National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Director John Murphy Virginia Tech Science & Technology & Policy Leadership Seminar Series October 9, 2014
National Protection and Programs Directorate National Protection and Programs Directorate Office of Office of Cyber Office of Office of Federal Cybersecurity and Biometric Infrastructure Protective and Infrastructure Identity Protection Service Communications Analysis Management 2
The Need for Integrated Consequence Analysis OCIA Mission: Center of Excellence to better understand all- hazards consequences to the Nation’s critical infrastructure through an integrated analytical approach evaluating the potential consequences of disruption, including dependencies, interdependencies, and cascading impacts, from physical or cyber threats and incidents. OCIA’s consequence analysis integrates expertise and data from across NPPD to support NPPD operational activities and enhance decision support for DHS leadership and other public and private sector critical infrastructure partners to better predict, prepare for, and mitigate disruptions to critical infrastructure. 3
Evolving NPPD Analytical Capabilities 4
Analytic Program Strategic Analysis Capability and Capacity Development Operational Infrastructure Prioritization Analysis 5
OCIA Functions OCIA uses all-hazards information from an array of partners to conduct consequence modeling, simulation, and analysis. OCIA’s core functions include: – Providing analytic support to DHS leadership, operational components, and field personnel during steady-state and crises on emerging threats and incidents impacting the Nation’s critical infrastructure – Assessing and informing national infrastructure risk management strategies on the likelihood and consequence of emerging and future risks – Developing and enhancing capabilities to support crisis action by identifying and prioritizing infrastructure through the use of analytic tools and modeling capabilities 6
Supporting Leadership Decisions: Steady-State and Incident Response 7
The Impact of Cyber Infrastructure Cyber Infrastructure includes information technology and communications systems and the information contained in those systems. The most recognizable components are telecommunications systems, computer systems, and networks such as the Internet. For example… Cyber Infrastructure Emergency Services Transportation Banking & Finance Energy Government 8
Critical Infrastructure and the physical/cyber nexus 9
Recent Significant Activities Propane Shortage – For the first time, FERC directed private sector entities to reverse pipeline flow in order to alleviate critical propane shortage during winter of 2014. – FERC cited the detailed analysis conducted by OCIA to justify the decision. Electric Power Substations – NPPD spearheads effort using OCIA consequence analysis of specific incidents lead NERC to direct the establishment of improved physical security measures at electric power substations across the country. Cyber Dependent Infrastructure Identification as required by Section 9 of Executive Order 13636, Improving Critical Infrastructure Cybersecurity – OCIA co-led the effort to identify infrastructure most at risk and now manages the program moving forward. – Lauded by the NSC Cyber Czar as one of the best products seen from DHS.
Recent Significant Activities California Drought Analysis – Detailed joint analysis of the California drought and other potential complicating natural hazards in response to Presidential RFI. – Analysis received high praise from NSC Staff, including the Deputy HSA to the President, as well as praise from Congress. Cyber Proof of Concept – Efforts to identify the physical consequences of cyber or ICS attacks within complex systems – Detailed analysis completed with a variety of systems: water and waste water treatment facilities, large commercial venues, Federally protected facilities, Natural Gas facility, etc. Bakken Crude Oil – OCIA is supporting NSC request to understand potential consequences from increased transportation of Bakken Crude Oil.
The Challenge of Interdependencies
Decoding Interdependencies
Interdependencies: Impact of Drought
Interdependencies: Impact of Drought
Key Analytic Themes for FY 2015 Infrastructure Resilience, Intra/Interdependencies Cyber dependencies and/or Nexus of Cyber Infrastructure Operational Support and/or Crisis Action Infrastructure Prioritization Aging and/or Failing Infrastructure Extreme Weather and/or Climate Change 16
For more information visit: www.dhs.gov/office-cyber-infrastructure-analysis
Back-up Slides
The Importance of Good Data
The Importance of Good Data Karly Domb Sadof
Recommend
More recommend