1. Unclassified  1 Critical Infrastructure Protection Chuck Whitley EMS User’s Group June 9, 1999

2. Unclassified  2 PDD-63 (May 22, 1998): President Clinton’s Goal “No later than the year 2000, the United States shall have achieved an initial operating capability and no later than (the year 2003) the United States shall have achieved and shall maintain the ability to protect our nation’s critical infrastructures from intentional acts that would significantly diminish the abilities of:  the Federal Government to perform essential national security missions and to ensure the general public health and safety;  state and local governments to maintain order and to deliver minimum essential public services;  the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial and transportation services.”

3. Unclassified  3 National Infrastructure Protection Center –Its mission includes providing timely warnings of intentional threats and attacks, producing comprehensive analyses, and coordinating law enforcement investigation of and response to threats and attacks PDD-63, May 22, 1998: –The NIPC will provide a national focal point for gathering information on threats to infrastructures –The NIPC will support National Command Authority during a foreign-sponsored attack on U.S. interests

4. Unclassified  4 Information Flow PRIVATE SECTOR ISACs FED GOV’T WARNINGS ALERTS ADVISORIES INTERAGENCY INVESTIGATION ANALYSIS & WARNING WATCH CENTER COMPUTER INTRUSION INVESTIGATIONS USG DECISION MAKERS

5. Unclassified  5 NIPC Indications & Warnings Objective: It is the objective of the NIPC to develop a national-level system that provides timely, accurate, actionable warning of infrastructure threats and attacks.

6. Unclassified  6 NIPC Approach to Achieve Objectives Immediately develop a tactical warning system –Warn of threats and imminent attacks at the earliest possible time –Achieve in near term Ultimately develop a strategic warning system –Seeks to identify as early as possible dynamic features of a situation that may affect US interests –Requires participation of Intelligence and Law Enforcement communities, other government agencies, and the private sector –Development will proceed in parallel to tactical system

7. Unclassified  7 I&W Schedule 20001999200220012003 Electric Power, Telecom initial Operations Electric Power, Telecom initial Operations PDD-63 IOC PDD-63 FOC

8. Unclassified  8 I&W Concept Infrastructure Owners & Operators NIPC Sector Lead Agencies Federal, State, & Local Law Enforcement Other Government Agencies Intelligence Community Department of Defense Warnings “Indicators”

9. Unclassified  9 When to Notify NIPC: General Guidelines ASAP after an infrastructure –Has had significant capability degraded Service disruption Core capability degraded (e.g., management / control functions) –Has potential to suffer significant damage or degraded capability If in doubt, err on the side of caution –Is subject to suspicious patterns of behavior or responses to control Anomalous technical attributes, timing, locations, etc.

10. Unclassified  10 Warning Outputs from NIPC NIPC will disseminate three types of messages: Initially, NIPC will disseminate these messages through existing communication channels Advisories will be issued as appropriate when new information on threats or vulnerability becomes available. Alerts will be issued when serious vulnerabilities or threats are uncovered that threaten infrastructure operations. Warnings will be issued when serious, confirmed vulnerabilities in one or more infrastructure sectors appear to be the focus of confirmed threat activity.

11. Unclassified  11 Reporting Criteria (Strawman) Critical electric power facilities –Control Centers Power Pools Control Areas (~ 150) Regional/Secuirty Coordinators (~ 22) Independent System Operators –Transmission Systems HV Substations ( > 230 kV) HV Lines ( > 230 kV)

12. Unclassified  12 Reporting Criteria (Strawman) Critical networks and systems –SCADA and Energy Management Systems –Networks and other systems used for generation and transmission control –Networks used for essential communications for system operation, control, and maintenance –NERCNet, including the InterRegional Secuirty Network (ISN)