Private Sector Resources Catalog

January 2020

2

U.S. Department of Homeland Security Washington, DC 20528 Homeland Letter from Assistant Secretary Security

January 14, 2020

Dear Private Sector Partner,

The responsibility for securing our homeland is shared broadly across federal, state, local, and tribal governments and with the private sector, including large and small businesses, academia, trade associations, and other non-profits. Natural disasters, foreign and domestic terrorist threats, and a myriad of other hazards over the last fewyears have only highlighted the need for the government and the private sector to work together to ensure your organizations are secure, prepared for all circumstances, and able to rapidly respond to events.

We at the Department of Homeland Security are committed to supporting you. This second iteration of the Private Sector Resources Catalog provides a compendium of OHS programs and points of contact available to the private sector, across all Homeland Security issue areas and inclusive of all OHS Components, Offices, and Directorates.

We appreciate all that you do to help us secure the Homeland, and we welcome your feedback about the Private Sector Resources Catalog and all other matters at [email protected].

Sincerely,

Assistant Secretary

3

Table of Contents

Letter from Assistant Secretary ...... 3 Department-wide Resources ...... 7 Civil Rights and Civil Liberties ...... 7 Economic Analysis ...... 10 Outreach and Engagement ...... 10 Policy Guidance ...... 14 Privacy ...... 15 Protecting Against Fraud & Counterfeiting ...... 16 Research and Product Development ...... 19 Social Media Engagement ...... 22 Enforcing and Administering Our Immigration Laws ...... 25 Employment Eligibility Verification ...... 25 Immigration Enforcement ...... 26 Immigration Guidance ...... 27 Immigration Questions and Concerns ...... 27 Ensuring Resilience to Disasters ...... 29 Business Preparedness ...... 29 Emergency Communications ...... 30 Emergency Responder Community ...... 33 Personal and Community Preparedness ...... 36 Preventing Terrorism and Enhancing Security ...... 42 Aviation Security ...... 42 Bombing Prevention ...... 44 Chemical Security ...... 46 Critical Infrastructure – Multiple Sectors ...... 48 Critical Manufacturing...... 52 Commercial Facilities ...... 52 Communications Sector ...... 55 Dams Security ...... 55 Food Safety and Influenza ...... 58 Hazardous Materials Transportation Security ...... 59 Infrastructure Security and Resilience Assessment ...... 59 Land Transportation and Pipeline ...... 61 4

Maritime Security ...... 63 Mass Transit and Rail Security ...... 66 Nuclear Security ...... 67 Protecting, Analyzing, & Sharing Information ...... 68 Soft Targets and Crowded Places and Insider Threat Mitigation ...... 72 Safeguarding and Securing Cyberspace ...... 75 Cybersecurity Assessment Tools ...... 75 Cybersecurity Incident Resources, Detection, and Prevention Resources ...... 76 Cybersecurity Technical Resources ...... 78 Information Sharing ...... 82 Software Assurance (SwA) ...... 82 Securing and Managing Our Borders ...... 84 Border and Economic Security ...... 85 Trade Facilitation ...... 86 Travel Facilitation ...... 88

5

6

Department-wide Resources

Department-wide Resources Civil Rights and Civil Liberties

Blue Campaign to Combat Human Trafficking Asian, Latino, Middle Eastern, Somali, Sikh, Office activities including how to file is a national public awareness campaign and and other communities, with government complaints, ongoing and upcoming projects, training program, designed to educate the representatives and all levels of law and opportunities to offer comments and public, law enforcement, and other industry enforcement. CRCL also conducts roundtables feedback, etc. Newsletters are distributed via partners to recognize the indicators of human with young/youth leaders of diverse email and posted online at: www.dhs.gov/crcl- trafficking and how to report. To report communities. For more information, please newsletter. Please contact suspected human trafficking to Federal law contact [email protected]. [email protected] for more information. enforcement, the public may use the ICE Homeland Security Investigations (HSI) 24- DHS Compliance Assurance Program Office Civil Rights and Civil Liberties Training at hour Tip Line 1-866-DHS-2ICE (1-866-347- (CAPO) The Compliance Assurance Program Fusion Centers CRCL partners with the DHS 2423), or for victim assistance, call the Office (CAPO) is responsible for providing Privacy Office and the Department of Justice’s National Human Trafficking Hotline (888- compliance support services to all DHS Bureau of Justice Assistance in the 3737-888) to reach a non-governmental Components and their performers. The CAPO development and delivery of civil rights, civil organization. Informational human trafficking ensures DHS-conducted and sponsored liberties, and privacy training for personnel at materials are available in a variety of activities are compliant with relevant U.S. state and major urban area fusion centers. In languages, and include public service regulations and laws, international support of this training mission, CRCL announcements, brochures, posters, indicator agreements, DHS policies, and relevant maintains a web portal for single point of cards, key tag cards, and industry specific standards and guidance. The CAPO’s DHS- access to the wide range of resources and toolkits. For more information, see wide compliance support and oversight training materials that address civil rights, www.dhs.gov/humantrafficking. functions include six critical areas: biological civil liberties, and privacy. To view the portal, and chemical arms control, biosafety, please visit: www.it.ojp.gov/PrivacyLiberty. The Office for Civil Rights and Civil Liberties biological select agent and toxins, life sciences (CRCL) Annual Reports to Congress Under 6 dual use research of concern, care and use of Environmental Justice Annual U.S.C. § 345 and 42 U.S.C. § 2000ee-1, CRCL animals, and human subjects research. The Implementation Report Environmental justice is required to report annually to Congress CAPO may also provide export control (EJ) describes the commitment of the about the activities of the Office. For more training, but performers are responsible for government to avoid placing information, or to view the reports, please performing their own export control due disproportionately high and adverse burdens visit www.dhs.gov/crcl. diligence. For more information, see on the human health and environment of www.dhs.gov/publication/compliance- minority populations or low-income Community Engagement Roundtables CRCL assurance-program-office or contact populations through its policies, programs, or leads, or plays a significant role, in regular [email protected] or activities. Executive Order 12898, Federal roundtable meetings among community [email protected]. Actions to Address Environmental Justice in leaders and federal, state, and local Minority Populations and Low-Income government officials. These roundtables bring CRCL Monthly Newsletter informs the public Populations was established in 1994 and together American Arab, Muslim, South and communities across the country about directs federal agencies to make achieving 7

Department-wide Resources environmental justice part of their mission. As CRCL provides guidance for recipients of DHS part of our responsibilities in this E.O. 12898, financial assistance to help them understand Introduction to Arab American and Muslim DHS recently published an Environmental and implement their obligations to provide American Cultures is an hour-long training Justice Annual Implementation Report. For meaningful access for individuals with limited DVD that provides insights from four national more information, see www.dhs.gov/dhs- English proficiency (LEP): and international experts. The training assists environmental-justice-strategy www.dhs.gov/guidance-published-help- law enforcement officers and other personnel department-supported-organizations-provide- who interact with Arab and Muslim Equal Employment Opportunity (EEO) and meaningful-access-people-limited. Americans, as well as individuals from Arab Diversity Reports The DHS EEO and or Muslim communities. For more Diversity Division prepares and submits a Human Rights and Vulnerable Populations information, contact [email protected] or visit variety of annual progress reports relating to The CRCL Officer is the designated DHS www.dhs.gov/crcl. the Department's EEO activities: single point of contact for international www.dhs.gov/crcl. human rights treaty reporting and Language Access CRCL leads the coordination. CRCL works with DHS Department’s efforts to provide meaningful Forced Labor Resources The ICE HSI Forced Components to develop and advance access for LEP individuals. CRCL also Labor Program coordinates criminal protective policies, procedures, and training provides resources, guidance, and technical investigations into allegations of forced labor for victims of torture and persecution, assistance to recipients of DHS financial in imported goods in violation of the Tariff Act battered immigrants, trafficked persons, and assistance. For more information, visit of 1930 (Title 19 USC §1307) and the others needing special attention. For more www.dhs.gov/language-access or contact Countering America’s Adversaries Through information, please contact [email protected]. [email protected]. Sanctions Act (22 USC § 9241a). When contacting ICE to report instances of forced Human Rights Violators and War Crimes Minority Serving Institutions (MSI) Programs labor, please provide as much detailed Center protects the public by targeting war include the Scientific Leadership Awards information and supporting documentation as criminals and those who violate human rights, (SLA) grant program, the Summer Research possible, including a full statement of the including violators living both domestically Team internship program, and a partnership reasons for the belief that the product was and abroad. HSI investigators, analysts, with the Minority Serving Institution produced by forced labor and that it may be or historians, and attorneys work with Research and Development Consortium has been imported into the United States, a governmental and non-governmental agencies (MSRDC). MSI programs improve the detailed description of the product, and all to accept tips and information from those who capabilities of MSIs to conduct research, pertinent facts known regarding the report suspected war criminals and human education, and training in areas critical to production of the product abroad and contact rights violators. Individuals seeking to report homeland security while building a diverse, information for the submitter, if possible, for these abuses of human rights may contact the highly skilled, technical workforce capable of any follow-up questions and discussions. center at [email protected]. advancing homeland security goals. The SLA Submissions can be emailed to program provides three to five years of [email protected]. “If You Have the Right to Work, Don’t Let institutional support for research and the Anyone Take it Away” Poster is a poster with education advancement of students and early Guidance to Federal Financial Assistance Department of Justice information regarding career faculty. The Summer Research Team Recipients Regarding Title VI Prohibition discrimination in the workplace. See (SRT) program provides a 10-week, full-time Against National Origin Discrimination www.justice.gov/crt/case- collaborative research experience between Affecting Limited English Proficient Persons document/file/1133936/download. recipient MSIs and the DHS Centers of 8

Department-wide Resources

Excellence. Successful teams can receive environments and how using safe habits and civil and human rights. Assisted by additional funding to continue research at the online can help prevent many instances of extensive grassroots networks, committee recipient MSI upon completion of the SRT child exploitation. That is why ICE HSI has members articulate the concerns of program. The partnership with the MSRDC partnered with the NCMEC’s NetSmartz and organizations and communities across the provides direct funding to MSIs for DHS the Internet Crimes Against Children (ICAC) country on these issues. The CRCL Officer research and rapid development Task Forces to develop Project iGuardian. For meets quarterly with the committee to discuss opportunities. For more information, please more information, see www.ice.gov/cyber- CRCL’s activities, and respond to NGO visit: Historical Funding Opportunity crimes/resources. concerns related to DHS policies, programs, Announcements http://grants.gov/; Summer and activities. For more information, please Research Team Program Posters on Common Muslim American Head contact [email protected]. www.orau.gov/dhsfaculty/; DHS research Coverings, Common Sikh American Head projects with MSRDC msrdconsortium.org. Coverings, and the Sikh Kirpan These Resources for Victims of Human Trafficking For more information, please contact training posters provide guidance to and Other Crimes USCIS offers resources for [email protected]. Department personnel on ways in which to victims of human trafficking and certain other screen, if needed, Muslim or Sikh individuals crimes and the organizations that serve them. No te Engañes (Don’t be Fooled) is the U.S. wearing various types of religious head For information about obtaining T or U Customs and Border Protection (CBP) coverings; and Sikh individuals carrying a nonimmigrant status, please see outreach campaign to raise awareness about Kirpan (ceremonial religious dagger). These www.uscis.gov/tools/humanitarian-benefits- human trafficking among potential migrants. posters are available online at: based-resources/resources-victims-human- For more information, please visit www.dhs.gov/civil-rights-and-civil-liberties- trafficking-other-crimes. www.cbp.gov/border-security/human- institute. trafficking or contact Laurel Smith at Stop the Bleed is a national awareness [email protected] or 202-344-1582. Preventing International Non-Custodial campaign and call-to-action to cultivate Parental Child Abduction DHS partners with grassroots efforts that encourage bystanders Online Resources to Prevent Child the Department of State’s Office of Children’s to become trained, equipped, and empowered Exploitation The ICE HSI Child Exploitation Issues to prevent the international abduction to help in a bleeding emergency before Investigations Unit maintains a close working of children involved in custody disputes or professional help arrives. To learn more, see relationship with the National Center for otherwise against the published order of the www.dhs.gov/stopthebleed. Missing & Exploited Children (NCMEC) in court. If you are interested in learning about the fight against child exploitation. ICE HSI restricting the international travel of your Victim Assistance Program (VAP) provides has a fulltime liaison with the center, and the child, please contact the DOS Office of information and assistance to victims of unit helps disseminate information the center Children’s Issues at federal crimes, including human trafficking, receives via its CyberTipline to more than 50 [email protected] or the 24 hour child exploitation, human rights abuse, and countries across the globe. Investigations of hotline 888-407-4747. white collar crime. VAP headquarters child sexual exploitation are among HSI’s personnel, as well as Victim Assistance primary investigative priorities. Quarterly NGO Civil Rights / Civil Liberties Specialists (VAS) and Victim Assistance Committee Meeting CRCL hosts regular Coordinators (VAC) in the field, also provide Project iGuardian provides children, teens, meetings with representatives of more than 20 training and technical assistance to special parents, and teachers with information civil society organizations primarily working agents, law enforcement partners, and other regarding the potential dangers of online on matters at the intersection of immigration agencies. Full-time Forensic Interview 9

Department-wide Resources

Specialists are also available to conduct DHS Center of Excellence: Center for the commercial operations of U.S. Customs developmentally appropriate, legally Accelerating Operational Efficiency (CAOE) and Border Protection and related DHS defensible, and victim-sensitive interviews in led by Arizona State University, develops and functions. For more information, see HSI cases involving child, adolescent, or applies advanced analytical tools and www.cbp.gov/trade/stakeholder- special needs victims. VAP has developed technologies to enhance planning, information engagement/coac. informational brochures on human trafficking sharing and real-time decision-making in victim assistance, crime victims’ rights, white homeland security operations. For more The Border Interagency Executive Council collar crime, and the victim notification information, see https://caoe.asu.edu or (BIEC) The Border Interagency Executive program. For more information, please contact contact [email protected]. Council (BIEC) is an interagency working VAP at [email protected] or 866- group formally established by Executive Order 872-4973. DHS Emeritus Center of Excellence: The 13659. The BIEC serves as an Executive National Center for Risk and Economic Advisory Board charged with assisting federal Victim of Immigration Crime Engagement Analysis of Terrorism Events (CREATE) agencies in their efforts to enhance (VOICE) Office was established to developed a suite of tools for security patrol coordination across customs, transport acknowledge and provide information to crime scheduling using applied game theory. security, health and safety, sanitary, victims and their families who have been Assistant for Randomized Monitoring Over conservation, trade, and phytosanitary impacted by crimes committed by individuals Routes(ARMOR) tools generate intelligently agencies with border management authorities with a nexus to immigration. VOICE can help randomized patrol schedules that optimize and responsibilities to measurably improve victims of crime, witnesses of crimes, countermeasures’ effectiveness and deterrence supply chain processes and the identification individuals with a legal responsibility to act effect. ARMOR software randomizes patrols, of illicit and non-compliant shipments. BIEC on behalf of a victim or witness (e.g., inspections, schedules, plans or actions membership includes senior leadership from attorneys, parents, legal guardians), and carried out by security agencies. ARMOR has Departments and agencies with border individuals acting at the request of a victim or been in use at Los Angeles Airport (LAX) to management authorities and responsibilities, witness. Victims can sign up to receive randomize security checkpoints and canine as well as representatives from the Executive automated custody status information about patrols since 2007. Variants of ARMOR have Office of the President. Per Executive Order an alien in custody through the Department of been adopted by the U.S. Federal Air 13659, the BIEC is to measurably improve Homeland Security Victim Information and Marshals Service, Transportation Security supply chain processes and the identification Notification Exchange (DHS-VINE), Agency, and U.S. Coast Guard. For more of illicit and non-compliant shipments. For releasable criminal or immigration history information, see https://create.usc.edu/ or more information, visit about an alien, or access to social service contact [email protected]. www.cbp.gov/trade/trade-community/border- professionals available to refer victims to local interagency-executive-council-biec/biec- service providers. ICE has established a toll- Outreach and Engagement frequently-asked-questions-faqs. free hotline staffed with operators who will take calls to ensure victims receive the Advisory Committee on Commercial CBP Industry Partnership and Outreach support they need. The number is 1-855-48- Operations of Customs and Border Protection Program serves as CBP’s primary interface to VOICE or 1-855-488-6423 (Mon.-Fri. 8am-8pm (COAC) The Advisory Committee on industry for education and information on EST). Commercial Operations of Customs and procurement opportunities, and it’s Small Border Protection (COAC) advises the Business Program. The program is responsible Economic Analysis Secretaries of the Department of the Treasury for processing unsolicited proposals and and the Department of Homeland Security on includes in its organizational structure, CBP’s 10

Department-wide Resources procurement ombudsman. Officially serving www.cbp.gov/trade/stakeholder- Security Events (NSSEs). The SEP provides a as CBP’s “Task and Delivery Order engagement/user-fee-advisory-committee framework through which federal, state, local, Ombudsman,” the program director addresses and territorial entities can identify special vendors’ concerns or complaints, relating to Critical Manufacturing (CM) Working Groups events occurring within their jurisdictions; task or delivery order award procedures. All Critical Manufacturing Sector Coordinating request federal support; and, after evaluation inquiries are handled in an impartial (and Council (SCC) and Government Coordinating and assessment, receive appropriate federal upon request, confidential) manner. Vendors Council (GCC) members have the opportunity support. The SEP also supports the United seeking information on how to do business to participate in the CM Information Sharing States Secret Service in its execution of with CBP should go to Working Group and the CM Cyber Security NSSEs. A primary responsibility of the SEP is www.cbp.gov/xp/cgov/toolbox/contacts/contract Working Group. The Working Groups provide to support the Federal Coordination Team ing/ a platform for industry and government to (FCT) (when designated by the Secretary of discuss topics of interest and exchange best DHS for select events). The SEP provides the U.S. Customs and Border Protection (CBP) practices. Meetings occur monthly and are FCT with a scalable Special Events Support Intergovernmental Public Liaison A posted on the CM Homeland Security Cell that deploys to the special event, component of the CBP Commissioner’s Office, Information Network (HSIN) site. For more providing subject matter expertise, situation Intergovernmental Public Liaison (IPL) Office information, see reporting, and interagency/inter-government strives to build and maintain effective www.dhs.gov/files/committees/gc_1277402017 liaison. The SEP mission is to assure that relationships with state, local, tribal, and 258.shtm or email [email protected]. information regarding special events is shared territorial governments through regular, across the federal government and that state transparent and proactive communication. CWMD Industry Engagement Program and local resource needs are communicated Governmental questions regarding issues and The DHS Countering Weapons of Mass across the agencies with responsibility for policy pertaining to countering terrorism and Destruction Office (CWMD) works to counter special event planning and protection. The transnational crime, border security, and attempts by terrorists and other threat actors SEP achieves this mission through trade and travel facilitation can be referred to to carry out an attack against the United collaboration with the interagency SEWG. For the IPL at: cbp-intergovernmental-public- States or its interests using a weapon of mass more information, please contact ops- [email protected] or 202-325-0775. destruction. To accomplish this mission, [email protected]. CWMD works with industry partners to: Customs and Border Protection User Fee • develop and acquire technology; DHS Center for Faith-based & Neighborhood Advisory Committee (UFAC) • invest in basic and applied research to Partnerships (CFBNP) builds, sustains, and The UFAC advises the Secretary of the support new technologies; improves effective partnerships between Department of Homeland Security (DHS) on • improve the performance of deployed government sectors and faith-based and issues related to the performance of technologies; and community organizations. Located within inspections coinciding with the assessment of • strengthen the nation’s bio-detection FEMA, CFBNP is a vital communication link an agriculture, customs, or immigration user programs. and engagement partner for faith-based and fee. This guidance should include, but is not For more information, please contact community organizations across the entire limited to, the time period during which such [email protected]. Department of Homeland Security. Visit services should be performed, the proper www.dhs.gov/fbci. For more information or to number and deployment of inspection officers, The DHS Operations Special Events Program sign up to receive Information Updates, e-mail the level of fees, and the appropriateness of (SEP) is designed to address special events [email protected]. any proposed fee. that are not designated as National Special 11

Department-wide Resources

DHS Industry Liaisons: These component Vendors seeking to do business with FEMA in FEMA Small Business Industry Liaison Industry Liaisons provide communication support of a disaster recovery effort, please be Program provides information on doing with industry. Industry is encouraged to aware that in accordance with the Robert T. business with FEMA, specifically with regard contact representatives when there are Stafford Act (specifically section 307), FEMA’s to small businesses. Small business vendors questions about conducting business with goal is to seek local companies within the are routed to the FEMA Small Business DHS. Find contact information at disaster area for goods and services related to Analyst for notification, support and www.dhs.gov/xopnbiz/opportunities/industry- a specific disaster when practical and feasible. processing. For more information see communication-liaisons.shtm. Visit www.fema.gov/industry-liaison-program. www.fema.gov/small-business-program or contact [email protected]. DHS Loaned Executive Program Come work Emergency Support Function (ESF) #14 – for DHS! The Loaned Executive Program Cross-Sector Business and Infrastructure The Homeland Security Advisory Council provides an excellent opportunity (unpaid) for supports the coordination of cross-sector (HSAC) provides advice and recommendations private sector subject matter experts from operations, including stabilization of key to the Secretary of Homeland Security on across sectors and industries to serve in a supply chains and community lifelines, among matters related to homeland security. The unique capacity on temporary rotation or infrastructure owners and operators, Council is comprised of 30 members selected sabbatical at DHS. If you or your company are businesses, and their government partners. by the Secretary that are leaders from State interested in becoming more involved, visit ESF #14 is complementary to the Sector- and local government, first responder www.dhs.gov/loaned-executive-program or Specific Agencies (SSA) and other ESFs and is communities, the private sector, and please e-mail [email protected]. a mechanism for entities that are not aligned academia. The Council is an independent, to an ESF or have other means of bipartisan advisory board of leaders that The DHS Private Sector Office (PSO) serves coordination. ESF #14 supports growing recently produced reports on border security, as a primary advisor to the Secretary on all efforts to enable assistance among critical countering violent extremism, community homeland security issues that impact the infrastructure sectors and helps coordinate resilience, sustainability and efficiency, and private sector, defined as businesses, trade and sequence such operations to mitigate the previous Homeland Security Advisory associations, not-for-profits, and other non- cascading failures between them. ESF #14 System. For more information or to apply to governmental-organizations. The PSO also also integrates SSA incident response be a member, please visit works to create and foster strategic operations with ESFs and other relevant www.dhs.gov/files/committees/editorial_0331.s communications with the private sector and to public-private sector coordinating entities. htm or contact at [email protected]. interface with other relevant federal agencies The Federal Government seeks to enable— to help create a more secure nation. For more where possible—business and infrastructure Hometown Security Initiative works to protect information on PSO, please visit owners and operators that have the against attacks on public gatherings and www.dhs.gov/private-sector-office or call 202- authorities, capabilities, and resources to public places to enhance the Nation’s security. 282-8484. stabilize community lifelines. For more DHS engages closely with our private sector information, visit www.fema.gov/media- and community partners to provide advice and FEMA Industry Liaison Program establishes library/assets/documents/25512. assistance about protective measures they strategic relationships with suppliers and may implement to protect facilities and stakeholders; serves as an information FEMA Private Sector E-alerts are periodic e- venues. DHS provides tools and resources to provider for suppliers seeking to do business alerts providing timely information on topics our communities because the Department with FEMA; and connects suppliers with of interest to private sector entities. recognizes that communities are the first line program offices in support of FEMA’s mission. of defense in keeping the public safe and 12

