If You See Something, Say Something

The Office of Infrastructure Protection
National Protection and Programs Directorate
Department of Homeland Security
The Future of Homeland Security
with the Commercial Facilities
Infrastructure Sector
January 10th, 2013
• PSA’s Roles and Responsibilities
• The Threat
• Back to the Future
• The Future
• Resources
Protective Security Advisors
 93 Protective Security Advisors (PSAs)
 Non-Regulatory
 Facilitate and coordinate training and assessments of local
critical infrastructure
 Provide reach back capabilities to DHS and other Federal
 Respond to disasters to assist with the reconstitution of
critical infrastructure
 Support special events
The Threat
Infrastructure at a Glance
- The United States has more than 46,000 shopping centers nationwide.
- The American Hotel & Motel Association reported 53,500 operating
- The National Association of Theatre Owners reported 6,060 movie theaters in
the U.S.
- The United States has more than 600 convention centers.
- The Center for Exhibition Industry Research (CEIR) survey revealed there
were 11,094 trade and consumer shows in the country in 2000.
- Nearly 59 million skiers/boarders visit at the 478 ski areas operating in the
United States annually.
- There are about 878,000 restaurants in the United States. These
establishments serve more than 70 billion meals annually, have sales of more
than $440 billion.
Source: Overview of Potential Indicators of Terrorist Activity, Common
Vulnerabilities, and Protective Measures for Critical Infrastructures and Key
Resources (DHS 2006)
Trends and Tactics
 Tactics, techniques, and procedures evolve
quickly and adapt to countermeasures
 Recent plots disrupted in NY, NC, AR, AK, TX,
and IL were unrelated operationally, but indicative
of a common cause that rallies independent
extremists to want to attack the United States
 Pre-operational indicators are becoming more
and more difficult to detect, therefore State, local,
and private sector partners play a critical role in
identifying and reporting suspicious activity
Najibullah Zazi (Denver Post)
September 25, 2009 Zazi purchasing chemicals
Asymmetric Threat Environment
Activities and Indicators
Surveillance / Countersurveillance (Human/Cyber)
Facility Security
Facility Access
Facility Construction
Target Dynamics
Secondary Targets
Consequences of Impacts to Sector
Direct impacts:
– Significant economic
impacts locally,
regionally, and nationally
– Large scale loss of life
– Facility repair costs
– Utilities could be shut
down temporarily for the
surrounding area
– Psychological impacts
• Indirect impacts:
– Cascading economic
impacts to suppliers,
travel, and entertainment
business sectors
– Decreased interactions
for professional and
advancement and
– Increase public anxiety
Public-Private Partnership
• Become familiar with your workplace and
infrastructures that you depend on and depend
on you.
• Report suspicious activities to your local law
enforcement agency.
• Provide information for a Suspicious Activities
Report (SAR) to the Statewide Information and
Analysis Center (SIAC) and Joint Terrorism Task
Force (JTTF).
“If You See Something, Say Something™”
 In July 2010, DHS, at Secretary Janet Napolitano's direction,
launched a national "If You See Something, Say Something™"
public awareness campaign
 The campaign is a simple and effective program to raise public
awareness of indicators of terrorism and violent crime
 Emphasizes the importance of reporting suspicious activity to
the proper State and local law enforcement authorities
 DHS is launching the campaign in conjunction with the
Nationwide Suspicious Activity Reporting (SAR) Initiative
“If You See Something, Say Something™” (cont.)
 Only reports that document behavior reasonably indicative of
criminal activity related to terrorism will be shared with Federal,
state, local, tribal and territorial partners.
 Over the past year, the Department has rolled out the campaign with a
variety of partners:
– Amtrak
– American Hotel and Lodging Association
– Major League Soccer
– National Basketball Association
– National Collegiate Athletic Association
 DHS and the State continue to expand its partnership
The Nationwide Suspicious Activity Reporting
(SAR) Initiative
In March 2010, the Nationwide Suspicious Activity Reporting Initiative (NSI)
Program Management Office was established within the U.S. Department of Justice
(DOJ), Bureau of Justice Assistance, and is an interagency office composed of
representatives from DOJ, DHS, FBI, and the Program Manger – Information
Sharing Environment office
The NSI established standards, policies, and processes for gathering,
documenting, processing, analyzing, and sharing SAR while taking into account the
protection of privacy, civil rights, and civil liberties of Americans
The NSI program includes training for line officers, analysts, and chief executives,
as well as community outreach and a comprehensive privacy framework
The FBI eGuardian Program is an integral part of the NSI, ensuring that information
is getting from the field to the FBI Joint Terrorism Task Force for investigation
The NSI closely coordinates with the DHS "If You See Something, Say
Something™" campaign. The NSI also coordinates with the DHS Office of
Intelligence and Analysis which leads interagency support to the National Network
of Fusion Centers
The Nationwide Suspicious Activity Reporting
(SAR) Initiative (cont.)
