Louisiana State Critical Infrastructure Protection Program (CIPP)

Governor’s Office of
Homeland Security & Emergency Preparedness
Louisiana State Critical Infrastructure
Protection Program (CIPP)
Building a Partnership for a
Better and Safer Louisiana
2010

Mission of Homeland Security
FEDERAL - We will lead the unified national effort to
secure America. We will prevent and deter terrorist
attacks and protect against and respond to threats and
hazards to the Nation. We will secure our national
borders while welcoming lawful immigrants, visitors,
and trade.

Mission of Homeland Security
STATE – To lead Louisiana to prepare for, prevent,
respond to and recover from, all natural and manmade
emergencies and disasters.

Homeland Security Branch
HSA
Deputy Director
of HLS
Chief of Staff
HLS Branch
MGR
Intel Officer
IP Spec
Intel Officer
IP Spec
IP Spec

Position Descriptions
Infrastructure Protection Specialist
• Performs highly complex tasks
directing the development and
implementation of the State’s Critical
Infrastructure Program in accordance
with the National Infrastructure
Protection Plan (NIPP)
• Direct interface with Facility Security
Officers (FSOs) representing all 18
CI/KR sectors
• Serves HSA as conduit to pass local
level CIK/KR data up to DHS, which
drives HLS funding for state
CI/KR
Automated Critical
Infrastructure Asset
Management System
ACAMS

Intelligence Officer
Position Descriptions
• Position supports GOHSEP in an all-hazards manner
by passing information to “need to know” recipients as it
develops in real-time
• Serves as a liaison with the State Fusion Center (LA-
SAFE) working on multiple source areas and projects
under broad management
• Facilitates coordination and synchronization between
the LA-SAFE and GOHSEP
• Serves as State Security Officer
• Manages security clearances for state & locals

National Infrastructure Protection Plan
(NIPP)
• The National Infrastructure Protection Plan (NIPP) provides
the coordinated approach that is used to establish national
priorities, goals, and requirements for CIKR protection …

National Security Strategy – May 2010
• …Working with the private sector and government partners
at all levels will develop an effective, holistic, critical
infrastructure protection and resiliency plan that centers on
investments in business, technology, civil society,
government, and education.

HSPD-7
…Federal departments and agencies will identify, prioritize, and
coordinate the protection of critical infrastructure and key
resources in order to prevent, deter, and mitigate the effects of
deliberate efforts to destroy, incapacitate, or exploit them.
…Federal departments and agencies will work with State and
local governments and the private sector to accomplish this
objective.

HSPD - 7
In accordance with guidance provided by the Secretary, Sector-
Specific Agencies shall:
• collaborate with all relevant Federal departments and agencies,
State and local governments, and the private sector, including with
key persons and entities in their infrastructure sector;
• conduct or facilitate vulnerability assessments of the sector; and
• encourage risk management strategies to protect against and
mitigate the effects of attacks against critical infrastructure and key
resources.

Responsibilities of HLS Branch
State Critical Infrastructure Protection Plan (CIPP)
Fusion Center Liaison – Information Flow
ACAMS Database Administration
Federal DHS CI/KR Data Call
Federal DHS Threat Data Call
Federal DHS Significant Events Data Call
State PCII Program Accreditation – Monitoring Visits
Homeland Security Plan Writing and Coordination
Buffer Zone Protection Plans
Intelligence Support to CIPP

Additional Responsibilities of HLS Branch
Private Sector Information Sharing and Outreach
Support Federal DHS Assessments
Site Assistance Visits (SVA) with DHS Protective Security
Advisors (PSAs)
Buffer Zone Protection Program
Regional Resiliency Assessment Program (RRAP)

Critical Infrastructure Protection Program
(CIPP)
• Vision – A safe, secure, and resilient critical infrastructure
based on, and sustained through, strong public and private
partnerships.
• Mission – Lead the state’s effort to mitigate terrorism risk to
strengthen the protection of, and enhance the resilience of
the State’s critical infrastructure.

18 Critical Infrastructure
& Key Resource Sectors
• Agriculture and Food
• Banking and Finance
• Chemical and Hazardous
Materials
• Defense Industrial Base
• Energy
• Emergency Services
• Information Technology
• Telecommunications
• Postal and Shipping
• Healthcare and Public Health
• Transportation
• Water
• National Monuments and Icons
• Commercial Assets
• Government Facilities
• Dams
• Nuclear Facilities
• Critical Manufacturing (New)

CIPP 4 Phase Plan
The State Critical Infrastructure Protection Plan
• 4 Phases
• Identify Assets, Systems, & Networks
• Assess Risks
• Prioritize
• Implement Programs to Mitigate – Measure Effectiveness
• Currently in Phase 1

Phase 1 – Identify Assets, Systems, & Networks
• ACAMS database building
• Engaging in and fostering public/private partnerships
• Publish the Draft State Criteria
• Building up the ACAMS User Base by getting ACAMS users
identified and certified
• Asking Current ACAMS users to continue to populate the
ACAMS database
• Meeting with local OHSEPs to review CIKR list for annual
DHS CIKR data call

Constellation/Automated Critical
Asset Management System
(C/ACAMS)

What is C/ACAMS
C/ACAMS is a secure, Web-based information services portal used to support
infrastructure protection efforts at the state and local level
• Provides access to a comprehensive set of tools and resources to develop
and implement CIP programs
• Focuses on pre-incident prevention and protection but also assists in postincident
response
C/ACAMS leverages the close relationship between local law enforcement, first
responders and asset owner/operators
• CIKR owners/operators are a key partner in planning and use of C/ACAMS
• C/ACAMS success depends on Public/Private Partnerships (P3)
Allows DHS to augment CIKR data collection via local law enforcement and
emergency management personnel across the nation
• State, local personnel interact daily with CIKR owners and operators to
maintain detailed, accurate infrastructure data
• C/ACAMS enables the effective inventory and management of thousands of
assets within state and local jurisdictional areas

