Sie sind auf Seite 1von 118

ASIS International

Critical Infrastructure Resource Guide

ASIS International Critical Infrastructure Resource Guide

Copyright © 2007 by ASIS International

ASIS International (ASIS) disclaims liability for any pe rsonal injury, property or other damages of any nature whatsoever, whether special, indirect, consequential or co mpensatory, directly or indi rectly resulting from the publication, use of, or reliance on this document. In i ssuing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity. Nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstance.

All rights reserved. Permission is hereby granted to indivi dual users to download this document for their own personal use, with acknowledgement of ASIS Internatio nal as the source. However, this document may not be downloaded for further copying or reproduction nor may it be sold, offered for sale, or otherwise used commercially.

Table of Contents

Introduction Critical Infrastructure Working Group Contributors

....................................................................................................................................................................

...............................................................................................

1

2

ASIS International Staff

........................................................................................................................................

2

  • 1.0 Agriculture and Food

Sector.....................................................................................................................................

3

Sector Overview

  • 1.1 ..................................................................................................................................................

3

  • 1.2 Professional Development Resources ................................................................................................................4

    • 1.2.1 Government

Resources ...............................................................................................................................4

  • 1.2.2 Government Resources – Canada ..............................................................................................................5

  • 1.2.3 Industry Resources

......................................................................................................................................

5

  • 1.2.4 Best Practices and Assistance ....................................................................................................................6

  • 2.0 Banking and Finance Sector

....................................................................................................................................

9

Sector Overview

  • 2.1 ..................................................................................................................................................

9

  • 2.2 Professional Development Resources

..............................................................................................................

10

  • 3.0 Chemical Sector

.....................................................................................................................................................

13

  • 3.1 Sector Overview

................................................................................................................................................

13

  • 3.2 Professional Development Resources

..............................................................................................................

14

  • 3.2.1 Web Links

..................................................................................................................................................

14

  • 3.2.2 Government Agencies / Resources

...........................................................................................................

15

  • 3.2.3 Publications and Misc. Resources

.............................................................................................................

17

  • 4.0 Commercial Facilities Sector

..................................................................................................................................

19

Sector Overview

  • 4.1 ................................................................................................................................................

19

  • 4.2 Professional Development Resources

..............................................................................................................

20

  • 4.2.1 Guides, Resources, and Documents by Organization

...............................................................................

20

  • 4.2.2 Web links

...................................................................................................................................................

21

  • 4.2.3 Security Management Articles (month, year, page)

...................................................................................

21

4.2.4

Books

.........................................................................................................................................................

22

  • 4.2.5 Videotapes / DVD:

.....................................................................................................................................

25

  • 4.2.6 Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS):

..........................................................................

25

  • 5.0 Dams Sector

..........................................................................................................................................................

28

5.1

Sector Overview

................................................................................................................................................

28

  • 5.2 Professional Development Resources

..............................................................................................................

29

  • 6.0 Defense Industrial Base Sector

..............................................................................................................................

34

  • 6.1 Sector Overview

................................................................................................................................................

34

  • 6.2 Professional Development Resources

..............................................................................................................

35

  • 7.0 Drinking Water and Water Treatment Sector

.........................................................................................................

37

  • 7.1 Sector Overview

................................................................................................................................................

37

  • 7.2 Professional Development Resources

..............................................................................................................

38

  • 7.2.1 Federal Lead Agency Affiliation

.................................................................................................................

38

  • 7.2.2 Industry Associations and

Affiliations.........................................................................................................

38

  • 7.2.3 Academic and Research

............................................................................................................................

39

  • 8.0 Emergency Services Sector

...................................................................................................................................

40

Sector Overview

  • 8.1 ................................................................................................................................................

40

  • 8.2 Professional Development Resources

..............................................................................................................

41

8.2.1

Resources:

................................................................................................................................................

42

  • 9.0 Energy Sector

........................................................................................................................................................

43

9.1

Sector Overview

................................................................................................................................................

43

  • 9.2 Professional Development Resources

..............................................................................................................

45

  • 9.2.1 Electricity Sector Organizations (North America):

......................................................................................

46

  • 9.2.2 Electricity Sector Support Organizations (North America)

.........................................................................

46

9.2.3

References:

...............................................................................................................................................

47

  • 9.2.4 Security Support Programs:

.......................................................................................................................

48

  • 9.2.5 Oil and Natural Gas Professional Development Resources

......................................................................

50

10.0

Government Facilities Sector

55

10.1

Sector Overview

55

10.2

Professional Development Resources

56

10.2.1

Guides, Resources, and Documents by Organization

56

10.2.2

Web links

57

10.2.3

Security Management Articles (month, year, page)

57

10.2.4

Books

58

10.2.5

Videotapes / DVD

61

10.2.6

Seminar Sessions Audiotapes / CD-ROM / DVD (ASIS)

61

11.0

Information Technology Sector

64

11.1

Sector Overview

64

11.2

Professional Development Resources

65

11.2.1

Web Sites

65

11.2.2

Credit Bureaus:

67

11.2.3

Books:

67

12.0

National Monuments and Icons Sector

68

12.1

Sector Overview

68

12.2

Professional Development Resources

69

12.2.1

Museums, Libraries, Cultural Properties and other National Icons:

70

12.2.2

Other Resources, Guides, etc…

71

13.0

Nuclear Reactors, Materials, and Waste Sector

72

13.1

Sector Overview

72

13.2

Professional Development Resources

73

14.0

Postal and Shipping Sector

75

14.1

Sector Overview

75

14.2

Professional Development Resources

76

14.2.1

Regional Cargo Security Councils:

77

14.2.2

Cargo Theft Task Forces:

78

15.0

Public Health and Healthcare Sector

80

15.1

Sector Overview

80

15.2

Professional Development Resources

81

15.2.1

Books, Publications, and News

82

16.0

Telecommunications Sector

83

16.1

Sector Overview

83

16.2

Professional Development Resources

84

17.0

Transportation Systems Sector

85

17.1

Sector Overview

85

17.2

Professional Development Resources

86

17.2.1

Books, Publications, and News

89

18.0

Additional Resources

102

18.1

Universities / Colleges

103

18.2

Government Organizations

105

18.3

Government Publications / Newsletters

107

18.4

Business Associations / Nongovernmental

111

18.5

Resource Database

113

Introduction

“The September 11, 2001, attacks de monstrated the extent of our vulnerabilities to the terrorist threat. In the aftermath of these tragic events, we, as a Nation, have demonstrated firm resolve in protecting our critical infrastructures and key assets from furt her terrorist exploi tation. In this effort, government at all levels, the pr ivate sector and concerned citizens across the country have begun an important partnership and commitment to action.”

- President George W. Bush, “The National Strategy for the Physical Protection of Critical Infrastructure and Key Assets,” February 2003

The ASIS International Critical In frastructure Worki ng Group (CIWG) initially convened at the ASIS Annual Seminar and Exhibits in San Die go, CA in September 2006. As the CIWG structure and purpose evolved, it was determined that this particular working body could provide a specialized resource to ASIS mem bers who serve the nat ion’s 13 critical infrastructures and four key assets as def ined by the U.S. Department of Homeland Security (DHS). Moreover, it was envisioned that the CIWG would be a viable link to both private and public sector entities associated with issues relevant to critical infrastructure protection, disaster resilience, and continuity of operations.

The organizational structure of the CIWG is repr esentative of all 17 critical infrastructures and key assets. Members are ASIS volunteers w ho are generally nomin ated to serve this working group from the existing Councils. As such, the CIWG is a common mechanism for inter council cooperation in protecting the vital interests of our nation through information sharing, educational programs, and resources.

This guide represents a work product that can be used as a current resource document for the critical infrastructures and key assets. It is not intended to supplant or supersede existing publications, resources, or document s that have been promulgated by government agencies or industry associations. Rather, it is a useful compendium of information that can be easily accessed an d utilized in the critical infr astructure protection arena.

This effort could not have been realized without the dedication and commitment of the CIWG volunteers and ASIS staff who worked tirele ssly in producing this resource for the infrastructure communities and the Society at large. Our gratitude is extended to all who have been involved in supporting this project.

We welcome your comments, suggestions and recommendations regarding this document and how we can best serve you.

Robert D. Hulshouser, CPP

ASIS Critical Infrastructu re Working Group Chair

ASIS International Critical Infrastructure Resource Guide

1

[Return to Table of Contents]

Critical Infrastructure Working Group Contributors

Michael A. Crane, CPP, IPC Internationa l Corporation, Council Vice-President Robert D. Hulshouser, CPP, Las Vegas Valley Water District, Chairman Deborah L. Allen, CPP, Potash Corporation Kent D. Bowen, AT &T—Asset Protection Larry E. Brown, First Citizens Bank Ciro J. Cardelli, CPP, Shands Jacksonville Medical Center Scott R. Derby, Museum of Fine Arts, Boston James Keith Flannigan, International Dynamics Research Joseph R. Granger, CPP, United Space Alliance Gene P. Gwiazdowski, CPP, Calvert Cliffs Nuclear Power Plant J. Michael Harris, CPP, RDR, Inc. Mary B. Hostert, Allegheny Energy Keith L. Kambic, CPP, US Equities Asset Management, LLC Donald E. Knox, CPP, State Farm Insurance Ronald Lander, CPP, Ultra safe Security Solutions Luis H. Morales, CPP, Duke Energy Corporation Ronald J. Niebo, NERC Henri R. Nolin, CPP, Sun State Specialty K-9s Kevin O’Brien, The Bank of New York Mark O’Connor, DHL Logistics Canada NE USA Bernard J. Scaglione, CPP, New York Presbyterian Hospital Michael J. Steinle, Tetra Tech EM, Inc. Ray VanHook, CPP, McCormick Place/Navy Pier Robert D. Voss, AGL Resources, Inc. John Walsh, U. S. Department of Homeland Security, Great Lakes Area Scott A. Watson, CPP, S.A. Watson & Associates, LLC Brit R. Weber, Michigan State University Terry F. Whitley, Shell Oil Company

ASIS International Staff

Susan Melnicove Valerie Melencio O Evangeline Pappas Vinn Truong

Education Department Director Council Manager Educational Publications Manager Educational Publications Assistant

ASIS International Critical Infrastructure Resource Guide

2

[Return to Table of Contents]

Agriculture and Food Sector

1.0 Agriculture an d Food Sector

1.1 Sector Overview

The Agriculture and Food Sector has the capacity to feed and clothe people well beyond the boundaries of the Nation. The sector is a lmost entirely under private ownership and is composed of an estimated 2.1 million farm s, and approximately 880,587 firms and 1,086,793 facilities. This sector accounts fo r roughly one-fifth of the Nation’s economic activity and is overseen at the Federal level by the U.S. Department of Agriculture (USDA) and the Department of Health and Human Se rvices’ (HHS) Food and Drug Administration (FDA).

The USDA is a multifaceted department that dire ctly impacts the lives of all U.S. citizens. One of its key roles is to ensure that the Na tion’s food and fiber needs are met. USDA is also the steward of our Nation’s 192 million ac res of national forests and rangelands, and it is the country’s largest conservation agency, enc ouraging voluntary efforts to protect soil, water, and wildlife on the 70 percent of Am erica’s lands that are in private hands.

The FDA is responsible for the safety of 80 percent of all of the food consumed in the United States. While the FDA’s mission is to protect and promote public health, that responsibility is shared with: Federal, State, and local agencies; regulated industry; academia; health providers; and consumers. FDA regulates $240 billion of domestic food and $15 billion of imported food. In addition, roughly 600,000 restaurants and institutional food service providers, an es timated 235,000 grocery stores, and other food outlets are regulated by State and local authorities that receive guidance and other technical assistance from FDA.

The Agriculture and Food Sector is dependent upon the Drinking Water and Wastewater Treatment Systems Sector for clean irrigati on and processed water; the Transportation Systems Sector for movement of products; the Energy Sector to power the equipment needed for agriculture production and food pr ocessing; and the Banking and Finance, Chemical, Dams and other sectors as well.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

3

[Return to Table of Contents]

Agriculture and Food Sector

1.2 Professional Development Resources

1.2.1 Government Resources

Departmental agencies, regional locations, and links to vital information accompanied by a brief description of what information will be found.

Animal and Plant Health Inspection Service (APHIS) , U.S. Department of Agriculture –

Contains

information

regarding

potential

diseas e

outbreaks,

response

protocols,

and

mitigation

strategies.

