: National Academy Press, 1997. Cataloged for Magic Emergency Response Guidebook (2000): A Guidebook for First Responders During the Initial Phase of a Dangerous Goods/Hazardous Materials Incident, U.S. Department of Transportation. An Evaluation of the Transportation Security Administration’s Screener Training and Methods of Testing | PDF | Department of Homeland Security, Transportation Security Administration, Office of Inspector General (2004). 122p. Still available thanks to the Internet Archive. Copyright request 2175. Federal Cargo Inspection System Found Wanting – A system used by the Homeland Security Department to help inspectors identify high-risk cargo coming into U.S. seaports needs improvement in order to better screen for weapons of mass destruction, according to a new report. In a summary report released this week, the Homeland Security Department's inspector general found deficiencies in an inspection system used by the Customs and Border Protection Bureau. Called the Automated Targeting System, it is used by CBP inspectors at domestic and foreign ports to help identify highrisk cargo containers for inspection. About 9 million containers arrive annually at U.S. seaports, making it impossible to physically inspect each of them without hampering the flow of commerce. Geography of Transit Crime: Documentation and Evaluation of Crime Incidence On and Around the Green Line Stations in Los Angeles | PDF | 43 pp. GlobalIncidentMap.com Highlights | PDF | U.S. Government Accountability Office Homeland Security: Protecting Airliners from Terrorist Missiles | PDF | Could shoulderfired missiles be the next terrorist weapon? In late October—just two weeks before press reports indicated that some 4,000 surface-to-air missiles had gone missing from Saddam Hussein's arsenal after the invasion of Iraq—the Congressional Research Service released a report assessing the threat such missiles pose to the U.S. airline industry. According to the study, some twenty-five to thirty terrorist and insurgent groups already have surface-to-air missiles, including groups in Turkey, Thailand, Ireland, and Russia. The weapons generally have a range of about four miles, meaning that planes are safe while flying at 20,000 feet or higher, but vulnerable during takeoff and descent. The report notes that since surface-to-air missiles were first developed, in the late 1950s, there have been only six incidents in which passenger jets have been attacked with them; only two of these attacks were classified as "catastrophic," resulting in the deaths of all passengers on board. (The most recent attack occurred in November of 2002, when terrorists linked to Al-Qaeda unsuccessfully fired two surface-to-air missiles at an Israeli passenger jet in Mombasa, Kenya.) The bad news, according to the report, is that there is no simple or affordable way of protecting planes from such missiles. If the U.S. government were to install countermeasures on each of the country's thousands of large passenger jets, the cost would be somewhere between one and three million dollars per


93



aircraft. Deterrence flares (which will soon be installed on planes flown by the Israeli airline El Al) are not good at fooling newer models of the missiles and pose a fire hazard to the areas surrounding an airport. Evasive maneuvering by pilots is deemed "not a viable option." Christopher Bolkcom, Andrew Feickert, and Bartholomew Elias, Congressional Research Service, Oct. 22, 2004, 27pp. Posted by the Federation of American Scientists. Information Concerning the Arming of Commercial Pilots | PDF | GAO-02-822R. Improving Transit Security: A Synthesis of Transit Practice | PDF | National Research Council, Transportation Research Board. 1997. 45pp. Innovators in Supply Chain Security: Better Security Drives Business Value | PDF | National Association of Manufacturers. July 2006. 34 pp. Intermodal Cargo Transportation: Industry Best Security Practices – May 1999. The Job of a Transit Cop Keeping Cargo Safe: Container Security Initiative, U.S. Customs and Border Protection – Facts sheets about the Container Security Initiative (CSI), "a program intended to help increase security for containerized cargo shipped to the United States from around the world." Discusses elements of this anti-terrorism program, the ports where the CSI is in operation, and related material. Includes links to news releases about the CSI. Chapter 7. Transportation Systems, Making the Nation Safe: The Role of Science and Technology in Countering Terrorism, The National Academies Press (2002). Maritime Security: Overview of Issues | PDF | Library of Congress, Congressional Research Service report RS21079 by John F. Frittelli, updated December 5, 2003. 6 pp. Mass Transit Defends Itself Against Terrorism – This article, written by ANSER analyst and editor Steve Dunham, examines how transportation systems have long been victim to various forms of terrorist attack and exploitation. The author conducts a rough historical review of terrorist attack on transportation, examines some of the risks inherent in the system, and discusses efforts by local authorities to improve both safety and security in this sector of critical infrastructure. Article by Steve Dunham appearing in the Journal of Homeland Security, March 2002. Mass Transit: Federal Action Could Help Transit Agencies Address Security Challenges | PDF | GAO-03-263 December 13, 2002. Mass Transit Terror: Madrid & London; Is America Next? [Access restricted to MSU faculty and students or Proquest subscribers] Article by Dean C Alexander. Security. Oct 2005. Vol. 42, Issue 10; pg. 20. After the London attacks, the US terror threat level for mass transit was raised from Code Yellow to Code Orange. US mass transit systems are valued in the hundreds of billions of dollars, and tallied 9 billion passenger trips in 2000. Increased security measures on some portions of European and American ground transportation were implemented shortly after the Mar 11 Madrid attacks, and


