Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
National Protection and Programs Directorate
Office of Cyber and Infrastructure Analysis (OCIA)
Director John Murphy
Virginia Tech Science & Technology & Policy Leadership Seminar Series
October 9, 2014
National Protection and Programs Directorate
National Protection and
Programs Directorate
Office of Infrastructure
Protection
Office of Cybersecurity
and Communications
Office of Cyber and
Infrastructure Analysis
Office of Biometric Identity
Management
Federal Protective
Service
2
The Need for Integrated Consequence Analysis
OCIA Mission: Center of Excellence to better understand all-
hazards consequences to the Nation’s critical infrastructure
through an integrated analytical approach evaluating the
potential consequences of disruption, including dependencies,
interdependencies, and cascading impacts, from physical or
cyber threats and incidents.
OCIA’s consequence analysis integrates expertise and data
from across NPPD to support NPPD operational activities and
enhance decision support for DHS leadership and other public
and private sector critical infrastructure partners to better
predict, prepare for, and mitigate disruptions to critical
infrastructure.
3
Evolving NPPD Analytical Capabilities
4
Analytic Program
5
Infrastructure Prioritization
Operational
Analysis
Strategic
Analysis
Capability and Capacity Development
OCIA Functions
OCIA uses all-hazards information from an array of partners to conduct
consequence modeling, simulation, and analysis. OCIA’s core functions
include:
– Providing analytic support to DHS leadership, operational components, and
field personnel during steady-state and crises on emerging threats and
incidents impacting the Nation’s critical infrastructure
– Assessing and informing national infrastructure risk management strategies on
the likelihood and consequence of emerging and future risks
– Developing and enhancing capabilities to support crisis action by identifying
and prioritizing infrastructure through the use of analytic tools and modeling
capabilities
6
Supporting Leadership Decisions: Steady-State and
Incident Response
7
8
The Impact of Cyber Infrastructure
Emergency Services
Banking & Finance
Energy
Transportation
Government
Cyber Infrastructure
Cyber Infrastructure includes information technology and communications
systems and the information contained in those systems. The most recognizable
components are telecommunications systems, computer systems, and networks
such as the Internet. For example…
9
Critical Infrastructure and the physical/cyber nexus
Recent Significant Activities
Propane Shortage
– For the first time, FERC directed private sector entities to reverse pipeline flow
in order to alleviate critical propane shortage during winter of 2014.
– FERC cited the detailed analysis conducted by OCIA to justify the decision.
Electric Power Substations
– NPPD spearheads effort using OCIA consequence analysis of specific incidents
lead NERC to direct the establishment of improved physical security measures
at electric power substations across the country.
Cyber Dependent Infrastructure Identification as required by Section 9 of
Executive Order 13636, Improving Critical Infrastructure Cybersecurity
– OCIA co-led the effort to identify infrastructure most at risk and now manages
the program moving forward.
– Lauded by the NSC Cyber Czar as one of the best products seen from DHS.
Recent Significant Activities
California Drought Analysis
– Detailed joint analysis of the California drought and other potential
complicating natural hazards in response to Presidential RFI.
– Analysis received high praise from NSC Staff, including the Deputy HSA to
the President, as well as praise from Congress.
Cyber Proof of Concept
– Efforts to identify the physical consequences of cyber or ICS attacks within
complex systems
– Detailed analysis completed with a variety of systems: water and waste
water treatment facilities, large commercial venues, Federally protected
facilities, Natural Gas facility, etc.
Bakken Crude Oil
– OCIA is supporting NSC request to understand potential consequences
from increased transportation of Bakken Crude Oil.
The Challenge of Interdependencies
Decoding Interdependencies
Interdependencies: Impact of Drought
Interdependencies: Impact of Drought
Key Analytic Themes for FY 2015
Infrastructure Resilience, Intra/Interdependencies
Cyber dependencies and/or Nexus of Cyber Infrastructure
Operational Support and/or Crisis Action
Infrastructure Prioritization
Aging and/or Failing Infrastructure
Extreme Weather and/or Climate Change
16
For more information visit:
www.dhs.gov/office-cyber-infrastructure-analysis
Back-up Slides
The Importance of Good Data
Karly Domb Sadof
The Importance of Good Data