Department-wide Resources secure. “Connect – Plan – Train – Report” is a (FOD) field offices. The VOICE Office assists Private Sector Office/FEMA Office of simple four-step action plan for small and victims impacted by crimes committed by Response and Recovery FEMA established medium sized businesses, non-profits, and individuals with a nexus to immigration. For the Private Sector Division (PSD) in 2007 to faith-based organizations to consider when more information, see communicate, cultivate and advocate for thinking about the safety and security of their www.ice.gov/leadership/ope, or contact the collaboration between the U.S. private sector businesses, members and customers. To learn Community Relations Officer in your area, and FEMA, to support FEMA’s capabilities more about the Hometown Security Initiative, www.ice.gov/contact/ope. and to enhance national preparedness, please visit www.dhs.gov/cisa/hometown- protection, response, recovery, and mitigation security. Office of Small and Disadvantaged Business of all hazards. PSD operates the National Utilization (OSDBU) serves as the focal point Business Emergency Operations Center. ICE Office of Public Affairs (OPA) is dedicated for small business acquisition matters and Contact: [email protected] to building understanding and support for the works closely with all DHS Components. agency mission through outreach to OSDBU makes available forecasts of contract Regional Private Sector Liaisons FEMA employees, the media and the general public. opportunities, vendor outreach sessions, lists designated a private sector liaison in each of ICE field public affairs officers are stationed of component small business specialists, DHS its 10 regions to cultivate two-way throughout the country and are responsible prime contractors, and information about the communication between FEMA, for regional media relations in specific DHS mentor-protégé program. For more state/local/tribal/territorial officials, and the geographic areas. For more information, see information, see www.dhs.gov/office-small- private sector during steady state and disaster www.ice.gov or contact and-disadvantaged-business-utilization-staff operations. For more information, please [email protected], or 202-732- or contact DHS OSDBU at 202-447-5555. contact fema-private-sector- 4646. [email protected]. Private Sector Updates The DHS Private ICE Office of Partnership and Engagement Sector Office sends weekly e-mails with Science and Technology Directorate (S&T) (OPE) coordinates outreach efforts with the homeland security news and resources to our Industry Liaison: Industry Liaison serves as public, key stakeholders, and ICE leadership private sector partners. To ensure that your S&T’s primary interface to the private sector to increase local and national awareness of organization has the most up to date by communicating S&T’s requirements and U.S. Immigration and Customs Enforcement’s information on homeland security related partnership tools. This office is responsible for (ICE) mission, while building relationships private sector information, visit responding to inquiries and directing partners and fostering trust in our communities. OPE, https://service.govdelivery.com/service/subscri to the appropriate point of contact; and headquartered in Washington, D.C. has two be.html?code=USDHS_99. For more coordinating S&T’s engagement and outreach distinct offices: the Community Engagement information, contact [email protected]. opportunities with industry. For more Office and the Victims Of Immigration Crime information, email Engagement (VOICE) Office. The Community FEMA Office of External Affairs The FEMA [email protected]. Engagement Office has a cadre of 25 Office of External Affairs (OEA) engages, community relations officers (CROs) in field informs and educates the private sector and Cybersecurity and Infrastructure Security offices across the United States who serve as other external stakeholders on the Agency’s Agency (CISA) CISA is the Nation’s risk liaisons to the public, key stakeholders, and programs and initiatives to achieve FEMA’s advisor, working with partners to defend ICE leadership. CROs are co-located mission of helping people before, during and against today’s threats and collaborating to throughout the country at either the Special after a disaster. build more secure and resilient infrastructure Agent in Charge (SAC) or Field Office Director for the future. CISA’s partners in this mission 13

Department-wide Resources span the public and private sectors. CISA’s instructional videos, and links to external IS-1171: Overview of Interagency Security comprehensive understanding of the risk educational resources. The portal is available Committee (ISC) Publications is the second environment and the corresponding needs to HSIN-CI users only. For more information, course in the ISC web-based training series. identified by its stakeholders drives programs see www.dhs.gov/homeland-security- This course provides an overview of ISC and services provided. CISA seeks to help information-network-hsin. facility security standards and policies and organizations better manage risk and increase other documents that support the Risk resilience using all available resources, IS-860.c National Infrastructure Protection Management Process (RMP). The course can whether provided by the Federal Government, Plan (NIPP) is an Independent Study course be accessed at: commercial vendors, or their own capabilities. that presents an overview of the NIPP. The https://training.fema.gov/is/crslist.aspx?all=tr For more information visit: www.dhs.gov/cisa. NIPP provides the unifying structure for the uehttp://training.fema.gov/emiweb/is/is890a.as integration of existing and future critical p. For more information contact Policy Guidance infrastructure protection and resiliency efforts [email protected] into a single national program. This course has been updated to align with the NIPP that Planning and Response to an Active Shooter: American National Standards Institute – was released in 2009. Classroom materials are An Interagency Security Committee Policy and Homeland Defense and Security also available for this course. For more Best Practices Guide (Non-FOUO) This Standardization Collaborative (ANSI-HDSSC) information, visit document streamlines existing ISC policy on identifies existing consensus standards, or, if https://training.fema.gov/is/courseoverview.as active shooter incidents into a cohesive policy none exist, assists DHS and sectors requesting px?code=is-860.c or contact and guidance document that agencies housed assistance to accelerate development and [email protected]. in federal facilities can use as a reference to adoption of consensus standards critical to enhance preparedness for an active shooter homeland security. The ANSI-HDSSC IS-1170 Introduction to the Interagency incident. This version is publicly available as a promotes a positive, cooperative partnership Security Committee (ISC) is the first course in reference document for the private sector to between the public and private sectors in the independent study ISC web-based training include a wider audience that may benefit from order to meet the needs of the nation in this series. The purpose of this series of courses is the information presented therein. For more critical area. Participation in the ANSI- to provide federal facility security information: www.dhs.gov/publication/isc- HDSSC is open to representatives of industry, professionals, engineers, building owners, planning-and-response-active-shooter-guide government, professional societies, trade construction contractors, architects, and the associations, standards developers, and public with basic information pertaining to 2019 Edition - Violence in the Federal consortia groups directly involved in U.S. the ISC and its facility security standards, Workplace: A Guide for Prevention and Homeland Security standardization. For processes, and practices. This course provides Response This document provides guidance on additional information visit an overview of the history of the ISC, its how agencies can develop a workplace violence www.ansi.org/standards_activities/standards_ mission and organization, and a basic outline program capable of preparing for, preventing, boards_panels/hssp/overview. of the ISC risk management process. The and responding to incidents of workplace course can be accessed at: violence. The Appendices: address how to Critical Infrastructure Training Portal https://training.fema.gov/is/courseoverview.as evaluate threats; provide example policy, Housed on the Homeland Security px?code=is-1170. For more information, checklists, and a list of other free and online Information Network – Critical Infrastructure contact materials; and include several case studies for (HSIN-CI), this portal offers a single point of [email protected]. consideration. entry for relevant training, guidance documents, presentations, brochures, 14

Department-wide Resources

National Incident Management System intended to capture specific authorities and (NIMS) provides a systematic, proactive best practices for managing small- or large- Sector Specific Plans (SSPs) support the approach to guide departments and agencies scale incidents, terrorist attacks or National Infrastructure Protection Plan by at all levels of government, nongovernmental catastrophic natural disasters. The fourth establishing a coordinated approach to organizations, and the private sector to work edition of the NRF focuses on outcomes-based national priorities, goals, and requirements seamlessly to prevent, protect against, response through the prioritization of the for critical infrastructure protection. Each respond to, recover from, and mitigate the rapid stabilization of community lifelines. The SSP provides the means through which the effects of incidents, regardless of cause, size, latest edition also emphasizes the importance NIPP is implemented for each sector, as well location, or complexity, in order to reduce the of enhancing unity of effort between as a national framework to address the loss of life and property and harm to the government and private sector through sector’s unique characteristics and risk environment. For more information, see increased coordination and collaboration. For landscape. DHS collaborates with www.fema.gov/national-incident- more information, visit government and private sector partners to management-system. Questions regarding www.fema.gov/national-planning-framework. develop, update, and maintain SSPs for the NIMS should be directed to fema- Chemical, Commercial Facilities, [email protected] or 202-646-3850. Cybersecurity and Infrastructure Security Communications, Critical Manufacturing, Agency (CISA) Sector-Specific Agency Sector Dams, Emergency Services, Information National Disaster Recovery Framework Snapshots, Fact Sheets and Brochures These Technology, and Nuclear Sectors. For more (NDRF) products provide a quick look at CISA sectors information, or to review copies of the 2015 The National Disaster Recovery Framework is and contain sector overviews as well as SSPs visit a guide that enables effective recovery support information on sector partnerships, critical www.dhs.gov/files/programs/gc_117986619760 to disaster-impacted States, Tribes, Territorial infrastructure protection issues and priority 7.shtm. and local jurisdictions. It provides a flexible programs. These products include fact sheets structure that enables disaster recovery and brochures for chemical, commercial managers to operate in a unified and facilities, critical manufacturing, dams, Privacy collaborative manner. It also focuses on how emergency services and nuclear sectors. The DHS Privacy Office sustains privacy best to restore, redevelop and revitalize the Additional materials are available on request. protections and the transparency of health, social, economic, natural and For more information, contact [email protected]. government operations while supporting the environmental fabric of the community and DHS mission. The DHS Privacy Office ensures build a more resilient Nation. Visit: Cybersecurity and Infrastructure Security DHS programs and operations comply with www.fema.gov/national-disaster-recovery- Agency (CISA) and National Infrastructure federal privacy laws and policies. Members of framework. Protection Plan Booths are available for the public can contact the Privacy Office with exhibition at national and sector-level events concerns or complaints regarding their National Response Framework (NRF) is a to promote awareness of the IP mission and privacy. For more information, visit guide for how the nation responds to all types the NIPP to government partners and www.dhs.gov/privacy or contact of disasters and emergencies. It is built upon infrastructure owners and operators. In [email protected], 202-343-1717. scalable, flexible, and adaptable coordinating addition, IP maintains a cadre of trained structures to align key roles and speakers who are available to speak on critical Privacy Impact Assessments (PIAs) are responsibilities across the nation, linking all infrastructure protection and resilience issues decision-making tools used to identify and levels of government, nongovernmental at conferences and events. For more mitigate privacy risks at the beginning of and organizations, and the private sector. It is information, contact [email protected]. throughout the development life cycle of a 15

Department-wide Resources program or system. They help the public posted on our website Secret Service's ECTF and Electronic Crimes understand what personally identifiable at: www.dhs.gov/privacy. Working Group initiatives prioritize information (PII) the Department is collecting, investigative cases that involve electronic why it is being collected, and how it will be crimes. These initiatives provide necessary used, shared, accessed, and stored. All PIAs support and resources to field investigations issued by DHS may be found here: Protecting Against Fraud & that meet any one of the following criteria: www.dhs.gov/files/publications/editorial_0511. significant economic or community impact, shtm. Counterfeiting participation of organized criminal groups involving multiple districts or transnational DHS Privacy Office Disclosure and U.S. Customs and Border Protection (CBP) organizations, or the use of schemes involving Transparency Private sector organizations can Directives Pertaining to Intellectual Property new technology. For more information, see use the Freedom of Information Act (FOIA) to Rights are policy guidance documents that www.dhs.gov/sites/default/files/publications/us get specific information from Federal agencies. explain CBP legal authority and policies ss_electronic-crimes-taskforces.pdf. To view the process for submitting a FOIA implementing certain laws and regulations. request, or to see a library of past requests, They are distributed to CBP personnel to Financial Crimes Task Forces (FCTF) please visit clarify implementation procedures and are combines the resources of the Secret Service, www.dhs.gov/xfoia/editorial_0579.shtm or sign made available to the public to explain CBP’s state and local law enforcement, and the up to receive notices regarding new policies. To access these directives, visit financial industry to combat financial crimes. disclosures added to the FOIA Library at www.cbp.gov/xp/cgov/trade/legal/directives/ or The technological advance of domestic and www.dhs.gov/subscribe-foia-library- contact [email protected]. transnational criminals allows new avenues to notifications. exploit financial institutions, thus making Commercial Fraud ICE HSI investigates internationally-based criminal enterprises DHS Data Privacy and Integrity Advisory commercial fraud involving imports into and even more problematic for law enforcement. Committee (DPIAC) provides advice at the exports from the Unites States. The ICE HSI The most effective means of combating request of the Secretary of Homeland Security Commercial Fraud Programs Unit, which is organized criminal elements, both in the U.S. and the DHS Chief Privacy Officer on led by the National Intellectual Rights and abroad, is by using the Financial Crimes programmatic, policy, operational, Coordination Center, prioritizes health and Task Forces. The multi-agency components administrative, and technological issues safety violations, U.S. economic interests, and are well suited to conduct complex, in-depth, within the DHS that relate to personally duty collection. For more information, see multi-jurisdictional investigations. For more identifiable information, as well as data www.iprcenter.gov.file-repository/commercial- information contact your local Secret Service integrity and other privacy-related matters. fraud-fact-sheet.pdf/view. field office at To review DPIAC recommendations and for www.secretservice.gov/field_offices.shtml. information on public meetings, please visit Electronic Crimes Task Force (ECTF) www.dhs.gov/privacy-office-dhs-data-privacy- Program brings together not only federal, How to Protect Your Rights The flow of and-integrity-advisory-committee. state and local law enforcement, but also counterfeit and pirated goods is a global prosecutors, private industry and academia. problem that requires vigorous collaboration DHS Privacy Office Annual Reports to The common purpose is the prevention, between customs agencies and rights owners Congress: These reports, which highlight the detection, mitigation and aggressive to ensure effective intellectual property accomplishments of the Privacy Office, are investigation of attacks on the nation's enforcement at the border. Working with CBP financial and critical infrastructures. The U.S. provides many benefits for rights owners of 16

Department-wide Resources patents, copyrights, and trademarks to ensure works with the public and financial controlled dual-use commodities and maximum intellectual property rights institutions to combat TBML, which entails technology, and firearms and ammunition. To protection. The three steps you can take to the use of international trade transactions in report suspicious activity, call 1-866-DHS-2- maximize your relationship with CBP are e- an attempt to hide the true source of funds. ICE (1-866-347-2423) or complete ICE HSI's Recordation, e-Allegations, and information Combatting TBML is a shared mission online tip form at www.ice.gov/tipline. sharing. For more information, visit between the federal government, the private www.cbp.gov/linkhandler/cgov/trade/priority_t sector, and foreign partners. Report suspicious Intellectual Property Rights (IPR) Fact Sheet rade/ipr/legal/ipr_guide.ctt/ipr_guide.pdf. activity by contacting your local ICE HSI U.S. Customs and Border Protection enforces office or by emailing [email protected]. IPR, most visibly by seizing products that HSI Illicit Finance and Proceeds of Crime For more information, visit infringe IPR such as trademarks and, Unit (IFPCU) recognizes the private sector www.ice.gov/trade-transparency. copyrights that have been recorded with CBP, represents America’s first line of defense or are subject to exclusion orders issued by the against money laundering. In furtherance of ICE HSI National Security Investigations U.S. International Trade Commission. The ICE HSI’s mission of safeguarding the citizens Division ICE is involved in almost every theft of intellectual property and trade in fake and critical infrastructure of the United foreign terrorism investigation related to goods threaten America’s economic vitality States from threats posed by the illegal cross-border crime. Foreign terrorists need to and national security, and the American movement of people and goods into and move money, weapons and people across people’s health and safety. For more through the U.S., IFPCU partners with the international borders to conduct their information, please visit business community, along with state and operations, and ICE holds a unique set of law www.cbp.gov/trade/priority-issues/ipr federal agencies, to combat financial and trade enforcement tools for disrupting these illicit crimes. Through various outreach initiatives, activities. ICE HSI’s National Security Intellectual Property Rights (IPR) Continuous IFPCU works to identify and eliminate Investigations Division, integrates the Sample Bond is a continuous bond option for vulnerabilities within the U.S. financial, agency's national security investigations and Intellectual Property Rights (IPR) sample trade, and transportation sectors. These counter-terrorism responsibilities into a single bonds. Under CBP regulations, CBP may vulnerabilities have the potential to be used overarching division. To report suspicious provide samples of certain merchandise by criminal organizations and terrorist groups activity, call 1-866-DHS-2-ICE (1-866-347- suspected of bearing infringing trademarks, to finance their illicit activities and avoid 2423) or complete ICE HSI's online tip form at trade names, or copyrights of imports seized detection by law enforcement. In addition to www.ice.gov/tipline. for such violations, to trademark, trade name, its outreach efforts, IFPCU periodically and copyright owners. For more information, publishes articles and provides information ICE HSI’s Counter-Proliferation email [email protected], or call 317- related to current industry trends and other Investigations (CPI) unit, within the agency's 614-4880. topics of interest at www.ice.gov/cornerstone. Global Trade Investigations Division, safeguards national security by preventing Intellectual Property Rights (IPR) HSI Trade-based Money Laundering sensitive U.S. technologies and weapons from Enforcement: A Priority Trade Issue (TBML)/Trade Transparency Unit reaching the hands of adversaries. The CPI Counterfeit trade and pirated goods threatens The primary mission of ICE HSI’s Trade unit specifically targets the trafficking or America’s innovation economy, the Transparency Unit (TTU) is to aggressively illegal export of: materials used to competitiveness of our businesses, the identify and thwart TBML. TTUs conduct manufacture weapons of mass destruction, livelihoods of U.S. workers, national security, analysis of trade data and provide support to chemical, biological, radiological and nuclear and the health and safety of consumers. These financial and trade investigations. ICE HSI materials, military equipment and technology, illegitimate goods are associated with 17

Department-wide Resources smuggling and other criminal activities, and located using alien number (A-number) and often funds criminal enterprises. For more country of birth or by biographical information Report an IPR Violation In furtherance of the information, visit www.cbp.gov/trade/priority- (first name, last name, country of birth and U.S. government’s IPR enforcement efforts, issues/ipr. date of birth). For more information, visit the IPR Center encourages the general public, https://locator.ice.gov/odls/homepage.do. industry, trade associations, law enforcement, Intellectual Property Rights (IPR) Help Desk and government agencies to report violations can provide information and assistance for a Operation Genesis is a voluntary partnership of intellectual property rights. To better range of IPR related issues including: IPR with the printing industry to share facilitate IP theft reporting, the IPR Center border enforcement procedures, reporting information and develop investigative leads created an “IP Theft Button.” As a result, allegations of IPR infringement, assistance for regarding the practices of organized document anyone with Internet access has the capability owners of recorded trademarks and copyrights fraud rings. Operation Genesis affords an to report an IPR violation and provide to develop product identification guides and to opportunity for the printing industry to information directly to the IPR Center for assist officers at ports of entry with collaborate with ICE to identify and disrupt investigative consideration. If a company or identifying IPR infringing goods. For more document fraud. Information available to individual has specific information concerning information, contact [email protected]. Operation Genesis interested parties include a IP theft, they can email [email protected], broad-based introductory brochure. For more visit www.iprcenter.gov, call 866-IPR-2060, or Intellectual Property Rights (IPR) Seizure information, contact [email protected]. click on the IP Theft Button now available on Statistics CBP maintains statistics on IPR U.S. Embassy, U.S. Consulate, private seizures made by the DHS. See Operation Guardian is a multi-agency effort to industry, and trade association websites www.cbp.gov/trade/priority- combat the increasing importation of worldwide at www.iprcenter.gov/referral/view. issues/ipr/statistics. substandard, tainted, and counterfeit products that pose a health and safety risk to U.S. International Trade Commission National Intellectual Property Rights consumers. The identification of these (USITC) Exclusion Orders CBP also enforces Coordination Center (IPR Center) is a task commodities has led to the successful exclusion orders issued by the U.S. force that uses the expertise of its member detention and seizure of numerous containers International Trade Commission, the majority agencies to share information, develop of hazardous products. For more information, of which are patent-based. Requests for initiatives, coordinate enforcement actions, visit www.iprcenter.gov.ip-theft/ongoing- rulings on the admissibility of redesigned and conduct investigations related to operations. articles or articles that were not adjudicated intellectual property theft. Through this by the USITC may be sent to strategic interagency partnership, the IPR Operation In Our Sites specifically targets [email protected]. Center protects public health and safety, the websites and their operators that distribute U.S. economy, and the war fighters. If a counterfeit and pirated items over the Intellectual Property Rights (IPR) e- company has specific information concerning Internet, including counterfeit Recordation and IPR Search The first step in IP theft, it can send an email to pharmaceuticals and pirated movies, obtaining IPR protection by CBP is to record [email protected], visit www.iprcenter.gov, or television shows, music, software, electronics, validly registered trademarks and copyrights call 866-IPR-2060. and other merchandise, as well as products with CBP through the Intellectual Property that threaten public health and safety. For Rights e-Recordation (IPRR) online Online Detainee Locator System The online more information, visit application. Once recorded, trademarks and system can be used to locate a detainee who is www.iprcenter.gov/file-repository/ipu- copyrights can be viewed on Intellectual currently in ICE custody. Detainees may be operation-in-our-sites-2016.docx/view. Property Rights Search (IPRS), the 18