94



London's Jul 7 incidents. Countermeasures included greater use of uniformed and undercover police, bombing-sniffing dogs, surveillance cameras, incorporating explosives and bio-chemradiological detection equipment, spot-testing individual, inspecting trash receptacles, and requiring photo identification when purchasing selected tickets. A post-Mar 11 Department of Homeland Security measure, aims to improve security on intercity buses by taking measures to protect the driver, monitoring and commuting with buses, implementing and operating passenger and baggage screening programs, assessing critical needs and vulnerabilities, and training transportation personnel to recognize potential threats. National Strategy for Aviation Security | PDF | The National Strategy for Maritime Security | PDF | Describes specific threats to ocean activities, strategic security goals, and five strategic actions. Also includes eight supporting plans to address specific threats and challenges of the maritime environment. From the Office of the President. The ‘Oh’ Police: Transit Police and Counterterrorism – Steve Dunham of ANSER explains the vital but often overlooked role of the transit police in combating terrorism, assisting other law enforcement agencies, and restoring and preserving transportation in emergencies. He provides numerous examples of the transit police’s expertise, and he notes their innovative ways of information sharing with other emergency responders, their own employees, and the patrons of the transportation system. Dunham also cites the many ways—creating coordination plans and procedures; conducting drills, simulations, and assessments; mobilizing command centers and procuring special equipment—the transit police are successful in creating a premier command structure. Article by Steve Dunham appearing in the Journal of Homeland Security, July 2002. Operation Safe Commerce – The Transportation Security Administration (TSA) is reviewing applications for a pilot program that will help cargo handlers implement technologies to protect sea containers from terrorist threats, several port security experts told lawmakers recently. Transportation officials have said they expect to allocate about $28 million in grants later this year for Operation Safe Commerce (OSC), a government and industry partnership that identifies cargo "supply chain" vulnerabilities along particular trade routes. "Operation Safe Commerce is ... dedicated to finding methods and technologies to protect commercial shipments from threats of terrorist attack, illegal immigration and other contraband while minimizing the economic impact upon the vital transportation system," Asa Hutchinson, the Homeland Security Department's undersecretary for border and transportation security, said during a Senate Governmental Affairs Committee hearing last week. Article by B. Molly, M. Peterson, National Journal's Technology Daily, appearing in GovExec.com, March 25, 2003. Policing Mass Transit: A Comprehensive Approach to Designing a Safe, Secure, and Desirable Transit Policing and Management System, Kurt R. Nelson., Springfield, Ill. : Charles C Thomas Publisher, c1999. 211pp. Main Library Stacks HE194.5.U6 N45 1999. This book is a comprehensive examination of the topics needed to insure the public's safety while using mass transit. Not only will law enforcement professionals and students find it a useful reference, it is also of benefit to transit managers and planners who need to incorporate safety and


95



security design into a mass transit system. The first section of the book discusses the foundations of creating a systematic approach to safety and security. The initial chapter establishes the community orientation needed for creating a stakeholder-vested transit system. From that foundation, an examination of information management and planning finish the discourse on the elemental portions of creating a total system. The next section divides mass transit into its basic components of buses, light rail, and fixed locations/stations. Each component requires consideration of unique or specialized issues. Finally, the last section covers specific topics of concern, such as terrorism, youths, gangs, mentally ill, homeless, and other pertinent areas of interest to both transit policing and system management. Policing Mass Transit is a book well-suited to students, planners, transit managers, and law enforcement officers. It is a comprehensive approach to designing a safe, secure, and desirable mass transit system. Policing Mass Transit: Serving a Unique Community – An article by Kurt R. Nelson from the FBI Law Enforcement Bulletin (January 1997). Policing Transportation Facilities, Henry I. DeGeneste and John P. Sullivan., Springfield, Ill. : C.C. Thomas, c1994. 162pp. Main Library Stacks HV8291.U6 D44 1994 This book is the first comprehensive volume on the emerging discipline of transport policing. The text reviews the major issues concerning security and policing of transportation facilities and provides a framework for informed decision making. Topics include commuter rail and subway crime; maritime, port and cargo security; airport crime transportation terrorism; illegal drugs in transit, hazardous cargo, public bus and rail terminal crime and the special issues of homeless and mentally ill persons in transport centers. The book serves as a valuable resource for managers and command level staff at transit, railway, airport, and seaport police departments; police agencies with transport facilities in their jurisdiction; transportation facility managers; students and universities with programs in criminal justice, police science, government, public administration, transportation, and urban planning; police academies; and government departments of transportation. The text represents years of research, field interviews, teaching experience, administration, and program development in providing administrators and police with a framework for developing strategies to protect their facilities and patrons from current and future security risks. Port and Maritime Security: Background and Issues for Congress | PDF | Library of Congress, Congressional Research Service report RL31733 by John F. Frittelli, updated December 5, 2003. Port and Maritime Security in the United States: Reactions to an Evolving Threat. Colin Robinson. Center for Defense Information (Jan. 28, 2003) – Each day, more than 16,000 containers arrive in the United States by ship, truck, or rail, yet only 2 percent of those that come by sea are inspected. Port and Maritime Security: Potential for Terrorist Nuclear Attack Using Oil Tankers | PDF | CRS report, Dec. 7, 2004 made available by the Federation of Atomic Scientists. Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery | PDF | GAO-07-412, March 28.


96



Port Security: Counter-terrorism Publications for Law Enforcement Officials Ports Work to Shore Up Security [Access restricted to MSU faculty and students or Proquest subscribers] Article by Michael Bradford appearing in Business Insurance 36 (September 16, 2002): 10 A year after terrorists attacked from the skies, U.S. ports are still finding their way in the effort to secure their own vast and vulnerable territory. Most have made some improvements with help from federal funds, albeit in amounts that some in the maritime industry have called inadequate. Critics of port security are blunt: The agencies in charge of security do not have the funding or personnel to protect the maritime industry, said Charming Hayden, president of the Steamship Association of Louisiana. He called the $92.3 million that the federal government granted earlier this year to improve port security a drop in the bucket. There is a $2.2 billion need just to do the minimum at the nation's ports, said Beth Rooney, manager of port security at the Port Authority of New York & New Jersey. Preventing Mass Transit Crime, Ronald V. Clarke. Monsey, N.Y. : Criminal Justice Press, 1996. Main Library Stacks HV7431 .C8 v.6 This collection explores situational crime prevention approaches at New York's Port Authority Bus Terminal, in the NYC Subway, and at transit systems in Washington, DC, Paris, and Chicago. Crime Prevention Studies v.6. The Prospects for Improving Cargo Container Security | PDF | This paper addresses the concerns of cargo container security and solutions to the problems posed by transnational threats to international and national security. Protecting the Nation's Ports : Fact Sheet – As a member of the Department of Homeland Security, the Coast Guard continues to play an integral role in maintaining the operations of our ports and waterways by providing a secure environment in which mariners and the American people can safely go about the business of living and working freely. The Coast Guard's port security mission is not new, but it is definitely more visible today than it was prior to the tragic events of Sept. 11, 2001. Department of Homeland Security Press Release. Public Transportation System Security and Emergency Preparedness Planning Guide | PDF | Transportation Security Agency publication, January 2003. Rail and Transit Security Initiatives : Fact Sheet – The responsibility of securing our nation's rail and mass transit systems is a shared one. The Department of Homeland Security (DHS), the Department of Transportation (DOT) and other federal agencies have taken significant steps to enhance rail and transit security in the last two years in partnership with the public and private entities that own and operate the nation's transit and rail systems. Efforts the past two years have focused on greater information sharing between the industry and all levels of government, assessing vulnerabilities in the rail and transit sector to develop new security measures and plans, increasing training and public awareness campaigns and providing greater assistance and funding for rail transit activities.