 In order for DHS to assist State, local, tribal, territorial and private sector partners with
obtaining “If You See Something, Say Something™” materials, the DHS Office of Public
Affairs will need to obtain a few items from the requestor in order to draft materials – those
items are outlined below. The Office of Public Affairs will send the draft(s) back to the
requestor for final approval
 Product Options
– Posters, paystub inserts, table tent cards, etc.
– Electronic materials such as Ribbon Board/ Score Boards (need pixels/dimensions to
– Placing “If You See Something, Say Something TM” logo on credentials
– Public Service Announcement – DHS can write the script for the Public Service
Announcements. It is recommended that someone recognizable from your group record
the message
– “Back-of-house” materials – These will help instruct staff/volunteers on what to look for
and what they should do in case they see something suspicious
 Please refer to the “If You See Something, Say Something™” Information and Public
Display Materials Fact Sheet for more information
Back to the Future
National Infrastructure Protection Plan
Sector Specific Plans
For each CI/KR sector, a Sector Specific Plan (SSP) have been developed that sets forth
how the NIPP is implemented within the sector
Plans (18)
• Detail the application of the NIPP
risk management framework
across each sector
• Tailored to address the unique
characteristics and risk landscapes
of each sector
• Sector Specific Agencies (SSAs)
partner with Sector Coordinating
Councils (SCCs) and Government
Coordinating Councils (GCCs) to
develop the SSPs
DHS Taxonomy
Commercial Facilities Sector - 8 Sub-Sectors:
1. Entertainment and Media (e.g., motion picture studios, broadcast
2. Gaming (e.g., casinos);
3. Lodging (e.g., hotels, motels, conference centers);
4. Outdoor Events (e.g., theme and amusement parks, fairs,
campgrounds, parades);
5. Public Assembly (e.g., arenas, stadiums, aquariums, zoos,
museums, convention centers);
6. Real Estate (e.g., office and apartment buildings, condominiums,
mixed use facilities, self-storage);
7. Retail (e.g., retail centers and districts, shopping malls);
8. Sports Leagues (e.g., professional sports leagues and federations).
NIPP Sector Partnership Model
To coordinate activities under the NIPP, a framework for Federal, state, territorial, tribal,
local, and private sector security partners to work together has been developed
CF Government Coordinating Council
Members Include:
• Department of Commerce
• Department of Education
• Department of Homeland Security
• Department of Housing and Urban Development
• Department of the Interior
• Department of Justice
• Environmental Protection Agency
• General Services Administration
• Library of Congress
• National Endowment for the Arts
CF Private Sector Coordinating Council
Members Include:
Affinia Hospitality
BOMA International
Dallas Convention Center
International Association of
Amusement Parks and Attractions
International Association of Assembly
International Association of Fairs and
International Council of Shopping
Major League Baseball
Marriott International
National Association of Industrial and
Office Properties
National Association of RV Parks and
National Hockey League
National Multi Housing Council
National Retail Federation
NBC Universal
Oneida Gaming Commission
RBC Center
Retail Industry Leaders Association
Related Management Company
Self Storage Association
Stadium Managers Association
Starwood Hotels and Resorts
The Loss Prevention Foundation
The Real Estate Roundtable
The Walt Disney Company
Tishman Speyer
Trump Organization
Warner Bros. Studio Facilities
Westfield Shopping Centers
The Future
Risk Management
Resilience: Theory and Applications
Ability of an entity — asset, organization, community,
region — to anticipate, resist, absorb, respond to, adapt to,
and recover from a disturbance.
Voluntary Private Sector Preparedness Accreditation
and Certification Program (PS-Prep™)
 Any hazard can cause operational disruptions that can affect private-sector
entities and bring about various degrees of loss
 The PS-Prep™ Framework Guides can offer an organization several
options toward greater levels of preparedness standards
 The goal of PS-Prep™ is to help improve private sector preparedness,
resilience, and emergency management
 Key Points:
– Program is strictly voluntary
– DHS does not perform audits; the accreditation and certification process is
administered by the ANSI-ASQ National Accreditation Board
– The purpose is not to impose Federal preparedness standards; PS-Prep™
standards were developed by private sector standard development
 In March 2012, AT&T became the first company to be certified to a DHS
preparedness standard
PS-Prep™ (cont.)
 Certifying to a PS-Prep™ standard enables a business to:
Develop a plan of action for handling disruptions
Minimize potential impact to essential operations
Protect data and information to ensure continued decisionmaking
Protect market share and minimize financial losses
 Development of PS-Prep™ Framework Guides is ongoing
– The Electric and Chemical Sector-Specific Framework Guides have been
– Banking and Finance, Critical Manufacturing, Dams, Defense Industrial Base,
and Nuclear will soon be finalized
 For more information, please visit:
 Or email [email protected] for the Framework Guides
PS-Prep™ (cont.)
