Homeland Security and Emergency Preparedness
CRC Press – 2006 – 336 pages
CRC Press – 2006 – 336 pages
Reporting on the significant strides made in securing and protecting our nation’s infrastructures, this timely and accessible resource examines emergency responsiveness and other issues vital to national homeland security. Critical Infrastructure: Homeland Security and Emergency Preparedness details the important measures that have been taken over the past few years to safeguard the industries, national landmarks, and national assets considered vital to the continued economic operation and success of any country and its people.
After introducing the topic, this comprehensive book covers concerns such as data classification and categorization, border security and immigration, cyberterrorism, hazardous materials, national response plans, national incident management systems, and incident command systems. It presents newly developed department and agency level protocols, as well as newly formulated procedures and guidelines. It also explains security vulnerability assessments, information sharing and analysis centers, control systems, and supervisory control and data acquisition.
Comprehensive and authoritative, Critical Infrastructure: Homeland Security and Emergency Preparedness isa must-have resource for professionals within both the private and public sectors and for students studying topics relating to critical infrastructure, emergency management, crisis response, and disaster recovery.
”… a truly encyclopedic work on a critical and timely topic. … one stop shopping for summary data on virtually everything connected with the author's topic. The author's clear expository prose and concise organization make for a tight manuscript. No energy is wasted. This is a really efficient reference, and quite useful to the manager or techie needing to figure out the labyrinth of standards, laws, policies, organizations and whatever in the area if critical infrastructure preparedness. I want a copy on my desk…I suspect many others will also…”
— Dr. Carl Clavadetscher, National Defense University, Ft. McNair, Washington D.C., USA
The opinions, conclusions, and recommendations expressed or implied are those of the reviewer and do not necessarily reflect the views of the Department of Defense or any other agency of the Federal Government.
“… a good source of information for anyone working with our nation’s critical infrastructure.
— Karim H. Vellani, certified Security Consultant, writing in Security Management, December 2007
Introduction to Critical Infrastructure Preparedness
Homeland Security Presidential Directives (HSPD)
What Is Critical Infrastructure?
What Is the Private Sector?
What Is the Public Sector?
What Is Critical Infrastructure Protection?
What Is Critical Infrastructure Preparedness?
Critical Infrastructure Functions
Origins of Critical Infrastructure
Regulations and Legislation
What Are the Categories of the Laws Listed?
Border Security and Immigration
Communications and Network Security
Domestic Safety and Security
Economic and Financial Security
Emergency Preparedness and Readiness
Medical and Health Care Security
Transportation Security (Includes Maritime Security)
National Response Plan (NRP)
What Is the National Response Plan (NRP)?
How Does the NRP Tie in with Emergency Management?
Emphasis on Local Response
What Is the Purpose of the NRP?
Tie between NRP and NIMS
Multiagency Command Structure Coordination
Updates to the NRP
Incident Command Structure of the NRP
Levels of Authority
Key Concepts in the Implementation of the NRP
Roles and Responsibilities
Roles of the Federal Government
NRP Emergency Support Functions (ESFs)
Scope of ESFs
National Incident Management Systems (NIMS)
What Is NIMS?
NIMS Represents Best Practices
Components of NIMS
Command and Management
Benefits from Using NIMS
Communications and Information Management
Ongoing Management and Maintenance
Command Structuring under NIMS
Incident Command System (ICS)
Manageable Span of Control
Integrate Communications Capabilities
Incident Action Plan
Management Command, Coordination, and Control Structures
Multiagency Coordination Systems
Emergency Operations Centers
Public Information Systems
Joint Information Systems (JIS)
Joint Information Centers (JIC)
JIC Organizational Structure
Preparedness and Readiness
Preparedness Planning and Coordination
Types of Preparedness Plans
Emergency Operations Plan
Training and Exercise Drills
Personnel Qualification and Certification
Equipment and Hardware Certification
Effectively Managing Resources
Communications and Information Management Principles
Incident Command Systems (ICS)
What Is NIMS and ICS?
What Is an Incident?
What Is an Incident Command System (ICS)?
What Is NIMS ICS?
History of ICS
National Interagency Incident Management System (NIIMS)
Weaknesses Addressed by Using an ICS
Benefits of Using an ICS
Applications for the Use of ICS
ICS Management Characteristics
Understanding the ICS Organization
ICS Management Functions
What Is Span of Control?
ICS Position Titles
ICS Organizational Components
The Incident Commander
Incident Action Plan
ICS Area Command
Communications within the ICS
Differences between NIMS ICS and FIRESCOPE/NIIMS ICS
NIMS ICS Training
How ICS Integrates with Critical Infrastructure
Emergency Preparedness and Readiness (EMR)
Office for Domestic Preparedness
First Responder Classifications
North American Emergency Response Guidebook (NAERG)
Awareness Level Guidelines
Performance Level Guidelines
Operational Levels Defined
Level A: Operations Level
Level B: Technician Level
Know Protocols to Secure, Mitigate, and Remove Hazardous Materials
Additional Protective Measures
Understand Development of the Incident Action Plan
Know and Follow Procedures for Protecting a Potential Crime Scene
Know Department Protocols for Medical Response Personnel
National Fire Prevention Association 472
Occupational Safety and Health Administration Hazardous Waste Operations and Emergency Response
Skilled Support Personnel
Department of Transportation (DOT) Hazardous Materials (HAZMAT) Classifications
Importance of Implementing an Emergency Response Plan
Security Vulnerability Assessment (SVA)
What Is a Risk Assessment?