Association of American Feed Control Officials (AAFCO) – Provides information for developing and implementing uniform and equitable laws, regulations, standards and enforcement policies for regulating the manufacture, distribution and sale of animal feeds; resulting in safe, effective, and useful feeds.

Association of American Plant Food Control Officials (AAPFCO) – Promotes cooperation with members of the industry to promote the safe and effective use of fertilizers and protection of soil and water resources.

Centers for Disease Control and Prevention (CDC) – Contains pathogen-specific information to protect human health.

Center for Food Safety & Applied Nutrition (CFSAN) , U.S. Food and Drug Administration (FDA) – Contains information regarding food safety incidents, recalls, and compliance obligations.

Department of Homeland Security (DHS) – Contains information regarding Homeland Security Presidential Directives, the National Incident Management System, the National Response Plan, and threat levels.

issues.

(EPA) – Contains information regarding chemical response

Federal Bureau of Investigation (FBI) – Contains threat information and information for local law enforcement relative to agriculture.

Transportation Security Administration (TSA) – Contains relevant information regarding a broad base of transportation issues including air, pipelines, rail, and trucking.

United States Department of Agriculture (USDA) – Contains notices regarding agriculture and food security issues as well as best practices.

United States Coast Guard – Contains regulations and best practices for securing port facilities.

ASIS International Critical Infrastructure Resource Guide

4

[Return to Table of Contents]

Agriculture and Food Sector

  • 1.2.2 Government Resources – Canada

Canadian Food Inspection Agency – Dedicated to safeguarding food, animals, and plants, which enhances the health and well-being of Canada’s people, environment, and economy; and to ensure that food safety emergencies are effectively managed.

Develops

and

administer

policies,

regulations,

and

services

for

the

best

transportation system for Canada; providing one that is safe and secure, efficient, affordable, integrated,

and environmentally friendly.

  • 1.2.3 Industry Resources

Similar to Government Resources cited above, but by the different industry associations/worldwide resources that may have developed.

Agriculture and Food Transporters Conference (AFTC) , American Trucking Association – Promotes security of food and feed in transit via information exchange and best practices.

Agriculture Retailers Association (ARA) – Ensures that the legislative and regulatory issues of importance to ARA members are reported in a timely manner to the various audiences with whom the association relates. Within this section, view ers can read up-to-date news announcements on agriculture, retail, and distribution issues.

AIB International – Provides support to protecting the safety of the food supply chain and delivering high value technical and educational programs.

American Feed Industr y Association (AFIA) – Supports the feed industry through information campaigns and best practices.

American Meat Institute – Provides best practices covering a br oad range of issues relating to safety and security in the meat industry. Provides a forum for discussion and information exchange.

CropLife America – CropLife America is the national tr ade organization representing the nation’s developers, manufacturers, formulators, and distribut ors of plant science solutions for agriculture and pest management in the U.S.

Food and Agriculture Sector Coordinating Council (FASCC) – FASCC is comprised of up to 21 representatives from the Food and Agriculture Se ctor. The self-governing body represents the Food and Agriculture Sector to the government and makes pol icy and strategy recommendations to the Federal government.

Food Processors Association (FPA) – Promotes sound public policy, champions initiatives that increase productivity and growth, and helps protect t he safety and security of the food supply through scientific excellence.

Grocery Manufacturers Association (GMA) – Promotes sound public policy, champions initiatives that increase productivity and growth, and helps to protect the safety and security of the food supply through scientific excellence.

ASIS International Critical Infrastructure Resource Guide

5

[Return to Table of Contents]

Agriculture and Food Sector

promotion of dairy foods.

– Provides Legislative Leadership, best practices, and

National Cattlemens’ Beef Association – Provides information regarding security relative to beef production as well as data regarding outbreaks and various types of pathogens.

National Oilseed Processors Association (NOPA) – Through its various committees, the Association cooperates with the U.S. Departments of Agriculture, State, and Commerce, as well as other independent and private organizations, both national and international, concerned with oilseed products.

National Pork Producers Council – Conducts public policy outreach on behalf of its 44 affiliated state association members. Enhances opportunities for t he success of U.S. pork pr oducers and other industry stakeholders by establishing the U.S. pork industry as a consistent and responsible supplier of high quality pork to the domestic and world market.

The Fertilizer Institute (TFI) – Provides safety and security best practices and promotes the safe use of fertilizer.

1.2.4 Best Practices and Assistance

Sample checklists, audits, matrixes, etc.

American Feed Industry Associat ion (documents available through www.afia.org )

Safe Feed/Safe Food Guidelines

Guide to Biosecurity Awareness

BSE Compliance Guide

American Trucking Association – USDA in partnership with Agriculture and Food Transporters Conference (updated 18 Dec 2006). Guide for Security Practices in Transporting Agriculture and Food Commodities.

The Fertilizer Institute (d ocuments available through www.tfi.org )

"America's Security Begins With You"

“You, too, can work for a drug free Am erica: Keep Anhydrous Ammonia Safe and Secure!”

Security Code of Management Practices

ASIS International Critical Infrastructure Resource Guide

6

[Return to Table of Contents]

Agriculture and Food Sector

U.S. Food and Drug Admin istration (FDA):

Protecting the Food Supply from Intentional Adulteration: An Introductory Training Session to Raise Awareness – This training is available online and is being hosted by the Food and Drug Administration (FDA).

U.S. Department of Agricult ure (USDA), Food Safety an d Inspection Service (FSIS), Industry Security Guidelines:

Developing a Food Defense Plan for Meat and Poultry Slaughter and Processing

Plants | PDF | Developed in consultation with very small, small, and large meat and poultry processors, this guide provides an easy, practica l, and achievable three-step method for creating a food defense plan. By completing pages 13 -16 of this guide, you will have a plan specific for your operation.

Emergency Guidance for Retail Food Establishments | PDF | Practical guidance for retail grocery and food service establishments to plan and respond to emergencies that create the potential for an imminent health hazard.

Elements of a Functional Food Defense Plan | PDF | This information serves as guidelines for completing the food defense plan profile extension questions.

FSIS Model Food Security Plans – The following plans identify the types of preventive steps that establishment operators may take to minimize the risk that their products will be subject to tampering or other malicious criminal activity:

Egg Processing Facilities (Apr 2005) | PDF |

Import Establishments (Apr 2005) | PDF |

Meat and Poultry Processing Facilities (Apr 2005) | PDF |

Meat and Poultry Slaughter Facilities (Apr 2005) | PDF |

FSIS Notice 28-06, PBIS Profile Extension Instructions on Food Defense Plans for Meat and Poultry Establishments | PDF |

FSIS Safety & Security Guidelines for th e Transportation & Distribution of Meat, Poultry, & Egg Products | PDF | En Espanol | Chinese | Vietnamese | Korean | This brochure for the food industry provides re commendations to ensure the security of food products through all phases of the distribution process.

FSIS Security Guidelines for Food Processors | PDF | En Espanol | Chinese | Vietnamese | Korean | These guidelines assist federal and state inspected plants that produce meat, poultry, and egg products in identifying ways to strengthen their biosecurity protection.

Guidelines for the Disposal of Intentionally Adulterated Food Products and the Decontamination of Food Processing Facilities | PDF | This document is intended to serve as a resource guide for the U.S. Department of Agriculture's (USDA) Food Safety and Inspection Service (FSIS) and the Department of Health and Human Services' Food and Drug Administration (FDA) field personnel located in District Offices and at food processing facilities.

ASIS International Critical Infrastructure Resource Guide

7

[Return to Table of Contents]

Agriculture and Food Sector

Industry Self-Assessment Checklist for Food Security | PDF | FSIS created this self- assessment instrument to provide a tool for establishments to assess the extent to which they have secured their operations.

Keep America's Food Safe | PDF | En Espanol | This guidance is designed to assist transporters, warehouses, distributors, retailers , and restaurants with enhancing their security programs to further protect the food supply from c ontamination due to criminal or terrorist acts.

ASIS International Critical Infrastructure Resource Guide

8

[Return to Table of Contents]

Banking and Finance Sector

2.0 Banking and Finance Sector

2.1 Sector Overview

The Banking and Finance Sector, the backbone of the world economy, is a large and diverse sector primarily owned and operated by private entities. In 2005, the sector accounted for more than 8. 1 percent of the U.S. gross domestic product.

Financial services firms provide a broad array of financial products for their customers. These products: (1) allow customers to deposit funds and make payments to other parties, (2) provide credit and liquidity to customers, (3) allow customers to invest funds for both long and short periods, and (4) transfer financial risks among customers.

The financial institutions that provide these se rvices are all somewhat different, each within a specific part or parts of the financial services marketplace. Financial institutions operate to provide customers the financial products that they want, ensure the institution’s financial integrity, protect customers’ assets, and guarant ee the integrity of the financial system. As such, financial institutions and financial mark ets that they organize manage a wide variety of financial and certain non-financial risks.

In addition to the actions of financial institutio ns, direct financial regulation applies to many, but not all, financial services providers. T he U.S. system of financial regulation is complex and exists at both the Federal and State levels. The regulatory systems for financial services firms manage and regulate various forms of risk and guard against prohibited practices.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

9

[Return to Table of Contents]

Banking and Finance Sector

2.2 Professional Development Resources

These links are to agencies that are government, private, and government/private partnerships. Additionally, most links are to pages that offer links to other agencies with Financial Institution security advice.

American Bankers Association (ABA) – Founded in 1875 and now based in Washington, DC, the American Bankers Association repres ents banks of all sizes on issues of national importance for financial institutions and their customers. The ABA, on behalf of the more than two million men and women who work in the nation's banks, brings together all cat egories of banking institutions to best represent the interests of this rapidly changing industry. Its membership--which includes community, regional and money center banks and holding companies, as well as savings associations, trust companies, and savings banks--makes ABA the largest banki ng trade association in the country.

Bank Security Best Practices for New York City – The New York Bankers Association (NYBA) and its members are committed to the safety of bank customers and employees. The association is also committed to working with law enforcement to help prevent bank robberies and when they occur to facilitate the timely apprehension and prosecution of criminals.

As part of its efforts to ensure bank security in Ne w York City, NYBA’s New York City Bank Security Task Force has developed these Best Practices. Thes e guidelines, however, are not intended to be an exclusive list of the various ways in which banks in New York City can develop and implement effective safety procedures.

BITS Financial Services Roundtable – BITS is a nonprofit, CEO-driven industry consortium whose members are 100 of the larges financial institutions in the United States. BITS was formed by the CEOs of these institutions to serve as the strategic “brain trust” for the financial services industry in the e- commerce, risk management, payments and technology arenas. BITS addresses emerging issues where financial services, technology and commerce intersect, acting quickly to address problems and galvanize the industry.

Federal Deposit Insurance Corporation (FDIC) – An independent agency created by the Congress that maintains the stability and public confiden ce in the nation’s financial system by insuring deposits, examining and supervising financial institutions, and managing receiverships.

FDIC Quick Links – The FDIC’s resource page contains li nks to FDIC Regulations, newsletter, and links to other agencies.

FDIC Regulations – The FDIC offers summery version of Regulation H, which defines the bank security officer and offers insight into the Bank Secrecy Act.

This link will offer an overview of the Bank Secrecy Act as well as links to other Bank Secrecy Act resources. Additional information that can be found at www.fdic.gov/regulations/examinations/bsa is relative to the Patriot Act, Terrorist Financing and the Bank Secrecy Act statute.

ASIS International Critical Infrastructure Resource Guide

10

[Return to Table of Contents]

Banking and Finance Sector

The Federal Reserve – the Federal Reserve System is the central bank of the United States. It was founded by Congress in 1913 to provide the nation with a safer, more flexible, and more stable monetary and financial system. Over the years, its role in banking and the economy has expanded.

Today, the Federal Reserve’s duties fall into four general areas:

Conducting the nation’s monetary policy by influencing the monetary and credit conditions in the economy in pursuit of maximum employment, stable prices, and moderate long-term interest rates.

Supervising and regulating banking institutions to ensure the safety and soundness of the nation’s banking and financial system and to protect the credit rights of consumers.

Maintaining the stability of the financial system and containing systemic risk that may arise in financial markets.

Providing financial services to depository instit utions, the U.S. government, and foreign official institutions, including playing a major role in operating the nation’s payments system.