Department-wide Resources searchable, public version of CBP’s CRADA is intended for R&D collaborations recordation database. Recordation and related Broad Agency Announcements (BAA) are with an innovative or entrepreneurial non- inquiries should be directed to acquisition instruments for research and Federal entity that can succeed in moving http://iprs.cbp.gov/ development projects which address DHS federally funded technology to the commercial capability gaps or advance technical market. Technology developed in the federal Gray Market and Lever-Rule Protection knowledge in the basic sciences and to gain laboratories can utilize the CRADA program Requests for enhanced trademark recordation access to original, state-of-the-art, basic and to establish partnerships for research and status relative to restrictions on gray market applied research proposals. DHS S&T uses development in areas with potential to articles and articles that are physically and BAAs in two ways: Long-Range Broad Agency advance homeland security missions. For materially different (Lever-Rule) than those Announcements (LRBAA) and Targeted more information, contact [email protected]. authorized for sale in the U.S. may be BAAs. LRBAAs are used for ongoing areas of submitted to [email protected]. For need that support the DHS overarching Defense Technology Experimental Research more information see 19 CFR 133.23, mission areas. Targeted BAAs are often used (DETER) is a national cybersecurity available at www.ecfr.gov/cgi-bin/text- when there is a need that has not been met experimental infrastructure which enables idx?sid=a67e218dc90d00a19ed0e232c55eac79 and there is a programmatic requirement to users to study and evaluate a wide range of &mc=true&node=pt19.1.133&rgn=div5#se19. find and propose a solution within a scheduled computer security technologies including 1.133_123. timeframe. For submission instructions, encryption, pattern detection, intrusion evaluation criteria, research topics, and to tolerant storage protocols, next generation apply online, visit: https://baa2.st.dhs.gov. network simulations; as well as, develop and Research and Product share educational material and tools to train The Catalog of Federal Domestic Assistance the next generation of cybersecurity experts. Development (CFDA) provides a full listing of all Federal Newsletters, published papers, videos and programs available to state and local presentations can be viewed at The Acquisition Planning Forecast System governments (including the District of www.isi.edu/deter/ or contact testbed- (APFS) provides the DHS Forecast of Contract Columbia); federally-recognized Indian tribal [email protected]. Opportunities in accordance with Public Law governments; Territories (and possessions) of 100-656, Section 501. The Forecast data is for the United States; domestic public, quasi- DHS Silicon Valley Innovation Program planning purposes and is not a commitment public, and private profit and non-profit (SVIP) expands DHS S&T’s reach to find new by the government to purchase the desired organizations and institutions; specialized technologies that strengthen national security products and services. Please note that the groups; and individuals. DHS Programs can with the goal of reshaping how government, contact information in this system is provided be found under the 97.000 series or are entrepreneurs, and industry work together to to the vendor community for the specific searchable through the tools on CFDA’s main find cutting edge solutions. The program requirements identified in each potential page. For more information, see reaches out to innovation communities across contract action. Use of contact information for www.cfda.gov. the nation and around the world to harness mass distribution of marketing materials the commercial R&D ecosystem for unrelated to a specific need is improper use of Cooperative Research and Development technologies with government applications the system. The search screen below is Agreements (CRADAs) are part of the and to co-invest in and accelerate technology provided for your use in locating potential National Technology Transfer Program, transition-to-market. For more information future contract actions. For more information, designed to assist federal laboratories in visit visit http://apfs.dhs.gov/. leveraging taxpayer dollars. The DHS www.dhs.gov/science-and-technology/svip. 19

Department-wide Resources

open source software communities focused on research institution (one from the U.S. and DHS Technology Transfer and security. The objectives are to improve the one from Israel) to foster and support joint Commercialization Program serves as the process for government acquisition of open development for advanced technologies in the centralized point to manage technology technology, encourage the contribution of homeland security mission. For information transfer activities throughout DHS and the government funded research to the on current and future solicitations, research DHS’ lab network. This program also communities, and identify and seed topics, submission instructions, evaluation promotes the transfer and/or exchange of development in prioritized gaps. For more criteria, and how to apply, visit: technology with industry, state and local information, visit www.cyber.st.dhs.gov/host. www.birdf.com/. governments, academia, and other federal agencies. The technologies developed and The Homeland Security Science and Mass Transit Security Technology Testing In evaluated within DHS can have potential Technology Advisory Committee (HSSTAC) coordination with TSA’s Requirements and commercial applications and dramatically provides consensus scientific and technical Capabilities Analysis (RCA) and DHS’s Office enhance the competitiveness of individual advice to the Under Secretary for Science and of Science and Technology, the Mass Transit small businesses, as well as expanding areas Technology. Its members include Division pursues development of multiple of exploration and cooperation for non-federal representatives of the private sector. Its technologies to advance capabilities to detect partners. For more information, visit activities focus on strengthening America’s and deter terrorist activity and prevent www.dhs.gov/xabout/structure/gc_1264538499 security and resiliency by providing attacks. TSA partners with mass transit and 667.shtm. knowledge products and innovative technology passenger rail agencies to conduct pilot solutions for the Homeland Security testing of various security technologies. These DHS Small Business Innovation Research Enterprise. Among its tasks, the committee activities evaluate these capabilities in the (SBIR) Program is designed to stimulate advises the Under Secretary on how best to varied operational environments that prevail technological innovation; strengthen the role leverage related technologies funded by the in rail and bus operations across the country. of small business in meeting DHS research private sector. For more information, see For more information, contact and development needs; foster and encourage www.dhs.gov/homeland-security-science-and- [email protected]. participation of socially and economically technology-advisory-committee-hsstac. disadvantaged persons and women-owned National Urban Security Technology small business concerns in technological Israel-U.S. Binational Industrial Research Laboratory (NUSTL) provides the nation’s innovation; and increase the commercial and Development (BIRD) Foundation, in first responder community with services, application of DHS-supported research or partnership with the DHS Science and products and tools to prevent, protect against, research and development results. SBIR Technology Directorate, is designed to mitigate, respond to and recover from research areas are chosen for their stimulate, promote and support joint (non- homeland security threats and events. applicability to support homeland security defense) industrial R&D of mutual benefit to NUSTL conducts testing and evaluation missions and address the needs of the eight Israel and the United States. Established (T&E) that influences technology development DHS operational units. Additional under the agreement between the and informs acquisition and deployment information can be found at Government of the United States of America decisions. NUSTL leads operational T&E and https://sbir2.st.dhs.gov. and the Government of the State of Israel on field assessments; performs independent Cooperation in Science and Technology for laboratory testing; conducts technology Homeland Open Security Technologies works Homeland Security Matters, BIRD Homeland performance characterization; and holds to improve federal, state, and local Security funds R&D cooperation between two operational experimentations with end users government’s ability to collaborate with the companies or a company and a university / and private industry manufacturers. NUSTL 20

Department-wide Resources also manages a radiological/nuclear response performance. For more information, see R&D requirements, particularly to identify and recovery research and development www.tsa.gov/press/releases/2009/12/07/update relevant federally funded research. For more portfolio which provides technical support, d-planning-guidelines-and-design-standards- information, contact [email protected]. tools and guidance in advance of a checked-baggage or contact the TSA Contact radiological/nuclear incident to allow for state Center, 866-289-9673. Science & Technology Basic Research Focus and local agencies to initiate a response in the Areas represent the technological areas in first minutes and hours. NUSTL’s actionable Prize Challenges provide incentives that which S&T seeks to create and/or exploit new guidance and technology solutions enhance inspire and mobilize a diverse set of non- scientific breakthroughs and help guide the response capabilities for: traditional talent to address a wide range of direction of the S&T research portfolio and to • Managing the complexity of a radiological homeland security challenges. This program provide long-term science and technology response; seeks to find solutions to the challenges faced advances for the benefit of homeland security. • Incident characterization and initial by DHS leveraging crowdsourcing by The focus areas identified by the S&T decision-making; removing typical barriers for partnering with Research Council, with input from customers • Immediate lifesaving and issuing of the federal government. For more information and the research community, summarize the protective actions; about current and past DHS Prize Challenges fundamental work needed to support the • Stabilization and control of impacted visit: www.dhs.gov/science-and- future protection of our nation. Contact the areas; and technology/prize-competitions. Director of Research & Development • Site cleanup and decontamination. Partnerships at NUSTL’s broad ranging relationships with the Project 25 Compliance Assessment Program [email protected] or 202-254- homeland security community enable the use (P25 CAP) was established, in coordination 6068. of the New York metropolitan area as an with the National Institute of Standards and urban test bed for the diverse technologies Technology (NIST), to provide a process for SECURETM Program leverages the experience and systems being developed to prepare and ensuring that equipment complies with P25 and resources of the private sector to develop protect our nation. For more information, standards, meets performance requirements, fully deployable products/services based on contact [email protected]. and is capable of interoperating across Department generated, vetted, and detailed manufacturers. P25 CAP allows emergency commercialization-based operational Planning Guidelines and Design Standards responders to confidently purchase and use requirements and a conservative estimate of (PGDS) for Checked Baggage Inspection P25-compliant products. For more the potential available market of the Systems incorporate insights and experience information, see www.dhs.gov/science-and- homeland security enterprise stakeholders. of industry stakeholders, including airport technology/p25-cap or contact For more information, see and airline representatives, planners, [email protected]. www.dhs.gov/files/programs/gc_121199662052 architects, baggage handling system 6.shtm or contact designers, and equipment manufacturers. The Research and Standards Integration Program [email protected], 202- PGDS assists planners and designers in (RSI) interfaces with public and private sector 254-6749. developing cost-effective solutions and to organizations to advance the future state of convey TSA requirements for checked baggage cybersecurity and communications through Support Anti-Terrorism by Fostering Effective inspection systems. The PGDS emphasizes Research and Development (R&D) and Technologies Act (SAFETY Act) evaluates and best practices associated with screening standards. RSI seeks input from researchers qualifies technologies for liability protection in system layouts and addresses other factors to determine if their R&D projects map to accordance with the SAFETY Act of 2002 and necessary to actively manage system costs and Cybersecurity and Communications (CS&C) the supporting regulations of the Final Rule (6 21

Department-wide Resources

CFR Part 25) implemented on July 10, www.safetyact.gov or science and technology solutions for the 2006. The SAFETY Act provides risk https://bpatsassessmenttool.nibs.org. detection and mitigation of explosives and management and liability protections for conventional weapons. More specifically its sellers of Qualified Anti-Terrorism System Assessment and Validation for core capabilities include: ability to Technologies. The purpose of the SAFETY Act Emergency Responders (SAVER) Program, characterize, categorize, maintain, and is to ensure that the threat of liability does managed by the DHS National Urban enhance understanding of the wide array of not deter potential manufacturers or sellers of Security Technology Laboratory (NUSTL), explosives and energetic materials found effective anti-terrorism technologies from assists responders making procurement throughout the world; develop, maintain, and developing, deploying and commercializing decisions by conducting objective operational enhance the DHS position as technical experts these technologies that meet homeland assessments and technical verifications of in understanding state-of-the-art science and security objectives. For more information, see commercially available responder technology in all fields related to explosives www.safetyact.gov or contact equipment. SAVER provides those results, detection, response, and mitigation; and to [email protected], 866-788-9318. along with other relevant equipment maintain a leadership role in independent test information, to the responder community in and evaluation of technologies prior to field Best Practices for Anti – Terrorism Security an operationally useful form. SAVER deployment including an independent and (BPATS). DHS has national leadership provides information that enables decision- objective certification/qualification process for responsibilities for managing risks involving makers and responders to better select, technologies. For more information, contact critical infrastructure, key resources and procure, use, and maintain emergency [email protected]. events. DHS has identified commercial responder equipment. More information and facilities as key assets in the critical copies of SAVER reports can be obtained at www.dhs.gov/science-and-technology/saver or infrastructure/key resource sector and Social Media Engagement encourages the widespread deployment of by e-mail at [email protected]. effective anti-terrorism technologies, services The Blog @ Homeland Security provides an and capabilities. Building security programs The TechSolutions Program provides inside-out view of what we do every day at may receive designation under the SAFTEY information, resources and technology DHS. The Blog lets us talk about how we Act. DHS S&T worked in partnership with the solutions that address mission capability gaps secure our nation, strengthen our programs, National Institute for Building Sciences to identified by the emergency response and unite the Department behind our common help building owners and managers identify a community. The goal of TechSolutions is to mission and principles. It also lets us hear set of best operational security practices for field technologies that meet at least 80% of from you. For more information, visit metropolitan commercial office buildings, the operational requirement, in a 12 to 15- www.dhs.gov/blog. referred to as Best Practices for Anti- month timeframe, at a cost commensurate Terrorism Security (BPATS) and a with the proposal. Goals will be accomplished Coast Guard Blogs and News For a discussion corresponding web-based methodology for through rapid prototyping or the identification forum on Marine Safety, Recreational Boating performing security assessments on of existing technologies that satisfy identified Safety, and waterways management as we commercial buildings. BPATS allows building requirements. For more information, see work together to protect maritime commerce owners to evaluate their operations end-to-end www.firstresponder.gov. and mobility, the marine environment, and and identify the steps needed to address the safety of life at sea, visit www.uscgnews.com risk assessment before applying for SAFETY Transportation Security Laboratory (TSL) or https://twitter.com/uscg. Act protections. For more information, visit conducts applied research, development, integration, and validation of cutting edge

22

Department-wide Resources

CRCL’s Facebook Page allows our Office to www.youtube.com/fema. Also, follow Acting connect with the public and diverse FEMA Podcast An audio series available to Administrator Pete Gaynor’s activities communities across the country. We share anyone interested in learning more about the @fema_pete. information about our work to integrate civil agency, hearing about innovation in the field rights and civil liberties into DHS programs, of emergency management, and listening to ICE Social Media channels provide important policies, strategies and activities. We engage stories about communities and individuals news and information about the agency’s with our followers to receive feedback and recovering after disasters. The FEMA Podcast mission, policies and operations. Follow ICE learn about issues occurring in communities is available on Apple iTunes and Google Play on Facebook at across the country. Follow us at: to stream or download. The podcast is www.facebook.com/wwwice.gov; on Twitter at www.facebook.com/civilrightsandcivilliberties approximately 20 to 30 minutes in length and www.twitter.com/icegov; on YouTube at new episodes will be offered every two weeks. www.youtube.com/user/wwwicegov; and on Customs and Border Protection (CBP) Social Also included in the weekly podcast is a link Instagram at www.instagram.com/icegov. Media tools provides information to engage to the transcript. Visit www.fema.gov/podcast. with and inform the public about CBP Ready.gov (“Ready”) Seasonal Message programs and current activities. Social Media FEMA Private Sector Communicators Campaigns The National Seasonal tools include: CBP Twitter channel; Collaboration The FEMA Office of External Preparedness Messaging Calendar and Key www.twitter.com/cbp; a Flickr account that Affairs provides a platform for public and Messages provides content to help promote features CBP photo stream at private sector communicators to coordinate preparedness throughout the year. Visit www.flickr.com/photos/54593278@n03/; and a and synchronize messaging priorities and Ready.gov/calendar. To partner with FEMA in YouTube channel for hosting video content at communications plans during disasters. For amplifying preparedness messages to www.youtube.com/user/customsborderprotect. more information, contact fema-private-sector- employees or the public, email fema-private- [email protected]. [email protected]. DHS Social Media Engagement The Department of Homeland Security is using FEMA Private Sector Web Portal aggregates USCIS Social Media tools provide "Web 2.0," social media technologies and Web FEMA online resources for the private sector. information. These tools include Twitter sites to provide you with information in more Content includes promising practices in channels in both English places and more ways. For a full list of DHS public-private partnerships, weekly www.twitter.com/uscis and Spanish Facebook pages, twitter feeds, blogs, and other preparedness tips, links to training www.twitter.com/uscis_es; a Facebook page social media resources, see opportunities, planning and preparedness www.facebook.com/uscis; an Instagram page www.dhs.gov/xabout/gc_1238684422624.shtm. resources, information on how to do business www.instagram.com/uscis/; a LinkedIn page with FEMA, and more. For more information, www.linkedin.com/company/uscis; and a FEMA App Download the FEMA App to locate see www.fema.gov/privatesector. YouTube channel for hosting video content and get directions to open shelters across the www.youtube.com/uscis. state and receive weather alerts from the Follow FEMA online at www.fema.gov/blog, National Weather Service for up to five www.twitter.com/fema, different locations anywhere in the United www.twitter.com/femaespanol, States. www.facebook.com/fema, www.facebook.com/femaespanol, and

23

Enforcing and Administering Our Immigration Laws

24

Enforcing and Administering Our Immigration Laws

Enforcing and Administering Our Immigration Laws The Department is focused on smart and effective enforcement of U.S. immigration laws while streamlining and facilitating the legal immigration process. The Department has fundamentally reformed immigration enforcement, prioritizing the identification and removal of criminal aliens who pose a threat to public safety and targeting employers who knowingly and repeatedly break the law.

sure their records are in order. The Self-Check Employment Eligibility Form I-9, Employment Eligibility Verification, site also has an information tool kit with is used to verify the identity and employment materials that can be distributed to increase Verification authorization of employees in the United awareness of the service. For more States. Since November 6, 1986, employers information on Self-Check, please visit E-Verify is a fast and easy Internet-based are required to complete a Form I-9 and www.uscis.gov/selfcheck or service that allows employers to electronically examine documentation for each new U.S. www.uscis.gov/selfcheck/espanol, email confirm the eligibility of their employees to hire. In 2011, USCIS launched I-9 Central, an [email protected], or call 855-804- work in the United States. Employers must online resource center dedicated to Form I-9. 0296. enroll in E-Verify before they can use E-Verify USCIS launched a Spanish version of the I-9 to confirm the employment eligibility of their Central website in October 2012. This free, Employment Eligibility Verification Program newly hired employees. E-Verify is voluntary, easy-to-use website gives employers and Webinars are live Internet-based seminars but some employers, such as those with employees one-click access to resources, tips offered to the public on Form I-9, E-Verify federal contracts or subcontracts that contain and guidance to properly complete Form I-9 Overview, E-Verify for Existing Users, E- the Federal Acquisition Regulation (FAR) E- and better understand the Form I-9 process. I- Verify for Federal Contractors, and Self Verify clause, and employers in certain states 9 Central complements the M-274, Handbook Check. Monthly webinars are scheduled on that have E-Verify legislation, are required to for Employers, Guidance for Completing Form each topic and USCIS can customize webinars use E-Verify as a condition of contracting or I-9, which is also available in Spanish. USCIS for associations and large employers. For more business licensing. E-Verify provides manuals, also offers free webinars about Form I-9. For information and to see the schedule of guides, videos, webinars, and several other more information, visit www.uscis.gov/i- webinars, visit the webinar page on resources online in English, Spanish, and 9central or email [email protected] or call www.dhs.gov/e-verify or email e- other languages for E-Verify participants and 888-464-4218. [email protected]. employers interested in enrolling in the program. E-Verify also provides webinars and Self-Check is a free online service of E-Verify Verification Programs Videos are available to your organization may request an E-Verify that allows U.S. workers to confirm their own help employers use E-Verify in a fair and non- speaker for your next event. For more employment eligibility. It is the first online discriminatory manner and in full compliance information on E-Verify visit www.dhs.gov/e- verification service offered directly to workers. with their responsibilities under the terms of verify or www.uscis.gov/espanol/e-verify, Available in English and Spanish, Self-Check use. The videos, produced jointly by CRCL and friend us on Facebook at enables individuals to enter information into USCIS, are available online at: www.facebook.com/uscis, follow us on Twitter Self-Check that employers would enter into E- www.uscis.gov/everify. Written pamphlets at www.twitter.com/uscis, subscribe to our e- Verify. If a problem exists with their records accompany the videos and serve as helpful newsletter, E-Verify Connection, view our related to employment eligibility, Self-Check desktop reminders. You may order (at no cost) blog, email [email protected] or call E-Verify explains how to resolve that issue. Job seekers the DVD videos and written pamphlets by Customer Support 888-464-4218. are encouraged to use Self-Check to make contacting the DHS Office for Civil Rights and 25

Enforcing and Administering Our Immigration Laws

Civil Liberties at [email protected]. a more secure and stable workforce and academic and cultural exchange programs. restore the integrity of the U.S. immigration SEVP exemplifies our commitment to open system. For more information, see doors and secure borders by facilitating the Immigration Enforcement www.ice.gov/image or contact process for millions of welcomed students and [email protected]. exchange visitors while closing loopholes for Carrier Liaison Program (CLP) provides those wishing to defraud our systems or do us standardized training and assistance to Project CAMPUS Sentinel ICE’s Student and harm. On behalf of DHS, SEVP manages international air carriers related to Exchange Visitor Program (SEVP) and schools, nonimmigrant students in the F and admissibility and fraudulent document CTCEU work together to identify and prevent M visa classifications, and their dependents. detection to encourage carrier compliance with visa abuse by school officials and students. In The Department of State (DoS) manages U.S. immigration laws. For more information, 2012 CTCEU initiated an outreach program Exchange Visitor Programs, nonimmigrant visit www.cbp.gov/travel/travel-industry- directed at SEVP-certified schools. The Project exchange visitors in the J visa classification, personnel/carrier-liaison-prog or contact Campus Sentinel focuses on opening as well as their dependents. Both SEVP and [email protected]. communication channels directly between the DoS use SEVIS to track and monitor designated schools officials (DSOs) and HSI schools, exchange visitor programs, and F, M Electronic System for Travel Authorization special agents in ICE field offices. Through and J nonimmigrants while they visit the (ESTA) is an automated system that this outreach, CTCEU’s goal is to build United States and participate in the U.S. determines the eligibility of visitors to travel partnerships between ICE field offices and education system. SEVIS provides timely to the U.S. under the Visa Waiver Program. SEVP-certified schools to detect and combat data to the Department of State, Department The ESTA application collects the same school fraud and visa exploitation. Project of Justice, CBP, USCIS, and ICE. For more information collected on Form I-94W Campus Sentinel not only provides school information, visit www.ice.gov/sevis or contact (Nonimmigrant Visa Waiver officials with the tools to help them identify the SEVP Response Center at 703-603-3400. Arrival/Departure Record). ESTA applications possible threats to national security within must be submitted at least 72 hours prior to the F and/or M student population, but also Study in the States is managed by SEVP and travel, though it is recommended that provides them with the proper outlet to report is a resource for international students and travelers apply when they begin preparing this information. So far, HSI special agents school officials. It is part of a DHS initiative to travel plans. Travelers participating in this have made more than 1,200 outreaches in all enhance national security and improve program are required to pay a $14.00 travel 50 states, Puerto Rico and Guam For more customer service tied to regulations governing fee with their ESTA application. For more information, visit international students studying in the United information, see https://esta.cbp.dhs.gov/ or www.ice.gov/counterterrorism-and-criminal- States. Study in the States clearly explains contact 202-344-3710. exploitation-unit or the student visa process, enhances https://studyinthestates.dhs.gov/2013/03/desig coordination among government agencies, and ICE Mutual Agreement between Government nated-school-officials-what-is-campus- keeps international students and the U.S. and Employers (IMAGE) Program is a joint sentinel. academic community better informed about government and private sector voluntary pertinent rules and regulations. This initiative that enhances employer compliance The Student and Exchange Visitor Program initiative brings together SEVP, USCIS, CBP, and corporate due diligence through training (SEVP) was established in 2003 to balance and the Department of State’s Bureau of and sharing best practices regarding hiring national security concerns with facilitating Consular Affairs and Bureau of Educational practices. The goal of IMAGE is for the eligible nonimmigrant student and exchange and Cultural Affairs. For more information, government to work with employers to develop visitor participation in America’s outstanding visit http://studyinthestates.dhs.gov or contact 26

