1

Unclassified

Critical Infrastructure Protection

Chuck WhitleyEMS User’s Group

June 9, 1999

2

Unclassified

PDD-63 (May 22, 1998):

President Clinton’s Goal “No later than the year 2000, the United States shall have achieved an initial

operating capability and no later than (the year 2003) the United States shall have achieved and shall maintain the ability to protect our nation’s critical infrastructures from intentional acts that would significantly diminish the abilities of:

the Federal Government to perform essential national security missions and to ensure the general public health and safety;

state and local governments to maintain order and to deliver minimum essential public services;

the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial and transportation services.”

3

Unclassified

National Infrastructure Protection Center

– Its mission includes providing timely warnings of intentional threats and attacks, producing comprehensive analyses, and coordinating law enforcement investigation of and response to threats and attacks

PDD-63, May 22, 1998:

– The NIPC will provide a national focal point for gathering information on threats to infrastructures

– The NIPC will support National Command Authority during a foreign-sponsored attack on U.S. interests

4

Unclassified

Information Flow

PRIVATESECTOR

ISACs

FED GOV’T

WARNINGSALERTS

ADVISORIES

INTERAGENCYINVESTIGATION

ANALYSIS&

WARNING

WATCHCENTER

COMPUTERINTRUSION

INVESTIGATIONS

USG DECISION MAKERS

5

Unclassified

NIPC Indications & Warnings Objective:

It is the objective of the NIPC to develop a national-level system that provides timely, accurate, actionable warning of infrastructure threats and attacks.

6

Unclassified

NIPC Approach to Achieve Objectives

Immediately develop a tactical warning system– Warn of threats and imminent attacks at the earliest

possible time– Achieve in near term

Ultimately develop a strategic warning system– Seeks to identify as early as possible dynamic features of

a situation that may affect US interests– Requires participation of Intelligence and Law

Enforcement communities, other government agencies, and the private sector

– Development will proceed in parallel to tactical system

7

Unclassified

I&W Schedule

20001999 20022001 2003

Electric Power, Telecom initial Operations

Electric Power, Telecom initial Operations

PDD-63 IOC

PDD-63 FOC

8

Unclassified

I&W Concept

InfrastructureOwners & Operators

NIPC

SectorLead Agencies

Federal, State, & Local

Law Enforcement

OtherGovernment

Agencies

IntelligenceCommunity

Department ofDefense

Warnings

“Indicators”

9

Unclassified

When to Notify NIPC: General Guidelines

ASAP after an infrastructure – Has had significant capability degraded

• Service disruption• Core capability degraded (e.g., management / control functions)

– Has potential to suffer significant damage or degraded capability

• If in doubt, err on the side of caution

– Is subject to suspicious patterns of behavior or responses to control

• Anomalous technical attributes, timing, locations, etc.

10

Unclassified

Warning Outputs from NIPC

NIPC will disseminate three types of messages:

Initially, NIPC will disseminate these messages through

existing communication channels

Advisories will be issued as appropriate when new information on threats or vulnerability becomes available.Alerts will be issued when serious vulnerabilities or threats are uncovered that threaten infrastructure operations.Warnings will be issued when serious, confirmed vulnerabilities in one or more infrastructure sectors appear to be the focus of confirmed threat activity.

11

Unclassified

Reporting Criteria (Strawman)

Critical electric power facilities– Control Centers

• Power Pools• Control Areas (~ 150)• Regional/Secuirty Coordinators (~ 22)• Independent System Operators

– Transmission Systems• HV Substations ( > 230 kV) • HV Lines ( > 230 kV)

12

Unclassified

Reporting Criteria (Strawman)

Critical networks and systems– SCADA and Energy Management Systems– Networks and other systems used for generation

and transmission control– Networks used for essential communications for

system operation, control, and maintenance– NERCNet, including the InterRegional Secuirty

Network (ISN)