 New ISO 22301, 22313, 22398 – Business Continuity Management
– Moving your business continuity program to a management system requires
management commitment. It involves embedding business continuity
management into the culture of the organization. It is the endgame. There is
finally have a “standard” method for BCM program development and
improvement. We no longer need to rely on “Consultant X’s ‘Patented
Approach.’” We no longer have to discuss and argue about definitions. The
vocabulary is defined.
– Based on British Standard 25999-1
 DHS Deciding whether to include the new ISO’s into PS-Prep
Enhanced Critical Infrastructure Protection
 Infrastructure Survey Tool (IST) (contact your PSA to schedule
an IST for your facility at no cost)
– Over 1,800 IST surveys conducted to date
– Apply weighted scores to identify vulnerabilities and trends
for infrastructure and sectors and conduct sector-by-sector
and cross-sector vulnerability comparisons
– A consistent methodology of facility security information
– Provides an analysis for protective measures planning and
resource allocation
Enhanced Critical Infrastructure Protection
 Infrastructure Survey Tool (IST)
– Over 1,800 IST surveys conducted to date
– Apply weighted scores to identify vulnerabilities and trends
for infrastructure and sectors and conduct sector-by-sector
and cross-sector vulnerability comparisons
– A consistent methodology of facility security information
– Provides an analysis for protective measures planning and
resource allocation
– Provides Protective Measures Index (PMI) and Resilience
Measurement Index (RMI) Dashboard products for
comparative analysis
Comparing Facility and Subsector
Subsector Maximum
Facility PMI
Subsector Average
Subsector Minimum
Overall Facility PMI
ECIP Dashboard – Overall Tab
“Overall” tab shows the overall facility PMI and the PMIs for each major
component (Level 1) of the facility PMI (blue bar) and the low, average, and high
PMI for the subsector (dots).
ECIP Dashboard – Component Screens
Tabs – Level 1
Level 3
Level 2
Level 1
Level 2
PMI Dial
Level 3
Component PMI
RMI Dashboard
 The RMI Dashboard tabs will reflect the components of resilience
– All RMI questions are in the RMI tabs
 High, Average and Low comparisons will be available immediately
– These are calculated using certain assumed answers to the new questions
for the average facility within the sector
 All on-line dashboards in 2013
Computer Based Assessment Tool
 The CBAT is used to blend technical site
assessment data, structural schematics, and
other relevant site data with video of facilities,
surrounding areas, routes, etc, to create an
interactive visual guide of any location
 Assist the facility owners and operators, local
law enforcement, and emergency response
personnel to prepare for and respond to an
 Used in the 2012 Presidential Debates, 2009, -10, -11 Super Bowls, G-20,
and the Presidential Inauguration
Cyber Security Evaluation Tool (CSET )
 Stand-alone software application
 Self-assessment using recognized standards
 Tool for integrating cyber security into existing
corporate risk management strategy
Cyber Resilience Review (CRR)
 Performs a variety of cyber security assessments to identify
weaknesses and provide options for consideration. Key
assessments include, Cyber Resilience Reviews (CRR).
Protected Critical Infrastructure Information
 PCII is an information-protection tool that enhances the ability of industry
and government to share sensitive information with government authorities
 All information classified as PCII is protected from public disclosure through
the Critical Infrastructure Act of 2002
 To qualify as PCII, information must:
– Contain critical infrastructure information not in the public domain
– Be voluntarily submitted by the private sector or State and local owners and
– Include express and certification statements
 PCII is protected from public disclosure under the Freedom on Information
Act (FOIA) and similar State and local disclosure laws
 Also, PCII cannot be used in civil litigation or for regulatory purposes
PCII (cont.)
 Access to PCII is limited to government employees and contractors trained
in safeguarding and the handling of PCII
 There have been no unauthorized releases of PCII reported since the
program’s inception in 2004
 Current stats:
– Over 6,000 PCII authorized users and tens of thousands of items have been
submitted to the program or its Federal partners
 Program Update:
– New oversight procedures are being implemented to ensure that every State or
Federal entity that handles PCII is regularly reviewed for compliance
 For more information, please visit: www.dhs.gov/pcii
DHS Training Courses
 Provide protection personnel in public and private sectors
with specialized security training to prevent and protect
against continuing and emerging threats to our Nation’s
– Private Sector Counter-Terrorism Awareness Workshop
– Improvised Explosive Device Awareness Workshop
– Bomb-Making Materials Awareness Program
– Surveillance Detection Course
– Soft Target Awareness Course
– Protective Measures Course
Active Shooter Awareness Program
 Active shooters are an ongoing threat to attack out workplaces, schools,
military installations, and other public settings
 Given today’s ever-changing threat environment, preparing for Active
Shooter scenarios should be a key component of any organization’s
incident response planning
 The DHS Active Shooter Awareness Program provides resources to help
public and private-sector security managers prepare for and train
workforces to mitigate this threat
 There are several resources available:
– Live Workshops (monthly day-long events with law enforcement and behavioral
subject matter experts)
– Online Training (an Independent Study Course is available that was developed
with the Federal Law Enforcement Training Center and the Hospitality,
Entertainment, and Tourism Security Council
Active Shooter Awareness Program (cont.)