Enforcing and Administering Our Immigration Laws the SEVP Response Center at 703-603-3400. about working in the U.S.’. For more tourism for up to 90 days without obtaining a information contact visa. For more information about the Visa Immigration Guidance [email protected]. Waiver Program, please visit www.cbp.gov/travel/international- A Guide to Naturalization contains USCIS Public Engagement Division (PED) visitors/visa-waiver-program. information about the naturalization process, seeks to focus on open, candid, and laws and regulations. For more information, constructive collaboration with community see www.uscis.gov/files/article/M-476.pdf. stakeholders at all levels. PED coordinates Immigration Questions and directs USCIS-wide dialogue with and Concerns Civics and Citizenship Toolkit - A Collection of external stakeholders to advance the Agency’s vision of customer inclusiveness by actively Educational Resources for Immigrants Office of the Citizenship and Immigration engaging stakeholders to ensure information contains a variety of educational materials Services Ombudsman (CIS Ombudsman) flow and to institutionalize a mechanism designed to help permanent residents learn Annual Reports to Congress focus on whereby their input will be considered in the more about the U.S. and prepare for the identifying systemic issues in granting process of policy formulation, priority naturalization process. For more information, immigration benefits as well as pervasive and calibration, and assessment of organizational visit www.uscis.gov/citizenshiptoolkit. serious problems faced by individuals and performance. The goal of the office is to employers in their interactions with USCIS. provide information and invite feedback to USCIS Report Fraud page on the USCIS The Annual Report contains cumulative inform our work. See the Outreach tab at website provides information on how to report analysis and recommendations and provides www.uscis.gov. For more information contact fraud related to immigration benefits such as details on activities undertaken by the [email protected]. marriage or asylum fraud, as well as Ombudsman during the calendar year. For employment-based visa violations. See more information, see USCIS Resources USCIS offers a variety of www.uscis.gov/report-fraud. www.dhs.gov/files/publications/gc_1301971419 resources including guides, videos, citizenship 354.shtm#1 USCIS Citizenship Resource Center is a web- toolkits, an immigration law glossary, reports and studies, civics and citizenship education based portal that centralizes citizenship CIS Ombudsman Updates share information resources, and a historical library. See the resources for immigrants, educators and on current trends and issues to assist “Resources” section at /www.uscis.gov. USCIS organizations, including employers. This free, individuals and employers in resolving has also made all our public use applications easy-to-use website helps users understand potential problems with USCIS. For more and petitions available on our website. the naturalization process and gain the information, see Customers can immediately access forms from necessary skills to be successful during the www.dhs.gov/xfoia/gc_1306427283101.shtm. naturalization interview and test. For more a computer, download and save the forms, fill them in electronically, and print them on information, see www.uscis.gov/citizenship. CIS Ombudsman Teleconferences provide an demand. See the “Forms” section at opportunity to discuss the public’s interactions www.uscis.gov. For more information contact USCIS Information for Employers and with USCIS and share comments, thoughts, [email protected]. Employees is a website regarding the and suggestions as well as any issues of employment authorization verification process concern. For more information, including Visa Waiver Program (VWP) enables citizens and the immigration petition process. Please questions and answers from previous and nationals from selected countries to travel visit www.uscis.gov and click on ‘Information teleconferences and a schedule of upcoming to and enter the United States for business or for Employers and Employees’ under ‘Learn calls, visit 27

Enforcing and Administering Our Immigration Laws www.dhs.gov/files/programs/gc_117103870103 7001: Section 15 Consent). For more 5.shtm To participate in these calls, please information, see RSVP to www.dhs.gov/files/programs/editorial_0497.sh [email protected] tm. specifying which call you would like to join. Participants will receive a return email with the call-in information.

CIS Ombudsman Recommendations are intended to ensure national security and the integrity of the legal immigration system, increase efficiencies in administering citizenship and immigration services, and improve customer service in the rendering of citizenship and immigration services. Trends reported to the Ombudsman by individuals and employers (through casework and public engagements) provide the basis for many of the recommendations. The Ombudsman is dedicated to identifying systemic problems in the immigration benefits process and preparing recommendations for submission to U.S. Citizenship and Immigration Services (USCIS) for policy and process changes. www.dhs.gov/files/publications/editorial_0769. shtm.

Submit a Request for Case Assistance to the CIS Ombudsman if you are experiencing a problem related to an immigration benefit with USCIS. To submit a case problem on behalf of somebody other than yourself, you should ensure that the person the case problem is about (the applicant for a USCIS immigration benefit, or the petitioner who seeks to obtain an immigration benefit for a third party) consents to your inquiry (see Submitting a Case Problem using DHS Form

28

Ensuring Resilience to Disasters Ensuring Resilience to Disasters

The Department of Homeland Security provides the coordinated, comprehensive federal response in the event of a terrorist attack, natural disaster or other large-scale emergency while working with federal, state, local, and private sector partners to ensure a swift and effective recovery effort. The Department builds a ready and resilient nation through efforts to: bolster information sharing and collaboration, provide grants, plans and training to our homeland security and law enforcement partners, facilitate rebuilding and recovery along the Gulf Coast in impacted communities. Business Preparedness house for two-way information sharing losses. For more information, see between public and private sector www.fema.gov/quakesmart. Business Continuity Planning Suite Critical stakeholders in preparing for, responding to, Manufacturing SSA developed an introductory or recovering from disasters. Participation in Public Transportation Emergency Business Continuity Planning Suite to assist the NBEOC is open to all members of the Preparedness Workshop brings mass transit small- to medium-sized companies reduce the private sector. During response activities, and passenger rail agency security and potential impact of a disruption to business. NBEOC members are linked into FEMA’s emergency management officials together The Suite includes Business Continuity National Response Coordination Center with federal, state, local, and tribal Planning Training, Business Continuity and (NRCC), activated Regional Response government representatives and the local law Disaster Recovery Plan, Generators, and a Coordination Centers (RRCCs), and the enforcement and first responder community to Business Continuity Plan Validator. For more broader network of emergency management discuss security prevention and response information, see www.ready.gov/business- operations to include our state and federal efforts and ways to work together to prepare continuity-planning-suite. partners. For more information on joining, and protect their communities. The two-day, please email us at fema-private- invitation only, workshops enable the FEMA National Continuity Programs: Policy, [email protected] or visit participants to apply their knowledge and Plans, and Evaluation Division supports the www.fema.gov/nbeoc. experiences to a range of security and nation’s resiliency capabilities by coordinating emergency response scenarios. For more the development and promulgation of National Earthquake Hazards Reduction information, see continuity policies, plans, training, and Program (NEHRP) FEMA created the www.ntionline.com/connecting-communities- exercises to ensure that the whole community, QuakeSmart program as part of NEHRP to public-transportation-emergency- federal, state, local, tribal, territorial help local businesses mitigate earthquake preparedness-workshop/ or contact government jurisdictions, non-governmental losses and get back up and running as quickly [email protected]. organizations, and private sector critical as possible after a disaster. Among other infrastructure owners and operators are resources, FEMA has developed the Ready Business helps owners and managers of prepared to sustain National Essential QuakeSmart toolkit (FEMA P811 Earthquake small- and medium-sized businesses prepare Functions and provide critical services to the Publications for Businesses), which contains their employees, operations and assets in the nation at all times, under all conditions. For actionable and scalable guidance and tools for event of an emergency. For free tools and more information, visit the private sector, owners, managers, and resources, including how to create a business www.fema.gov/continuity-resource-toolkit or employees that emphasizes the importance of emergency plan, please visit www.ready.gov. email [email protected]. earthquake mitigation and the simple things they can do to reduce the potential of The National Integration Center Technical National Business Emergency Operations earthquake damages, injuries, and financial Assistance (NIC TA) Program provides Center (NBEOC) is FEMA’s virtual clearing specialized expertise and services to state, 29

Ensuring Resilience to Disasters local, tribal, and territorial partners to Nation’s communications networks and notices, AMBER (missing children) alerts and improve emergency management capabilities. systems are secure, resilient and rapidly emergency weather information targeted to a NIC TA support includes self-guided resources restored after an incident. Communications specific area. For more information, see for all jurisdictions, including planning SSP is available at www.fema.gov/emergency-alert-system. guidance, templates and checklists, and www.dhs.gov/publication/nipp-ssp- interactive support for targeted jurisdictions communications-2015. For more information, Emergency Communications Guidance based on greatest need, risk, and national contact [email protected]. Documents and Methodologies are priorities. For more information, visit stakeholder-driven guidance documents and www.fema.gov/fema-technical-assistance- The Continuity Guidance Circular (CGC) methodologies to support emergency program or email fema- guides whole community efforts to develop responders across the nation as they plan for [email protected]. and maintain the capability to ensure and implement emergency communications continuity of operations, continuity of initiatives. These resources identify and PrepTalks are video presentations given by government, and enduring constitutional promote best practices for improving subject-matter experts and thought leaders to government during an emergency that statewide governance, developing standard spread new ideas, spark conversation, and disrupts normal operations. The Circular operating procedures, managing technology, promote innovative leadership for the issues describes federal and non-federal continuity supporting training and exercises, and confronting emergency managers now and efforts; outlines whole community continuity encouraging use of interoperable over the next 20 years. Each PrepTalk release roles, responsibilities, and coordinating communications. For more information, please includes a video of the presentation and the structures; and describes the process for visit www.dhs.gov/cisa/emergency- question-and-answer session, a facilitator building and maintaining capabilities to communications. guide and discussion points, and additional ensure the performance of essential functions resources for the topic. For a full list of and delivery of critical services and core Emergency Data Exchange Language (EDXL) PrepTalks, visit www.fema.gov/preptalks. capabilities. The document is available in both messaging standards help emergency English and Spanish at: responders exchange critical data, including www.fema.gov/continuity-guidance-circular- alerts, hospital capacity, and availability of Emergency Communications cgc. response personnel and equipment. The Wireless Emergency Alerts (WEA) is a public National Incident Management System safety system that allows customers who own Emergency Alert System (EAS) is a national Supporting Technology Evaluation Program certain wireless phones and other compatible public warning system that requires TV and (NIMS STEP) evaluates the adherence of mobile devices to receive geographically- radio broadcasters, cable television systems, products to the EDXL suite of standards. targeted, text-like messages alerting them of wireless cable systems, satellite digital audio IPAWS uses the EDXL Common Alerting imminent threats to safety in their area. For radio service providers, direct broadcast Protocol (CAP) information standard to more information, see satellite service providers and wireline video exchange alert and warning messages across www.fema.gov/frequently-asked-questions- service providers to offer to the President the many technologies and communications wireless-emergency-alerts#. communications capability to address the industry interfaces. NIMS STEP provides American public during a national emergency. industry with an independent third-party Communications Sector Specific Plan (COMM The system is also frequently used by state evaluation of products, devices, systems, and SSP) involves CS&C in partnership with and local authorities, and the National data management tools – including off-the- government and private sector Weather Service to deliver important shelf hardware and software – that support communications members to ensure the emergency information such as evacuation emergency managers and responders in 30

Ensuring Resilience to Disasters decision making prior to, and during, More than 1,400 local, state, federal, 397.shtm or contact the Office of Emergency emergency operations. Evaluation activities territorial and tribal agencies, use Common Communications, [email protected]. are designed to help expand technology Alerting Protocol (CAP) compliant tools to solutions and provide the emergency interface with IPAWS to send alerts to cell National Interoperability Field Operations management/response community with a phones, radio, TV, NOAA Weather Radios, Guide (NIFOG) is a technical reference for comprehensive process to assist in the and other Internet connected devices. See radio technicians responsible for radios that purchasing of incident management products. www.fema.gov/ipaws. will be used in disaster response applications, For more information on the EDXL standards, and for emergency communications. The see www.oasis-open.org. For NIMS STEP see, The National Council of Statewide NIFOG includes rules and regulations for use www.fema.gov/media-library-data/20130726- Interoperability Coordinators (NCSWIC), of nationwide and other interoperability 1744-25045-6830/101006nimsstep.pdf. managed by the Office of Emergency channels, frequencies and channel names, and Communications (OEC), was established to other reference material, formatted as a Government Emergency Telecommunications assist state and territory interoperability pocket-sized guide for radio technicians. The Service (GETS) provides authorized coordinators with promoting the critical NIFOG can be accessed online at emergency response personnel with the importance of interoperable communications www.dhs.gov/safecom/resources. For more resources to make emergency phone calls by and the sharing of best practices to ensure the information, please contact the Cybersecurity priority queuing through the Nation’s public highest level of interoperable communications and Infrastructure Security Agency at communications networks. By calling the is achieved for America’s first responders and [email protected]. GETS access number and using an assigned the individuals they are providing services to. PIN, federal, state, local and tribal leaders, The NCSWIC members are enhancing the National Security Telecommunications first responders, and private sector emergency response capabilities of public safety Advisory Committee (NSTAC) response personnel receive priority queuing – responders by coordinating and collaborating Recommendations address national security allowing emergency calls to be placed ahead of with federal, state, local, tribal and non- and emergency preparedness issues from a routine phone traffic. The GETS website governmental public safety and public safety private sector perspective and reflects over a provides information on eligibility, technical responder agencies. For more information quarter century of private sector advice to the assistance and administrative assistance for contact [email protected]. president and the nation. Issues include registering, maintaining and using GETS. network convergence, network security, For more information, see http://gets.ncs.gov National Emergency Communications Plan emergency communications operations, or contact [email protected]@hq.dhs.gov. (NECP) sets goals and identifies key national resiliency and emergency communications priorities to enhance governance, planning, interoperability. NSTAC recommendations Integrated Public Alert and Warning System technology, training, exercises, and disaster can be found at www.dhs.gov/cisa/nstac- (IPAWS) is the nation’s alert and warning communications capabilities. The NECP publications. For more information, contact infrastructure. IPAWS connects authorized establishes specific national priorities to help [email protected]. public safety officials to the Emergency Alert state and local jurisdictions improve System (EAS), Wireless Emergency Alerts communications interoperability by adopting Risk Communication Best Practices and (WEA), the National Oceanic and Atmospheric a series of goals and milestones that measure Theory Guides Effective risk communication Administration (NOAA) Weather Radio interoperability achievements over a period of requires a strong understanding of complex network, and other public communications years beginning in 2008. For more factors including trust between the systems that can deliver emergency information, see communicator(s) and the audience(s), information to people from a single interface. www.dhs.gov/files/publications/gc_1217521334 cognitive involvement and uncertainty of the 31

Ensuring Resilience to Disasters audience, cost reward tradeoffs, emotional national goals and objectives for improving responses to risk, and understanding and interoperability nationwide. For more Telecommunications Service Priority (TSP) acknowledging diverse audiences. The information, please visit Program authorizes national security and National Consortium for the Study of www.dhs.gov/safecom/funding. emergency preparedness (NS/EP) Terrorism and Responses to Terrorism organizations to receive priority treatment for (START), a DHS Emeritus Center of SAFECOM Program is a public safety-driven vital voice and data circuits. The TSP Excellence, with sponsorship from the DHS communications program managed by the program provides service vendors a Federal Science and Technology Directorate, Emergency Communications Division (ECD). Communications Commission mandate to developed and evaluated a program to train Through collaboration with emergency prioritize requests by identifying those local leaders on effective risk communication responders and policymakers across all levels services critical to NS/EP. NS/EP services are practices related to homeland security threats. of government, the SAFECOM Program works those used to maintain a state of readiness or The training program reflects the current to improve multi-jurisdictional and to respond to and manage any event or crisis scientific understanding of effective intergovernmental communications (local, national, or international) that causes communication of threats and risk related to interoperability. Its membership includes or could cause injury or harm to the preparedness, warnings of imminent threats, more than 65 members representing state, population, damage to or loss of property, or and post-event recovery and mitigation. local, and tribal emergency responders, and degrades or threatens the NS/EP posture of Research reports are available online, major intergovernmental and national public the United States. For more information, including Understanding Risk safety associations, who provide input on the please visit Communication Theory: A Guide for challenges, needs, and best practices involving www.dhs.gov/cisa/telecommunications-service- Emergency Managers and Communicators emergency communications. Find more priority-tsp or contact support@priority- and Understanding Risk Communication Best information at: www.dhs.gov/safecom. info.com. Practices: A Guide for Emergency Managers and Communicators, as well as an Government Emergency Telecommunications Voice over Internet Protocol (VoIP) Project accompanying Executive Summary and Service (GETS) During emergencies, the researches IP-enabled communication Appendices. For more information on this public telephone network can experience technologies and evaluates promising Center of Excellence, contact congestion due to increased call volumes solutions. This project enables the emergency [email protected]. and/or damage to network facilities, hindering response community to confidently deploy and the ability of first responders, national use IP technologies and integrate video, SAFECOM Guidance on Emergency security, and emergency preparedness and cellular, and satellite communications. The Communications Grants provides response personnel to complete calls. GETS project will complete the development of a set recommendations to grantees seeking funding provides these essential personnel priority of standards based on the needs of emergency for interoperable emergency communications access and prioritized processing in the local responders. For more information, see projects, including allowable costs, items to and long-distance segments of the landline www.pscr.gov/projects/broadband/voip/voip.ph consider when funding emergency networks, greatly increasing the probability of p, or contact [email protected]. communications projects, grants management call completion. GETS is intended to be used best practices for emergency communications in an emergency or crisis when the network is Wireless Priority Service (WPS) provides grants, and information on standards that congested and the probability of completing a national security and emergency preparedness ensure greater interoperability. The guidance normal call is reduced. For more information, personnel with priority access and prioritized is intended to ensure that federally-funded please visit www.dhs.gov/cisa/government- processing in all nationwide and several investments are compatible and support emergency-telecommunications-service-gets. regional cellular networks, greatly increasing 32

Ensuring Resilience to Disasters the probability of call completion. WPS is critical response and recovery resources For further information, contact intended to be used in an emergency or crisis before, during, and after emergencies. Contact [email protected]. when cellular networks are congested and the [email protected] for more information. probability of completing a normal cellular AgConnect is a suite of customizable data call is reduced. WPS is an easy-to-use, add-on Emergency Services Sector – Continuity integration and analysis products designed to feature subscribed to on a per-cell phone Planning Suite (ESS-CPS) provides a enhance situational awareness and support basis. It is deployed by cellular service centralized collection of existing guidance, decision-making for emerging, zoonotic and/or providers throughout the United States. WPS processes, products, tools, and best practices transboundary animal diseases. The tool was calls will receive priority over normal cellular to support the development and maturation of developed under the Institute for Infectious calls; however, WPS calls do not preempt calls continuity planning for the first responder Animal Diseases, co-lead for the DHS in progress or deny the general public’s use of community. ESS-CPS was created through a Emeritus Center of Excellence for Zoontic and cellular networks. WPS is in a constant state partnership of the Emergency Services Sector- Animal Disease Defense in partnership with of readiness. For more information, please Specific Agency (SSA) and Sector the Texas Center for Applied Technology, a visit www.dhs.gov/cisa/about-wps. Coordinating Council (SCC). First responders part of the Texas A&M Engineering can use the ESS-CPS as it suits their Experiment Station. The technology Emergency Responder organization to evaluate and improve their integrates authoritative information from continuity capability and enhance their disparate sources into a single, easy-to-use Community preparedness for emergencies. Contact integrated display. It empowers real-time [email protected] for more information. collection, access, distribution and analysis of The Emergency Services Sector Cybersecurity bio-surveillance, veterinary diagnostic, animal Initiative is an ongoing effort to enable the AUXCOMM Training Auxiliary movements and other pertinent data (e.g., Emergency Services Sector (ESS) to better communicators (amateur radio operators) clinical observations, production information, understand and manage cyber risks and to have supported state/local public safety genetics and environmental/climate data). coordinate the sharing of cyber information agencies for decades during natural disasters These data are integrated into an and tools between subject matter experts and other emergencies. Cybersecurity and interoperable, permissioned, user-defined (both inside and outside the federal Infrastructure Security Agency (CISA) operational picture that allows users to make government) and the ESS disciplines. Contact technical assistance offers a training course decisions based on common information that [email protected] for more information. for auxiliary communicators volunteering can be shared across echelons, organizations, their services under the auspices of a public locations and roles/positions. For more Crisis Event Response and Recovery Access safety agency. This two-day training course is information, see (CERRA) The capability for state, local, tribal, for those amateur radio operators who wish to https://iiad.tamu.edu/agconnect/ or and territorial authorities to safely, securely, volunteer to support public safety during AgConnect® Overview. For more information and effectively control and coordinate the emergencies and integrate into a National on this Center of Excellence, contact access of key response and recovery resources Incident Management System Industrial [email protected]. into an affected area during an emergency has Control Systems Communications Unit been identified as a critical success factor in function. For information, individuals should Center for Domestic Preparedness (CDP) enabling overall community recovery. The see the CISA Technical Assistance/Statewide offers several interdisciplinary programs that CERRA Framework focuses on supporting Communications Interoperability Plan Guide are designed for those with emergency state, local, tribal, and terrirotial efforts to posted at: www.dhs.gov/ictapscip-resources. response and healthcare responsibilities, or enable the successful transit and access of who meet the criteria specified in the website 33

