Critical Infrastructure: Homeland Security and Emergency Preparedness

Reporting on the significant strides made in securing and protecting our nation's infrastructures, this timely and accessible resource examines emergency responsiveness and other issues vital to national homeland security. Critical Infrastructure: Homeland Security and Emergency Preparedness details the important measures that have been taken over the past few years to safeguard the industries, national landmarks, and national assets considered vital to the continued economic operation and success of any country and its people. After introducing the topic, this comprehensive book covers concerns such as data classification and categorization, border security and immigration, cyberterrorism, hazardous materials, national response plans, national incident management systems, and incident command systems. It presents newly developed department and agency level protocols, as well as newly formulated procedures and guidelines. It also explains security vulnerability assessments, information sharing and analysis centers, control systems, and supervisory control and data acquisition. Comprehensive and authoritative, Critical Infrastructure: Homeland Security and Emergency Preparedness isa must-have resource for professionals within both the private and public sectors and for students studying topics relating to critical infrastructure, emergency management, crisis response, and disaster recovery.

Table of Contents:
Introduction to Critical Infrastructure Preparedness Homeland Security Presidential Directives (HSPD) What Is Critical Infrastructure? What Is the Private Sector? What Is the Public Sector? What Is Critical Infrastructure Protection? What Is Critical Infrastructure Preparedness? Critical Infrastructure Functions Origins of Critical Infrastructure Regulations and Legislation What Are the Categories of the Laws Listed? Border Security and Immigration Communications and Network Security Cyberterrorism Infrastructure Domestic Safety and Security Economic and Financial Security Emergency Preparedness and Readiness Medical and Health Care Security Transportation Security (Includes Maritime Security) Hazardous Materials National Response Plan (NRP) What Is the National Response Plan (NRP)? NRP Training How Does the NRP Tie in with Emergency Management? NRP Subcategories Emphasis on Local Response What Is the Purpose of the NRP? Tie between NRP and NIMS Multiagency Command Structure Coordination Coordination Responsibilities Updates to the NRP Incident Command Structure of the NRP Levels of Authority Key Concepts in the Implementation of the NRP Roles and Responsibilities Roles of the Federal Government NRP Emergency Support Functions (ESFs) Scope of ESFs National Incident Management Systems (NIMS) What Is NIMS? Compliance Flexibility Standardization NIMS Represents Best Practices Components of NIMS Command and Management Preparedness Benefits from Using NIMS Resource Recovery Communications and Information Management Supporting Technologies Ongoing Management and Maintenance Command Structuring under NIMS Incident Command System (ICS) ICS Features Common Terminology Organizational Resources Manageable Span of Control Accountability Integrate Communications Capabilities Incident Action Plan Management Command, Coordination, and Control Structures Unified Command Area Command Multiagency Coordination Systems Emergency Operations Centers Incident Responsibilities Postincident Responsibilities Public Information Systems Joint Information Systems (JIS) Joint Information Centers (JIC) JIC Levels JIC Organizational Structure Preparedness and Readiness Preparedness Organizations Preparedness Planning and Coordination Types of Preparedness Plans Emergency Operations Plan Training and Exercise Drills Personnel Qualification and Certification Equipment and Hardware Certification Mutual-Aid Agreements Standby Contracts Publication Management Resource Management Effectively Managing Resources Communications and Information Management Principles Incident Command Systems (ICS) What Is NIMS and ICS? What Is an Incident? What Is an Incident Command System (ICS)? What Is NIMS ICS? History of ICS FIRESCOPE National Interagency Incident Management System (NIIMS) Weaknesses Addressed by Using an ICS Benefits of Using an ICS ICS Framework Applications for the Use of ICS ICS Management Characteristics Understanding the ICS Organization ICS Management Functions ICS Sections What Is Span of Control? ICS Position Titles ICS Organizational Components Unified Command The Incident Commander Command Staff General Staff Operations Section Planning Section Incident Action Plan Logistics Section Finance/Administration Section ICS Area Command Communications within the ICS Incident Facilities Differences between NIMS ICS and FIRESCOPE/NIIMS ICS NIMS ICS Training How ICS Integrates with Critical Infrastructure Emergency Preparedness and Readiness (EMR) Office for Domestic Preparedness First Responder First Responder Classifications Guideline Classifications North American Emergency Response Guidebook (NAERG) Awareness Level Guidelines Performance Level Guidelines Operational Levels Defined Level A: Operations Level Level B: Technician Level Know Protocols to Secure, Mitigate, and Remove Hazardous Materials Additional Protective Measures Understand Development of the Incident Action Plan Know and Follow Procedures for Protecting a Potential Crime Scene Know Department Protocols for Medical Response Personnel National Fire Prevention Association 472 Occupational Safety and Health Administration Hazardous Waste Operations and Emergency Response Skilled Support Personnel Specialist Employee Department of Transportation (DOT) Hazardous Materials (HAZMAT) Classifications