– Webinars (the Active Shooter Awareness Virtual Roundtable helps partners
understand the importance of developing emergency plans)
• Archived version: http://www.dhs.gov/files/programs/gc_1231165582452.shtm
– Other Resources (a booklet and poster that can assist facility owners and
operators in preparing for an active shooter incident)
• Topics include: Profile of an active shooter; practices for coping; and tips for
recognizing signs of potential workplace violence
 For more information, please email [email protected]
IS-906: Workplace Security Awareness
 Online training provides guidance to individuals and organizations on how
to improve security in the workplace
 Online training can be completed in 45 minutes
 Applicable across all 18 critical infrastructure sectors
 Threat scenarios include:
Access and Security Control
Criminal and Suspicious Activities
Workplace Violence
Cyber Threats
 Link to online training: http://training.fema.gov/EMIWeb/IS/IS906.asp
IS-907: Active Shooter: What You Can Do
Online training for broad audience regardless of knowledge and skill level
Provides guidance on how to prepare and respond to an active shooter
Online training can be completed in 45 minutes
Uses interactive scenarios and videos to illustrate proper response during
an active shooter event
 Topics include:
– Actions to take when confronted with an active shooter
– How to recognize potential indicators of workplace violence
– Actions to prevent and prepare for an active shooter situation
 Features interactive knowledge reviews, final exam, and additional
 Link to training: http://training.fema.gov/EMIWeb/IS/IS907.asp
Active Shooter: How to Respond
 13 page booklet for managers
 Topics include:
Profile of an active shooter
How to respond to an active shooter
How to respond when police arrive
Training your staff for an active shooter
Human Resources responsibilities
Facility Manager responsibilities
Manager responsibilities
How to assist those with special needs and/or disabilities
Indicators of potential violence by employee
How to manage consequences
 Download at:
Active Shooter Poster
 Poster for break rooms, training
areas, offices, restrooms
 Reinforces training topics
 Download at:
Active Shooter Pocket Guide
Download at: http://www.dhs.gov/xlibrary/assets/active_shooter_pocket_card.pdf
Video: “Threat Detection and Reaction for Retail and
Shopping Center Staff”
20-minute presentation
Intended for Point-of-Sale staff
Applicable to all employees of a shopping center, mall, or retail facility
Uses case studies and best practices to explain
– suspicious behavior and items
– how to reduce the vulnerability to an active shooter threat
– the appropriate actions to take if employees notice suspicious activity
 The presentation can be viewed on the HSIN-CS Commercial Facilities
portal at https://connect.hsin.gov/p21849699/
– For access to HSIN-CS, email your name and organization to
[email protected]
Tabletop Exercise: Dealing with Workplace Violence
 Low density, high demand resource
 Audience
– Critical infrastructure stakeholders
– Public safety partners
 Purpose: to address gaps, issues, and concerns related to Active Shooters
 Typical exercise agenda (4 hours):
Module 1: Pre-Incident Phase
Module 2: Incident Response Phase
Module 3: Assessment Phase
10 minutes
30 minutes
90 minutes
60 minutes
20 minutes
 Contact the Utah Protective Security Advisor (PSA) to determine availability
DHS Support and Resources
 In addition, DHS has developed materials and
training tools for sector partners, including
owners and operators, to make the sector
more prepared, more secure, and more
resilient from terrorist attacks, natural
disasters, and other incidents
 These materials are available through the
Homeland Security Information Network –
Critical Sectors (HSIN-CS) portal and are
detailed in the Commercial Facilities Sector
Resource Guide
HSIN-Critical Sectors (CS)
 Secure portal that provides a “peer to peer” collaboration space for:
– Workgroups
– Sub-portals
– Events calendar
 Resources available:
– Intelligence bulletins
– Guides
– Training
– Contact Information
New! - Business Continuity Planning Suite
 The BCP Suite includes:
– Business Continuity Training
– Business Continuity Plan Generator
– Disaster Recovery Plan Generator (IT Recovery Plan)
– Business Continuity Plan Test
 Contact your PSA to get a copy of the material.
For more information visit:
Ralph Ley
Protective Security Advisor–Utah District
[email protected]

similar documents