97



Today, the Department announced additional security initiatives that aim to further reduce vulnerabilities to transit and rail systems and make commuters and transit riders more secure. Currently, the Federal government provides leadership and technical assistance to transit and rail system owners and operators. New initiatives to be undertaken will target three specific areas: threat response support capability, public awareness and participation, and future technological innovations. U.S. Department of Homeland Security Press Release. Recommended Emergency Preparedness Guidelines for Rail Transit Systems – This document contains recommended guidelines which are designed to assist rail transit systems to assess, develop, document and improve their capability for responding to emergency situations, and to coordinate these efforts with emergency response organizations in a manner which best protects the traveling public and transit system facilities and equipment. National Transportation Library. Report on El Salvador: How Transportation Security Patterns and Trends in Central America Adversely Affect Cargo Security | PDF | Report by Edward V. Badolato, Chairman of the National Security Cargo Council. March 1998. Seacurity: Improving the Security of the Global Sea-container Shipping System | PDF | The purpose of this document is to raise awareness concerning the current status of maritime security and its vulnerability to terrorism. The main obstacles in achieving a less vulnerable maritime system are identified. Maarten van de Voort. The RAND Corporation. Feb. 11, 2004. Seaports Called 'Critically Vulnerable' to Terrorism – The nation's seaports remain "critically vulnerable" to terrorists seeking to smuggle weapons of mass destruction—or themselves—into the United States, several port security experts told a Senate panel on Thursday. "There are vulnerabilities in our sea cargo-container system that have the potential for exploitation by terrorists," Asa Hutchinson, the Homeland Security Department's undersecretary for border and transportation security, said during a Governmental Affairs Committee hearing. "In fact, most experts believe a terrorist attack using a container is likely." Capt. Jeffrey Monroe, director of ports and transportation for the city of Portland, Maine, said that although federal, state and local officials have made "great strides" in securing ports since Sept. 11, 2001, "we still must find solutions to the most serious problems on the waterfront." Those problems include a lack of coordination and procedural standards among agencies that regulate maritime commerce, and port managers' ongoing lack of access to intelligence data, according to Monroe. Article by Molly M. Peterson, National Journal's Technology Daily, appearing in GovExec.com, March 21, 2003. Securing Intermodal Connections: Meeting the Challenges of Rail-Aviation and Passenger Facilities | PDF | Prepared for Facility Security: Protecting Infrastructure and Special Events. Securing Rail Freight – ANSER editor Steve Dunham looks at the terrorist threats to movement of freight by rail and what the railroads are doing to bolster security. Article appearing in the Journal of Homeland Security, February 2003. Securing U.S. Ports : Fact Sheet – This February 2006 overview of U.S. ports includes details about the groups responsible for the ports (U.S. Customs and Board Protection, Coast Guard, terminal operator, and port authority), security measures (such as screening and inspection and the


98



Container Security Initiative), the United Arab Emirates (UAE)/Dubai Ports World acquisition, and related topics. From the U.S. Department of Homeland Security. Sky Marshall Program – The Federal Air Marshal program is supposed to defend against hijackings and catastrophic terrorist attacks such as those that occurred on Sept. 11, 2001. However, despite the high hopes held for the scheme, its breakneck pace of expansion continues to expose some worrying flaws. The total budget for the program increased from $1 million to $481 million in the first year and may reach $1 billion by the end of 2003, while the number of officers has grown from 32 in 2001 to nearly 4,000 today. David Savino. Center for Defense Information, Feb. 24, 2003. Smuggling and Security in the Indochina Region – Report by Edward V. Badolato, President of Contingency Management Services, Inc. June 29, 2000. Look under the topic "transportation security" for link. Special Collection on Airport Security – Provides access to 68 GAO reports on airport security. A Strategy of Trust: What Will it Take to Secure Our Global Supply Chain? | PDF | Surface Transportation Security: Enforcement Officials

Counter-terrorism

Publications

for

Law

Terror at Sea: The Maritime Threat – Ocean-going vessels carry over 80 percent of global trade, including vital supplies of oil and natural gas. Despite the measures taken since 9/11, the maritime sector remains vulnerable to terrorism. Terror at Sea examines the potential for terrorism against maritime facilities and recommends steps that can be taken to enhance the security of the maritime sector. Terrorist Nuclear Attacks on Seaports: Threat and Response | PDF | An update of a 2002 report on the threat to seaports from a concealed nuclear device in a container ship. Jonathan Medalia, Congressional Research Service, updated Jan. 24, 2005, 6pp. Posted by the Federation of American Scientists. Terrorist Threats Spur Security Efforts [Access limited to MSU faculty and students or Proquest subscribers] – Article by Douglas McLeod appearing in Business Insurance 36 (September 23, 2002): 3 The threat of a terrorist attack using cargo containers and ports is leading government agencies and private groups to create new security procedures for shipping, several experts report. The U.S. Customs Service, U.S. Coast Guard and the International Maritime Organization are among the agencies developing programs ranging from inspecting "high-risk" containers to creating a system of security alerts and accompanying procedures for ships and ports. About 90 percent of the world's cargo moves by container, with 200 million containers moving between major seaports globally each year and more than 16 million arriving in the United States by ship, truck and rail, the Customs Service said. The Customs Service earlier this year launched a Container Security Initiative intended to keep out potentially dangerous cargo. Under new Customs regulations, carriers must provide U.S. Customs officials in foreign seaports with cargo manifests 24 hours before vessel loading. Ports in