Importance of Implementing an Emergency Response Plan Security Vulnerability Assessment (SVA) What Is a Risk Assessment? Methods of Assessing Risk Threat Risk Equations Comparison of Quantitative vs. Qualitative Risk Assessments Challenges Associated with Assessing Risk Other Factors to Consider When Assessing Risk What Is an SVA? Reasons for Having an SVA What Is a Threat? What Is Vulnerability? Countermeasures Vulnerability Assessment Framework (VAF) Reasons for Using the VAF Federal Information Systems Control Auditing Manual (FISCAM) General Methodologies of FISCAM Auditing What Are General Controls? What Are Application Controls? Caveats with Using an SVA How the SVA Is Used Audience of an SVA Initial SVA Plan Necessary Steps of an SVA Critical Success Factors VAF Methodology Initial Steps of the VAF VAF Step 1: Establish the Organization Minimum Essential Infrastructure (MEI) VAF Step 2: Gather Data to Identify MEI Vulnerabilities VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities Standards and Guidelines About the National Fire Prevention Association (NFPA) North American Electric Reliability Council (NERC) American Gas Association (AGA) Instrumentation, Systems, and Automation Society (ISA) American Petroleum Institute (API) Chemical Industry Data Exchange ISO 15408 NIST PCSRF Health Insurance Portability and Accountability Act (HIPAA) Patient Safety and Quality Improvement Act (PSQIA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act The American National Standards Institute (ANSI) Federal Information Processing Standards (FIPS) National Standards Systems Network BSR/ASCE/AEI XX-2006 BSR T1M1-27-200X BSR X9.49-200X ASTM F1756-97A (2002) Information Sharing and Analysis Centers (ISAC) What Is a Critical Infrastructure Asset? What Is an ISAC? Advantages of Belonging to an ISAC Access to ISAC Information Expanded ISAC Services Surface Transportation ISAC (ST-ISAC) Public Transportation ISAC (PT-ISAC) American Public Transportation Association (APTA) Association of American Railroads (AAR) Transportation Technology Center, Inc. (TTCI) Railinc Water ISAC Association of State Drinking Water Administrators (ASDWA) Water Environment Research Foundation (WERF) Association of Metropolitan Water Agencies (AMWA) Association of Metropolitan Sewage Agencies (AMSA) National Association of Water Companies (NAWC) American Water Works Association (AWWA) AWWA Research Foundation (AWWARF) Financial Services ISAC (FS-ISAC) Science Applications International Corporation (SAIC) Electricity Sector ISAC (ES-ISAC) Emergency Management and Response ISAC (EMR-ISAC) Information Technology ISAC (IT-ISAC) National Coordinating Center for Telecommunications (NCC-ISAC) Communications Resource Information Sharing (CRIS) Government Emergency Telecommunications Service (GETS) Telecommunications Service Priority (TSP) Shared Resources High Frequency Radio Program (SHARES) Network Reliability and Interoperability Council (NRIC) National Security Telecommunications Advisory Committee (NSTAC) Wireless Priority Services (WPS) Alerting and Coordination Network (CAN) Energy ISAC Chemical Sector ISAC (CHEM-ISAC) Chemical Transportation Emergency Center (CHEMTREC) Healthcare Services ISAC (HCISAC) Highway ISAC Cargo Theft Information Processing Systems (CargoTIPS) American Trucking Associations (ATA) HighwayWatch Food and Agriculture ISAC Food Marketing Institute (FMI) Multi-State ISAC (MS-ISAC) ISAC Council (ISAC-ISAC) World Wide ISAC (WW-ISAC) Real Estate ISAC (RE-ISAC) The Real Estate Roundtable Research and Educational Networking ISAC (REN-ISAC) Biotechnology and Pharmaceutical ISAC (BioPharma ISAC) Maritime ISAC (M-ISAC) Maritime Security Council (MSC) Marine Transportation System National Advisory Council Supervisory Control and Data Acquisition (SCADA) What Are Control Systems? Types of Control Systems Components of Control Systems Vulnerability Concerns about Control Systems Adoption of Standardized Technologies with Known Vulnerabilities Connectivity of Control Systems to Unsecured Networks Implementation Constraints of Existing Security Technologies Insecure Connectivity to Control Systems Publicly Available Information about Control Systems Control Systems May Be Vulnerable to Attack Consequences Resulting from Control System Compromises Wardialing Wardriving Warwalking Threats Resulting from Control System Attacks Issues in Securing Control Systems Methods of Securing Control Systems Technology Research Initiatives of Control Systems Security Awareness and Information Sharing Initiatives Process and Security Control Initiatives Securing Control Systems Implement Auditing Controls Develop Policy Management and Control Mechanisms Control Systems Architecture Development Segment Networks between Control Systems and Corporate Enterprise Develop Methodologies for Exception Tracking Define an Incident Response Plan Similarities between Sectors Critical Infrastructure Information (CII) What Is Critical Infrastructure Information? How Does the Government Interpret CII? Exemption 3 of the Freedom of Information Act Exemption 4 of the Freedom of Information Act Section 214 of the Homeland Security Act Enforcement of Section 214 of the Homeland Security Act What Does Sensitive, But Unclassified Mean? Information Handling Procedures Freedom of Information Act Need-to-Know “For Official Use Only” (FOUO) Enforcement of FOUO Information Reviewing Web Site Content Export-Controlled Information Enforcement of Export-Controlled Information Source Selection Data Enforcement of Source Selection Data Privacy Information Enforcement of Privacy Information Unclassified Controlled Nuclear Information (UCNI) Enforcement of UCNI Critical Energy Infrastructure Information (CEII) Enforcement of CEII Lessons Learned Program INFRAGARD Index