The Financial and Banking Information Infrastructure Committee (FBIIC) – FBIIC is chartered under the President's Working Group on Fi nancial Markets, and is charged with improving coordination and communication among financial regulators, enhancing the resiliency of the financial sector, and promoting the public/private partnership . Treasury's Assistant Secretary for Financial Institutions chairs the committee.

Financial Crimes Enforcement Network (FinCen) – the mission of the Financial Crimes Enforcement Network is to safeguard the financial sy stem from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity. Bank secrecy forms and filing requirements are available at www.fincen.gov/reg_bsaforms.html .

Financial Services Information Sharing and Analysis Center (FS/ISAC) – Launched in 1999, FS-ISAC was established by the financial serv ices sector in response to 1998's Presidential Directive 63. That directive--later updated by 2003' s Homeland Security Presidential Directive 7-- mandated that the public and private sectors share in formation about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.

Constantly gathering reliable and timely informati on from financial services providers, commercial security firms, federal, state, and local government agencies, law enforcement and other trusted resources, the FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information to your organization. This information includes analysis and recommended solutions from leading industry experts.

Financial Services Sector Coordinating Council – The Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Ho meland Security is a group of more than 30 private- sector firms and financial trade associations that wor ks to help reinforce the financial services sector’s resilience against terrorist attacks and other threats to the nation’s financial infrastructure. Formed in 2002, FSSCC works with the Department of Treasury, wh ich has direct responsibility for infrastructure protection and homeland security efforts for the financia l services sector, while also serving under the overall guidance of the Department for Homeland Security.

ID Theft – the President’s Task Force on Identity Theft was established by Executive Order 13402 on May 10, 2006, launching a new era in the fight against identity theft. Recognizing the heavy financial and emotional toll that identity theft exacts from its victims, and the severe burden it places on the economy, President Bush called for a coordinated approach am ong government agencies to combat this crime.

ASIS International Critical Infrastructure Resource Guide

11

[Return to Table of Contents]

Banking and Finance Sector

Identity Theft Assistance Center (ITAC) – the Identity Theft Assistance Center is a cooperative initiative of the financial services industry to address and reduce the human and economic consequences of fraud and identity theft. Since 2004, ITAC has helped thousands of victims restore their financial identities.

Interagency Guidelines Establishing Information Security Standards | PDF | This guide summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations. The appendix lists resources that may be helpful in assessing risks and designi ng and implementing information security programs.

Securities Industry and Financial Markets Association (SIFMA) – Represents the industry, which powers the global economy. Born of the mer ger between The Securities Industry Association and The Bond Market Association, SIFMA is the si ngle powerful voice for strengthening markets and supporting investors the world over.

Our dynamic, new organization is passionately dedicated to representing more than 650 member firms of all sizes, in all financial markets in the U.S. and around the world. We are committed to enhancing the public’s trust and confidence in the markets, deliv ering an efficient, enhanced member network of access and forward-looking services, as well as premiere educational resources for the professionals in our industry and the investors whom they serve.

U.S. Treasury – the mission of the Department of the Treasury is to promote the conditions for prosperity and stability in the United States and encourage prosperity and stability in the rest of the world.

Terrorist Financing – the Office of Terrorism and Financial Intelligence (TFI) marshals the department's intelligence and enforcement functions wi th the twin aims of safeguarding the financial system against illicit use and combating rogue nations , terrorist facilitators, money launderers, drug kingpins, and other national security threats.

ASIS International Critical Infrastructure Resource Guide

12

[Return to Table of Contents]

Chemical Sector

3.0 Chemical Sector

3.1 Sector Overview

The Chemical Sector is an integral compon ent of the U.S. economy, employing nearly 1 million people, and earning revenues of more than $460 billion per year. The Chemical Sector can be divided into one of four main segments, based on the end product produced:

(1) basic chemicals, (2) specialty chemicals, (3) life sciences, and (4) consumer products. There are well over one hundred thousand “chemi cal facilities” in the United States, encompassing everything from product ion facilities to hardware stores.

The great majority of Chemical Sector facilit ies are privately owned, requiring DHS to work closely with the private sector and its indust ry associations in order to identify assets, assess risks, prioritize assets, develop and implement protective programs, and measure program effectiveness.

The Chemical Sector is dependent on, depended on by, and overlaps with a wide range of other sectors including:

Transportation Systems for the movement of raw materials and finished products

Energy for power and feedstock materials, as well as being a customer of certain chemicals

Drinking Water and Water Treatment Syst ems for chemical process operations

and as a customer for critical chemicals Agriculture and Food as a customer for fe rtilizers, pesticides, and other chemicals

Information Technology and Telecommunications for critical services

Many other CI/KR sectors

*

All of these sectors are workin g together to ensure that t heir efforts support each other.

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

13

[Return to Table of Contents]

Chemical Sector

3.2 Professional Development Resources

3.2.1 Web Links

American Chemistry Council (ACC), Arlington, VA

American Petroleum Instit ute (API), Washington, DC

Association of Oil Pipelines (AOPL), Washington, DC

Domestic Petroleum Council (DPC), Washington, DC

Energy Security Council (ESC), Houston, Texas

International Association of Drilling Contractors (IADC), Houston, Texas

Independent Petroleum Association of America (IPAA), Washington, DC

National Ocean Industries Asso ciation (NOIA), Washington, DC

National Petrochemical and Refiners Association (NPRA), Washington, DC

Offshore Operators Commi ttee (OOC), Metairie, LA

US Oil and Gas Association (USOGA), Jackson, MS

Western States Petroleum Associ ation (WSPA), Sacramento, CA

United States – Natural Gas, Propane, and Other

American Gas Association (AGA), Washington, DC

American Public Gas Association (APGA), Washington, DC

Compressed Gas Association (CGA), Chantilly, VA

Gas Processors Association (GPA), Tulsa, OK

Interstate Natural Gas Association of America (INGAA), Washington, DC

National Propane Gas Association (NPGA), Washington, DC

United States – Retail

National Association of Convenien ce Stores (NACS), Alexandria, VA

Petroleum Marketers Association of America (PMAA), Arlington, VA

ASIS International Critical Infrastructure Resource Guide

14

[Return to Table of Contents]

Chemical Sector

Society of Independent Gasoline Marketer s of America (SIGMA), Reston, VA

United States – Transportation

Independent Liquid Terminals Associ ation (ILTA), Washington, DC

National Tank Truck Carriers (NTTC), Alexandria, VA

United States – Other

American Society of Mechanical Engineers (ASME)

International Organization for Standardization (ISO), Geneva, Switzerland

National Mining Association (NMA), Washington, DC

Canada

Canadian Association of Petroleum Producers (CAPP), Calgary, Alberta

Canadian Energy Pipeline Associat ion (CEPA), Calgary, Alberta

Canadian Gas Association (CGA), Ottawa, Ontario

Transport Canada (TC), Ottawa, Ontario

3.2.2 Government Agencies / Resources

Central Intelligence Agency – The World Factbook

Coast Guard (USCG) – HomePort

Customs and Border Protection (CBP):

Department of Energy (DOE) – Energy Sources

Department of Homeland Security (DHS):

ASIS International Critical Infrastructure Resource Guide

15

[Return to Table of Contents]

Chemical Sector

3.2.3 Publications and Misc. Resources

Industry / Association

American Chemistry Council (ACC), Responsible Care Security Code

American Petroleum Institute (API):

Security Guidelines for the Petroleum Industry | PDF |

American Petroleum Institute (API) / National Petrochemical and Refiners Association (NPRA):

NPRA Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries | PDF |

The Illuminating Engineering Society of North America (IESNA) – IESNA Lighting Handbook

National Fire Protection Association (NFPA):

U.S. Government

Department of Transportation (DOT) – 49 CFR:

Maritime Transportation Security Act (MTSA) – 33 CFR:

ASIS International Critical Infrastructure Resource Guide

17

[Return to Table of Contents]

Chemical Sector

National Archives and Records Administration (NARA) – Code of Federal Regulations

Protection of Information

Navigation and Inspection Circular (NVIC) 10-04: Guidelines for Handling Security Sensitive Information (SSI) | PDF |

USCG, Sensitive Security Information (SSI) Regulation FAQ | PDF |

Rail Security
Rail Security

Surface Transportation and Rail Security Act of 2007 | PDF |

ASIS International Critical Infrastructure Resource Guide

18

[Return to Table of Contents]

Commercial Facilities Sector

4.0 Commercial Facilities Sector

4.1 Sector Overview

Facilities associated with the Commercial Fac ilities Sector operate on the principle of open public access, meaning that the general public can move freely throughout these facilities without the deterrent of highly visible security ba rriers. The majority of the facilities in this sector are owned and operated by the private sector, with minimal interaction with the Federal Government and other regulatory entities. For the most part, commercial facility owners and operators must be responsible fo r assessing and mitigat ing their specific facility vulnerabilities and practicing prudent risk management and mitigation measures. The Commercial Facilities Se ctor consists of the fo llowing eight subsectors:

  • 1. Public Assembly (e.g., arenas, stadium s, aquariums, zoos, convention centers);

  • 2. Sports Leagues (e.g., profession al sports leagues and federations);

  • 3. Resorts (e.g., casinos);

  • 4. Lodging (e.g., hotels, motels, conference centers);

  • 5. Outdoor events (e.g., theme and amusemen t parks, fairs, campgrounds, parades);

  • 6. Entertainment and Media (e.g., motion picture studios, broadcast media);

  • 7. Real Estate (e.g., office and apartment buildings, condominiums, self-storage); and

*

  • 8. Retail (e.g., retail centers and districts, shopping malls).

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

19

[Return to Table of Contents]

Commercial Facilities Sector

4.2 Professional Development Resources

4.2.1 Guides, Resources, and Documents by Organization

Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks (NIOSH)

Risk Management Guidance for Health, Safety, and Environmental Security under Extraordinary Incidents (ASHRAE)

A Guide to Strengthen Emergency Management of High-Rise and High-Risk Buildings (Ontario Fire Marshal)

Security and Safety in Los Angeles High-Rise Buildings After 9/11 (RAND)

FEMA: Risk Management Series:

426: Reference Manual to Mitigate Potential Terrorist Attacks against Buildings

427: Primer for Design of Commercial Buildings to mitigate terrorist attacks

429: Insurance, Finance and Regulation primer for terrorism risk management in buildings

E155: Building Design for Homeland Security, Student manual

Comparison of structural performance of multi-story buildings under extreme events (American Institute of Steel Construction, Inc.)

Evacuation Planning for Occupants with Disability (National Research Council Canada)

Precautions to minimize effects of a Chemical, Biological, Radiological or Nuclear Event on Buildings and Infrastructure: (Office of Deputy Prime Minister, UK)

Task Force on Tall Buildings: The Future. (Council on Tall Buildings and Urban Habitat)

Suspicious Package Response Planning Guide: (Solicitor General Canada)

Protecting Buildings from a Biological or Chemical Attack: Actions to be taken before or during a release

DoD Minimum Anti-Terrorism Standards for Buildings: Unified Facilities Criteria: Dept. of Defense

Building Air Quality: A Guide for Property Owners and Facility Owners: CDC

Facilities Standard for the Public Buildings Service

Balancing Security and Openness: General Services Administration

ASIS International Critical Infrastructure Resource Guide

20

[Return to Table of Contents]

Commercial Facilities Sector

Sustainable Building Technical Manual: Green Building Design, Construction and Operations, EPA

Guide to Threat and Risk Assessment Involving On-Site Physical Security Examination: RCMP

Strategic National Guidance: The Decontamination of Buildings and Infrastructure Exposed to Chemical, Biological, Radiological, or Nuclear (C BRN) substances or material: Office of the Deputy Prime Minister: UK.

  • 4.2.2 Web links

American Hotel & Lodging Association

ASIS International Commercial Real Estate Council

Building Owners and Managers Association International

Building Security Council

Construction Specifications Institutes (CSI)

Council on Tall Buildings and Urban Habitat

FacilitiesNet

International Council of Shopping Centers

International Facility Management Association (IFMA)

National Apartment Association

National Association of Industrial and Office Properties

National Association of Realtors

National Fire Protection Association (NFPA)

National Multi Housing Council

The Real Estate ISAC

The Real Estate Roundtable

  • 4.2.3 Security Management Articles (month, year, page)

Spotlight on Security for Real Estate Managers, Second Edition (Book Review). March 2006, 112.