99



Canada, Singapore, Netherlands, France, and Germany are among those that have agreed to participate so far. Top 20 Security Program Action Items for Transit Agencies – Provides the most important elements identified by the FTA that transit agencies should incorporate into their System Security Program Plans. Transit Police: On Foot, In Buses, On Trains, In Squad Cars – Transit policing is “the epitome of community policing.”. - Metro Transit Police Chief Jack Nelson. Transit Security Handbook | PDF | Contains information on FTA System Security Planning for US Systems, with an emphasis of Rail Fixed Guideway Systems. Also contains information on crime levels and patron perceptions, as well as terrorism prevention activities. Volpe National Transportation Systems Center. 1998. Transit Security Training Tools Transport Systems as Terror Targets – Public transport networks in major cities are increasingly the target for terror attacks. Kathryn Westcott, BBC News Web site, July 7, 2005. Transportation Security Agenda for the 21st Century | PDF | Criminals plan to exploit and terrorists plot to disrupt the U.S. transportation system. Because both activities are escalating, transportation security must become a national priority, according to this author. The solution requires global initiatives that complement concerns about cost and competitiveness. Stephen E. Flynn. Transportation Security Guidelines for the U.S. Chemical Industry | PDF | Attention to security is a natural corollary to the chemical industry’s safety culture. Security efforts, like safety efforts, protect the community and employees while keeping the transportation of hazardous materials operational. By reducing the risk of a wide range of threats to the transportation of hazardous materials, security measures can serve to enhance the goal of the safe transportation of hazardous materials. August 2, 2002. Transportation Security: Transportation Planning Needed to Optimize Resources | PDF | The General Accountability Office (GAO) has released GAO-05-357T describing DHS and TSA efforts in managing risks and allocating across aviation and surface transportation modes, and in integrating screening, credentialing, and R&D efforts to achieve efficiencies. GAO Testimony by Cathleen A. Berrick. 2005. 41pp. Transportation System Security – In light of the tragic events of September 11, 2001, enhancing the security of our transportation system is expected to be one of the highest priorities of transportation agencies. TRB and The National Academies have generated extensive information on this issue in recent years. This web site brings together much of this information. Also included are links to other related Web sites that contain discussions of issues, actions which can be taken, guidance and training opportunities. This web site, which is being sponsored by the Transportation Research Board (TRB) Committee on Critical Transportation Infrastructure Protection (ABE40), will continue to be updated as more information becomes available.


100



Visibility and Vigilance: Metro's Situational Approach to Preventing Subway Crime | PDF | Nancy G. La Vigne. [Washington, DC] : U.S. Dept. of Justice, Office of Justice Programs, National Institute of Justice, [1997] This November 1997 NIJ Research in Brief by Nancy G. LaVigne discusses how design, management, and maintenance efforts have contributed to low transit crime rates at Washington, DC's Metro. Cataloged for Magic. White House Commission on Aviation Safety and Security – Also known as the Gore Commission, the White House Commission on Aviation Safety and Security finished its work on February 12, 1997. Web page still available courtesy of the Federation of American Scientists.


101


Additional Resources

18.0 Additional Resources Critical Infrastructure Sector Partnership – Critical infrastructure protection is a shared responsibility among Federal, State, local, and tribal governments and the owners and operators of the nation's critical infrastructure and key resources. Critical Infrastructure Partnership Advisory Council | Council Members | Department of Homeland Security Committees & Working Groups Homeland Security Advisory Council (HSAC) – Homeland Security Advisory Council provides advice and recommendations to the Secretary on matters related to homeland security. The Council is comprised of leaders from state and local government, first responder communities, the private sector, and academia. National Infrastructure Protection Plan Resource Center (NIPP) PSA Duty Desk, Protective Security Coordination Division, U.S. Department of Homeland Security, Office: (703) 235–5724


102



18.1 Universities / Colleges Michigan State University Critical Incident Protocol: Community Facilitation Program – This free U.S. Department of Homeland Security funded program is for cities, counties, and regions across the nation. MSU facilitates partnerships between the public sector (police, fire, EMS, health, emergency management and other stakeholders) with the private sector (businesses and non-profit organizations) for joint critical incident management. Communities work on emergency preparedness, mitigation, response, and recovery through joint planning, exercising and training. Critical Incident Protocol: A Public and Private Partnership | PDF | This free 42-page how to guide for agencies, businesses and non-profit organizations was published by Michigan State University. The publication provides a framework to create or enhance public-private partnerships for joint managing of critical incidents. It discusses the challenges and benefits of a partnership, completing a risk assessment of an organization, critical incident planning, exercising and training, along with mitigation, response, and recovery. CIP Update – This free online newsletter is for public agencies, businesses, and non-profit organizations on how to build or enhance public sector and business community partnerships for joint managing of critical incidents. The newsletter focuses on homeland security, business continuity, risk management, disaster recovery, emergency management, and partnerships that can help mitigate the impact of critical incidents on the business community and public sector agencies. The newsletter is a service of the Critical Incident Protocol-Community Facilitation Program. Campus-Community Emergency Response Team (C-CERT) – This free U.S. Department of Homeland Security funded program is for colleges and universities. The C-CERT program is a trainthe-trainer, which expands on the national Citizen Corps and Community Emergency Response Teams programs. It is for campus safety, security, faculty, students, and other administrative personnel to learn basic team building, fire safety, disaster medical operations, and search and rescue. Intelligence Training Toolbox Program – This training program targets federal, state, local, and tribal public sector agencies responsible for developing an intelligence capacity. Instruction, resources, model policies, and tools to create an intelligence program will be presented in this free 24-hour training program. Private sector professionals who in the normal course of business operations are responsible for intelligence issues can apply to attend, but it is on a case-by-case basis. Michigan State University Libraries: Criminal Justice Resources – MSU, which is internationally known for its academics, research and outreach programs has an extensive online library system. Within the multiple libraries is the Criminal Justice Library that provides a multitude of security, safety, homeland security, emergency management, business, and emergency preparedness information.


