Download presentation
Published byAgustin Ratchford Modified over 9 years ago
1
Protected Critical Infrastructure Information (PCII) Program
Briefing to the FGDC HSWG Washington, DC September 21, 2006 Emily R. Hickey Sr. Communications Officer PCII Program Office
2
Overview The PCII Program Benefits of Participation
Operational Processes Accreditation Program Growth and New Initiatives How to Participate in the PCII Program
3
The Protected Critical Infrastructure Information (PCII) Program
The PCII Program is an important tool to encourage industry to share their sensitive critical infrastructure information Established under the CII Act of 2002, the PCII Program protects voluntarily submitted critical infrastructure information from: Freedom of Information Act (FOIA) State and local sunshine laws Civil litigation proceedings PCII Information cannot be used for regulatory purposes
4
Examples of Critical Infrastructure Information (CII)
Information defined by the CII Act includes: Threats ― Actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of a critical asset Vulnerabilities ― Ability to resist threats, including assessments or estimates of vulnerability Operational experience ― Any past operational problem or planned or past solution including repair, recovery, or extent of incapacitation
5
PCII Program Office Mission
The Program Office’s mission is to receive, validate, facilitate access to, and safeguard PCII Facilitate Access Receive Validate
6
Benefits of Participation
The PCII Program can: Facilitate new information sharing without compromising sensitive business information Strengthen existing public/private partnerships by adding protection to private sector’s information Enhance and increase Federal, State and local government entity access to critical infrastructure information
7
Operational Processes
Process for Submitting CII for PCII Protection Private sector, State or local government entities, and Information Sharing and Analysis Organizations (ISAO) may voluntarily submit information that meets the definition of CII as defined in the Act. Information may be submitted to the Program Office by mail, fax, courier, or electronically through a secure Web portal at and must include: Express Statement requesting protection Certification Statement User Access to PCII Once validated, PCII can be shared in various ways with authorized users: Hand delivery password protected file
8
Qualifications for PCII Status
To qualify for protection under the PCII Program, critical infrastructure information must: Be voluntarily submitted to and validated by the PCII Program Office Not otherwise be required by DHS Not be customarily in the public domain
9
Validation Process for PCII
Submissions from: Private Industry Information Sharing and Analysis Organizations (ISAO) State/local governments PCII Program Office: Checks for Express Statement Verifies receipt of required certification Reviews submitted information Determines if information meets definition of CII Meets criteria? YES NO Destroy material or return it to submitter Makes available to authorized users
10
Standard Access Policy
To be an Authorized User, the following requirements must be met: PCII Training (Federal, State and local employees and their contractors) Contract Modification (Federal, State and local contractors) Non-Disclosure Agreement (non-Federal employees) Must be assigned homeland security duties (Federal, State and local government employees and their contractors) Must have a need to know the specific information (Federal, State and local government employees and their contractors) Any Federal, State or local government Authorized User within an accredited entity may receive PCII
11
Purpose of Accreditation
Ensures that all participating government entities: Understand the handling, use, dissemination and safeguarding of PCII Have the necessary resources for operating a PCII Program Promotes consistent application of uniform minimum standards and requirements by all participating entities Ensures timely access to PCII Provides ongoing guidance to participating government entities with respect to handling, using, disseminating and safeguarding PCII
12
PCII Safeguards PCII Program safeguards and Accreditation Program ensure that all submitted information is: Accessed only by authorized and trained individuals, or those who receive submitter consent to view the PCII Used appropriately, based on guidance set forth in the CII Act and the PCII Program Final Rule Stored, handled, and disseminated using methods approved by the PCII Program Office
13
Program Growth Aggressive outreach has led to increased program participation The PCII Program Office has publicized the Program at various conferences to reach out to individual industry sectors The Program Office has enlisted the support of other DHS programs to advocate the benefits of PCII Program protections The Program Office has hosted discussions with private sector and government representatives to determine the best approach to information sharing Over the past year, private sector submissions of critical infrastructure information have quadrupled
14
States/local Entities
Program Growth The PCII Program Office has accredited, or is in the process of accrediting, numerous Federal, State and local entities. Federal Entities States/local Entities Food and Drug Administration’s Center for Food Safety and Applied Nutrition (Accredited) Department of Agriculture (In Process) Nuclear Regulatory Commission (In Process) Department of Defense (In Process) Maryland (Accredited) Arizona (Accredited) Massachusetts (Accredited) California (Accredited) Michigan (In Process) New York (In Process) Ohio (In Process) District of Columbia (In Process) Indianapolis, Indiana (In Process) Seattle, Washington (In Process)
15
Program Initiatives within DHS
Increase in submissions through collaborative efforts with identified users of CII in DHS, including: National Cyber Security Division’s United States Computer Emergency Readiness Team Secure Portal Submissions Capability Risk Management Division’s (RMD) Risk Assessment Methodology for Critical Asset Protection (RAMCAP) Program RMD’s Chemical Comprehensive Review RMD’s Site Assistance Visits (SAVs) and Buffer Zone Plans (BZPs) RMD’s Constellation/Automated Critical Asset Management System (ACAMS)
16
Contact the Program Office to discuss the process further
How to Participate Questions to consider to determine if your entity would benefit from becoming an accredited entity of the PCII Program: What are your entity's information needs? What private sector companies hold this information? Is there private sector information that you are not receiving because of FOIA concerns? Do you or might you have a need to access PCII received by the Program Office? Contact the Program Office to discuss the process further
17
Contact Information PCII Program Office Department of Homeland Security 245 Murray Lane, SW Building 410 Washington, DC
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.