Methods of Assessing Risk
Threat Risk Equations
Comparison of Quantitative vs. Qualitative Risk Assessments
Challenges Associated with Assessing Risk
Other Factors to Consider When Assessing Risk
What Is an SVA?
Reasons for Having an SVA
What Is a Threat?
What Is Vulnerability?
Vulnerability Assessment Framework (VAF)
Reasons for Using the VAF
Federal Information Systems Control Auditing Manual (FISCAM)
General Methodologies of FISCAM Auditing
What Are General Controls?
What Are Application Controls?
Caveats with Using an SVA
How the SVA Is Used
Audience of an SVA
Initial SVA Plan
Necessary Steps of an SVA
Critical Success Factors
Initial Steps of the VAF
VAF Step 1: Establish the Organization Minimum Essential Infrastructure (MEI)
VAF Step 2: Gather Data to Identify MEI Vulnerabilities
VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities
Standards and Guidelines
About the National Fire Prevention Association (NFPA)
North American Electric Reliability Council (NERC)
American Gas Association (AGA)
Instrumentation, Systems, and Automation Society (ISA)
American Petroleum Institute (API)
Chemical Industry Data Exchange
Health Insurance Portability and Accountability Act (HIPAA)
Patient Safety and Quality Improvement Act (PSQIA)
Gramm-Leach-Bliley Act (GLBA)
The American National Standards Institute (ANSI)
Federal Information Processing Standards (FIPS)
National Standards Systems Network
ASTM F1756-97A (2002)
Information Sharing and Analysis Centers (ISAC)
What Is a Critical Infrastructure Asset?
What Is an ISAC?
Advantages of Belonging to an ISAC
Access to ISAC Information
Expanded ISAC Services
Surface Transportation ISAC (ST-ISAC)
Public Transportation ISAC (PT-ISAC)
American Public Transportation Association (APTA)
Association of American Railroads (AAR)
Transportation Technology Center, Inc. (TTCI)
Association of State Drinking Water Administrators (ASDWA)
Water Environment Research Foundation (WERF)
Association of Metropolitan Water Agencies (AMWA)
Association of Metropolitan Sewage Agencies (AMSA)
National Association of Water Companies (NAWC)
American Water Works Association (AWWA)
AWWA Research Foundation (AWWARF)
Financial Services ISAC (FS-ISAC)
Science Applications International Corporation (SAIC)
Electricity Sector ISAC (ES-ISAC)
Emergency Management and Response ISAC (EMR-ISAC)
Information Technology ISAC (IT-ISAC)
National Coordinating Center for Telecommunications (NCC-ISAC)
Communications Resource Information Sharing (CRIS)
Government Emergency Telecommunications Service (GETS)
Telecommunications Service Priority (TSP)
Shared Resources High Frequency Radio Program (SHARES)
Network Reliability and Interoperability Council (NRIC)
National Security Telecommunications Advisory Committee (NSTAC)
Wireless Priority Services (WPS)
Alerting and Coordination Network (CAN)
Chemical Sector ISAC (CHEM-ISAC)
Chemical Transportation Emergency Center (CHEMTREC)
Healthcare Services ISAC (HCISAC)
Cargo Theft Information Processing Systems (CargoTIPS)
American Trucking Associations (ATA)
Food and Agriculture ISAC
Food Marketing Institute (FMI)
Multi-State ISAC (MS-ISAC)
ISAC Council (ISAC-ISAC)
World Wide ISAC (WW-ISAC)
Real Estate ISAC (RE-ISAC)
The Real Estate Roundtable
Research and Educational Networking ISAC (REN-ISAC)
Biotechnology and Pharmaceutical ISAC (BioPharma ISAC)
Maritime ISAC (M-ISAC)
Maritime Security Council (MSC)
Marine Transportation System National Advisory Council
Supervisory Control and Data Acquisition (SCADA)
What Are Control Systems?
Types of Control Systems
Components of Control Systems
Vulnerability Concerns about Control Systems
Adoption of Standardized Technologies with Known Vulnerabilities
Connectivity of Control Systems to Unsecured Networks
Implementation Constraints of Existing Security Technologies
Insecure Connectivity to Control Systems
Publicly Available Information about Control Systems
Control Systems May Be Vulnerable to Attack
Consequences Resulting from Control System Compromises
Threats Resulting from Control System Attacks
Issues in Securing Control Systems
Methods of Securing Control Systems
Technology Research Initiatives of Control Systems
Security Awareness and Information Sharing Initiatives
Process and Security Control Initiatives
Securing Control Systems
Implement Auditing Controls
Develop Policy Management and Control Mechanisms
Control Systems Architecture Development
Segment Networks between Control Systems and Corporate Enterprise
Develop Methodologies for Exception Tracking
Define an Incident Response Plan
Similarities between Sectors
Critical Infrastructure Information (CII)
What Is Critical Infrastructure Information?
How Does the Government Interpret CII?
Exemption 3 of the Freedom of Information Act
Exemption 4 of the Freedom of Information Act
Section 214 of the Homeland Security Act
Enforcement of Section 214 of the Homeland Security Act
What Does Sensitive, But Unclassified Mean?
Information Handling Procedures
Freedom of Information Act
“For Official Use Only” (FOUO)
Enforcement of FOUO Information
Reviewing Web Site Content
Enforcement of Export-Controlled Information
Source Selection Data
Enforcement of Source Selection Data
Enforcement of Privacy Information
Unclassified Controlled Nuclear Information (UCNI)
Enforcement of UCNI
Critical Energy Infrastructure Information (CEII)
Enforcement of CEII
Lessons Learned Program