103



Texas A & M Texas Engineering Extension Service (TEEX) – TEEX’s goals have included developing businesses and the economy, protecting people and the environment, and building a safe, modern infrastructure. The agency’s ongoing efforts have resulted in cleaner drinking water, better roads and infrastructure, improved workplace safety and enhanced public safety through the training of law enforcement officers and firefighters. TEEX also offers federally funded training programs that are free to public and private sector professionals. Louisiana State University Academy of Counter-Terrorism Education, National Center for Biomedical Research and Training (NCBRT) – The NCBRT offers a wide range of training programs for the public and private sector to prepare those responsible for the planning and response to terrorist events involving weapons of mass destruction. Some of the training is ‘free’ and programs cover awareness level, computerized specialized training, emergency response to biological incidents, crisis response training, hostage negotiations, senior crisis management, public safety WMD response, WMD awareness for the healthcare profession and more. George Mason University Critical Infrastructure Protection Program – This program is a resource on CI/KR protection and management and their web site includes a newsletter, publications, research, projects, library, and an extensive outreach. Critical Infrastructure Protection in the National Capital Region – This extensive 20 volume publication provides the analytic foundation for securing CI/KR services that are essential to the greater Washington D.C.’s region. It provides recommendations, and focuses on the various sectors, with supporting information on risk management and analysis, along with how to create a partnership, governance, and certain initiatives. University of Toronto, Joint Centre for Bioethics Stand on Guard for Thee: Ethical Considerations in Preparedness Planning for Pandemic Influenza | PDF | The Pandemic Influenza Working Group at the University of Toronto – The discussion of ethics in critical incident management by business professionals, public safety officials, non-profit leaders, and community stakeholders can either move to the lower level of priorities or become quagmire. Though this report reflects the medical community, it is easily applicable to the business community and will provide thought-provoking discussions on ethics.


104



18.2 Government Organizations Center for Disease Control and Prevention (CDC) – CDC provides a multitude of services, programs, training, and related information on health, safety, security, emergency preparedness and response, along with other information. CIA – The World Fact Book, U.S. Central Intelligence Agency – This Web site profiles every country in the world and provides a wide assortment of demographics on each country, along with the flags of countries. Citizen Corps, U.S. Department of Homeland Security – Citizen Corps seeks to mobilize the population of the country against threats to national security as well as to assist in the recovery after a disaster or terrorist attack. Citizen Corps also works in conjunction with the Corporation for National and Community Service in promoting national service opportunities for promoting homeland security needs. Citizen Corps offers the following programs: Community Emergency Response Team (CERT), Fire Corps, Neighborhood Watch, Medical Reserve Corps Program, and Volunteers in Police Service (VIPS), along with Citizen Corps Councils, in addition to other supporting services. Business’s employees are being trained in the CERT program to enhance their skills, but to also enhance the business culture of safety, security and preparedness. Critical Infrastructure Partnership Advisory Council (CIPAC), U.S. Department of Homeland Security – The Department of Homeland Security established the CIPAC to facilitate effective coordination between Federal infrastructure protection programs with the infrastructure protection activities of the private sector and of state, local, territorial and tribal governments. The CIPAC represents a partnership between government and critical infrastructure/key resource (CI/KR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection. DisasterHelp.Gov, U.S. Department of Homeland Security – For the latest disaster related news, information, and resources this Web site is excellent. It provides a wealth of information and also focuses on critical infrastructure protection. Free Training on Emergency Management Topics, Emergency Management Institute (EMI), Federal Emergency Management Agency – EMI provides a comprehensive list of training and education resources targeted towards emergency management officials. EMI offers the mandatory National Incident Management System (NIMS) training, Incident Command System (ICS), National Response Plan (NRP), Disaster Basics, Continuity of Operations (COOP), and several other disaster preparedness courses. Members of the general public can benefit from some of the Independent Study (IS) courses offered through EMI. Free Training on Incident Command System, Emergency Management Institute (EMI), Federal Emergency Management Agency – To get free on-line training on ICS, you can go to http://training.fema.gov.


105



Homeland Security Exercise and Evaluation Program (HSEEP), U.S. Department of Homeland Security – The HSEEP is a capabilities and performance-based exercise program that provides a standardized policy, methodology, and language for designing, developing, conducting and evaluating all exercises. HSEEP also facilitates the creation of self-sustaining, capabilitiesbased exercise programs by providing tools and resources such as guidance, training, technology, and direct support. Incident Command System (ICS), U.S. Occupational and Health Organization (OSHA) – The ICS is a long proven system of handling field response activities in emergencies. It provides essential management using common terminology, modular organization, integrated communications, a unified command structure, consolidated action plans, manageable span-ofcontrol, predesigned incident facilities and comprehensive resource management. It organizes any emergency response effort into five basic functions: command, planning/intelligence, operations, logistics, and finance/administration. Almost all public agencies across the nation use this system, in addition to some private sectors that are regulated to do so. Additionally, public responder agencies are recommending that businesses and non-profit organizations adopt this system. Lessons Learned Information Systems (LLIS), U.S. Department of Homeland Security – LLIS is a national network of Lessons Learned and Best Practices for emergency response providers and homeland security officials. LLIS.gov's secure, restricted-access information is designed to facilitate efforts to prevent, prepare for and respond to acts of terrorism and other incidents across all disciplines and communities throughout the US. This Web site is available to the private sector, and requires verification processes. The National Incident Management System (NIMS) | PDF | U.S. Department of Homeland Security – The NIMS document (130 pages) provides a consistent nationwide template to enable all government, private sector, and nongovernmental organizations to work together during any domestic incident. It’s applicable across a wide spectrum of potential incidents and hazardous scenarios. Additionally, it provides a framework of coordination and cooperation processes between public and private entities for joint emergency planning, preparedness and response activities. The Training and Education Division (TED), National Integration Center, Federal Emergency Management Agency, U.S. Department of Homeland Security – TED provides grants to states and local jurisdictions, including hands-on training through a number of residential training facilities and in-service training at the local level, funding and working with state and local jurisdictions to plan and execute exercises, and providing technical assistance on-site to state and local jurisdictions. Some of the TED grants are for the private sector, as well. Formerly known as the Office of Grants and Training (G&T). Protective Security Advisor (PSA), The Protective Security Coordination Division, U.S. Department of Homeland Security – PSA professionals bring a wealth of anti-terrorism and security experience for critical infrastructure protection and are assigned to each state to assist governmental agencies, businesses, and non-profit organizations. The PSA professional will assist in vulnerability assessment, risk analysis, security practices, and as a liaison to the U.S. Department