Ensuring Resilience to Disasters mentioned below. CDP offers courses in Agency’s Infrastructure Security Division request materials contact the Emergency chemical, biological, radiological, nuclear, and Emergency Services Sector at Services Sector-Specific Agency at explosive incident response, toxic agent [email protected]. [email protected]. training, and healthcare response for mass casualty incidents, Radiological Emergency DHS Center of Excellence: Coastal Resilience Emergency Services Sector (ESS) Video This Preparedness Program courses, field force Center (CRC), led by the University of North is a three-minute video providing an overview operations, and incident command. CDP is Carolina at Chapel Hill in partnership with of the ESS Sector. The video is appropriate for home to the only facility where civilian Jackson State University in Mississippi, conferences and events to grow awareness and responders can train in a toxic agent conducts research and education to enhance participation in sector activities. For more environment using both chemical and the nation’s ability to safeguard people, information, contact [email protected]. biological agents—the Chemical, Ordnance, infrastructure, and economies from Biological, and Radiological Training Facility catastrophic coastal natural disasters such as Emergency Services Self-Assessment Tool (COBRATF). The CDP’s healthcare courses floods and hurricanes. Resources include the (ESSAT) is a secure, web-based application include exercises in the nation’s only hospital ADCIRC Prediction System for storm surge that enables public and private entities to facility dedicated solely to preparedness and and coastal flooding and the Plan Integration perform risk assessments of specialized assets mass casualty response training—the Noble for Resilience Scorecard (PIRS) for community and systems, as well as multiple systems in a Training Facility (NTF). CDP training is free hazard vulnerability reduction. For more particular region, through voluntary and for state, local, and tribal agencies; round-trip information, visit interactive stakeholder involvement. It allows air and ground transportation, lodging, and https://coastalresiliencecenter.unc.edu/, or for a coordinated effort among sector partners meals are provided at no cost to responders or contact [email protected]. by collecting and sharing common risk gaps, their agency. Federal, private sector, and obstacles, and protective measures. The tool international agencies are encouraged to Emergency Planning Exercises are a series of benefits individual partners and collective attend on a space available basis, but they Tabletop Exercise presentations to advance disciplines and supports sector-wide risk must pay a tuition fee for the courses in organizational continuity, preparedness and management efforts. For more information, addition to transportation, meals and lodging resiliency. Each exercise is conducted with a please contact the Emergency Services SSA at fees. For more information, see realistic disaster scenario and facilitated [email protected]. https://cdp.dhs.gov/find-training or call 866- discussion of how to plan, protect, respond and 213-9553. recover. To learn more or to download the FEMA Higher Education Program The exercises visit www.fema.gov/emergency- primary goal of the FEMA Higher Education Cybersecurity in the Emergency Services planning-exercises. Program is to work with colleges and Sector The one-hour course will provide an universities, emergency management overview of the types of cyber systems and Emergency Services Personal Readiness professionals, and stakeholder organizations infrastructure that the Emergency Services Guide for Responders and Their Families is a to help create an emergency management Sector utilizes; and address the threats and tri-fold handout providing a description of the system of sustained, replicable capability and vulnerabilities to those cyber resources. The Ready Campaign and the Emergency Services disaster loss reduction through formal webinars are available on the Homeland Sector-Specific Agency, and provides a list of education, experiential learning, practice, and Security Information Sharing – Critical website resources and instructions on family experience centered on mitigation, Sectors Emergency Services Sector portal. preparedness. Specifically, suggestions on preparedness, response and recovery from the For access and more information, contact the developing an emergency kit and family full range of natural, technological and Cybersecurity and Infrastructure Security emergency plan. For more information, or to intentional hazards which confront 34

Ensuring Resilience to Disasters communities across the Nation. For more FEMA National Emergency Training Center First Responders ‘Go Kit’ This video is information, select the following link: (NETC) provides current information and designed to demonstrate step-by-step what https://training.fema.gov/hiedu/. resources on fire, emergency management and First Responders should have in their other all-hazards subjects. With its collection personal and family emergency kit. For more FEMA Emergency Management Institute of more than 180,000 books, reports, information please contact the Emergency (EMI) Independent Study Program (ISP) periodicals, and audiovisual materials, the Services SSA at [email protected]. offers self-paced courses designed for those NETC Library houses the most extensive with emergency management responsibilities, collection of fire service literature in the U.S. National Level Exercise (NLE) 2020 will as well as for the general public. The FEMA The NETC Library collection of books and involve a complex, adversary-based Independent Study Program offers courses research reports may also be accessed by multidimensional attack that reflects the that support the five mission areas identified requesting interlibrary loan through a local evolving threat environment. This exercise by the National Preparedness Goal: library. For more information contact series will examine a complex threat that prevention, protection, mitigation, response, [email protected] or 1-800-638-1821. originates overseas. Widespread cyberattacks and recovery. For more information on EMI result in a domestic national security training courses, please visit FEMA Library is a searchable, web-based emergency involving significant impacts to https://training.fema.gov/IS/ or contact us 301- collection of all publicly accessible FEMA multiple critical infrastructure sectors. 447-1200. information resources, including thousands of Partners across the whole community, CDs, DVDs, audio tapes, disability resources, including all levels of government, the private FEMA Emergency Management Institute posters, displays, brochures, guidance, policy sector, nongovernmental organizations, and Programs offers several programs that are papers, program regulations, guidelines, and community groups will participate in NLE designed for those with emergency forms. Users can search the collection by 2020. Lead-up preparedness events will management responsibilities or meet the subject, audience category (including commence in 2019 and the functional and full- criteria specified at the website cited below. categories specific to private sector audiences), scale components of the exercise series will The training is free of charge, but individuals hazard type, and other categories. For more occur from February through May 2020. For from the private sector or contractors to state, information, visit http://www.fema.gov/library/ more information, visit local or tribal governments must pay their or call 800-480-2520. https://portalapps.fema.net/apps/PNP- own transportation and lodging fees. EMI has NED/HSIP/Pages/NationalLevelExerciseSecti an integrated training approach and First Responder Communities of Practice is an on.aspx. encourages individuals from the private sector online network of vetted, active, and retired to participate in its courses. EMI programs first responders, emergency response National Training and Education Division include, but are not limited to, the Master professionals and federal, state, local, and (NTED) courses are delivered in a variety of Exercise Practitioner Program, the tribal and territorial homeland security formats including web-based, resident, and Emergency Management Professional officials. Registered members of this non-resident. NTED draws upon a diverse Program (EMPP), the Applied Practices Series professional network share information, ideas, group of training providers, also referred to as and the Public Information Officer Training and best practices, enabling them to more training partners, to develop and deliver Program. For more information, see efficiently and effectively prepare for all NTED approved training courses. These https://training.fema.gov/Programs/ or call hazards. See www.firstresponder.gov or training providers include the National 301-447-1286. www.dhs.gov/publication/first-responder- Domestic Preparedness Consortium (NDPC), communities-practice the Rural Domestic Preparedness Consortium (RDPC), and the Naval Postgraduate School 35

Ensuring Resilience to Disasters

(NPS), and Continuing Training Grants and recovery needs, protocols, and solutions. and technology. The web-based program Partners. For more information, visit For more information, see www.tcipexpo.com. provides information on the structural use of www.firstrespondertraining.gov or contact traditional and engineered wood products in [email protected] or 1-800- Video Quality in Public Safety (VQiPS) modern construction, including trusses, 234-1116. Working Group was formed to focus on the structural glued laminated timber beams, I- major policy, technology, and practical uses joists, structural composite lumber, structural The R-Tech Bulletin is a publication on and challenges of public safety video systems. insulated panels and wood structural panels. technologies of interest to first responders who Comprised of emergency responders, For more information, see Woodaware.info. have received funding, in part, from the academics, federal partners, and vendors, the federal government. Interested individuals working group developed an end-user guide to Are You Ready? An In-depth Guide to Citizen can subscribe to the bulletin by RSS feed or help practitioners articulate their needs to Preparedness provides a step-by-step can download the bulletin at vendors when they look to purchase or approach to disaster preparedness, including www.firstresponder.gov/pages/newsletter.aspx upgrade video systems. For more information, specific hazard-based activities Americans of . see www.dhs.gov/science-and- any age can take. For more information see technology/voice-video-and-data-public-safety www.ready.gov or call 800-480-2520 to order Safety and Security of Emergency Response or contact [email protected]. materials. Questions regarding the Individual Vehicles Brochure This brochure outlines and and Community Preparedness can be directed recommends how to keep emergency response Webinar: The Ready Responder Program for to [email protected] vehicles and equipment safe form theft the Emergency Services Sector The one-hour incidents. Emergency responders will know web-based seminar focuses on first responder Assistance to Firefighters Grants (AFG) works how to prevent the loss of property by actively preparedness and best practices and how the to enhance the safety of the public and enforcing effective theft prevention measures. Ready Responder program contributes to a firefighters with respect to fire-related For more information, please contact the safer, more secure and more resilient hazards by providing direct financial Emergency Services SSA at America. The webinars are available on the assistance to eligible fire departments, non- [email protected]. Homeland Security Information Sharing – affiliated Emergency Medical Services Critical Sectors Emergency Services Sector organizations, and State Fire Training Technologies for Critical Incident portal. For access and more information, Academies. This funding is for critically Preparedness (TCIP) Conference and contact the Emergency Services Sector at needed resources to equip and train Exposition highlights DOJ, DHS, and DoD [email protected]. emergency personnel to recognized standards, technologies; Research, Development, Testing enhance operations efficiencies, foster & Evaluation investments; and training tools interoperability, and support community for the emergency responder community. It Personal and Community resilience. For additional information, see: provides a forum for emergency responders to www.fema.gov/welcome-assistance- discuss best practices and exchange Preparedness firefighters-grant-program. information and offers a unique opportunity for emergency responders; business and American Wood Council: The U.S. Fire Building a Roadmap to Resilience - A Whole industry; academia; federal and state, local, Administration (USFA) in partnership with Community Training is a 3-day course that tribal, and territorial stakeholders to network, the American Wood Council (AWC) developed helps communities build a Whole Community exchange ideas, and address common critical a web-based educational program for the fire approach to emergency management by incident technology, preparedness, response service on modern construction components teaching principles, themes, and pathways for 36

Ensuring Resilience to Disasters action, and other promising practices https://training.fema.gov/is/courseoverview.as • Food, in the form of served meals or uncovered by local leaders across the nation. px?code=is-909. groceries. Participants will develop a plan of • Lodging in a mass shelter or hotel. implementation in their own community, DisasterAssistance.gov is a secure, web portal • One month's rent or mortgage payment. receive the tools and knowledge to establish a that consolidates disaster assistance • One month's utility bill. community coalition, and learn to encourage information. If you need assistance following a • Equipment necessary to feed or shelter local leaders to augment resilience within the presidentially-declared disaster that has been people, up to a $300 limit per item. unique circumstances of their community. For designated for individual assistance, you can For more information, visit more information, see now go to www.disasterassistance.gov to http://efsp.unitedway.org. www.firstrespondertraining.gov and search register online. Local resource information to “Roadmap to Resilience”. help keep citizens safe during an emergency is FEMA Regulatory Materials The majority of also available. Currently, 17 U.S. government regulations specific to FEMA are located in Community Emergency Response Team agencies, which sponsor almost 60 forms of the Code of Federal Regulations (CFR), (CERT) helps train citizens to better prepare assistance, contribute to the portal. For volume 44 “Emergency Management and for and respond to emergency situations in website technical assistance, contact 800-745- Assistance.” FEMA’s regulations govern their communities. When emergencies 0243. specific agency programs and practice and happen, CERT members can give critical have the force and effect of law. The CFR is support to first responders, provide immediate Donations and Volunteers Information FEMA updated daily at www.ecfr.gov. You have an assistance to survivors, and organize offers information on the best way to opportunity to provide input on almost every spontaneous volunteers at a disaster site. volunteer and donate during disaster response FEMA regulation before it is finalized. CERT members can also help with non- and recovery. For more information, see Regulations.gov is a multi-agency website emergency projects that help improve the www.fema.gov/donations. serving as an online clearing house for safety of the community. There are CERT materials related to FEMA rulemakings and programs in more than 2,700 communities The Emergency Food and Shelter National is FEMA’s official on-line comment system. across the nation. For more information, visit Board Program (EFSP) was created in 1983 to The website allows the public to comment on www.ready.gov/cert or contact fema- supplement the work of local social service regulations and access rules that FEMA has [email protected]. organizations, both non-profit and published in the Federal Register as well as governmental, within the U.S. and its related documents. FEMA welcomes public Community Preparedness Training: territories, to help people in need of comments on its proposed regulatory actions. Implementing Simple Activities for Everyone emergency economic assistance. Funding is The public may comment on any posted (IS-909) is an interactive or plenary course open to all organizations helping the U.S. document with an “Open Comment Period.” designed to help organizations conduct simple hungry and homeless. This collaborative effort Not all comment periods are the same length, preparedness activities for their employees between the non-profit and public sectors has so please keep an eye on your topics of and/or staff. It includes a set of materials provided over $3.6 billion in federal funds interest. For further information and focused on areas such as local hazards, local during its 28-year history. additional resources, please go to alerts and warnings, and local community The Emergency Food and Shelter National www.fema.gov/rulemaking. response resources and protocols that can be Board Program funding is apportioned tailored based on the needs of training nationally to Local Boards where it is Fire Prevention & Safety (FP&S) grants are participants. For more information, see administered and used for: part of the Assistance to Firefighters Grant program and support projects that enhance 37

Ensuring Resilience to Disasters the safety of the public and firefighters from Preparedness Grants Guidance contained in Red Cross, and host states from across the fire and related hazards. For more the Notice of Funding Opportunity (NOFO) for country and has been held annually since information, see www.fema.gov/welcome- the Homeland Security Grant Program 2012. More details can be found at assistance-firefighters-grant-program. (HSGP), Emergency Management www.nationalmasscarestrategy.org. Performance Grant (EMPG) and Tribal Regarding First Responder Safety Research Homeland Security Grant Program (THSGP) The National Mass Care Strategy provides a and Special Studies, the U. S. Fire encourages state and tribal governments to unified approach to the delivery of mass care Administration (USFA) carries out research collaborate with private sector interests to services by establishing common goals, and specials studies to decrease injuries and address “whole community” needs relating to fostering inclusive collaborative planning, and fatalities in the first responder community, to emergency management and homeland identifying resource needs to build the develop and evaluate new technology and to security investments. The NOFOs can be national mass care capacity to engage the increase safety and efficiency during found at: www.fema.gov/grants. whole community including under-served and emergency operations. This supports USFA’s vulnerable populations. These will include mission to reduce life and economic losses due National Flood Insurance Program focuses on planning templates, case studies, resource and to fire and related emergencies through flood insurance, floodplain management and hazard specific guides. The National Mass leadership, advocacy, coordination, and flood hazard mapping. Over 22,000 Care Strategy will focus on: support. For more information, see communities across the U.S. and its territories • Sheltering (including household pets) www.usfa.fema.gov/operations/ participate in the NFIP by adopting and • Feeding enforcing floodplain management ordinances • Distribution of emergency supplies The National Fire Data Center (NFDC) to reduce future flood damage. In exchange, • Family reunification services manages a robust program of research and the NFIP makes federally-backed flood • Immediate health, emotional and spiritual special studies. Our research projects cover insurance available to homeowners, renters, health services topics supporting firefighter and emergency and business owners in these communities. • Access to information responder health and safety as well as fire For more information, see For more information, see safety of the American public. The NFDC www.floodsmart.gov; flood insurance agents, http://nationalmasscarestrategy.org/. works with relevant federal, academic and please visit www.agents.floodsmart.gov or e- both regional and national association mail [email protected] The National Fire Incident Reporting System partners to complete these studies and (NFIRS) was established in the mid-1970s and publish the reports. The National Mass Care Exercise (NMCE) is is mandated by the Federal Fire Prevention Topics include: an annual, national mass care system exercise and Control Act of 1974 (Public Law (PL) 93- • Operational Safety that focuses on testing our Nation’s ability to 498, as amended) which authorizes the • Natural Disasters and Non-Fire respond to large-scale Mass Care events. It National Fire Data Center to gather and Emergencies also focuses on establishing state-to-federal analyze information such as 1) the frequency, • Protective Equipment and Clothing coordination systems in addition to causes, spread, and extinguishment of fires; 2) • Vehicle and Roadway Safety integrating staff from key Non-Government injuries and deaths resulting from fires; 3) • Emergency Medical Services Organizations (NGOs), faith-based information on injuries sustained by a • Wellness & Fitness organizations (FBOs), the private sector and firefighter; and 4) information on firefighting For more information, see all levels of government into an effective mass activities. The act further authorizes USFA to www.usfa.fema.gov/data/statistics/reports/. care multi-agency coordination structure. develop uniform data reporting methods, and NMCE is sponsored by FEMA, the American to encourage and assist federal, state, local 38

Ensuring Resilience to Disasters and other agencies in developing and • Complete Reference Guide: enhance all aspects of emergency reporting information. NFIRS is a reporting www.usfa.fema.gov/downloads/pdf/nfirs/nf management: preparedness, protection, standard that fire departments use to irs_complete_reference_guide_2015.pdf response, recovery, and mitigation. They do so uniformly report on the full range of their • Coding Questions Guide: by engaging in activities such as information activities, from fire to Emergency Medical www.usfa.fema.gov/downloads/pdf/nfirs/nf sharing, emergency planning, emergency Services (EMS) to severe weather and natural irs_coding_questions_2016.pdf communications, and resource sharing. disasters. This reporting allows fire • NFIRSGrams: Building from the first course, IS600, IS-662 departments, as well as many other www.usfa.fema.gov/data/nfirs/support/trai describes how to establish and sustain public- government and non-government agencies, to ning.html private partnerships, as well as how to quantify their actions and identify incident Support for all NFIRS users, analysts, and communicate and share resources in a and response trends. interested individuals can be obtained by partnership. The course includes a checklist of • Over 27,000 fire departments currently contacting the NFIRS Support Center. common considerations when establishing a report over 28 million incidents. • Online: public-private partnership and a toolkit • Each year the USFA compiles publicly- www.usfa.fema.gov/data/nfirs/support/trai complete with a comprehensive list of web released incidents, collected by states ning.html resources for the public and private sectors. during the previous calendar year, into a • Email: [email protected]. For more information, see public database that we make available to • Telephone: 1-888-382-3827 https://training.fema.gov/is/courseview.aspx?c the public free of charge. Data available ode=is-662. includes: Public Private Partnerships: An Introductory o CD 1980-1998 — Fire incidents Course In December 2011, FEMA launched Ready.gov is the preparedness resource for (NFIRS version 4.1) FEMA IS-660: Introduction to Public-Private your family. Launched in February 2003, o CD 1999-2003 — All incidents Partnerships, the first web-based course on Ready is a national public service advertising o CD 2004-2017 — Fire and building public-private partnerships in (PSA) campaign designed to educate and hazardous materials incidents emergency management. Training is offered empower Americans to prepare for and o DVD 2014-2017 — All incidents through the EMI ISP and was designed in respond to emergencies including natural and Further NFIRS information may be found on collaboration with both the public and private man-made disasters. Ready and its Spanish the USFA web site: sector. It is available to anyone, but language version, Listo, ask individuals to do www.usfa.fema.gov/data/nfirs/. recommended for emergency management and three key things: 1. get an emergency supply community planners, senior-level personnel kit, 2. make a family emergency plan, and 3. NFIRS References: Guides, publications, from response agencies, representatives from be informed about the different types of support, etc. are resources that are all publicly private-sector organizations, and federal, emergencies that could occur and their available. These resources cover, in specific state, local, and tribal government agencies appropriate responses. For more information, detail, many aspects of the NFIRS standard, that may participate in collaborative see www.ready.gov. such as the elaboration of rules and continuity planning efforts. For more definitions. All of the resources listed below information, see Self-Facilitated Tabletop Exercises FEMA has are designed to assist the user in http://training.fema.gov/is/courseoverview.asp developed several tabletop exercises, complete understanding NFIRS data and its impact to x?code=is-660. with video injects and facilitator notes. These the fire department and communities served, exercises can be used as an activity at the from the local to the national level. Public Private Partnerships: An Advanced community, organization, or partnership level. Course, IS-662 Public-private partnerships 39

Ensuring Resilience to Disasters

Visit: www.fema.gov/emergency-planning- program, and the Severe Repetitive Loss USFA web site: exercises. program. For more information, see https://apps.usfa.fema.gov/registry/. www.fema.gov/hazard-mitigation-assistance. Staffing for Adequate Fire and Emergency First Responder Safety Research and Special Response (SAFER) grant program was created USFA On-Duty Firefighter Fatalities The U.S. Studies carries out research and specials to provide funding directly to fire departments Fire Administration tracks and collects studies to decrease injuries and fatalities in and volunteer firefighter interest information on the causes of on-duty the first responder community, to develop and organizations to help increase the number of firefighter fatalities that occur in the United evaluate new technology and to increase trained, "front line" firefighters available in States. We conduct an annual analysis to safety and efficiency during emergency their communities. For more information, see identify specific problems so that we may operations. This supports USFA’s mission to www.fema.gov/welcome-assistance- direct efforts toward finding solutions that reduce life and economic losses due to fire and firefighters-grant-program. will reduce firefighter fatalities in the future. related emergencies through leadership, This information is also used to measure the advocacy, coordination, and support. The Tornado Safety Initiative assesses building effectiveness of programs directed toward NFDC manages a robust program of research damages and identifies lessons learned after firefighter health and safety. Additional and special studies. Our research projects tornadoes occur; funds research on shelter information regarding On-Duty Firefighter cover topics supporting firefighter and design and construction standards; produces Fatalities may be found emergency responder health and safety as public education materials on tornado at: https://apps.usfa.fema.gov/firefighter- well as fire safety of the American public. The preparedness and response; and develops best fatalities/ NFDC works with relevant federal, academic practices and technical manuals on the design and both regional and national association and construction of safe rooms and community USFA National Fire Department Registry partners to complete these studies and shelters for engineers, architects, building provides a directory of registered fire publish the reports. To learn more about the officials, and prospective shelter owners. For departments and includes basic information NFDC’s research initiatives, visit: more information, visit such as address, department type, website, www.usfa.fema.gov/operations/. www.fema.gov/library/viewrecord.do?id=2073. number of stations, and number of personnel. The program is voluntary and Building a Roadmap to Resilience - A Whole Unified Hazard Mitigation Assistance (HMA) comprises over 27,200 registered fire Community Training. This 3-day course helps Grant Programs present a critical departments. The purpose of the registry is to communities build a Whole Community opportunity to reduce the risk to individuals create a national database for use by the fire approach to emergency management by and property from natural hazards while service and its stakeholders. The online teaching principles, themes, and pathways for simultaneously reducing reliance on Federal registry page contains a look-up feature for action, and other promising practices disaster funds. HMA programs are subject to registered fire departments, as well as a uncovered by local leaders across the nation. the availability of appropriation funding or current series of National Fire Department Participants will develop a plan of funding based on disaster recovery Registry Quick Facts that show graphics and implementation in their own community, expenditures, as well as any directive or charts for various fire department data receive the tools and knowledge to establish a restriction made with respect to such funds. elements such as number of departments community coalition, and learn to encourage HMA programs include: Hazard Mitigation registered by state and region, department local leaders to augment resilience within the Grant Program, Pre-Disaster Mitigation types, personnel, etc. Additional information unique circumstances of their community. For program, Flood Mitigation Assistance regarding the registry may be found on the more information, see program, Repetitive Flood Claims (RFC) 40

Ensuring Resilience to Disasters www.firstrespondertraining.gov and search Management Agency (FEMA) offers numerous “Roadmap to Resilience”. resources that can help, from card games and coloring books to school-based curriculum. For The primary goal of Assistance to Firefighters more information, please visit Grants (AFG) is to enhance the safety of the www.ready.gov/kids. public and firefighters with respect to fire- related hazards by providing direct financial assistance to eligible fire departments, nonaffiliated Emergency Medical Services organizations, and State Fire Training Academies. This funding is for critically needed resources to equip and train emergency personnel to recognized standards, enhance operations efficiencies, foster interoperability, and support community resilience. For additional information, see: www.fema.gov/welcome-assistance- firefighters-grant-program.