The Challenge of Making Safer Structures. March 2005, 42.

High Rise Security and Fire Life Safety, Se cond Edition (Book Review). July 2004, 144.

Kilroy Has Left the Building (Working Wi se) [Penn Plaza, New York]. June 2004, 31.

ASIS International Critical Infrastructure Resource Guide

21

[Return to Table of Contents]

Commercial Facilities Sector

Take the Guesswork Out of G uest Control. June 2003, 60.

Make Planning a Priority. May 2003, 71.

Emergency Preparedness (Book Review). Dec 2002, 124.

Los Angeles Tackles High-Rise Security (News and Trends). Sept 2002, 20.

A New Forum for Security. June 2002, 71.

The Jewel in the Crown [Crown Center Plaza, Kansas City, MO]. Sept 2000, 108.

Condo Can Do [Capri Gardens Condominium Association, Miami, FL]. Jan 2000, 68.

Tenants Anyone? (Spotlight). April 1999, 15.

Security Planning Guidebook: Safeguarding Your Tenants and Property (Book Review). Aug 1996, 118.

Building Security Relationships. July 1996, 103.

Taking Life Safety to New Heights (Amoco Building, Chicago, IL). June 1996, 40.

4.2.4 Books
4.2.4 Books

Archibald, R., & Medby, J. Security and Safety in Los Angeles High-rise Buildings After 9/11 . Santa Monica, CA: Rand Corporation, 2002.

This analysis, commissioned by the Building Owners and Managers Association of Greater Los Angeles, includes Key Considerations for Building Security ; Learning from Three Case Studies; Key Resource Guide on High-Rise Building and Multi-Tenant Security. December 2006, ASIS International .

Planning Considerations for High-Rise Buildings; Potential Roles for Government; and Recommendations for Los Angeles.

Azano, Harry J. Fire Safety and Security for High-Rise Buildings . Crete, IL: Abbott, Langer & Associates, 1995. TH/9445/H63A99/1995. Available to borrow from the ASIS Resources Center.

Contents: 1) Recent high-rise disasters; 2) The c hallenge of high-rise buildings; 3) The role of the security force; 4) Understanding fire; 5) Attacking fire; 6) Sprinkler and standpipe systems; 7) Fire extinguishers and fixed systems; 8) Fire alarm system s; 9) The threat of arson and bombs; 10) High-rise safety program; Conclusion.

Craighead, Geoff. High-Rise Security and Fire Life Safety, 2nd Ed . Woburn, MA:

Butterworth-Heinemann, 2003. TH/9445/H63C88/ 2003. Available for purchase from the ASIS Online Bookstore.

Includes how to conduct security and fire life safety surveys, effectively manage security programs, and prepare for high-rise emergencies. This new edition includes an analysis of the September 11, 2001, attacks on, and the collapse of, the Word Trade C enter towers. Topics include high-rise building

ASIS International Critical Infrastructure Resource Guide

22

[Return to Table of Contents]

Commercial Facilities Sector

development and utilization, building emergency planning; laws, codes, and standards; liaison with law enforcement and fire authorities; high-rise assets; and security and fire life safety threats.

DoD

Minimum

Anti-Terrorism

Standards

for

Buildings:

Washington, DC: Department of Defense, 2003.

Unified

Facilities

Criteria .

This document seeks to minimize the likelihood of mass casualties from attacks against DoD personnel in the buildings in which they work and live.

Guidance for Filtration and Air-Cleaning Systems to Protect Building Environments from Airborne Chemical, Biologica l, or Radiological Attacks . Washington, DC. National Institute for Occupational Safety and Health, 2003.

This document provides detailed, comprehensive information on selecting and using filtration and air- cleaning systems in an efficient and cost-effective manner.

Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks . Washington, DC: National Institute for Occupational Safety and Health, 2002.

Prevention is the cornerstone of public and occupat ional health. This document provides preventive measures that building owners and managers can implement promptly to protect building air environments from a terrorist release of chemical , biological, or radiological contaminants.

A Guide to Emergency Evacuation Procedures for Employees with Disabilities. Sacramento, CA:

State of California, 1999.

Prepared by the Emergency Response Task Force and the California Highway Patrol for the State of California, State Personnel Board, Statewide Disability Advisory Council.

Fennelly, Lawrence J., Handbook of Loss Prevention and Crime Prevention, 4th Ed . New York: Butterworth-Heinemann, 2004. HV/8290/H23/2004.

This revised volume brings together the expertise of more than 40 security and crime prevention experts who provide practical information and advice. This new edition covering the latest on topics ranging from community-oriented policing to physi cal security, workplace violence, information security, homeland security, and a host of special topics. See pp. 370-387 fo r Chapter 25, “High-Rise Security and Fire Life Safety” and Chapter 26, “Multiresidential Security.”

Fennelly, Lawrence J,. Spotlight on Security for Real Estate Managers . Chicago, IL:

Institute for Real Estate Management, 2005. HV/8290/F33/2005.

The goal of this book is to help real estate managers understand the issues that form the basis of liability claims and provide some tools than can be used to minimize the likelihood of crime occurring on the properties they manage and be prepared to deal with the consequences in the event a crime occurs at or near their property. The information here will assist the real estate manager in evaluating the security needs of a property and identifying security measures that will meet those needs within the available budget. While some chapters focus on a single property type , most of the strategies presented in the text can be adapted of considered for all types of properties.

ASIS International Critical Infrastructure Resource Guide

23

[Return to Table of Contents]

Commercial Facilities Sector

Kitteringham, Glen. Security and Life Safety for the Commercial High-Rise . Alexandria, VA:

ASIS International, 2006. TH/9445/H6K62/2006.

Since September 11, 2001, the high-rise industry has been reviewing security and life safety procedures and practices and taking steps to improve security based on building size and importance, geographic location, potential risk to occupants, and risk of attacks. The risk assessment guidelines presented in this book are oriented toward protection of a site's pers onnel and physical assets. They would also generally apply to protection of computer data, hardware, and software. The security guidance discussed in this book will assist individual companies to assess thei r properties and determine how best to protect their assets.

Ontario Office of the Fire Marshal. A Guide to Strengthen Emergency Management of

High-Rise and

Marshal, 2002.

High- Risk

Buildings ,

Ontario, Canada:

Ontario

Office of

the

Fire

This guide has been developed as part of the provincial government's commitment to improve Ontario's emergency preparedness and to help owners and operators of large buildings improve occupant safety and security.

Protection of Assets Manual . ASIS International, Alexandria, VA. 2004 (with revisions and updates), Volume 4, Chapter 1, pp. 1-35. HV/8290/P975/VOL 4.

This comprehensive source covers all aspects of secu rity including access control, training, employee awareness, internal and external theft and fraud, security and civil law, investigations, ethics, alcohol and drug abuse, and more. All business managers and protec tion professionals with an assets protection responsibility will find this information pertinent in each subject area, and helpful in effectively tackling critical security issues and organizing special research projects. This manual also serves as a central library reference for students pursuing a program in security or assets protection.

Risk Management Series: Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks . Washington, DC, Federal Emergency Management Agency, Washington, DC,

2003.

This primer introduces a series of concepts that can help building designers, owners, and State and local governments mitigate the threat of hazards resulting from terrorist attacks on new buildings. FEMA 427 specifically addresses four high- population, private-sector building types: commercial office, retail, multifamily residential, and light industrial. This m anual contains extensive qualitative design guidance for limiting or mitigating the effects of terrorist attacks, focusing primarily on explosions, but also addressing chemical, biological, and radiological attacks.

Sampson, Rana. Drug Dealing in Privately Owned Apartment Complexes . Problem- Oriented Guides for Police: Problem-Specific Guides Series, No. 4. Washington, DC:

Department of Justice, 2006.

This guide focuses on drug dealing in privately ow ned apartment complexes. The guide makes a clear distinction between open- and closed-drug markets, pr ovides information on what is known about each market type, and provides questions to ask when analyzing each market. It also proposes various responses designed to closed-drug markets and provi des a full range of problem-specific measures to determine the effectiveness of those responses.

ASIS International Critical Infrastructure Resource Guide

24

[Return to Table of Contents]

Commercial Facilities Sector

Security Planning Guidebook: Safeguarding your Tenants and Property. Washington, DC:

Building Owners and Managers Associati on International, 1995. HV/7431/S42/1995. Available to borrow from the ASIS Resources Center.

Contents: Introduction; Security incidents; Evaluating your security needs; In-house vs. contract security? Working with police, fire dept and others; Tenant communications; Liability and insurance issues; Developing a security and safety communication plan; Putting the plan into action; Appendices: sample plan, crisis communications plan, bomb threats.

4.2.5 Videotapes/DVD:

Emergency Response: Life Safety and Evacuation [videotape: 20 min.]. Emotion Pictures, LLC. 2002. VHS//E543/2002. Demonstrates what the person in charge of life safety for building occupants needs to know, and how to conduct a thorough and complete evacuation. Includes interactions with emergency responders, practicing the plan and ensuring that building occupants understand it, checking life safety systems and exit paths, and more. Also includes a 26-page Instructor's Guide.

High-rise

Evacuation

[videotape:

22

min.].

Quincy,

MA:

National

Fire

Protection

Association, 2002. VHS//H638/2002. Includes a 12-page instructor's pamphlet. This program is intended to be used regularly as part of a complete ev acuation training course that includes a review of building emergency plans. It emphasizes the important role people can take in ensuring fire safety in high rises and in their ability to evacuate safely if fire o ccurs. The film presents safety features of high-rise buildings and how they contribute to safe evacuation in a fire emergency. The narrator gives the viewer a tour through the building, demonstrating its potential to contain a fire and limit its spread. Because a fire safety plan is dependent upon proper human response, a fire emergency scenario is presented, in which a good plan is carried out quickly and correctly.

Lessons From Ground Zero: Evacuation [videotape: 23 min.]. Virgin ia Beach, VA: Coastal Human Resources, 2002. VHS//L641/2002. This video is the first part of a Lessons From Ground Zero training documentary. It provides first-hand a ccounts from those who experienced the World Trade Center evacuations on February 26, 1993 and Sept ember 11, 2001. It shows how critical changes implemented after the 1993 bombing expedited the evacuation on September 11th and highlights the importance of evacuation plans and fire drills, proper use of fire extinguishers, and necessity of working radios, operational flashlights, fully stock ed first aid kits and accurate building maps.

4.2.6 Seminar Sessions Audi otapes / CD-ROM / DVD (ASIS):

Building a National Response Plan (2005) Session ID: S10 Participants: Carlos Villarreal (speaker), Geoffrey T Craighead, CPP (moderator)

Large companies that have many locations across the United States must have a robust and flexible plan in place to prevent, respond to, and recover from an incident. This session details what one commercial real estate company did to create a national response pl an to critical incidents. Hear how the program got started, how it was implemented and tested, and how it is being maintained. Examples of emergency plans, monitoring systems, and notifications protocols will be given.

ASIS International Critical Infrastructure Resource Guide

25

[Return to Table of Contents]

Commercial Facilities Sector

CPTED & Security in the Commercial High-Rise (2004) Session ID: S37 Participants: Glen W Kitteringham, CPP (speaker), Willi am J McShane, CPP (moderator)

Security basics are covered including a discussion of policies and procedures, an examination of the physical facilities (3 buildings), a discussion of building residents and users, and a CPTED review and analysis of three specific areas of study within the properties.

The First 90 Days After 9/11 (2002) Session ID : S71 Participants: Mark E Raybould, CPP (speaker), Mark T Wright (speaker), Charles J Mattes, CPP (speaker)

Hear first-hand from four security pr ofessionals who have direct responsibilities for billion dollar assets in major markets like New York Chicago Los Angeles and Houston what immediate challenges they faced and the escalation strategies they implemented during the first 90 days following 9/11 and beyond to protect lives and buildings. You will walk away wi th valuable and practical information to help you manage facilities after catastrophic events.

High-Rise Environments - Protection and Surv ivability (2002) Session ID: S23 Participants:

Phillip Banks, CPP (speaker), Ar ik S Garber, CPP (moderator),

The aftermath of the terrorist events of September 2001 as well as the continuing nation-wide threat environment has resulted in a demand for increased high-rise building security and safety planning. This response includes among other things increased screening of tenants and visitors as well as deliveries coming into the building and advanced emergency planning and preparedness. This session highlights methodologies that will increase your level of survivab ility from a terrorist attack or a naturally occurring disaster.