106



of Homeland Security. To locate a PSA professional, contact your state homeland security department or call the PSA Duty Desk, Risk Management Division at (703) 235-5724. ReadyBusiness.Gov, U.S. Department of Homeland Security – This Internet based federal service is designed specifically for the business community. It outlines commonsense measures business owners and managers can take to start getting ready. It provides practical steps and easyto-use templates to help you plan for your company's future. These recommendations reflect the Emergency Preparedness and Business Continuity Standard (NFPA 1600) developed by the National Fire Protection Association and endorsed by the American National Standards Institute and the Department of Homeland Security. It also provides useful links to resources providing more detailed business continuity and disaster preparedness information. U.S. Federal Emergency Management Agency (FEMA) – FEMA is a federal government agency charged with managing the national response to terrorist incidents, man-made crises, and natural disasters. FEMA has a section devoted to assisting the business community.

18.3 Government Publications / Newsletters Business Pandemic Influenza Planning Checklist | PDF | U.S Department of Health & Human Services – This simple 2-page checklist can provide you with information on business, employees, customers, policies, resources, communication, employee education and coordinating with local authorities. Community Threat Level Guidelines | PDF | Oakland County Emergency Preparedness and Response, This 2-page document provides a basic preparedness guideline for low, guarded, elevated, high, and severe levels for terrorist attacks, man-made critical incidents and natural disasters. Critical Infrastructure Protection: Progress Coordinating Government and Private Sector Efforts Varies by Sectors’ Characteristics | PDF | U.S. Government Accountability Office, Report #GAO-07-39 – This GAO report covers 1996 to present on various federal initiatives, along with sector specific information relating to the problems and challenges on public-private collaboration for critical infrastructure protection. Critical Infrastructure Protection INFOGRAMS, Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC) – This free subscription service internet newsletter offers the latest information on critical infrastructure protection, and is a must have for any public or private sector agency, business or non-profit organization. Disaster Exercise Manual | PDF | Guide for Exercising Emergency Operations Plans, Michigan State Police, Emergency Management and Homeland Security Division – This 66-page manual provides instruction on the eight steps of exercise design, exercise activities and phases, exercise enhancement and evaluation, and forms.


107



Emergency Management Guide for Business and Industry | PDF | Federal Emergency Management Agency (FEMA) – This 67-page guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities, or any organization where a sizable number of people work or gather, and the concepts are applicable whether the company is large or small. Emergency Response Guidebook (ERG), 2004 Edition – The ERG was developed jointly by the US Department of Transportation, Transport Canada, and the Secretariat of Communications and Transportation of Mexico (SCT) for use by firefighters, police, and other emergency services personnel who may be the first to arrive at the scene of a transportation incident involving a hazardous material. It is primarily a guide to aid first responders in (1) quickly identifying the specific or generic classification of the material(s) involved in the incident, and (2) protecting themselves and the general public during this initial response phase of the incident. This information is applicable to the private sector. Engaging the Private Sector to Promote Homeland Security: Law EnforcementPrivate Security Partnerships | PDF | U.S. Bureau of Justice Assistance – This publication focuses on various partnership issues, local and regional programs and initiatives, state and local programs, federal programs, and additional resources. Federal Food and Agriculture Decontamination and Disposal and Disposal Roles and Responsibilities | PDF | U.S. Environmental Protection Agency – Under the provisions of HSPD-9, this document describes federal roles and responsibilities for decontamination and disposal in response to animal, crop, and food incidents. The roles are described at the local, state, and national level. Homeland Security: Effective Regional Coordination can Enhance Preparedness | PDF | U.S. Government Accountability Office, Report #GAO-04-1009 – This 46-page document provides guidelines on regional coordination, strategic planning, profiles of some federal programs on incentives for regional coordination, and case study on the National Capital Region program. Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings (December 2003), Federal Emergency Management Agency (FEMA) – Although this document is a few years old, the 234-page publication goes into extensive detail on insurance and terrorism risk, finance and terrorism risk, building regulation and terrorism risk, due diligence: estimating vulnerability, and other resources. National Infrastructure Protection Plan (NIPP) | PDF | NIPP provides a coordinated approach to critical infrastructure and key resource protection roles and responsibilities for federal, state, local, tribal, and private sector security partners. The NIPP sets national priorities, goals, and requirements for effective distribution of funding and resources which will help ensure that our government, economy, and public services continue in the event of a terrorist attack or other disaster. (January 2006) Or you can access the U.S. Department of Homeland Security web site that provides an executive summary, overview, partnership model, risk management and the full report.