The Supply Chain Resilience Guide provides emergency managers with recommendations and best practices on how to analyze local supply chains and work with the private sector to enhance supply chain resilience using a five-phased approach. www.fema.gov/media- library/assets/documents/178701. FEMA also released two supply-chain focused PrepTalks: “Private Sector Resilience: It’s all in the Supply Chain,” www.fema.gov/preptalks/sheffi; and “Aligning Public and Private Sector Supply Chains Following Disasters”, www.fema.gov/preptalks/goentzel.

Youth Preparedness: Starting or getting involved with a youth preparedness program is a great way to enhance a community’s resilience and help develop future generations of prepared adults. The Federal Emergency 41

Preventing Terrorism and Enhancing Security

Preventing Terrorism and Enhancing Security

Protecting the American people from terrorist threats is our founding principle and our highest priority. The Department of Homeland Security's counterterrorism responsibilities focus on three goals: prevent terrorist attacks; prevent the unauthorized acquisition, importation, movement, or use of chemical, biological, radiological, and nuclear materials and capabilities within the United States; and reduce the vulnerability of critical infrastructure and key resources, essential leadership, and major events to terrorist attacks and other hazards. contraband and lists helpful information to Cargo, Airlines, Airports, General Aviation, Aviation Security include when calling. The AIRBUST poster is Insider Threat, International Aviation, and an 8.5x11” poster with the 1-866-AIRBUST (1- Security Technology. For more information, see 866-247-2878) phone number. It also lists four www.tsa.gov/for-industry/aviation-security. Air Cargo Screening Technology List-For general items of interest that can tip off a Passenger Aircraft lists the Non-Sensitive general aviation airport employee or law Air Cargo Watch Program involves all aspects of Security Information version of the enforcement official that a certain aircraft or the supply chain reporting suspicious activity. Transportation Security Administration Air pilot may be involved in illicit activity. For TSA is collaborating with industry partners to Cargo Screening Technology List-For more information, call 951-656-8000. increase security domain awareness to detect, Passenger Aircraft. The document lists the deter, and report security threats. Air Cargo equipment that can be used by air carriers, Aviation Safety & Security Program provides Watch materials include a presentation, posters indirect air carriers, independent cargo hands-on education and covers the use of and a two-page guide, to encourage increased screening facilities, and shippers in the models and tools for evaluation of security and attention to potential security threats among Certified Cargo Screening Program to screen anti-terrorism within a modular format. The several audiences. TSA encourages the display of for domestic and outbound (of the United short courses also provide training in the posters and guides in public view to better attain States) air cargo. This information contains methods of analysis. Short courses designed for its goal of maximizing security awareness along Qualified, Approved, and Waived technologies, police and fire departments help personnel the entire air cargo supply chain. For more their manufacturer, model number, and top develop safety programs that can be used in an information, see assembly part number. This information can be emergency scenario. For more information, see www.tsa.gov/stakeholders/programs-and- found at www.tsa.gov/sites/default/files/non- www.viterbi.usc.edu/aviation/. initiatives-1#air%20cargo%20watch. ssi_acstl.pdf. Aviation Security Advisory Committee (ASAC) Airport Watch/AOPA Training TSA partnered AIRBUST Program provides the general public provides advice and recommendations for with the Aircraft Owners and Pilots Association and aviation community with a forum to share improving aviation security measures to the (AOPA) to develop a nationwide Airport Watch information on suspicious small aircraft. An Administrator of the Transportation Security Program that uses the more than 650,000 pilots AIRBUST poster and pocket-sized laminated Administration. The committee was initially as eyes and ears for observing and reporting card display the phone number for reporting established in 1989 following the destruction of suspicious activity. The Airport Watch Program suspicious activity or low-flying aircraft, 1-866- Pan American World Airways Flight 103 by a includes warning signs for airports, AIRBUST (1-866-247-2878). This number rings terrorist bomb. The ASAC has traditionally informational literature, and a training video to directly to the CBP Air and Marine Operations been composed of members representing key teach pilots and airport employees how to Center (AMOC) operations floor. The two-sided constituencies affected by aviation security enhance security at their airports. For more laminated card displays drawings of single-and requirements. Subcommittees include Air information and a training video, visit twin-engine aircraft often used to transport 42

Preventing Terrorism and Enhancing Security www.aopa.org/airportwatch/. information, see more information, see www.tsa.gov/stakeholders/training-and- www.tsa.gov/stakeholders/security-programs- Airspace Authorizations and Waivers The TSA exercises-0. and-initiatives or contact [email protected]. Airspace Authorizations Office manages the review and processing of applications received General Aviation Secure Hotline serves as a General Aviation Security Guidelines are for from general aviation and Unmanned Aircraft centralized reporting system for general security enhancements at the nation's privately System (UAS) operators who request to enter aviation pilots, airport operators, and and publicly owned and operated general areas of restricted airspace around maintenance technicians wishing to report aviation (GA) landing facilities. The document Washington, D.C., major sporting events and suspicious activity at their airfield. Hotline constitutes a set of federally endorsed guidelines the Disney theme parks. Waivers are also phone number: 1-866-GA-SECUR (1-866- 427- for enhancing airport security at GA facilities processed for certain international flights and 3287). throughout the nation. It is intended to provide foreign-registered aircraft overflying or GA airport owners, operators, and users with operating within the United States. After TSA Certified Cargo Screening Program (CCSP) guidelines and recommendations that address review and manifest vetting, airspace waiver provides a mechanism by which industry may aviation security concepts, technology, and letters are prepared and transmitted to FAA achieve 100% screening of cargo on passenger enhancements. For more information, visit System Operations Security (AJR-2) for final aircraft without impeding the flow of www.tsa.gov/stakeholders/security-programs- review and approval. TSA also processes, vets commerce. Informational materials include: and-initiatives. and approves flight authorizations for Ronald one-page overview of CCSP, Certifies Cargo Reagan Washington National Airport (DCA) Screening Facilities (CCSF) and Chain of Paperless Boarding Pass Pilot enables Access Standard Security Program (DASSP) Custody Standards, a tri-fold brochure, passengers to download their boarding pass on operators who fly to and from DCA via TSA- supplemental CCSP program material with at their cell phones or personal digital assistants. screened Gateway Airports. For more a glance program overview of the program, a This approach streamlines the customer information, see www.tsa.gov/for- quick hits overview with impact of 100% experience while heightening the ability to industry/general-aviation or contact 571-227- screening, and supplemental CCSP materials. detect fraudulent boarding passes. For more 2071. For more information, see information, see http://blog.tsa.gov/2009/06/tsa- www.tsa.gov/certified-cargo-screening-program paperless-boarding-pass-pilot.html or contact Alien Flight/Flight School Training The or contact [email protected] or the TSA Contact the TSA Contact Center, 866-289-9673. Interim Final Rule, Flight Training for Aliens Center at 866-289-9673. and Other Designated Individuals and Security Private Aircraft Travel Entry Programs The Awareness Training for Flight School General Aviation Maryland Three Program Advance Information on Private Aircraft Employees, requires flight schools to ensure allows properly vetted private pilots to fly to, Arriving and Departing the United States Final that each of its flight school employees who has from, or between the three general aviation Rule requires that pilots of private aircraft direct contact with students (including flight airports closest to the National Capital Region. submit advance notice and manifest data on all instructors, ground instructors, chief These airports are collectively known as the persons traveling on board. Required instructors and administrative personnel who "Maryland Three" airports, and include College information must be submitted to CBP via an have direct contact with students) receive both Park Airport (CGS), Potomac Airfield (VKX) approved electronic data interchange system no initial and recurrent security awareness and Hyde Executive Field (W32). These later than 60 minutes prior to departure. For training. Flight schools may either choose to airports are all within the Washington, DC Air more information, please visit use TSA’s security awareness training program Defense Identification Zone and the www.cbp.gov/xp/cgov/travel/. For additional or develop their own program. For more Washington, D.C. Flight Restricted Zone. For questions or concerns, please contact CBP via e- 43

Preventing Terrorism and Enhancing Security mail at [email protected]. Vulnerability Assessments at U.S. airports. In and precursor materials. BMAP outreach Recommended General Aviation Security accordance with the National Aviation Security materials, provided by law enforcement to these Action Items for General Aviation Aircraft Policies: National Security Presidential local businesses, help employees identify HME Operators and Recommended Security Action Directive 47 (NSPD-47) / Homeland Security precursor chemicals and other critical Items for Fixed Base Operators are measures Presidential Directive 16 (HSPD-16) these are improvised explosive devices (IED) components that aircraft operators and fixed base operators just two parts of a multi-dimensional approach of concern, such as electronics, and recognize should consider when they develop, implement to detect, deter, and defeat a MANPADS threat suspicious purchasing behavior that could or revise security plans or other efforts to against civil aviation. These pieces allow TSA indicate bomb-making activity. To request enhance security. For more information, see to help implement a Domestic Outreach Plan materials or additional information, contact the www.tsa.gov/stakeholders/security-directives. with efforts to mitigate or respond effectively to DHS Office for Bombing Prevention at a MANPADS event. Personnel interested in [email protected]. Secure Flight enhances the security of domestic receiving more information or training should and international commercial air travel, while contact [email protected]. DHS Center of Excellence: Awareness & also enhancing the travel experience for Location of Explosives-Related Threats (ALERT) passengers, through the use of improved, User’s Guide on Security Seals for Domestic Led by Northeastern University, ALERT uniform watch list matching performed by TSA Cargo provides information on the types of conducts transformational research, technology, agents. Secure Flight also incorporates an security seals available for use in securing and and educational development to characterize, expedited and integrated redress process by controlling containers, doors, and equipment. detect, mitigate, and respond to explosives- referring travelers who think they have been While this guide is not intended as a precise related threats facing the country and the world. misidentified or have experienced difficulties in procedure for developing a comprehensive seal ALERT brings strength in designing advanced their air travel to the DHS Traveler Redress control program, it provides information and sensors; detecting weakly defined targets from a Inquiry Program (TRIP), a single point of procedures that will support the development standoff distance; signal processing and sensor contact for individuals who have inquiries or of a seal control program that will meet site- integration; characterizing explosives; seek resolution regarding difficulties they specific requirements. The ‘User’s Guide on understanding improvised explosive device experienced during their travel screening at Security Seals’ document can be obtained by detonator signatures; shock physics; and airports, at train stations, or crossing U.S. accessing this link: material science. For more information, see borders. Log on to the DHS Trip https://portal.navfac.navy.mil/portal/page/porta www.northeastern.edu/alert/ and (www.dhs.gov/trip) website to initiate an l/navfac/navfac_ww_pp/navfac_nfesc_pp/locks/p http://energetics.chm.uri.edu or contact inquiry. For more information, visit df_files/sealguid.pdf. [email protected]. www.tsa.gov/stakeholders/secure-flight- program or contact the TSA Contact Center, Bombing Prevention Bomb Threat Management Planning Course is a 866-289-9673. four-hour workshop which improves Bomb-making Materials Awareness Program participants’ ability to manage IED threats by TSA conducts Man-Portable Air Defense (BMAP) Developed in cooperation with the outlining specific safety precautions associated Systems (MANPADS) Outreach Programs; Federal Bureau of Investigation, BMAP is with explosive incidents and bomb threats. The such as, the Law Enforcement MANPADS designed to assist local law enforcement workshop reinforces an integrated combination Awareness Training Program specifically agencies to engage a wide spectrum of private of planning, training, exercises, and equipment designed for law enforcement/first responders sector establishments within their jurisdictions acquisition to maximize available resources. responding to a MANPADS attack on a that manufacture, distribute, or sell products Key public and private sector representatives commercial aircraft, and MANPADS that contain home-made explosives (HMEs) knowledgeable in regional efforts should attend. 44

Preventing Terrorism and Enhancing Security

This workshop is designed to accommodate 50 facility, determine additional security needs for participants. To request training, contact your Improvised Explosive Device Threat a special event or public gathering, and identify State Homeland Security Advisor; see Awareness and Detection: The Cybersecurity and apply physical and procedural protective www.dhs.gov/bombing-prevention-training- and Infrastructure Security Agency’s Office for measures to mitigate the threat of an IED or courses for more information. Bombing Prevention (OBP) and the vehicle-borne IED (VBIED). This course is Commercial Facilities Sector-Specific Agency designed for public and private sector security The Improvised Explosive Device developed the first in a series of web-based personnel at the executive, management, and Counterterrorism Workshop is a four to eight- trainings, Threat Awareness & Response for operations level. Public safety workers, hour awareness level workshop designed to Sporting Events and Public Venues, to be emergency managers, law enforcement, and enhance the knowledge of state and local law released in three 20-minute modules. The first special event security personnel can also benefit enforcement and public/private sector webinar, IED Threat Awareness and Detection, from the course. For more information, please stakeholders by providing exposure to key focuses on identifying IEDs. The training visit www.dhs.gov/cisa/office-bombing- elements of the IED threat, surveillance provides awareness-level information for staff, prevention-obp. detection methods and soft target awareness. management, and security to recognize, report, The workshop illustrates baseline awareness and react to unusual activities and threats in a Security and Resiliency Guide: Counter- and prevention actions that reduce timely manner. For more information, please Improvised Explosive Device Concepts, vulnerabilities to counter the threat along with contact CISA’s Commercial Facilities SSA at Common Goals, and Available Assistance (SRG collaborating information sharing resources to [email protected]. C-IED) is intended to help stakeholders plan improve preparedness. This designed approach and implement C-IED activities within their better enables the owners and operators of Multi-Jurisdiction Improvised Explosive Device overall public safety and emergency critical infrastructure to deter, prevent, detect, Security Plan (MJIEDSP): MJIEDSP is a management approach. They can use it to protect against, and respond to the potential planning and assessment program managed by understand the IED risk landscape in the U.S. use of explosives in the United States. This the CISA OBP, consisting of a series of tabletop and their locale, apply common IED-specific workshop is designed to accommodate 125 to exercises that integrate counter-IED capability security and resiliency goals, and leverage 250 participants. See www.dhs.gov/cisa/office- analysis, training, and planning to enhance available U.S. Government resources to build bombing-prevention-obp. IED prevention, protection, mitigation, and and sustain preparedness. The Cybersecurity response capabilities of participating and Infrastructure Security Agency’s Office for Improvised Explosive Device Search jurisdictions. MJIEDSP assists participants in Bombing Prevention has created four annexes Procedures Course: This one-day, performance- identifying roles, responsibilities, and to the SRG C-IED catered to specific groups, based course introduces participants to basic, capability gaps within a multi-jurisdictional including those in the lodging industry, outdoor low-risk search protocols and allows planning area in alignment with the National event sponsors, sports leagues and venues, and participants to practice an IED search of a Preparedness Goal for Countering IEDs. To businesses (movie theatres, convention centers, facility, an area, and a route to reduce request additional information, contact the etc.) where there is public assembly. Find the vulnerability and migrate the effects of IED CISA Office for Bombing Prevention at SRG C-IED and its annexes at attacks. This course is designed for public and [email protected]. www.dhs.gov/publication/security-and- private facility owners and operators and resiliency-guide-and-annexes. For more security staff that may be tasked with search Protective Measures Course is a one-day, information about bombing prevention, visit duties during a bomb threat incident. See performance-based course that provides www.dhs.gov/obp or contact CISA OBP at www.dhs.gov/cisa/office-bombing-prevention- participants with a basic understanding of how [email protected]. obp for more information. to identify risks and vulnerabilities to a 45

Preventing Terrorism and Enhancing Security

Surveillance Detection for Law Enforcement www.dhs.gov/cisa/chemical-facility-anti- more information, contact and Security Professionals is a three-day terrorism-standards and click on “CFATS [email protected]. course designed for law enforcement and Knowledge Center.” For more information, private sector security professionals that contact [email protected] or call the CFATS Chemical Security Analysis Center (CSAC) is provides participants with the knowledge, Help Desk at 866-323-2957. the nation’s only federal study, analysis, and skills, and abilities to detect hostile knowledge-management center for assessing the surveillance conducted against critical Chemical Facility Anti-Terrorism Standards threat and hazard associated with an accidental infrastructure. The course, consisting of five Presentations are used by CISA in discussions or intentional large-scale chemical event or lectures and three exercises, increases with the chemical industry and those chemical terrorism event in the U.S. CSAC awareness of terrorist tactics and attack interested in chemical security. If interested in provides an enduring science-based threat and history and illustrates the means and methods a live presentation about CFATS by CISA risk analysis capability with a core focus on used to detect surveillance and identify personnel, or to find more information about chemical risk and consequence modeling, suspicious behavior. This course is designed to such presentations, see analytical chemistry, chemical toxicology, accommodate 25 participants. To request www.dhs.gov/files/programs/gc_1224766914427 synthetic chemistry, and chemical informatics. additional information about this course, .shtm or contact the CFATS at [email protected] CSAC serves the broader Homeland Security contact the Cybersecurity and Infrastructure or 866-323-2957. Enterprise and stakeholders by maintaining a Security Agency Office for Bombing Prevention Technical Assistance program staffed and at [email protected]. Chemical Facility Anti-Terrorism Standards available 24/7 to provide operational support Risk-Based Performance Standards (RBPS) To and subject matter expertise, designing and Chemical Security assist high-risk chemical facilities subject to executing laboratory and field tests, and CFATS in selecting and implementing providing a comprehensive knowledge repository Chemical Facility Anti-Terrorism Standards appropriate protective measures and practices of chemical threat information that is (CFATS) Chemical Facility Security Tip Line to meet the DHS-defined RBPSs, the synthesized and continuously updated with data Individuals who would like to report a possible Cybersecurity and Infrastructure Security from scientific, intelligence, operational, and security concern involving the CFATS Agency has developed a Risk-Based private sector sources. For more information, regulation at their facility or at another facility Performance Standards Guidance document contact the CSAC at [email protected] or 410- may contact the CFATS Chemical Facility which can be found at 417-0910. Security Tip Line. For more information, see www.dhs.gov/xlibrary/assets/chemsec_cfats_ris www.dhs.gov/cisa/report-cfats-violation or kbased_performance_standards.pdf. Chemical Security Assessment Tool (CSAT) is contact 877-FYI-4-DHS (1-877-394-4347) or For more information, contact the CFATS Help an online tool developed by the Cybersecurity email [email protected]. To report a Desk at [email protected] or 866-323-2957. and Infrastructure Security Agency to potential security incident that has already streamline the facility submission and occurred, call the National Infrastructure Chemical Facility Security: Best Practice Guide subsequent DHS analysis and interpretation of Coordinating Center at 202-282-9201. for an Active Shooter Incident is a booklet that critical information used to: preliminarily draws upon best practices and findings from determine facility risk; assess high-risk facility Chemical Facility Anti-Terrorism Standards tabletop exercises to present key guidance for vulnerability; describe security measures at high Frequently Asked Questions (FAQs) assist chemical facility planning and training, and risk sites; and, ultimately track compliance with facilities in complying with the CFATS pose specific questions that an effective active the CFATS program. CSAT is a secure regulation. The FAQs are searchable and shooter response and recovery plan will information portal that includes applications categorized to further benefit the user. Visit answer. To obtain a copy of the guide or for and user guides for completing the User 46

