Geoscience Reference
In-Depth Information
Simple Rating ...............................................................................................175
Risk Matrix...................................................................................................175
Risk Equation ...............................................................................................176
Required Expertise........................................................................................177
Outline of Risk Management Steps...............................................................178
Step 1: Identify Critical Assets and the Impacts of Their Loss ...................178
Step 2: Identify What Protects and Supports the Critical Assets ...............182
Step 3: Identify and Characterize the Threat
Step 4: Identify and Analyze Vulnerabilities..............................................187
Step 5: Assess Risk and Determine Priorities for Asset Protection .............188
Step 6: Identify Mitigation Options, Costs, and Trade-Offs .....................190
Conclusion........................................................................................................194
References .........................................................................................................195
Introduction
The Homeland Security Act of 2002 provides the primary authority for the overall
homeland security mission. This act charged the Department of Homeland Security
(DHS) with primary responsibility for developing a comprehensive national plan to
secure critical infrastructure and key resources (CIKR) and recommend “the measures
necessary to protect the key resources and critical infrastructure of the United States.”
This comprehensive plan is the National Infrastructure Protection Plan (NIPP), first
published by the DHS in June 2006. As defined in the 2009 NIPP, critical infrastruc-
ture are the systems and assets, whether physical or virtual, so vital that the incapacity
or destruction of such may have a debilitating impact on the security, economy, public
health or safety, environment, or any combination of these matters, across any federal,
state, regional, territorial, or local jurisdiction. Key resources are publicly or privately
controlled resources essential to the minimal operations of the economy and govern-
ment. The NIPP provides the unifying structure for integrating a wide range of efforts
for the protection of CIKR into a single national program.
Homeland Security Presidential Directive 7 (HSPD-7), Critical Infrastructure
Identification, Prioritization, and Protection, was established as a national policy
for federal departments and agencies to identify and prioritize United States CIKR
and to protect them from terrorist attacks. The NIPP provided the follow-up plan
to implement HSPD-7. The NIPP called out the need to conduct risk assessments
to deter threats, mitigate vulnerabilities, and minimize consequences.
Vulnerability Assessment
Vulnerability assessment methodologies are generally intended to identify any
weakness that can be exploited by an adversary to gain unauthorized access to or to
disrupt an asset, facility, or system. Terrorism is often the primary focus; however,