108



National Policy Summit: Building Private Security / Public Policing Partnerships to Prevent and Respond to Terrorism and Public Disorder | PDF | International Association of Chiefs of Police (IACP) and ASIS International and other Organizations – IACP and ASIS partnered with other organizations for a national summit to profile vital issues and provide recommendations to further enhance the relationship between law enforcement and private security. The summit profiled the challenges, along with the benefits to partnerships. Additionally, a number of recommendations were posted. The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets |PDF | U.S. Department of Homeland Security (February 2003) – This 96-page document discusses guiding principles, cross sector priorities, securing CI/KR, and related information. Operation Cooperation – Guidelines for Partnerships between Law Enforcement and Private Security Organizations, U.S. Bureau of Justice Assistance – This program is a national initiative that encourages law enforcement-private security partnerships and discusses how to start a partnership, what makes a partnership successful, types of partnerships, and additional resources. Prepare Prevent Protect: Best Practices in Workplace Security I PDF | South Carolina Department of Labor, Licensing and Regulation – This 47-page document is known as one of the better, easy to use, with charts, lists and good resource publications to review business security plans, policies, and procedures. This guide is for the small to large employer and discusses risk assessment and management, workplace security, crisis management, evacuations, and offers sample plans, as well. Protecting Building Environments from Airborne Chemical, Biological, and Radiological Attacks | PDF | National Institute for Occupational Safety and Health – This 40-page report identifies actions that can enhance occupant protection, and includes recommendations, physical security, ventilation and filtration, maintenance, administration, and training. The Public Transportation System Security and Emergency Preparedness Guide | PDF | U.S. Department of Transportation – This 195-page guide focuses on the transportation industry, but it nevertheless is a good resource for the emergency planning process, capabilities process, reducing threats and vulnerabilities, training and exercising, scenarios, checklists, tables, and more. Report of the Critical Infrastructure Task Force | PDF | U.S. Homeland Security Advisory Council (January 2006) – This report is considered to be one of the first substantive efforts in critical infrastructure thinking since publication of a 1996 document on the same subject within the federal government. It includes recommendations, strategic guidance, governance, information sharing, and supporting information. Seven Signs of Terrorism (video), Michigan State Police, Emergency Management and Homeland Security Division and Homeland Responder – This is an excellent video for


109



employee and citizen awareness. To view the video, you can watch it at the Homeland Responder web site. To obtain a free copy, contact the Michigan State Police at (517) 336-6198. Site Emergency Planning Workbook | PDF | Michigan State Police, Emergency Management and Homeland Security Division – This 95-page manual provides a structured framework for developing a site emergency plan. The manual provides processes for hazards analysis, capability assessments, records preservation, and an extensive, practical sample site emergency plan. Standing Together: An Emergency Planning Guide for America’s Communities | PDF | Joint Commission on Accreditation of Healthcare Organizations – This 114-page publication provides information on risks, preparedness, response, integration, sustainability, communication, coordination, mental health, vulnerable populations, and more. U.S. Homeland Security Presidential Directive #5 (February 28, 2003) – To enhance the ability of the United States to manage domestic incidents by establishing a single, comprehensive national incident management system. U.S. Homeland Security Presidential Directive #7 (December 17, 2003) – This directive establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks. U.S. Homeland Security Presidential Directive # 8 (December 17, 2003) – This directive establishes policies to strengthen the preparedness of the United States to prevent and respond to threatened or actual domestic terrorist attacks, major disasters, and other emergencies by requiring a national domestic all-hazards preparedness goal, establishing mechanisms for improved delivery of Federal preparedness assistance to State and local governments, and outlining actions to strengthen preparedness capabilities of Federal, State, and local entities. U.S. Homeland Security Presidential Directive # 9 (January 30, 2004) – This directive establishes a national policy to defend the agriculture and food system against terrorist attacks, major disasters, and other emergencies. Virginia Business Emergency Survival Toolkit, State of Virginia – This Web site is easy to use, provides clear instructions, and helps with strategic planning for emergencies. It explains types of emergencies and the problems they pose; gives information on how to prepare for them and how to recover from them; and helps put it all together in an emergency preparedness plan. Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options | PDF | CRS Report for Congress, Report #RL33206 – This report focuses on the grouping of critical infrastructure in geographical areas that can create a vulnerability and exposure to disasters and man-made incidents. It discusses legislation to prevent future concentrations of CI/KR development, along with policy options. (January 26, 2007)


110



18.4 Business Associations / Nongovernmental Organizations Association of Contingency Planners (ACP) – ACP is a non-profit trade association dedicated to the advancement of business continuity professionals. Business continuity planning integrates knowledge from related disciplines such as information technology, emergency response, and crisis communications to create a strategy that ensures a business will remain resilient in the face of adversity. Business Executives for National Security (BENS) – BENS is a nationwide organization of senior business executives whose mission is to enhance the nation’s security. BENS concentrates on developing new tools for combating terrorism through preparing communities for terrorism, improving intelligence capabilities, tracking terrorist’s assets, and defending against cyber attacks. Also, BENS works to improve through collaborating with the military on resource management in supply chain logistics, creating a partnership with the military, and enhancing planning processes. Getting Down to Business: An Action Plan for Public-Private Disaster Response Coordination | PDF | The Report of the Business Response Task Force focuses on institutionalizing a sustainable role for businesses in disaster response and recovery at all levels of government. This report provides recommendations for public-private collaboration, surge capacity for private sector goods and services, capabilities of private sector supply chain, and the legal and regulatory environment. Getting Ready: Company Primer on Preparedness and Response Planning for Terrorist and Bioterrorist Attacks | PDF | This 28-page publication discusses threats, types of attacks, basics of bioterrorism, government response, maintaining business functions, and procedures for recognizing and responding to bioterrorism attacks. Committed to Protecting America: A Private Sector Preparedness Guide | PDF | Business Roundtable is an association of chief executive officers of leading U.S. companies with $4.5 trillion in annual revenues and more than 10 million employees. The chief executives are committed to advocating public policies that foster vigorous economic growth and a dynamic global economy. This 56-page publication covers planning for emergency employee communications, evacuations, incident response, business continuity, and working with government agencies. Corporate Emergency Access System (CEAS), Business Network of Emergency Resources (BNet) – CEAS is a pre-event credentialing program, which authenticates critical business employees for access to restricted areas following a disaster or serious emergency using a secure identification card recognized by the police. Municipalities must adopt the CEAS Program for use in their jurisdiction before businesses can enroll in the Program and receive ID cards. The Emergency Information Infrastructure Project (EIIP) Virtual Forum – EIIP is a nonprofit educational organization, dedicated to enhancing the practice of emergency management, and thereby public and private safety by offering professional development opportunities to practitioners and other interested persons. EIIP delivers the "Virtual Forum" of timely, disaster-related topics by experts in their fields, by means of Internet-based 'Live Chat' (text) technology.