Preventing Terrorism and Enhancing Security

Registration, Top-Screen, Security www.dhs.gov/chemicalsecuritysummit or Sector Specific Agency at Vulnerability Assessment, and Site Security contact the CISA Chemical SSA at [email protected]. Plan. For more information, see [email protected]. www.dhs.gov/files/programs/gc_1169501486197 Chemical Sector Security Awareness Guide The .shtm or contact the CFATS Help Desk at Chemical Sector Classified Briefing The purpose of this document is to assist owners and [email protected]. 866-323-2957. Chemical Sector Specific Agency sponsors a operators in their efforts to improve security at classified briefing for cleared industry their chemical facility and to provide representatives twice a year. The intelligence information on the security threat presented by Chemical Security Compliance Assistance Visit community provides briefings on both physical explosive devices and cyber vulnerabilities. For (CAV) Requests are provided by the and cyber threats, as well as other topics of more information, please contact the Cybersecurity and Infrastructure Security interest for chemical supply chain Cybersecurity and Infrastructure Security Agency upon request by Chemical Facility professionals. For more information please Agency Chemical Sector Specific Agency at Anti-Terrorism Standards (CFATS)-covered contact the Chemical SSA at [email protected]. facilities. CAVs are designed to provide in- [email protected]. depth knowledge of and assistance to comply Chemical Sector Training Resources Guide The with CFATS. For more information, see Chemical Stockpile Emergency Preparedness guide contains a list of free or low-cost training, www.dhs.gov/files/programs/gc_1247235870769 Program (CSEPP) is a partnership between web-based classes, seminars, and documents .shtm or contact [email protected]. FEMA and the U.S. Army that provides that are routinely available through one of emergency preparedness assistance and several component agencies within DHS. The Chemical Security Summit The Cybersecurity resources to communities surrounding the list was compiled to assist facility security and Infrastructure Security Agency’s Chemical Army’s chemical warfare agent stockpiles. For officers to train their employees on industry best SSA co-hosts the annual Chemical Sector more information, see practices, physical and cybersecurity awareness, Security Summit with the Chemical Sector www.fema.gov/technological-hazards/chemical- and emergency management and response. For Coordinating Council (SCC). The Summit stockpile-emergency-preparedness-program. more information, please contact the consists of workshops, presentations, and Cybersecurity and Infrastructure Security discussions covering current security Chemical Sector Industrial Control Systems Agency at [email protected]. regulations, industry best practices, and tools (ICS) Security Resource DVD The chemical for the chemical sector. Designed for industry industry, in partnership with DHS, has Chemical-Terrorism Vulnerability Information professionals throughout the chemical sector, collected a wealth of cybersecurity information (CVI) is the information protection regime there is also broad representation from the to assist owners and operators in addressing authorized by Section 550 of Public Law 109-295 chemical stakeholder community, including ICS security. The DVD contains a wide-range to protect, from inappropriate public disclosure, senior DHS officials, congressional staff, and of useful information, including: ICS training any information developed or submitted senior government officials. Topics covered at resources, existing standards, reporting pursuant to Section 550. This includes the Summits include: an overview of CFATS; guidelines, cybersecurity tabletop exercises, information that is developed and/or submitted harmonization of the various chemical and the National Cyber Security Division’s to DHS pursuant to the Chemical Facility Anti- regulations; cyber security, state and local Cyber Security Evaluation Tool. The DVD is Terrorism Standards (CFATS) regulation which issues, and transportation security. Summits available for free upon request. For more implements Section 550. See also include pre-Summit demonstrations and information or to obtain a copy of the DVD, www.dhs.gov/files/programs/gc_1181835547413. post-Summit workshops. For more details on please contact the Cybersecurity and shtm. For more information, contact the CFATS the Summit, please visit Infrastructure Security Agency Chemical Help Desk at [email protected] 866-323-2957. 47

Preventing Terrorism and Enhancing Security

[email protected]. Voluntary Chemical Assessment Tool (VCAT) Critical Infrastructure Tabletop Exercise VCAT is a secure, web-based application and Program (CITEP) Chemical Sector Tabletop Monthly Chemical Sector Suspicious Activity self-assessment tool originally designed for use Exercise (TTX) The CITEP Chemical Sector Calls The Chemical Sector Specific Agency and by the chemical industry. The tool allows owners TTX is an unclassified and adaptable exercise Oil and Natural Gas Subsector host a monthly and operators to identify their facility’s current developed to create an opportunity for public unclassified threat briefing and suspicious risk level using an all-hazards approach. VCAT and private critical infrastructure stakeholders activity reporting teleconference for chemical facilitates a cost-benefit analysis by allowing and their public safety partners to address facility owners, operators and supply-chain users to select the best combination of physical gaps, threats, issues, and concerns identified in professionals. To participate, apply for access security countermeasures and mitigation previous exercises and their after-action to the Homeland Security Information Network strategies to reduce overall risk. For more processes. The TTX allows participants an where call-in information is posted to the information, please contact the Chemical Sector opportunity to gain an understanding of issues Chemical Portal. This briefing is scheduled for Specific Agency at [email protected]. faced prior to, during, and after a terrorist the fourth Thursday of every month at threat/attack and the needed coordination with 11:00AM EDT. For more information, contact Web-Based Chemical Security Awareness other entities, both private and government, the Chemical SSA at Training Program The training program is an regarding their facility. It also contains [email protected]. interactive tool available free to chemical everything needed for a company or facility to facilities nationwide to increase security conduct a Homeland Security Exercise and Security Seminar & Exercise Series for awareness. The training is designed for all Evaluation Program (HSEEP)-compliant TTX. Chemical Industry Stakeholders This is a facility employees, not just those traditionally For more information, please contact the collaborative effort between the DHS Chemical involved in security. Upon completion, a Cybersecurity and Infrastructure Security Sector Specific Agency and industry certificate is awarded to the student. To access Agency Chemical Sector Specific Agency at stakeholders such as state chemical industry the training, please visit [email protected]. councils, state homeland security offices, https://chemicalsecuritytraining.dhs.gov/. For industry trade associations and state more information, please contact the Chemical Know Your Customer DHS and the FBI emergency management agencies. The intent of Sector Specific Agency at cooperated to create a flyer for use as a the program is to foster communication [email protected]. communication tool for chemical companies’ between facilities and their local emergency marketing, sales, purchasing and product response teams by encouraging representatives Who’s Who in Chemical Sector Security This stewardship personnel, who could encounter to share their insight, knowledge, and document describes the roles and responsibilities suspicious inquiries about poisonous chemicals experiences during a facilitated tabletop of different DHS components with relation to and gases either directly or indirectly. The flyer exercise. The exercise is catered towards the Chemical Security. For more information, or to strongly encourages chemical companies, specific interests of the organizing entity and obtain the report, please contact the Chemical suppliers, manufacturers, customers, can include a wide-variety of topics and Sector Specific Agency at distributors, and transportation service security scenarios such as an active shooter, a [email protected]. providers to continue increasing employee hostage situation, a suspicious package, or a awareness of these risks in their organization, Vehicle Borne improvised explosive device Critical Infrastructure – Multiple reviewing management practices for sensitive (VBIED). For more information or to obtain a materials, and reporting suspicious activities. list of scheduled events, please contact the Sectors For more information or to obtain a copy of the Chemical SSA at [email protected]. flyer, please contact the Chemical SSA at Critical Infrastructure Learning Series The 48

Preventing Terrorism and Enhancing Security

Learning Series allows the Cybersecurity and provides an overview of the National Agency Outreach and Programs Division at Infrastructure Security Agency to provide Infrastructure Protection Plan and critical [email protected]. information and online seminars on current infrastructure Annex to the National Response and emerging critical infrastructure topics to Framework. The module is available upon The Cutting Edge Tools Resilience Program critical infrastructure owners and operators, request in PowerPoint format with instructor Website was created under the platform of the government partners and others. Register for and participant guides and can be easily DHS Science and Technology Directorate’s High updates at www.dhs.gov/ciwebinars. integrated into existing training programs. A Performance and Integrated Design Program to Spanish version is also available. To request improve the security and resilience of our Critical Infrastructure Resource Center is an the training module, contact Nation's buildings and infrastructure. The online tool designed to build awareness and [email protected]. website has manuals, software and tools to understanding of the scope and efforts of all of better prepare buildings and infrastructure to the18 critical infrastructure sectors. Each Critical Infrastructure Sector Snapshots recover from manmade and natural disaster sector page provides the sector goals, priorities, provide a quick look at Sector Outreach and events such as explosive blasts; chemical, protective programs, and initiatives, and other Programs Division (SOPD) sectors and biological, and radiological (CBR) agents; floods; resources, as reflected in the latest Sector- generally contain sector overviews; information hurricanes; earthquakes, and fires. For more Specific Plans and sector web pages. To access on sector partnerships; information on critical information see www.dhs.gov/bips. the Resource Center: infrastructure protection issues and priority https://training.fema.gov/is/courseoverview.asp programs. For more information, see Dealing with Workplace Violence CISA has x?code=is-860.c. www.dhs.gov/xlibrary/assets/nipp_annrpt.pdf. developed the Dealing with Workplace Violence For more information, contact [email protected]. TTX that focuses on an active shooter situation DHS Center of Excellence: Critical in the workplace. The TTX is broken up into Infrastructure Resilience Institute (CIRI), led Active Shooter Security Preparedness three modules: the pre-incident phase, including by the University of Illinois Urbana- Workshop This is a one-day workshop recognizing potential warning signs of workplace Champaign, conducts research and education designed to be applicable for any sector for violence; the incident and response phase; and to enhance the resiliency of the nation's critical general awareness of how to respond to an the assessment phase. The TTX will focus infrastructures and the businesses and public active shooter incident. The workshop will discussion on how to limit escalation and reduce entities that own and operate those assets and enhance awareness of an active shooter event the threat of violent behavior; but if an incident systems. The Institute explores the by educating participants on the history of does occur, it also addresses how facilities can organizational, policy, business, and technical active shooter events, and describing common work with their employees, and public and dimensions of critical infrastructure's behavior, conditions, and situations associated private partners to ensure they are prepared and dependence on cyber assets. CIRI also with active shooters. The intent of the program able to recover from an event as quickly as examines how computer hardware and is to foster communication between critical possible. For more information, please contact software both contribute to and threaten infrastructure owners and operators and local the CISA Sector Outreach and Programs resiliency and how industry makes decisions emergency response teams by discussion of Division at [email protected]. about cyber assets which contribute to interoperability, communications, and best resilience. For more information, see practices for planning, preparedness and Enduring Security Framework (ESF) The ESF is www.ciri.illinois.edu. For more information, response during a facilitated tabletop exercise. a cross-sector working group comprised of public contact [email protected]. For more information or to obtain a list of and private sectors taking collaborative steps to scheduled events, please contact the proactively mitigate risks and strengthen Critical Infrastructure Training Module Cybersecurity and Infrastructure Security cybersecurity posture in efforts to obtain a 49

Preventing Terrorism and Enhancing Security secure and resilient cyberspace. For more largest unclassified dataset on terrorism homeland security policies and operations reflect information, visit incidents, the START consortium makes many these understandings about human behaviors. https://www.dhs.gov/publication/cipac-cs-esf- other datasets available to advance research For more information, see www.start.umd.edu or agendas# or contact [email protected]. and analysis on the topics of terrorism, [email protected]. counterterrorism, and community resiliency. FoodSHIELD is a Web-based system for For more information, see DHS YouTube Critical Infrastructure Videos A communication, coordination, community- www.start.umd.edu/gtd and number of short video webisodes are available on building, education, and training among the www.start.umd.edu/start/data_collections/ or the DHS YouTube Channel. The webisodes nation’s food and agriculture sectors. [email protected]. include Joint Operations Centers, Critical Developed by the Food Protection and Defense Infrastructure Interdependencies, Special Event Institute (FPDI), a DHS Emeritus Center of DHS Center of Excellence: Training Programs Preparedness, Critical Infrastructure Protection Excellence, FoodSHIELD enables real-time related to the Human Causes and and Reducing Vulnerabilities. DHS YouTube response and decision-making by facilitating Consequences of Terrorism are customized Channel: Resource Guide SOPD Current: 18 collaborations between public health and food training programs for professional audiences. Sept 2012 regulatory officials at the local, state, and Training modules explore such topics as global www.youtube.com/playlist?list=uupkaznwj_9piv federal levels. FoodSHIELD has registered trends in terrorist activity, impact of go0brkxu8w&feature=plcp. participation from labs and regulatory agencies counterterrorism efforts, terrorist activity in in all 50 states. As a rapidly maturing specific regions/countries, terrorist target Expert Judgment and Probability Elicitation infrastructure, more than 190 workgroups selection and weapon choice, nature of terrorist consists of methodologies and tools for elicitation actively use FoodSHIELD to plan, coordinate, organizations, and planning resilient of expert judgments and probabilities that are and develop new strategies for food defense and communities. Modules and programs can be often required in the quantification of risk and protection. More than 64,000 minutes are delivered in a range of modes, including in- decision models related to terrorist threats. This logged each month using our core webinar person seminars or mini-courses, or online is the case when data is inconclusive or there is capabilities allowing easy collaboration programs. The cost of a program varies controversy about how evidence should be amongst stakeholders and participants across dependent on the level of customization and interpreted. For more information, see the sector. Impressively, many of these the mode of delivery. For more information, see http://create.usc.edu/research/expert judgment workgroup participants represent different www.start.umd.edu or elicitation methods.pdf or contact agencies and states providing for the first-time [email protected]. [email protected]. true collaboration and coordination capabilities across federal and state boundaries. For more DHS Center of Excellence: National The Joint Counterterrorism Awareness information, please visit www.foodshield.org, Consortium for the Study of Terrorism and Workshop Series (JCTAWS) is a nationwide https://foodprotection.umn.edu/ Responses to Terrorism (START) advances initiative designed to improve the ability of local or email [email protected]. science-based knowledge about the human jurisdictions to prepare for, protect against, and causes and consequences of terrorism as a respond to complex coordinated terrorist attacks. DHS Center of Excellence: Global Terrorism leading resource for security professionals. JCTAWS, held across the country, brings Database (GTD) is an open-source database START will provide security professionals with together Federal, state, and local participants including information on terrorist events objective data and the highest quality, data- representing law enforcement, fire, emergency around the world from 1970 through 2011 driven research findings terrorism and closely medical services, communication centers, private (with additional updates planned for the related asymmetric threats, counterterrorism sector and non-governmental communities to future). In addition to the GTD, the world’s and community resiliency to ensure that address this type of threat. The workshop is 50

Preventing Terrorism and Enhancing Security designed to emphasize tactical operational funding support for target-hardening activities response, medical care under fire, hospital to nonprofit organizations that are at high risk Protective Security Advisors (PSAs) are surge and treatment for an incident more of a terrorist attack and are located within one Cybersecurity and Infrastructure Security commonly seen on the battlefield than in an of the specific UASI-eligible urban areas. It is Agency infrastructure security experts deployed urban setting. Specifically, the workshop also designed to promote coordination and across the country who serve as the link between underscores the need for a whole community collaboration in emergency preparedness state, local, tribal, territorial, and private sector response and aims to: review existing activities among public and private community organizations and DHS infrastructure protection preparedness, response and interdiction plans, representatives, state and local government resources. PSAs assist with ongoing state and policies, and procedures related to a complex agencies, and Citizen Corps Councils. For more local critical infrastructure and key resources coordinated terrorist attack; improve information, visit www.fema.gov/nonprofit- security efforts, coordinate vulnerability situational awareness and encourage security-grant-program or contact the FEMA assessments and training, support incident information sharing among all stakeholders in Centralized Scheduling and Information Desk management, and serve as a vital channel of the event of a complex coordinated terrorist at [email protected] or 1-800-368-6498. communication between private sector owners attack; and identify and share best practices and operators of critical infrastructure assets and lessons learned for tactical response and Cybersecurity and Infrastructure Security and DHS. For more information, see medical preparedness. After each JCTAWS, the Agency Critical Infrastructure Sector www.dhs.gov/cisa/protective-security-advisors. host city receives a summary report. The report Snapshots, Fact Sheets and Brochures These includes key findings from the workshop; two-page snapshots provide a quick look at Science and Technology Directorate Career addresses the city’s capability gaps and each of the eighteen sectors and generally Development Grants (CDG) Program provides potential mitigation strategies; and provides a contain sector overviews, information on sector competitive awards to support undergraduate list of resources to address the gaps. The partnerships, critical infrastructure protection and graduate students attending institutions, JCTAWS interagency planning group challenges, and priority programs. For more including the Centers for Excellence, which have (NCTC/DHS/FBI) conducts a follow-up meeting information, see made a commitment to develop Homeland with each city to determine if further guidance www.dhs.gov/files/programs/gc_1189168948944 Security-related Science, Technology, and assistance are needed. For more .shtm. Engineering, and Mathematics (HS-STEM) information, contact [email protected] or curricula and fields of study. These two [email protected]. Cybersecurity and Infrastructure Security competitive programs provide educational Agency Training Page The landing page support, internships, and employment avenues National Infrastructure Advisory Council provides links to a wide array of cross-sector to highly qualified individuals to enhance the (NIAC) provides advice to the President, and sector-specific no-cost training programs scientific leadership in areas important to DHS. through the Secretary of Homeland Security, and resources which are available to private DHS requires supported students to serve one on the security of the critical infrastructure sector partners. The web-based and classroom 10-week summer internship and one year in an sectors and their information systems. The courses provide government officials and approved HS-STEM venue. Student and scholar Council is composed of a maximum of 30 critical infrastructure owners and operators researchers perform work at more than 28 DHS- members, appointed by the President from with the knowledge and skills needed to affiliated venues including the S&T Directorate, private industry, academia, and state and local implement critical infrastructure protection national laboratories, and DHS Components government. For more information, see and resilience activities. Access the training such as the United States Coast Guard and the www.dhs.gov/niac. programs for Infrastructure Partners Page on Office of Intelligence and Analysis (I&A). For DHS.gov: www.dhs.gov/files/training/training- more information, visit Nonprofit Security Grant Program provides critical-infrastructure-partners.shtm. www.grants.gov/search/search.do?mode=VIEW& 51

Preventing Terrorism and Enhancing Security oppId=60714. Manufacturing Sector and related Commercial Facilities infrastructure. For more information, email [email protected]. Critical Manufacturing Active Threat Recognition for Retail Security Officers This 85-minute presentation discusses Cybersecurity Infrastructure Security Agency Critical Manufacturing Cybersecurity Tabletop signs of potential criminal and terrorist activity; /Transportation Security Administration Joint Exercise In partnership with Critical types of surveillance; and suspicious behavioral Exercise Program This program allows Critical Manufacturing Sector Coordinating Council indicators. To access the presentation, please Manufacturers to develop advanced tabletop members and the DHS National Cyber Security register at: exercises that determine gaps and mitigate Division (NCSD) exercise program, the Critical https://connect.hsin.gov/attrrso/event/registratio vulnerabilities in their respective Manufacturing SSA has developed a n.html. After submitting the short registration transportation supply chains within the U.S. cybersecurity tabletop exercise to highlight information to include setting a password of your and cross border (particularly Canada and potential cybersecurity vulnerabilities. This choice, you will receive an email confirmation Mexico). This is a combined program with exercise is divided into two modules focusing on with instructions for logging in to view the TSA’s Intermodal Security Training and threats to business systems and industrial material. Also includes One-page/fact sheet. For Exercise Program (ISTEP). For more control systems. This unclassified tabletop more information, please contact the CISA information, please contact CISA Critical exercise is easily deployable and can be Commercial Facilities Sector Specific Agency at Manufacturing Sector Specific Agency at administered by an organization’s IT [email protected]. personnel. For more information, please [email protected]. contact the Critical Manufacturing SSA at Commercial Facilities Sector Pandemic Planning Insider Threat Programs for the Critical [email protected]. Documents These are three informational Manufacturing Sector Implementation Guide products for use by public assembly sector The Insider Threat Programs for the Critical Critical Manufacturing Security Conference stakeholders detailing key steps and activities to Manufacturing Sector Implementation Guide The Critical Manufacturing Security take when operating during a pandemic was developed to provide guidance and Conference features various vendors and influenza situation, a process tracking and information for critical manufacturing presenters pertinent to the manufacturing status template, and a checklist of organizations to establish insider threat arena. Designed for industry professionals recommendations for H1N1 response plan programs. These programs serve to gather, throughout the sector, this event provides an development. The products were created in monitor, and assess information for insider important opportunity for Critical partnership with International Association of threat detection and mitigation strategies. Manufacturing Sector security partners to Venue Manager's Academy for Venue Safety and Insider threat programs are designed to detect, engage in meaningful dialogue and share ideas Security. For more information, please contact deter, and mitigate the risks associated with to enhance sector security. For more the CISA Commercial Facilities SSA at trusted insiders and protect the privacy of the information, contact [email protected]. [email protected]. workforce while reducing potential harm to the organization. Effective insider threat programs DHS Retail Video: "What's in Store—Ordinary deploy risk management strategies that Critical Manufacturing Partnership Road Show People/Extraordinary Events" CISA created a identify the assets or resources to be protected, This program provides Critical Manufacturing multimedia training video for retail employees of identify potential threats, determine Sector members an opportunity to participate commercial shopping venues to alert them of the vulnerabilities, assess risk, and deploy in onsite visits to various DHS locations. The signs of suspicious behavior in the workplace. countermeasures. For more information, email visits include briefings on current threats to The video is intended to both highlight [email protected]. the U.S., including to the Critical suspicious behavior, as well as encourage staff to 52