High Rise Fire - Lessons Learned in Chicago (2004) Session ID: S6 Participants: Carlos Villarreal (speaker), Nancy A. Renfroe, CPP (moderator)

This session is two-fold. First, there is a review of the tragic fire that occurred in a downtown Chicago high-rise office building, taking six lives. Then, the next section teaches how to take training to a higher awareness. There is a discussion of new methods to better train personnel to handle fire conditions and what type of fire safety training really works for bu ilding occupants. Detailed fire safety presentations do not always communicate the right message.

High Rise Fire Simulations: Moving Beyond Fire Drills (2004) Event: 50th Annual Seminar Session ID: S23 Participants: Steve Cichon (s peaker), Charles K Hutchinson (speaker), Michael Crocker, CPP (moderator)

The theme of this presentation is high-rise fire sa fety. This training moves beyond the conventional fire drill to a new training platform. This is a simulation conduc ted in real buildings in a training platform. This includes a zero visibility environment with a buildi ng in fire mode. Responders must use building systems and equipment, elevator and fire panel operations, and tr affic management. The fire simulation tests all levels of the responder abilities. This presentation is an overview of a highly intense training format that brings together the private and public sect or in a unique cross-training environment.

Securing an Office Building (2003) Session ID : S24 Participants: Mark E Raybould, CPP (speaker), Louis G Caravelli, CPP (spea ker), Carlos Villarreal (moderator)

ASIS International Critical Infrastructure Resource Guide

26

[Return to Table of Contents]

Commercial Facilities Sector

Learn what best practices are being used to address the new threat issues everyone in commercial real estate security is facing. This session will review past standards and discuss the new way of securing an office building. Issues including threat levels, access control systems, CCTV coverage, emergency planning and staffing will be discussed in great detail. Best practices on how to build and review your building's plan also will be discussed dur ing this every informative program.

Security and Safety Concerns: High Rise Buildings After 9/11 (2003) Session ID: S32 Participants: Robert A Cizmadia, CPP (spe aker), Robert L Pearson (moderator)

The density of populations and high-rise buildings within our cities provides the motivation for considering the assessment of security and safety of these ar chitectural wonders. This presentation is targeted towards security and facility managers, property owner s, tenants, and architects of such buildings. The content of this presentation will focus on taking an in tegrated approach in addressing security of high-rise buildings from a security management operational administrative technological and educational awareness perspective.

ASIS International Critical Infrastructure Resource Guide

27

[Return to Table of Contents]

Dams Sector

5.0 Dams Sector

5.1 Sector Overview

The Dams Sector encompasses major infrastructure assets that harness the water resources of the Nation and enable water management, balancing droughts and floods throughout the U.S. These dams, locks, pumping plants, canal s, and levees provide water supply, power generation, navigable waterway s, flood protection, and unique environmental stability and enhancement to habitats across the country. Ten percent of American cropland is irrigated using water stored behind dams. Hydropower facilities generate more than 60 percent of the electricity used along the Pacific coast. More than 12,000 miles of navigable waterways in the U.S. provide routes for transportation of mass quantities of commodities within the country and more than $70 billion worth of cargo is shipped along the waterways annually. There are approximately 78,000 dams included in the National Inventory of Dams, and almost 60 percent of them are privately owned.

The Dams Sector has interdependencies with a wide range of other sectors, including:

The Agriculture and Food Sector as a continued source of water for irrigation and water management

The Transportation Systems Sector uses dams and locks to manage navigable waters throughout inland waterways

The Drinking Water and Water Treatment Systems Sector by supplying potable water to concentrated populations and commercial facilities in the U.S.

The Energy Sector by providing approx imately 8 to 12 percent of the Nation’s power needs with hydropower dams

The Emergency Services Sector relies on Dams Sector assets for firefighting water supply, emergency water supply, and waterborne access in the event of a significant disaster

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

28

[Return to Table of Contents]

Dams Sector

5.2 Professional Development Resources

American National Standards Institute-Homeland Security Standards Panel (ANSI-HSSP) – ANSI-HSSP has as its mission to identify existing consensus standards, or, if none exist, assist the Department of Homeland Security (DHS) and thos e sectors requesting assistance to accelerate development and adoption of consensus standards cr itical to homeland security. The ANSI-HSSP promotes a positive, cooperative partnership between t he public and private sectors in order to meet the needs of the nation in this critical area.

American Public Works Association (APWA) – An international educational and professional association of public agencies, private sector co mpanies, and individuals dedicated to providing high quality public works goods and services.

Association of State Dam Safety Officials (ASDSO) – A national non-profit organization of state and federal dam safety regulators, dam owners and operators, engineering consultants, manufacturers and suppliers, academia, contractors and others interested in dams safety. Our vision is to lead the US dam safety community with a strong, unified voice and effective programs and policies toward the furtherance of dam safety.

Dam Safety Program Management Tools (DSPMT) – The purpose of the DSPMT is to provide dam safety program managers with the answers to the following questions:

How well are our dam safety programs being implemented?

Are we doing too much in some areas and not enough in others?

Are we spending our scarce resources in the right places?

Are we improving?

Earthquake Engineering Research Institute (EERI) – A national, nonprofit, technical society of engineers, geoscientists, architects, planners, public officials, and social scientists. EERI members include researchers, practicing professionals, educ ators, government officials, and building code regulators.

Electric Power Research Institute (EPRI) – With major locations in Palo Alto, California; Charlotte, North Carolina; and Knoxville, Tennessee, was esta blished in 1973 as an independent, nonprofit center for public interest energy and environmental research . EPRI brings together members, participants, the Institute's scientists and engineers, and other leading exper ts to work collaboratively on solutions to the challenges of electric power. These solutions span near ly every area of electricity generation, delivery, and use, including health, safety, and environment. EPRI' s members represent over 90 percent of the electricity generated in the United States. Internat ional participation represents nearly 15 percent of EPRI's total research, development, and demonstration program. (Membership required)

Federal Bureau of Investigation (FBI) – Our mission is to help protect you, your communities, and your businesses from the most dangerous threats facing our nation—from international and domestic

ASIS International Critical Infrastructure Resource Guide

29

[Return to Table of Contents]

Dams Sector

terrorists to spies on U.S. soil…from cyber villains to corrupt government officials…from mobsters to violent gangs…from child predators to serial killers. Learn more here about our work with law enforcement and intelligence partners across the country and around the globe.

Federal Emergency Management Administration (FEMA), National Dam Safety Program – Although the Federal Government owns or regulates only about 5 percent of the dams in the United States, many of these dams are significant in term s of size, function, benefit to the public, and hazard potential.

Since the implementation of the Federal Guidelines for Dam Safety in 1979, the federal agencies have done an exemplary job in ensuring the safety of dams with in their jurisdiction. They accomplish this by sharing resources whenever and wherev er possible to achieve results and improvements in dam safety. Many of the federal agencies also maintain very comprehensive research and development programs and training programs, and have now incorporated securi ty considerations and requirements into these programs to protect their dams against terrorist threats.

National Dam Safety Review Board – The Review Board provides the Director of FEMA with advice in setting national dam safety priorities and considers the effects of national policy issues affecting dam safety. Review Board members include FE MA, the Chair of the Board, and representatives from four federal agencies that serve on the Interagency Committee on Dam Safety (ICODS), five state dam safety officials, and one member from the private sector.

Interagency Committee on Dam Safety (ICODS) – Established in 1980, encourages the establishment and maintenance of effective federal programs, policies, and guidelines to enhance dam safety and security. ICODS serves as the permanent fo rum for the coordination of federal activities in dam safety and security. FEMA also chairs ICODS.

ICODS Agencies:

Department of Agriculture

Agricultural Research Service

Natural Resources Conservation Service

Forest Service

Department of Defense, Army Corps of Engineers

Department of Energy

Department of the Interior

Bureau of Indian Affairs

Bureau of Land Management

Bureau of Reclamation

Fish and Wildlife Service

National Park Service

Department of Labor, Mine Safety and Health Administration

Federal Energy Regulatory Commission

Department of State, International Boundary and Water Commission

Nuclear Regulatory Commission

Tennessee Valley Authority

ASIS International Critical Infrastructure Resource Guide

30

[Return to Table of Contents]

Dams Sector

Federal Energy Regulatory Commission (FERC) – Hydropower – The Commission's responsibilities include: Issuance of licenses for the construction of a new project; Issuance of licenses for the continuance of an existing project (relicensing); and Oversight of all ongoing project operations, including dam safety inspections and environmental monitoring.

Homeland Security Information Center (HSIC) – The Homeland Security Information Center at NTIS is an invaluable resource for scientific and te chnical information from the U.S. Government, its contractors, and complementary material from internat ional sources. The HSIC is categorized into these major security concerns: health & medicine, food & agriculture, bio and chemical warfare, preparedness and response, and safety training. Products are avail able in a variety of formats: electronic download, online access, computer products, multimedia, microfiche, and paper.

International Association of Emergency Managers (IAEM) – The International Association of Emergency Managers (IAEM) is a non-profit educational organization dedicated to promoting the goals of saving lives and protecting property during emergencies and disasters.

The International Journal on Hydropower and Dams – A bi-monthly publication, read in 176 countries, dealing with all technical, environment al, social and economic aspects of hydro plants and multipurpose water resources development projects. It combines business news with state-of-the-art technology. Each issue has a regional focus, and special technical themes of interest to engineers in all the related disciplines.

National Emergency Management Association (NEMA) – NEMA is the professional association of and for state emergency management directors.

National Hydropower Association (NHA) – The National Hydropower Association, founded in 1983, is the only trade association in the United States dedicated exclusively to advancing the interests of hydropower energy in North America. Located in Wa shington, D.C., NHA is a member-driven association that accomplishes its policy work and outreach th rough the initiatives of its standing committees.

National Performance of Dams Program – Formally launched in 1994, the NPDP is an effort to establish within the dam engineering and safety communi ty the ability to learn from the in-service performance of dams, supporting improvements in dam design, operation, engineering, and public policy.

National Society of Professional Engineers (NSPE) – The National Society of Professional Engineers (NSPE) is the recognized voice and advoc ate of licensed Professional Engineers. Founded in 1934, NSPE strengthens the engineering profession by promoting engineering licensure and ethics, enhancing the engineer image, advocating and protecting PEs' legal rights at the national and state levels, publishing news of the profession, providing continuing education opportunities, and much more. NSPE serves some 50,000 members and the public through 53 state and territorial societies and more than 500 chapters.

Sandia National Laboratories, Security Risk Assessment Methodology for Dams (RAM-D) – Developed by Sandia National Laboratories for the Inter agency Forum for Infrastructure Protection (IFIP). The IFIP is a consortium chartered in 1997 to promote information exchange among dam owners and operators for the focused purpose of identifying effective means of countering the potential threat to the security of our nation's more than 75,000 dams. The RAM-DSM is an adaptation of the security

ASIS International Critical Infrastructure Resource Guide

31

[Return to Table of Contents]

Dams Sector

principles, processes, and procedures developed to protect nuclear materials. The RAM-DSM includes tools developed to address issues that are specific to dam facilities.

Security Management Solutions (SMS) – Dam Assessment Matrix for Security and Vulnerability Risk (DAMSVR) methodology was developed under the direction of FERC. SMS was contracted to pull together existing methodologies from FERC and Bu reau of Reclamation, develop a new methodology, and field test the product. Since the completion of the process, SMS has developed a full range of training to support DAMSVR studies.

The Infrastructure Security Partnership (TISP) – A national public-private partnership, TISP is the recognized leader promoting collaboration to im prove the resilience of the nation's critical infrastructure against the adverse impac ts of natural and man-made disasters.

U.S. Army Corps of Engineers, Institute for Water Resources (IWR) – IWR was established to provide the U.S. Army Corps of Engineers with forward-looking insights and analyses on emerging national water resources issues

Risk Assessment Methodology for Dams (RAM-D) – The Corps has been integrally involved in the creation and implementation of this unique asse ssment tool designed to help operators of dams, hydroelectric facilities, and power plants make their sites less attractive targets to terrorists. RAM-D helps operators identify who might attack a facility, what resources they might have available, and what steps might be taken to prevent an attack. Oper ators can use RAM-D to determine where to place sensors, cameras, or lights, or whether to invest in walls, barriers, higher fences, better doors, extra training, or improved policies. The Corps is working to improve the use of RAM-D, while also evaluating other tools and concepts to improve risk a ssessment efforts and reduce vulnerabilities.