What is in C/ACAMS
The Main Sections of ACAMS
• INV (Inventory Screen)
• AMQ (Asset Manager Questionnaire)
• BZP (Buffer Zone Plan)
• IAV (Initial Asset Visit)
• Reports/Mapping (Set of standard and custom reports w/Maps)
• Admin (Administration for Groups, Users and Assets)
• Searching (The ability to do advance searching across all data)
• Resources (Set of document, templates and other information)
• Total Assets 7,245 (December 2010)

Why Web Based
Accessibility
• From anywhere there is an internet connection, including wireless
• Remote data entry (input) and data viewing (output)
Information Sharing of Critical Asset Data
• Multiple users can access a specific site’s information simultaneously
Data Storage in a Centralized Location
• Facilitates updates without overwriting
• Off-Site storage and back-ups
• Maintained by DHS

Accessing the System
Roles (User types and Associated Privileges)
• System Administrator (complete read & write privileges)
• Supervisor (limited read & write privileges)
• Analyst (read only)
• Assessor/User (Can enter data and submit for approval to
Supervisor)
• Asset Manager (Can only access their own asset/AMQ screen
only)
Security Levels (Tiered Access)

Tiered Access in C/ACAMS

How does C/ACAMS benefit you
C/ACAMS has been developed as a scalable tool to fit the specific
needs of each jurisdiction at the state and local level
• C/ACAMS is scalable and exportable to fit the specific needs of
the user community and recognizes resource limitations
C/ACAMS provides the framework for the development of
comprehensive Critical Infrastructure Protection (CIP) Program
• DHS provides C/ACAMS at no cost to the state and local
community to support infrastructure protection efforts

How does C/ACAMS benefit you
C/ACAMS was developed in alignment with national-level guidance
to ensure state and local compliance with this guidance
• National Strategy for Homeland Security
• The National Infrastructure Protection Plan (NIPP)
• Homeland Security Presidential Directives (HSPD) 7 & 8

C/ACAMS
ACAMS Questions

Draft Criteria - State
CI/KR assets will be placed on the State CI/KR List if they meet Federal
DHS Criteria and/or one of the following state criteria:
• Loss of facility would cause severe prolonged disruption to the
state’s ability to prepare for, protect against, mitigate, or respond to
all hazards.
• Facility has agents reportable under CFATS, or TCI, is required to
file a Response Management Plan (RMP) or is designated a
Biosafety Level 3 or 4.
• Loss of facility would result in mass casualties.
• Loss of facility would result in prolonged mass evacuations of
populated places.
• Loss of facility would result in job loss in excess of 500.
• Loss of facility would result in an economic impact greater than
$500 million.
• Facility provides a utility service to major metropolitan areas or other
CI/KR assets that meet the state criteria.

Phase 2 – Assess Risks
• Conduct Assessments - MSHARP+V assessments of all tier
one identified assets – conducted by local HLS with
assistance from GOHSEP
• Mission, Symbolism, History, Accessibility, Recognizable,
Recoverability, Population, Proximity, + Vulnerability
(MSHAP+V)
• CARVER assessments on each critical node within the
tier one asset

Phase 3 - Prioritize
• Assist visits to locals to build tier lists for their area of
operation
• Identification of local “Tier One” Facilities
• Assistance in completion of Buffer Zone Protection Plans

Buffer Zone Protection Plan (BZPP)
A DHS Report Designed to:
• Identify specific threats and Critical Infrastructure/Key Resources
vulnerabilities within the “buffer zone”
• Identify potential preventive and protective measures that can be
taken by a responsible jurisdiction to devalue, deter, detect and
defend an asset

VRPP Report
Vulnerability Reduction Purchasing Plan (VRPP):
• Assists with the implementation of preventive and protective
measures identified through the BZP
• Provides form for planning and equipment requests for
responsible jurisdictions to implement preventive and protective
measures around CI/KR

Phase 4 – Implement Programs to Mitigate –
Measure Effectiveness
• Creation and Publication of a State Critical Infrastructure List
(SCIL) based on the assessments and scores assigned by
local HLS
• Submission of Buffer Zone Protection Plans
• Submission of Vulnerability Reduction Purchasing Plans
(VRPPs)
• Site survey sent to BZPP sites – follow up on vulnerabilities
addressed via BZPP funds

CIPP Success
A successful State CIPP will result in – A safer, more resilient, critical
infrastructure base in Louisiana.
A State CIPP program that satisfies HSA requirements listed in
the National Infrastructure Protection Program, HSPD-7, and
The National Security Strategy – May 2010
A State List of prioritized critical infrastructure that identifies
significant critical infrastructure and key resources and ranks
them according to their Risk Score
A Risk Score that can be part of the Grant Allocation Equation
A tangible assessment to give to the local Homeland Security
managers to support their decisions to mitigate potential risks
within their area of responsibility
Satisfy EMAP Accreditation Requirements for State CI/KR
Assessments

Risk Score Report
CIPP – Results
• Shows us how we compare to the rest of the country.

2010 DATA CALLS
35

Jill M. Babin
Questions
Homeland Security Branch Manager
Governor's Office of Homeland Security
& Emergency Preparedness
Work: (225) 358-5300
E-mail: jill.babin@la.gov
HSDN: jill.m.babin.sle@dhs.sgov.gov