111



Extension Disaster Education Network (EDEN) – The EDEN links Extension educators from across the U.S. and various disciplines, enabling them to use and share resources to reduce the impact of disasters. This site serves primarily Extension agents and educators by providing them access to resources on disaster mitigation, preparedness, response, and recovery that will enhance their short- and long-term programming efforts. Homeland Security Institute (HSI) – HSI is a Studies and Analysis Federally Funded Research and Development Center. HSI delivers independent and objective analyses and advises in core areas important to its sponsor in support of policy development, decision-making, analysis of alternative approaches, and evaluation of new ideas on issues of significance. In addition to all the services, resources they provide, HIS also publishes an on-line newsletter which is informative, educational, and applicable to critical infrastructure protection. It offers the Journal of Homeland Security. The Infrastructure Security Partnership (TISP) – TISP is a national public-private partnership organization that promotes collaboration to improve the resilience of the nation's critical infrastructure against the adverse impacts of natural and man-made disasters. TISP members, representing the design, construction, operation, and maintenance communities; local, state, and federal agencies; academe; and other organizations concerned about disaster preparedness, work together to develop and implement cost-effective solutions to enhance the resilience of the nation's critical infrastructure by leveraging their collective resources, experience, technical expertise, research and development capabilities, and knowledge of public policy regarding natural and manmade disasters. Regional Disaster Resilience: A Guide for Developing an Action Plan | PDF | This is a resource that goes into detail on developing regional disaster resilience, and discusses interdependencies, risk assessment, response, recovery, supply chain, exercising, and more. The information is applicable to CI/KR protection. (June 2006) Institute for Business and Home Safety (IBHS) – The Institute for Business & Home Safety’s mission is to reduce the social and economic effects of natural disasters and other property losses by conducting research and advocating improved construction, maintenance, and preparation practices. Open for Business: A Disaster Planning Toolkit for the Small to the Mid-sized Business Owner | PDF | This 47-page publication provides a self-assessment process, how to protect critical business resources, and building a business continuity plan, along with a variety of forms and checklists for preparation, response, and recovery activities. Mega-Shelters: A Best Practices for Planning, Activation, Operations | PDF | The International Association of Assembly Managers (IAAM) – IAAM has published guidelines in response to disasters caused by hurricanes and to help facility managers understand the activation process, shelter standards, contracting, liability exposure, and how to plan for the next storm. Memorial Institute for the Prevention of Terrorism (MIPT) – MIPT is a non-profit, nationally recognized think tank of state-of-the-art knowledge bases and information sharing on terrorism.


112



MIPT offers the terrorism knowledge base, terrorism information center, responder knowledge base, and the lessons learned information sharing program services. This web site, which is for public and private sector professionals, also provides the ability for individuals to discuss relevant matters on emergency preparedness response, recovery, and mitigation. National Cyber-Forensics and Training Alliance (NCFTA) – NCFTA provides a neutral collaborative venue where critical confidential information about cyber incidents can be shared discreetly, and where resources can be shared among industry, academia and law enforcement. NCFTA facilitates advanced training, promotes security awareness to reduce cyber-vulnerability, and conducts forensic and predictive analysis and lab simulations. The National Fire Protection Association (NFPA) – The mission of the international nonprofit NFPA is to reduce fires and other hazards by providing codes and standards, research, training, and education. NFPA focuses on fire prevention and public safety. NFPA1600 – Disaster / Emergency Management and Business Continuity Programs – The National Fire Protection Association (NFPA) released their 2007 edition of the NFPA1600 Standard. This resource is for those with responsibility for disaster, emergency management, and business continuity programs to assess or develop, implement, and maintain a program to mitigate, prepare for, respond to, and recover from disasters and emergencies. National Voluntary Organizations Active in Disaster (NVOAD) – NVOAD coordinates planning efforts by many voluntary organizations responding to disaster. Member organizations provide more effective and less duplication in service by getting together before disasters strike. Once disasters occur, NVOAD or an affiliated state VOAD encourages members and other voluntary agencies to convene on site. This cooperative effort has proven to be the most effective way for a wide variety of volunteers and organizations to work together in a crisis. Overseas Security Advisory Council (OSAC) – OSAC is a Federal Advisory Committee with a U.S. Government Charter to promote security cooperation between American business and private sector interests worldwide and the U.S. Department of State. OSAC currently encompasses the 34 member core Council, an Executive Office, over 100 Country Councils, and more than 3,500 constituent member organizations and 372 associates.

18.5 Resource Database DisasterLinks.Net, Digital Dan’s Disaster Links – This is a large Internet resource database on anything relating to disasters and is privately maintained. Homeland Security Digital Library – The Homeland Security Digital Library (HSDL) is sponsored by the U.S. Department of Homeland Security's National Preparedness Directorate, FEMA and the Naval Postgraduate School Center for Homeland Defense and Security. The Homeland Security Digital Library (HSDL) is the nation's premier collection of homeland security policy and strategy related documents.


113



Innovators in Supply Chain Security: Better Security Drives Business Value | PDF | The Manufacture Institute and Stanford University – The goal of the study was to help companies understand the business value of supply chain security investments by identifying collateral benefits security initiatives can bring to companies, and whenever possible quantifying the level of benefits that can be realized. The study was based on inputs from eleven manufacturers and three Logistics Service Providers (LSPs) that are considered innovators in supply chain security, and clearly demonstrated that investments in supply chain security can provide business value. The National Homeland Security Knowledgebase, Homeland Security Defense Corporation – The National Homeland Security Knowledgebase is a database that offers comprehensive Homeland Security information resources, Homeland Security news, Homeland Security Newsletter, Homeland Security research, Homeland Security technology sectors, Homeland Security marketplace, directories, trade shows and a collection of links on Homeland Security related topics as well as links and info relating to global security issues.


114


Asis-Critical Infrastructure Resource Guide

Recommend Documents