U.S. Coast Guard (USCG) – a military, multi-mission, maritime service and one of the nation’s five Armed Services. Its mission is to protect the public , the environment, and U.S. economic interests in the nation’s ports and waterways, along the coast, on inter national waters, or in any maritime region as required to support national security.

U.S. Department of Agriculture (USDA), USDA Dam Safety Committee (USDADSC) – Establishment is in the public's interest in that it will strengthen dam safety efforts in the Department and support the Executive Branch in the implementati on of the "Federal Guidelines for Dam Safety."

U.S. Department of Energy (DOE), Infrastructure Security and Energy Restoration (ISER) – A division of the DOE’s Office of Electricity Delivery and Energy Reliability leads the federal government's effort to ensure a robust, se cure, and reliable energy infrastructure.

United States Society on Dams (USSD) – To be the nation's leading organization of professionals dedicated to advancing the role of dams for the benefit of society. USSD is dedicated to:

Advancing the knowledge of dam engineering, c onstruction, planning, operation, performance, rehabilitation, decommissioning, maintenance, security, and safety;

Fostering dam technology for socially, environment ally, and financially sustainable water resources systems;

ASIS International Critical Infrastructure Resource Guide

32

[Return to Table of Contents]

Dams Sector

Providing public awareness of the role of dams in the management of the nation's water resources;

Enhancing practices to meet current and future challenges on dams; and

Representing the United States as an active member of the International Commission on Large Dams (ICOLD).

ASIS International Critical Infrastructure Resource Guide

33

[Return to Table of Contents]

Defense Industrial Base Sector

6.0 Defense Industrial Base Sector

6.1 Sector Overview

The Defense Production Act of 1950, Executiv e Order 12919, and Department of Defense (DOD) Directive 5000.60 are all focused primar ily on ensuring adequate industrial capacity for national security. Presidential Decision Directive 63 identified national defense as a special function of interest in the context of critical infrastructure protection in 1998. The July 2002 National Strategy for Homeland Security, the February 2003 National Strategy for the Physical Protection of Critical Infr astructures and Key Assets, and HSPD-7 identify the Defense Industrial Base (DIB) as a crit ical infrastructure sector and assign the responsibility for ensuring DIB f unctionality to the DOD.

The DIB Sector includes DOD, government, and the private sector worldwide industrial complex with the capabilities of performing research and development, design, production, and maintenance of military weapons systems, su bsystems, components, or parts to meet military requirements. The DIB Sector incl udes more than 100,000 companies and their subcontractors who perform under contract to DOD, and companies providing incidental materials and services to DOD, as well as government-owned/ contractor-operated and government-owned/ government-op erated facilities. DIB comp anies include domestic and foreign entities, some with operations located in many countries. The DIB Sector is dependent upon a number of other sectors, in cluding Energy, Telecommunications, and Transportation Systems.

The DIB Sector provides defense-related prod ucts and services that are essential to mobilize, deploy, and sustain military operations. The DIB Sector does not include commercial infrastructure that provides po wer, communications, transportation, and other utilities that DOD war fighters and support or ganizations use to meet their operational needs. These activities, including cyber, are addressed to DOD’s broader Defense Critical Infrastructure Program (DCIP) and are in tegrated in all DIB Sector activities.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

34

[Return to Table of Contents]

Defense Industrial Base Sector

6.2 Professional Development Resources

The following are some typical contact element s for professional secu rity associations and working groups with common interests in the Na tional Industrial Security Program, Defense Department, Intelligence Community and National Security topics. This list is only a sampling. There are many other resources and security associations that may also be of benefit.

ASIS International – With more than 34,000 members, ASIS is the largest international organization for professionals responsible for security, includi ng managers and directors of security. In addition, corporate executives and other management personnel, as well as consultants, architects, attorneys, and federal, state, and local law enforcement, are becoming involved with ASIS to better understand the constant changes in security issues and solutions.

ASIS is dedicated to increasing the effectiveness and productivity of security practices by developing educational programs and materials that address br oad security concerns, such as the ASIS Annual Seminar and Exhibits, as well as specific securi ty topics. By providing members and the security community with access to a full range of progra ms and services, and by publishing the only monthly magazine focused strictly on the issues and concer ns of security, Security Management, ASIS leads the way for advanced and improved security performance.

Annual Membership Fee: $150.00

Good

source

for

automated

information systems security plans and links to Defense Security Service and FSO topics.

Annual Membership Fee: None

Chief Security Officer (CSO) – A resource for security executives. Annual Membership Fee: None

Extranet for Security Professionals (XSP) – An ‘on-line’ tool for security professionals to collaborative and discuss issues of common interest. All information is 128 bit encrypted and the XSP operated at a “FOR OFFICIAL USE ONLY” level. Registration is limited to individuals who hold at least a Secret security clearance. Alth ough no classified information may be placed on the network, everyone with access to the network is a cleared individual. Some useful features include a collaboration realm where questions may be posed to and answered by the XSP community, posting of the latest versions of government regulations, manuals, and forms, a bulletin board for job posting, recruiting, equipment sharing, and general it ems of interest, and a calendar of security related events.

Annual Membership Fee: None

Homeland Security Information Network (HSIN) – Critical Infrastructure Pilot. Annual Membership Fee: None

Industrial Security Working Group (ISWG) – Separate community on OPMIS/XSP. A working group of industrial security directors and mangers involved with SCI programs and the Intelligence Community. ISWG collaborates and directly interact s with IC agencies establishing national security

ASIS International Critical Infrastructure Resource Guide

35

[Return to Table of Contents]

Defense Industrial Base Sector

policies and directives. Meetings always include the most senior level government security directors from all IC agencies. Minimum access requirement for participation is TS/SI/TK. Participants are typically the Security Directors or most senior security officials from companies working on IC contracts. Meetings are held at a classified leve l. National ISWG meetings alternate between East Coast and West Coast companies with facilities large enough to host gatherings of 200-300 attendees.

Annual Membership Fee: None

National Classification Management Society (NCMS) – NCMS was founded in 1964 by a group of government & industry security classifica tion managers and administrators recognizing the importance of establishing a national scope societ y to advance the practice of Classification Management as a profession.

Today, the Society has nearly 2,000 members in the United States and overseas including representatives from NATO countries. Within t he U.S., members come from the Department of Energy, Department of Defense, Department of State, National Aeronautics and Space Administration, Federal Bureau of Investigation, National Security Agency, General Accounting Office--virtually every Federal agency that deals with classification--and from the civilian contractors who work with these agencies. As the Society ha s grown over the years, its focus has also expanded. NCMS now provides professional devel opment for its members in the field of classification management, information security, per sonnel security, computer security, operations security (OPSEC), facility security, and technology security.

Annual Membership Fee: $60.00

ASIS International Critical Infrastructure Resource Guide

36

[Return to Table of Contents]

Drinking Water and Water Treatment Sector

7.0 Drinking Water and Water Treatment Sector

7.1 Sector Overview

HSPD-7 designates the Environmental Protecti on Agency (EPA) as the Federal lead for the Drinking Water and Water Treatment Systems (W ater) Sector’s critical infrastructure protection activities. All activities are carr ied out in consultation with DHS and the EPA’s Water Sector partners. The Water Sector includes both drinking water and wastewater utilities. There are approximately 160,000 publ ic drinking water systems and more than 16,000 wastewater systems in the United States. Approxima tely 84 percent of the U.S. population receives their drinking water from these systems and more than 75 percent of the U.S. population has its sanitary sewage treated by these wastewater systems.

In collaboration with the entire Water Sector, a broad-based strategy to address the security needs is being implemented. This work includes, but is not limited to, providing support to utilities by preparing vulnerabilit y assessment and emergen cy response tools, providing technical and financial assistance, and exchanging information.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

37

[Return to Table of Contents]

Drinking Water and Water Treatment Sector

7.2 Professional Development Resources

This CIWG resource listing is intended to se rve the water and wastewater infrastructures. The list is a directory that c an be utilized as a resource in ma tters relevant to critical infrastructure protection (CIP), disaster preparedness and resilience, and continuity of operations. This resource represents an initial effort to compartmentalize essential CIP information for both small and larg e water and wastewater utilities.

  • 7.2.1 Federal Lead Agency Affiliation

  • 7.2.2 Industry Associations and Affiliations

American Water Works Association (AWWA) – The AWWA Web site provides sites and links relative to security issues. The AWWA, The Am erican Society of Civil Engineers (ASCE), and the Water Environment Federation (WEF) have corr oborated on a major infrastructure security enhancement program for the water and wastewater sectors.

The AWWA has an established Security Committee t hat serves as an association resource for its members and member organizations.

The AWWA is active in encouraging and supporting the Water and Wastewater Agency Response Network (WARN) initiative. In essence, this progr am seeks to establish mutual aid and assistance networks for water and wastewater utilities on a statewide basis for response to disasters and other emergencies.

InfraGard (sponsored by the FBI) – This program provi des for joint public and private partnering in protecting the nation’s infrastructures.

The Infrastructure Secu rity Partnership (TISP) – As quoted from Regional Disaster Resilience: A Guide for Developing an Action Plan , “The Infrastructure Security Partnership (TISP) was established following the tragic events of Septem ber 11, 2001, as a national forum for public and private-sector organizations to collaborate on issues regarding the resilience of the nation’s critical

ASIS International Critical Infrastructure Resource Guide

38

[Return to Table of Contents]

Drinking Water and Water Treatment Sector

infrastructure against the adverse impacts of natural and man-made disasters.” TISP membership represents 100 organizations representing more than 1.5 million people and firms.

7.2.3 Academic and Research

Crisis and Emergency Management Newsletter, Institute for Crisis, Disaster, and Risk Management, George Washington University.

Natural Hazards Observer, Natural Hazards Center , University of Colorado at Boulder, 482 UCB, Boulder, CO 80309-0482

U.S. Department of Homeland Security – Resources in terms of information and connectivity with other infrastructures are substantive. Items of interest are:

“National Strategy for Physical Protection of Critical Infrastructures and Key Assets”

Information Sharing and Analysis

Homeland Security Advisory System

Protected Critical Infrastructure Information (PCII) Program

Homeland Security Information Network.

Water ISAC (Information Sharing and Analysis Center)

The above listed resources are intended to provide appropriate members of the infrastructure community with information and assistance of both short and long term benefit. This list is not necessarily comprehensive or definitive – it is merely an aid to the CIP process.

ASIS International Critical Infrastructure Resource Guide

39

[Return to Table of Contents]

Emergency Services Sector

8.0 Emergency Services Sector

8.1 Sector Overview

The Emergency Services Sector (ESS) is a sy stem of response and recovery elements that forms the Nation’s first line of defense and pr evention and reduction of consequences from any terrorist attack. It is a sector of trained and tested personnel, plans, redundant systems, agreements, and pacts that provide life safety and se curity services across the Nation via the First-Responder Community comprised of Federal, State, local, tribal, and private partners.

The ESS is representative of the followi ng first-responder disciplines: emergency management, emergency medical services, fire, hazardous material, law enforcement, bomb squads, tactical operations/special weap ons assault teams, and search and rescue. All first-responders within t he ESS are individuals possessing specialized training from one or more of these disciplines.

The ESS has numerous interdependencies with all CI/KR sectors. Most significantly, it is the primary protector for all other CI/KR, incl uding nuclear reactors, chemical plants, and dams. All other CI/KR depend on the ESS to assist with planning, prevention, and mitigation activities, as well as respond to day-to-day incidents and catastrophic situations.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

40

[Return to Table of Contents]

Emergency Services Sector

8.2 Professional Development Resources

Department of Homeland Security

Critical Infrastructure Sector Partnership – Information on DHS’s partnership with other governmental and private sector organizations rela ting to critical infrastructure protection.

Critical Infrastructure Partnership Advisory Council (CIFAC) – The CIPAC represents a partnership between government and critical infrastr ucture/key resource (CI/KR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.

Daily Open Source Infrastructure Report – The DHS Daily Open Source Infrastructure Report is collected each weekday as a summary of open- source published information concerning significant critical infrastructure issues.

National Infrastructure Protection Plan – The National Infrastructure Protection Plan (NIPP) provides a coordinated approach to critical infras tructure and key resource protection roles and responsibilities for federal, state, local, tr ibal, and private sector security partners.

National Strategy for the Physical Protec tion of Critical Infrastructures and Key Assets – This document identifies a clear set of national goals and objectives and outlines the guiding principles that will underpin DHS efforts to secure the infrastructures and assets vital to our national security, governance, public health and safety, economy, and public confidence.

Protected Critical Infrastructur e Information (PCII) Program – This DHS program encourages private industry to volunt arily share their sensitive and proprietary business information with the federal government.

Infragard – InfraGard is a Federal Bureau of Investigat ion (FBI) sponsored program and is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. While under the direction of NIPC, the focus of InfraGard was cyber infrastructure protection. After September 11, 2001 NIPC expanded its efforts to incl ude physical as well as cyber threats to critical infrastructures. InfraGard’s mission expanded accordingly. Infragard Infrastructure Areas

ISAC Council - The mission of the Information Sharing and Analysis Centers Council (ISAC Council) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government. ISAC Council White Papers

ASIS International Critical Infrastructure Resource Guide

41

[Return to Table of Contents]

Emergency Services Sector

8.2.1 Resources:

ASIS Business Continuity Guideline | PDF disaster management and recovery.

|

A guideline that encompasses all elements of

ASIS Disaster Preparation Guide | PDF | This guide was prepared to assist its members and others engaged in disaster planning. It was created with business and industry in mind.

ASIS Emergency Planning Handbook – Provides guidance and direction to corporate security supervisors/managers who have emergency planning respon sibilities. It imparts planning guidance in summary form that can be adapted to and supplemented by company procedures and policies.

ASIS General Security Risk Assessment Guideline | PDF | A seven-step process that creates a methodology by which security risks at a specific location can be identif ied and communi cated, along with appropriate solutions.

ASIS Threat Advisory System Response Guideline | PDF | A guideline to provide private business and industry with possible actions that c ould be implemented based on the Alert Levels of the Department of Homeland Security.

Critical Incident Protocol: A Public Private Partnership | PDF | Office of Domestic Preparedness – This publication discusses the essential and beneficial process of the public and private sectors working together to plan for emergencies. Important elements include planning, mitigation, business recovery, lessons learned, best practices, and plan exercising.

Emergency Management Guide for Business and Industry | PDF | Federal Emergency Management Agency – This guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities, or any organization wher e a sizable number of people work or gather.

Homeland Security Exercise and Evaluation Program (HSEEP) , Office of Domestic Preparedness – HSEEP is both doctrine and policy for designing, developing, conducting, and evaluating exercises. HSEEP is a threat- and performance-based exercise program that includes a cycle, mix, and range of exercise activities of varying degrees of co mplexity and interaction. HSEEP includes a series of four reference manuals to help states and local ju risdictions establish exer cise programs and design, develop, conduct, and evaluate exercises.

Volume I: HSEEP Overview and Exerci se Program Management (Feb 2007)

Volume II: Exercise Planni ng and Conduct (Feb 2007)

Volume III: Exercise Evaluation an d Improvement Planning (Feb 2007)

Volume IV: Sample Documents and Fo rmats (Introduct ion) (Feb 2006)

ASIS International Critical Infrastructure Resource Guide

42

[Return to Table of Contents]

Energy Sector

9.0 Energy Sector

9.1 Sector Overview

The U.S. energy infrastr ucture fuels the economy of the 21st century. Without a stable energy supply, health and welfare is threaten ed and the U.S. economy cannot function. More than 80 percent of the country’s energy in frastructure is owned by the private sector.

The energy infrastructure is divided into three inter-related segments: electricity, petroleum, and natural gas. The U.S. electricity segm ent contains 5,000 power plants with approximately 905 gigawatts of generating ca pacity. Approximately 50 percent of electricity is produced by combusting coal (pri marily transported by rail), 20 percent in nuclear power plants, and 18 percent by combusting natural gas. The remaining generation is provided by hydroelectric plants (7 percent), oil (2 percent), and by renewable (solar, wind, and geothermal) and other sources (3 percent). Electricity generated at power plants is transmitted over 158,000 miles of high-voltage transmission lines. Voltage is stepped down at more than 63,000 substations before being distributed to 131 million customers over millions of miles of lower vo ltage distribution lines. The electricity infrastructure is highly automated and cont rolled by utilities and regional grid operators using sophisticated energy manage ment systems that are supp lied by supervisory control and data acquisition (SCADA) systems to keep the system in balance.

The petroleum segment entails the explor ation, production, storage, transport, and refinement of crude oil. The crude oil is refined into petroleum products that are then stored and distributed to key economic se ctors throughout the U.S. Key petroleum products include motor gasoline, jet fuel, distillate fuel oil, residual fuel oil, and liquefied petroleum gases. Both crude oil and petroleum products are imported, primarily by ship, as well as produced domestically. Currently, 63 per cent of the crude oil required to fuel the U.S. economy is imported. In the Unites States, there are more than 500,000 crude oil producing wells, 30,000 miles of gathering pipe line, and 74,000 miles of crude oil pipeline. There are 152 petroleum refineries, 95,000 mile s of product pipeline, and 2,000 petroleum terminals. Petroleum also relies on sophist icated SCADA and other systems to control production and distribution; however, crude o il and petroleum products are stored in tank farms and other facilities.

Natural gas is also produced, piped stored, an d distributed in the U.S. Imports of liquefied natural gas (LNG) are increasing to meet gr owing demand. There are more than 383,000 gas production and condensate wells and 45,000 miles of gathering pipeline in the country. Gas is processed (impurities removed) at 726 gas-processing plants and there are more than 254,000 miles of interstate pipeline for the transmission of natural gas. Gas is stored at 410 underground storage fields and 96 LNG st orage facilities. Finally, natural gas is

ASIS International Critical Infrastructure Resource Guide

43

[Return to Table of Contents]

Energy Sector

distributed to homes and businesses over 981,000 miles of distribution pipelines. The heavy reliance on pipelines highlights the interdependency with the Transportation Sector and the reliance on the Energy Sector for power means that virtually all sectors have dependencies on the sector.

The Energy Sector is well aware of its vulner abilities and is leading a significant voluntary effort to increase its planning and preparedness . Cooperation through industry groups has resulted in substantial information sharing of e ffective and best practices across the sector. Many sector owners and operator s have extensive experience abroad with infrastructure protection and have more recently focu sed their attention on cyber security.

*

*

Excerpt from U.S. Department of Homeland Security, National Infrastructure Protection Plan, 2006.

ASIS International Critical Infrastructure Resource Guide

44

[Return to Table of Contents]

Energy Sector

9.2 Professional Development Resources

The energy infrastructure defines today’s eco nomy and determines our society’s prosperity. This infrastructure is composed of three en ergy sources: electricity, natural gas, and petroleum. The social impact of a disruption to any of these sources will have a significant impact. The energy sector is separated into three distinct sub-se ctors – Electricity, Nuclear, and Energy-Oil and Gas – because of their individual magnitudes caused by the complexity of their delivery systems, divers ity of asset owners and marketers, and their extensive effects on all ot her infrastructures.

The Electricity Sector is a major component and includes the generation, transmission, and distribution of electricity. The use of electr icity is ubiquitous, spanning all sectors of the U.S. economy, and electric generation account ed for roughly 40 percent of all energy consumed in North America. Electricity sy stem facilities are dispersed throughout the North American continent. Although most assets are privately owned, no single organization represents the interests of the entire sector. The North American Electric Reliability Council (NERC), through its eight Regional Reliability Councils, provides a platform for ensuring reliable, adequate, and secure supplies of electricity through coordination with many asset owners. It is also the lead organization for developing and enforcing operating reliability standards and secu rity guidelines for both physical and cyber facilities. Industry trade associations support and assist NERC in its reliability and security activities.

The following references provide a compilation of the publicly available security documents relevant to the Electricity Sector. Users ar e encouraged to contact their associations to obtain security documents that are limited to participating members.

ASIS International Critical Infrastructure Resource Guide

45

[Return to Table of Contents]

Energy Sector

9.2.1

Electricity Sector Organizations (North America):

 

American Public Power Association (APPA)

National Rural Electric Cooperative Association (NRECA)

2301

M Street, NW

4301

Wilson Blvd.

Washington, DC 20037-1484

Arlington, VA 22203

202.467.2900

Office

703-907-5500 Office

202.467.2910

FAX

 

Canadian Electric Association (CEA)

North American Electric Reliability Council (NERC)

350

Sparks Street, Suite 907

Princeton Forrestal Village

Ottawa ON K1R 7S8

 

116-390 Village Boulevard

613.230.9263

Office

Princeton, New Jersey 08540-5721

613.230.9326

FAX

  • 609.452.8060 Office

 
  • 609.452.9550 FAX

 

Edison Electric Institute (EEI)

701

Pennsylvania Avenue, N.W.

Washington, D.C. 20004-2696 202-508-5000 Office 202-508-5503 FAX

9.2.2

Electricity Sector Support Or ganizations (North America)

Electricity Sector Information Sharing and Analysis Center (ESISAC)

Fully sponsored by NERC

North American Energy Standards Board (NAESB)

  • 1301 Fannin, Suite 2350

  • 609.452.1422 7x24

Houston, TX 77002

  • 609.452.9550 FAX

  • 713.356.0060 Office

  • 713.356.0067 FAX

Electric Power Researc h Institute (EPRI)

  • 3420 Hillview Avenue

Palo Alto, CA 94304

  • 650.855.2000 Office

Public Safety Canada (PS)

Formerly Public Safety and Emergency

Preparedness Canada (PSEPC)

269 Laurier Avenue West Ottawa, Canada K1A 0P8

National Association of Regulatory and

  • 613.991.3301 Office

Utility Commissioners (NARUC)

  • 613.998.9589 FAX

  • 1101 Vermont Avenue, N.W.

Suite 200

Washington, DC 20005, USA

  • 202.898.2200 Office

  • 202.898.2213 FAX

ASIS International Critical Infrastructure Resource Guide

46

[Return to Table of Contents]

Energy Sector

9.2.3 References:

Security Guideline for the Electricity Sector -- Physical Response

Threat Alert System and Cyber Response Gu idelines for the Electricity Sector

Vulnerability and Risk Assessment

Emergency Plans

Continuity of Business Operations (updated on 6/1 to Continuity of Operations)

Communication

Physical Security

Cyber Security – Risk Management

Cyber Security – Access Control

Cyber Security – IT Firewalls

Cyber Security – In trusion Detection

Employment Background Screening

Protecting Potentially Sensitive Information

Securing Remote Access to Electroni c Control and Protection Systems

Threat and Incident Reporting

Physical Security – Substations

Patch Management for Control Systems

Control System – Business Netw ork Electronic Connectivity

Physical Response

CIP-001-1 Sabotage Reporting

CIP-002-1 Critical Cyber Asset Identification

CIP-003-1 Security Management Controls

CIP-004-1 Personnel and Training

CIP-005-1 Electronic Se curity Perimeter(s)

CIP-006-1 Physical Security of Critical Cyber Assets

CIP-007-1 System Security Management

CIP-008-1 Incident Reporting and Response Planning

CIP-009-1 Recovery Plans fo r Critical Cyber Assets

Risk Assessment Methodologies for the Electricity Sector w/ Appendices A to H

ASIS International Critical Infrastructure Resource Guide

47

[Return to Table of Contents]

Energy Sector

NERC Support Documents

Energy Sector Specific Plan – Final from DHS expected shortly, reference to be provided.

Influenza Pandemic Planning, Preparation, and Response Reference Guide | PDF |

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group | PDF |

APPA Emergency Management Checklist

Security Checklist and Guidance Manual

9.2.4 Security Support Programs:

Sponsoring Organization: APPA Program: Demonstration of Energy-Efficient Developments (DEED) Description: DEED is a Research & Development program, created for APPA member utilities. DEED focuses grants and scholarsh ips in various areas of electric utility operations, including physical and cyber security.

Sponsoring Organization: APPA Program: IT Committee and Listserver

Description: Provides and shares information on IT Issues, including IT security

information

at

regularly

scheduled

m eetings

at

APPA

Business

and

Finance

Conferences.

Sponsoring Organization: APPA Program: Reliable Public Power Provider Program (RP3) Description: RP3 recognizes APPA member utilitie s that meet stringent guidelines and levels of attainment in the areas of Relia bility, Safety, Cyber Security, Mutual Aid, Disaster Management, R&D, and System Improvement.

Sponsoring Organization: APPA Program: Security Committee and Listserver Description: Provides and shares information wi thin the APPA member communities. Holds meetings at the APPA Engineering & Operation Confer ence, and helped create the APPA Security Checklist & Guidance Manual.

Sponsoring Organization: EEI Program: IT Working Group Description: Provides information and develops strat egies to help electric utilities address cyber security threats; holds meetings wi th other EEI working groups and interested energy sector organizations, and prepar es white papers on software patch management and risk vulnerability assessments.

ASIS International Critical Infrastructure Resource Guide

48

[Return to Table of Contents]

Energy Sector

Sponsoring Organization: EEI Program: Security Committee Description: Holds workshops and forums to fac ilitate security information exchange among its members, NERC, American Gas Association, and government agencies.

Sponsoring Organization: EEI and a large group of electric utilities Program: Spare Transformer Sharing Agreement Description: A significant group of utility transmis sion facility owne rs developed and signed a Spare Transformer Sharing Agreement designed to require participants to maintain a specified number of high-volt age spare transformers and to provide them to other participants in the event of an act of terrorism.

Sponsoring Organization: EPRI Program: Electricity Infrastructure Security Assessment Description: Provides a preliminary analysis of potent ial terrorist threats to the North American electricity system, together with some suggested countermeasures.

Sponsoring Organization: EPRI Program: Infrastructure Security Initiative Description: Develops strategies to strengthen and protect electric power infrastructure and outline plans for rapid recovery from terrorist attacks.

Sponsoring Organization: NAESB Program: Energy Sector Business Practices a nd Electronic Communications Standards Description: Develops and promotes standards fo r the wholesale and retail natural gas and electricity industries through companies and organizations that participate in the retail and wholesale of natural gas and electricity markets.

Sponsoring Organization: NARUC Program: Technical Briefs Description: Identifies key strategies for consideration in dealing with challenges within each of the electricity, natural gas, water, and telecommunications sectors. Provides introductory overviews, sugges ted protocols, and additional resources on critical infrastructure protection issues. See www.naruc.org/cipbriefs

Sponsoring Organization: NERC Program: Critical Infrastructure Protection Committee (CIPC) Description: The Critical Infrastructure Protection Committee coordinates NERC's security initiatives and is comprised of industry ex perts in the areas of cyber, physical, and operational security.

Sponsoring Organization: NERC Program: Electricity Sector Information Shar ing and Analysis Center (ESISAC) Description: Gathers, disseminates, and interprets security-related information amongst industry, government, and a ll the sector entities.

Sponsoring Organization: NERC Program: Industry-wide critical spare equipment database Description: Informs companies of the location and technical characteristics of available spare transformers.

ASIS International Critical Infrastructure Resource Guide

49

[Return to Table of Contents]

Energy Sector

9.2.5 Oil and Natural Gas Professional Development Resources

I. PLANS AND PROCEDURES

  • A. Industry

1)

“Security Guidelines: Natural Gas Indust ry, Transmission and Distribution,” September 6, 2002, AGA / INGAA / APGA.

2)

“Security Guidelines for the Petroleum Industry,” April 2005, American Petroleum Institute. www.api.gov

3)

“Security Vulnerability Assessment for t he Petroleum & Petroc hemical Industry,” October 2004. www.api.gov

4)

“Cryptographic Protection of SCADA Co mmunications Part 1 – Background, Policies, and Test Plan,” American Gas Association (A GA) Report No. 12, Part 1, March 2006.

  • B. Government

1)

“Pipeline Security Information Circul ar,” September 5, 2002, U.S. Department of Transportation.

2)

“Energy Sector-Specific Plan for Critical Infrastructure Pr otection,” U.S. Department of Energy, final version yet to be released (as of April 2007).

3)

“Transportation Sector Specific Plan, Pipeline Modal Implementation Plan,” U.S. Department of Homeland Security, Transporta tion Security Administration, final version yet to be released (as of April 2007). See sections 3.5 and 3.6.

4)

“National Infrastructure Pr otection Plan,” U.S. Department of Homeland Security, 2006.

5)

“National Response Plan,” U.S. Depart ment of Homeland Security, May 25, 2006.

6)

Pipeline Security Smart Practices – Corp orate Security Review Program (CSR) onsite review document utilized by DHS TSA when evaluating natural gas company security programs. Also used to identify and shar e smart practices observed throughout the industry. For additional information contact buddy.secor@dhs.gov

II. REGULATIONS

  • A. United States Departme nt of Homeland Security

1)

Chemical Facility Anti-Terrorism Standar ds (CFATS) – CFATS enacted by Section 550 of the Homeland Security Appropriations Act of 2007, was published in the Federal Register as an interim final rule on April 4, 2007. The Federal rule implements risk- based performance standard s for high-risk chemical facilities. Refer to 6 CFR Part 27. Note that rulemaking is still pending (as of April 2007) on threshold chemical quantities that trigger action (not necessarily coverage) under the rule, as are further clarifications on applicability to the oil and natural gas sector.

  • B. United States Department of Transportation

1)

Liquefied Natural Gas Facilities: Federal Safety Standards – Existing regulatory standards, including security provisions , enforced by the Pipeline and Hazardous Materials Administration (PMSA). Refer to 49 CFR Part 193, specifically, subpart J.

2)

Implementation of National Maritime Security Initiatives – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Parts 2, 101 &102.

ASIS International Critical Infrastructure Resource Guide

50

[Return to Table of Contents]

Energy Sector

3)

Area Maritime Security – Existing regula tory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 103.

4)

Maritime Security – Vessels - Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 104.

5)

Facility Security – Existing regulatory st andards relating to Coast Guard requirements for natural gas facilities in their jurisd iction. Refer to 33 CFR Part 105.

6)

Outer Continental Shelf Facility Security – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Part 106.

7)

Automatic Identification System; Vessel Carriage Requirement – Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction. Refer to 33 CFR Parts 26, 161, 164, & 165.

8)

Transportation Worker Identification Credent ial (TWIC) Implementation in the Maritime Sector | PDF | Existing regulatory standards relating to Coast Guard requirements for natural gas facilities in their jurisdiction . Refer to 33 CFR Parts 101, 103, 104, 105, 106, & 125; 46 CFR Parts 10, 12, & 15.

  • C. Federal Protection of Sensitive Information

1)

Federal Energy Regulatory Commission (FERC) – Regulates commercial aspects of interstate transportation of natural gas. FERC regulations provided for certain restrictions on Critical Energy Infrastructure In formation (CEII.)

2)

Sensitive Security Information (SSI) – Federal regulations exist protecting certain transportation-related inform ation records. Refer to 49 CFR Part 1520. SSI is a protection frequently used by DHS / TSA.

3)

Protected Critical Infrastr ucture Information (PCII) – PCII is an information-protection tool established by DHS that facilitates in formation sharing between the government and the private sector.

 

III. KEY INFORMATIONAL WEB SITES

  • A. Federal

1)

Homeland Security Information Network (HSIN) – Federally sponsored information sharing portal for critical infrastructure pr otection, including oil and natural gas sector. HSIN is an internet-based information sharing tool providing security-related information -requires membership (password protected.)

2)

National Pipeline Mapping System (NPMS) – Federally sponsored mapping system showing regulated liquids and natural gas transmission pipelines; maintained by U.S. Department of Transportation, Pipeli ne and Hazardous Materials Administration (PHMSA).

3)

Government Accounting Office (GAO) – Copies of reports and testimonies.

4)

5)

6)

7)

United States Computer Emergency Readiness Team (US-CERT) – Established to protect the nation's Internet infrastructu re, US-CERT coordinates defense against and responses to cyber attacks across the nation.

ASIS International Critical Infrastructure Resource Guide

51

[Return to Table of Contents]

Energy Sector

8)

DHS TSA Suspicious Incidents Reports ( SIR) – Classified as Sensitive Security Information (SSI). Weekly reports of su spicious activity reported by the six transportation sectors, Av iation, Maritime, Highway, Pipelines, Rail/Transit, and Cargo/Supply Chain. For more information contact Nicole.Brenon@dhs.gov

  • B. Industry

 

—Also refer to industry web sites listed in IV.B below—

 

IV. AGENCIES AND ORGANIZATIONS

  • A. Federal

1)

U.S. Department of Home land Security, Trans portation Security Administration, Transportation Sector Network Management, Pipeline Division – Coordinates security preparedness of the nation's hazardous liquid and natural gas pipelines.

2)

U.S. Department of Homeland Security, Homeland Security Operations Center (HSOC) – Serves as critical national center fo r homeland security information sharing and domestic incident reporting. HSOC represents over 35 agencies and is staffed 24/7. The HSOC also includes the National Infrastructure Coordinating Center (NICC), which has primary responsibility for coordinating co mmunications with the Nation’s critical infrastructure during an incident.

3)

DHS Transportation Security Operations C enter (TSOC) – Serves as critical national center for transportation security information sharing and domestic incident reporting. TSOC is staffed 24/7. For additional information contact M&L.TSCC@tsa.dot.gov

4)

DHS Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) – HITRAC is a DHS entity that conducts int egrated threat analysis for a ll critical infrastructure sectors. HITRAC works with the intel ligence and law enforcement communities to integrate and analyze intelligence on security threats to homeland infrastructure. For additional information contact IA.PM@hq.dhs.gov

5)

FBI Joint Terrorism Task Force (JTTF) – Contact local FBI office for additional information on your local JTTF.

6)

U.S. Department of Transportation, Pipeline and Hazardous Materials Administration (PHMSA) – Regulates pipeline safety of nation’s hazardous liquid and natural gas pipelines. Coordinates with DHS/TSA on ma tters pertaining to pipeline security.

7)

U.S. Department of Energy, Office of El ectricity Deliverability & Energy Reliability, Infrastructure Security and E nergy Reliability Division (ISER) – Coordinates energy and security reliability efforts.

8)

DHS Protective Security Advisors – To partner with state and local governments, as well as the private sector, DHS has plac e security specialists in communities throughout the country to assist local efforts to protect critical assets and provide local perspective to national efforts.

9)

11) InfraGard – InfraGard is a Federal Bureau of Investigation (FBI) program and is an effort to gain support from the informati on technology industry and academia for the FBI’s investigative efforts in the cyber arena. InfraGard and the FBI have developed a relationship of trust and credibility in the exchange of information concerning various terrorism, intelligence, criminal, and security matters.

ASIS International Critical Infrastructure Resource Guide

52

[Return to Table of Contents]

Energy Sector

  • B. Industry

1)

American Gas Association (AGA), Natural Gas Security Committee (NGSC) – the AGA is a trade association representing natural ga s local distribution companies across the U.S. with a standing committee (NGSC) dealing with security matters. For additional information contact kdenbow@aga.org .

2)

Interstate Natural Gas Association of America (INGAA) , Security Committee – INGAA is a trade association representing interstate natural gas transmission and storage companies across the U.S. with a standing committee dealing with security matters.

3)

  • C. Government / Industry Coordination

1)

Critical Infrastructure Partner ship Advisory Council (CIPAC) -CIPAC, which has been exempted from the requirements of the Federal Advisory Committee Act, is the mechanism used for dialogue on key infrastructure issues between government and owner/operators. CIPAC is a non-decisional body and in cludes sector and government members.

2)

Oil and Natural Gas Sector Coordinating Council (ONG SCC) – A private forum for coordination of oil and gas security issues ac ross the broad oil and natural gas sector. Involves a broad spectrum of industry associ ations and provides a forum for interfacing with corresponding Government Coordinating Council (GCC). Various SCCs serve as the government’s principal point of contact into each sector. The Oil and Natural Gas SCC utilizes HSIN as a communication inte rface/tool. For more information e-mail Shona_Turner@sra.com .

3)

Government Coordinating Council (GC C) – Comprised of representatives across various levels of government as applicable to security of a given sector. GCC’s are chaired by the designated Se ctor-Specific Agency (SSA) for each sector, such as Energy and Transportation.

4)

National Infrastructure Advisory Council (NIAC) – A FACA advisory committee that provides the Federal government with advice re garding critical infrastructure security across all sectors. Members of the co mmittee are appointed by the President from industry, academia, and state/local governme nts. Note that th