Preventing Terrorism and Enhancing Security act when suspicious behavior is identified. The owners and operators with preparing an participants the opportunity to gain an video can be viewed at Evacuation Plan and determining when and understanding of issues faced prior to, during, www.dhs.gov/video/whats-store-ordinary- how to evacuate, conduct shelter-in-place and after a terrorist threat/attack and the people-extraordinary-events. For more operations, or relocate stadium spectators and coordination with other entities, both private information, please contact the participants. For more information, contact and government, regarding a specific facility. CISA Commercial Facilities Sector Specific [email protected]. For more information, please contact the Agency at [email protected]. Cybersecurity and Infrastructure Security Hotel and Lodging Advisory Poster This poster Agency Commercial Facilities Sector Specific Partners in Prevention: Vehicle Rentals and was created for all staff throughout the U.S. Agency at [email protected]. Vehicle Ramming Video DHS CISA and TSA, Lodging Industry to increase awareness and the Federal Bureau of Investigation—in regarding: a property’s potential to be used for IS-906 Workplace Security Awareness This coordination with the Truck Renting and illicit purposes; suspicious behavior and items; online training provides guidance to individuals Leasing Association and the American Car and appropriate actions for employees to take if and organizations on how to improve security in Rental Association—have released a short they notice suspicious activity. The poster was the workplace. The course promotes workplace training video to help vehicle rental employees designed in tandem with the Commercial security practices applicable across all 18 critical identify suspicious activities and behavior by Facilities Sector Coordinating Council and the infrastructure sectors. Threat scenarios include: customers who may wish to use a rented Lodging Subsector and is available at Access & Security Control, Criminal & vehicle for nefarious purposes. The video can be www.dhs.gov/xlibrary/assets/ip_cikr_hotel_advi Suspicious Activities, Workplace Violence, and viewed at: www.fbi.gov/video- sory.pdf. For more information, please contact Cyber Threats. The training may be accessed on repository/vehicle-rentals-vehicle-ramming- the Cybersecurity and Infrastructure Security the Federal Emergency Management Agency 013019.mp4/view. For more information, please Agency Commercial Facilities Sector Specific Emergency Management Institute Web site: contact the CISA Commercial Facilities Sector Agency at [email protected]. https://training.fema.gov/is/courseoverview.aspx? Specific Agency at [email protected]. code=IS-906. For more information about Office Critical Infrastructure Tabletop Exercise of Infrastructure Protection training courses, Program for the Commercial Facilities please contact [email protected]. DHS Sports Leagues/Public Assembly Video: Retail/Lodging Subsectors and Sports “Check It! How to Check a Bag” Designed to Leagues/Public Assembly Subsectors These IS-907 Active Shooter: What You Can Do This raise the level of awareness for front line tools are unclassified, adaptable and online training provides guidance to individuals, facility employees by highlighting the immediately deployable exercises which focus including managers and employees, so that they indicators of suspicious activity, this video on information sharing which can be utilized can prepare to respond to an active shooter provides information to help employees by retail/lodging and outdoor venues/sports situation. The course is self-paced and takes properly search bags in order to protect venues leagues organizations at their facilities. In about 45 minutes to complete. This and patrons across the country. For more addition to the exercise scenario and slide comprehensive cross-sector training is information, please contact the Cybersecurity presentation, users will find adaptable appropriate for a broad audience regardless of and Infrastructure Security Agency invitational communication tools, as well as the knowledge and skill level. The training uses Commercial Facilities Sector Specific Agency at after-action report template and participant interactive scenarios and videos to illustrate how [email protected]. surveys which will assist in incorporating individuals who become involved in an active change and developing improvement plans shooter situation should react. Topics within the Evacuation Planning Guide for Stadiums This accordingly. The Retail/Lodging and Sports course include: the actions one should take when product was developed to assist stadium Leagues/Outdoor Venues CITEPs will allow confronted with an active shooter and 53

Preventing Terrorism and Enhancing Security responding law enforcement officials; how to [email protected]. training activities that result in a safe sporting recognize potential indicators of workplace event experience. For more information, please violence; the actions one should take to prevent Lodging Video: “No Reservations: Suspicious contact the Cybersecurity and Infrastructure and prepare for potential active shooter Behavior in Hotels” Designed to raise the level Security Agency Commercial Facilities Sector- incidents; how to manage an active shooter of awareness for hotel employees by Specific Agency at [email protected]. incident. This course also features interactive highlighting the indicators of suspicious knowledge reviews, a final exam, and activity, this video provides information to help Protective Measures Guide for the U.S. Lodging additional resources. A certificate is given to employees identify and report suspicious Industry Produced in collaboration with the participants who complete the entire course. activities and threats in a timely manner. For American Hotel & Lodging Association The training may be accessed on the Federal more information, contact the Cybersecurity (AH&LA), the Protective Measures Guide for the Emergency Management Agency Emergency and Infrastructure Security Agency U.S. Lodging Industry offers options for hotels to Management Institute Web site: Commercial Facilities Sector Specific Agency at consider when implementing protective https://training.fema.gov/is/courseoverview.asp [email protected]. measures. This guide provides an overview of x?code=IS-907. For more information about threat, vulnerability, and protective measures Office of Infrastructure Protection training Mountain Resorts and Outdoor Events designed to assist hotel owners and operators in courses, please contact: Protective Measures Guides These guides are a planning and managing security at their [email protected]. compilation of materials shared by industry facilities. For more information, please contact leaders which are intended for reference and the Cybersecurity and Infrastructure Security IS-912 Retail Security Awareness: guidance purposes only. They provide an Agency Commercial Facilities Sector-Specific Understanding the Hidden Hazards This overview of protective measures that can be Agency at [email protected]. online training increases awareness of persons implemented to assist owners and operators of involved in commercial retail operations of the commercial facilities in planning and managing Retail and Shopping Center Advisory Poster actions they can take to identify and report security at their facilities or at their events, as helps train retail employees on the recognition of suspicious purchases or thefts of products that well as examples of successful planning, suspicious behavior and how to report it. For could be used in terrorist or other criminal organization, coordination, communication, more information, contact the Cybersecurity and activities. The course provides an overview of operations, and training activities. For more Infrastructure Security Agency Commercial steps to identify and monitor high-risk product information, please contact the Cybersecurity Facilities Sector Specific Agency at inventories and reporting suspicious activities and Infrastructure Security Agency [email protected]. to law enforcement agencies. The course is Commercial Facilities Sector Specific Agency at designed for retail managers, loss prevention [email protected]. Public Venue Bag Search Procedures Guide specialists, risk management specialists, This guide provides suggestions for developing product managers, sales associates and others Protective Measures Guide for U.S. Sports and implementing bag search procedures at involved in retail operations. The training may Leagues This Protective Measures Guide public assembly venues hosting a variety of be accessed on the Federal Emergency provides an overview of best practices and events, which may include sporting events, Management Agency Emergency Management protective measures designed to assist sports concerts, family festivals, or other public Institute Web site: teams and owners/operators of sporting event gatherings. Venue owners, operators, and event https://training.fema.gov/is/courseoverview.asp venues with planning and managing security organizers may also choose to use additional x?code=IS-912. For more information about at their facility. The Guide provides examples resources (e.g., consult law enforcement) to Office of Infrastructure Protection training of successful planning, organization, supplement the procedures outlined in this courses, please contact: coordination, communication, operations, and guide. 54

Preventing Terrorism and Enhancing Security

management with information on those who www.dhs.gov/publication/nsie-fact-sheet or Bag search procedures are meant to control have access. Credentialing can also be used to contact [email protected]. items that are hand-carried into a venue and control and restrict vehicle movement within a may be a part of a venue’s overall security plan. venue. For more information, please contact National Security Telecommunications Advisory This document provides guidance on how to: the Cybersecurity and Infrastructure Security Committee Recommendations address national • Prepare and plan for bag search procedures Agency Commercial Facilities Sector Specific security and emergency preparedness issues in advance of an event; Agency at [email protected]. from a private sector perspective and reflect over • Deter individuals from bringing illegal, a quarter-century of private sector advice to the prohibited, or unusual items into the Threat Detection & Reaction for Retail & president and the nation. Issues include network venue; Shopping Center Staff This 20-minute convergence, network security, emergency • Interact with individuals who are having presentation is intended for Point-of-Sale staff, communications operations, resiliency and their bag(s) searched; but is applicable to all employees of a shopping emergency communications interoperability. • Conduct a bag search and identify items of center, mall, or retail facility. It uses case NSTAC recommendations can be found at interest (i.e., illegal, prohibited, or studies and best practices to explain suspicious www.dhs.gov/cisa/national-security- unusual); and behavior and items; how to reduce the telecommunications-advisory-committee. For • Respond when items of interest are vulnerability to an active shooter threat; and more information, contact [email protected]. discovered during a bag search. the appropriate actions to take if employees The bag search procedures outlined in this notice suspicious activity. The presentation can Dams Security document are for guidance purposes only; they be viewed on the Homeland Security are not required under any regulation or Information Network – Critical Sectors Active and Passive Vehicle Barriers Guide legislation. In addition, due to the wide Commercial Facilities portal at (Dams Sector) provides owners/operators with variation in the types, sizes, and locations of https://connect.hsin.gov/p21849699/. For more information on a variety of active and passive public assembly venues and the types of events information, contact the Commercial Facilities vehicle barriers, and properly designing and held in these venues, not all suggested Sector Specific Agency at [email protected]. selecting vehicle barrier systems. For more procedures will be relevant or applicable. The information, please contact the CISA Dams guide is available here: Communications Sector Sector Specific Agency at [email protected]. www.dhs.gov/sites/default/files/publications/pu blic_venue_bag_search_procedures_guide_3jun Network Security Information Exchange The Consequence-Based Top Screen (CTS) Fact 2019_v2_final_508.pdf. For more information, (NSIE) The National Security Sheet provides information pertaining to the contact the Cybers1ecurity and Infrastructure Telecommunications Advisory Committee CTS methodology, including how it was Security Agency Commercial Facilities Sector recommended the establishment of an developed, its primary purpose, and the Web- Specific Agency at [email protected]. Industry- partnership to reduce the based tool with which it is implemented. For vulnerability of the Nations’ more information, see Sports Venue Credentialing Guide This guide telecommunications systems to electronic www.dhs.gov/files/programs/gc_1260541882284. provides suggestions for developing and intrusion. The NSTAC formed separate shtm or contact the CISA Dams Sector Specific implementing credentialing procedures at government and industry NSIEs to share ideas Agency at [email protected]. sporting event venues that host professional on technologies and techniques for addressing sporting events. The purpose for establishing a and mitigating the risks to the public network Dams and Energy Sector Interdependency Study credentialing program is to control and restrict and its supporting infrastructures. For more focuses on the importance of hydroelectric power access to a sports venue and provide venue information, visit generation and the major risk factors that affect 55

Preventing Terrorism and Enhancing Security the ability of hydropower facilities to produce cyber event, whether caused by an external activities that may potentially be associated the electricity they need at the right time. For adversary, an insider threat, or inadequate with pre-incident surveillance, and those more information, please contact the policies and procedures, can initiate a loss of activities related to the exploration or targeting Cybersecurity and Infrastructure Security system control resulting in negative of a specific critical infrastructure facility or Agency Dams Sector Specific Agency at consequences. This roadmap recognizes this system. For more information, please contact the [email protected]. interconnectivity but restricts its scope by Cybersecurity and Infrastructure Security addressing the cyber issues of control systems. Agency Dams Sector Specific Agency at Dams Sector Consequence-Based Top Screen It highlights recommended strategies to [email protected]. Reference Guide provides information on the address sector challenges, specifies mitigation CTS methodology, how it was developed, its requirements, and lists long-term research and Dams Sector Tabletop Exercise Toolbox (DSTET) primary purpose, and the web-based tool with development needs regarding control system provides dam owners and operators with which it is implemented. For more information, security. For more information, please contact exercise planning resources to address sector- please contact the Cybersecurity and the Cybersecurity and Infrastructure Security specific threats, issues, and concerns related to Infrastructure Security Agency Dams Sector Agency Dams Sector Specific Agency at the protection of dams. DSTET allows exercise Specific Agency at [email protected]. [email protected]. participants to address key issues through a series of facilitated discussions. The intent of the Dams Sector Crisis Management Handbook The Surveillance and Suspicious Activity toolbox is to enhance effective information provides an introduction to crisis management Indicators Guide for Dams and Levees provides sharing and coordination between owners and measures for dam owners. It explains how such members of the Dams Sector with the operators, first responders, and relevant measures are an important component of an capability to report and retrieve information stakeholders during various threat and incident overall risk management program. In addition, pertaining to suspicious activities that may phases as detailed in the corresponding it describes major components of crisis potentially be associated with pre-incident scenarios. For more information, please contact management and provides a template and surveillance, activities exploring or targeting a the Cybersecurity and Infrastructure Security guidelines that might be useful in developing critical infrastructure facility or system, or any Agency Dams Sector Specific Agency at these components for other dams. For more possible violation of law or regulation that [email protected]. information, please contact the Cybersecurity could compromise the facility or system in a and Infrastructure Security Agency Dams manner that could cause an incident Dams Sector Waterside Barriers Guide was Sector Specific Agency at [email protected]. jeopardizing life or property. For more developed to assist dam owners and operators in information, please contact the Cybersecurity understanding the possible need for waterside Roadmap to Secure Control Systems in the and Infrastructure Security Agency Dams barriers as part of their overall security plan. It Dams Sector describes a plan or roadmap and Sector Specific Agency at [email protected]. provides owners, operators, and security strategic vision for voluntarily improving the personnel with a very cursory level of cybersecurity posture of control systems within Dams Sector Suspicious Activity Reporting information on barriers and their use, the Dams Sector. Designing, operating, and Fact Sheet provides information regarding the maintenance, and effectiveness—elements that maintaining a facility to meet essential online Suspicious Activity Reporting tool must be carefully considered when selecting reliability, safety, and security needs requires within the Homeland Security Information waterside barriers. For more information, please careful evaluation and analysis of physical, Network – Critical Infrastructure Dams Portal contact the Cybersecurity and Infrastructure cyber, and human risk factors. The interaction that was established to provide sector Security Agency Dams Sector Specific Agency at of both internal and external process and stakeholders with the capability to report and [email protected]. business systems must also be considered. A retrieve information pertaining to suspicious 56

Preventing Terrorism and Enhancing Security

Dams Sector Web-Based Training Courses Fact Overview This online training course addresses Sheet provides a brief description and access crisis management activities as an important Dams Sector Suspicious Activity Reporting Fact information for the various web-based training component of an overall risk management Sheet provides information regarding the online tools developed by the Dams Sector. For more program, and provides dam and levee Suspicious Activity Reporting tool within the information, contact the Cybersecurity and stakeholders with recommendations to assist in Homeland Security Information Network – Infrastructure Security Agency Dams Sector the development of various plans focused on Critical Infrastructure Dams Portal that was Specific Agency at [email protected]. enhancing preparedness, protection, recovery, established to provide sector stakeholders with and resilience capabilities. The training course the capability to report and retrieve information Emergency Preparedness Guidelines for describes the purpose and basic elements of pertaining to suspicious activities that may Levees: A Guide for Owners and Operators emergency action plans, recovery plans, and potentially be associated with pre-incident assists public and private stakeholders that continuity plans; and addresses the basic surveillance, and those activities related to the have responsibilities as owners or operators in elements of an effective exercise program. For exploration or targeting of a specific critical managing levees, floodwalls, pumping stations, more information, please contact the infrastructure facility or system. For more and any other components of flood risk Cybersecurity and Infrastructure Security information, contact the Cybersecurity and management systems. For more information, Agency Dams Sector Specific Agency at Infrastructure Security Agency Dams Sector please contact the Dams Sector Specific Agency [email protected]. Specific Agency at [email protected]. at [email protected]. Dams Sector Personnel Screening Guide for Suspicious Activity Reporting Tool is a Dams Sector Estimating Economic Owners and Operators provides information standardized means by which critical Consequences for Dam Failure Scenarios that assists owners/operators in developing and infrastructure stakeholders can report provides information describing the economic implementing personnel screening protocols suspicious or unusual activities to the consequence estimation approaches most appropriate for their facilities. An effective government via sector portals on the Homeland commonly used in the U.S., and discusses their screening protocol for potential employees and Security Information Network-Critical advantages and limitations. For more contractor support can contribute to enhanced Infrastructure(HSIN-CI). The Nationwide information, please contact the Cybersecurity facility security by ensuring that Suspicious Activity Reporting (SAR) Initiative and Infrastructure Security Agency Dams untrustworthy individuals do not gain (NSI) is a joint collaborative effort by the U.S. Sector Specific Agency at [email protected]. employment or access to sensitive facilities or Department of Homeland Security, the Federal information. For more information, please Bureau of Investigation, and state, local, tribal, contact Cybersecurity and Infrastructure and territorial law enforcement partners. This Dams Sector Estimating Loss of Life for Dam Security Agency Dams Sector Specific Agency initiative provides law enforcement with another Failure Scenarios provides information at [email protected]. tool to help prevent terrorism and other related describing the loss of life estimation criminal activity by establishing a national approaches most commonly used in the U.S. Physical Security Measures for Levees capacity for gathering, documenting, processing, and Canada, and discusses their advantages Brochure provides information on physical analyzing, and sharing SAR information. For and limitations. For more information, please security measures that a levee owner could more information visit https://www.dhs.gov/nsi. contact the Cybersecurity and Infrastructure employ and the factors affecting the selection of Security Agency Dams Sector Specific Agency those measures. For more information please Security and Protection of Dams and Levees at [email protected]. contact the Cybersecurity and Infrastructure Workshop (L260) provides dam owners and Security Agency Dams Sector Specific Agency operators, emergency managers, and other IS-870 Dams Sector: Crisis Management at [email protected]. relevant stakeholders with information on the 57

Preventing Terrorism and Enhancing Security fundamental aspects of security and protection support systems and emergency management for dams, levees, and related facilities. For Dams Sector Cybersecurity Framework tools for animal disease threats, animal more information, contact the Cybersecurity Implementation Guidance enables an agriculture systems analyses, and education and and Infrastructure Security Agency Dams organization-regardless of its size, degree of training for the current and future homeland Sector Specific Agency at [email protected]. risk, or cybersecurity sophistication-to apply security workforce. For more information see, the principles and effective practices of cyber iiad.tamu.edu for IIAD and ceezad.org for Dams Sector Security Guidelines consolidate risk management to improve the security and CEEZAD, or contact effective industry security practices into a resilience of its critical infrastructure. For more [email protected]. framework to help owners and operators select information, contact the Cybersecurity and and implement security activities and Infrastructure Security Agency Dams Sector DHS Emeritus Center of Excellence: Food measures that reduce risk; improve the Specific Agency at [email protected]. Protection and Defense Institute (FPDI), led by protection of personnel, public health, and the University of Minnesota, is a public safety; and reinforce public confidence. Dams Sector Cybersecurity Program Guidance multidisciplinary, action-oriented research For more information, contact the Dams Sector outlines various strategies and methods to consortium united to help make the nation's food Specific Agency at [email protected]. develop or improve a basic cybersecurity system less vulnerable to a biological or chemical program, enabling dam owners and operators attack. Through research and education, FPDI Dams Sector Cybersecurity Capability to select cybersecurity activities and measures looks to safeguard the food system Maturity Model (C2M2) aims to advance the appropriate to their cyber assets and risk comprehensively, from farm to table, to reduce practice of cybersecurity risk management profiles. For more information, contact the the potential for contamination at any point across the Dams Sector by providing all Dams Cybersecurity and Infrastructure Security along the food supply chain and a catastrophic Sector organizations, regardless of size or type, Agency Dams Sector Specific Agency at attack on public health and the economy. For with a flexible tool to help them evaluate, [email protected]. more information, see prioritize, and improve their cybersecurity http://foodprotection.umn.edu/ or contact capabilities. For more information, contact the Food Safety and Influenza [email protected]. Cybersecurity and Infrastructure Security Agency Dams Sector Specific Agency at DHS Emeritus Center of Excellence: Center for Planning for 2009 H1N1 Influenza: A [email protected]. Zoonotic and Animal Disease Defense (ZADD), Preparedness Guide for Small Business DHS, a co-led Center of Excellence between the the Centers for Disease Control (CDC), and the Dams Sector Cybersecurity Capability Institute of Infectious Animal Diseases (IIAD) Small Business Administration developed this Maturity Model (C2M2) Implementation Guide at Texas A&M University and the Center of guide to help small businesses understand what is a supplement to the C2M2. The guidance Excellence for Emerging and Zoonotic Animal impact a new influenza virus, like the 2009 provided in this publication is intended to Diseases (CEEZAD) at Kansas State H1N1 flu, might have on their operations, and address the implementation and management University. The DHS Emeritus Center the importance of a written plan for guiding of cybersecurity practices associated with develops innovative solutions and fosters businesses through a possible pandemic. For information technology and operations collaborations to protect the nation’s more information, see technology assets and the environments in agriculture and public health sectors against www.flu.gov/professional/business/smallbiz.html which they operate. For more information, high-consequence foreign animal, emerging, , or contact [email protected]. contact the Cybersecurity and Infrastructure and zoonotic disease threats. The research and Security Agency Dams Sector Specific Agency education capabilities include, next-generation Sector-Specific Pandemic Influenza Guides The at [email protected]. vaccine candidate development, decision Cybersecurity and Infrastructure Security 58

Preventing Terrorism and Enhancing Security

Agency developed sector-specific guides for the hazardous materials transportation process. pandemic influenza for the Chemical, Hazmat Motor Carrier Security Self- RMSEF is a tool for all parties (regulators, Commercial Facilities, Dams, Emergency Assessment Training Program addresses the shippers, carriers, emergency response Services, and Nuclear Sectors. For more requirements contained in 49 Code of Federal personnel, etc.) to look at their operations and information, please contact the Sector Regulations, Part 172.802, which requires consider how they assess and manage risk. For Outreach and Programs Division at motor carriers that transport placarded more information, see [email protected]. amounts of hazardous materials to develop a www.phmsa.dot.gov/hazmat/risk/rmsef or plan that adequately addresses security risks contact [email protected]. related to the transportation of hazardous Hazardous Materials materials. Training materials can be found at Infrastructure Security and www.tsa.gov/stakeholders/trucking-hazmat. Transportation Security Contact TSA Highway and Motor Carrier Resilience Assessment Division at [email protected]. Comprehensive Security Assessments and Federal Motor Carrier Safety Administration: Action Items encompass activities and measures Guide to Developing an Effective Security Plan Hazmat Trucking Guidance: Highway that are critical to an effective security program. for the Highway Transportation of Hazardous Security-Sensitive Materials (HSSM) Security The 17 Action Items cover a range of areas Materials is a tool that motor carriers Action Items (SAIs) provide security measures including security program management and transporting hazardous materials can use in for implementation by motor carriers accountability, security and emergency response developing a security plan as required by the transporting Tier 1 HSSM and Tier 2 HSSM. training, drills and exercises, public awareness, U.S. Department of Transportation in their The security practices are voluntary to allow protective measures for the National Terrorism HM-232 rulemaking [1]. It is designed to highway motor carriers to adopt measures best Alert System threat levels, physical security, provide motor carriers with (a) sufficient suited to their circumstances. For more personnel security, and information sharing and background to understand the nature of the information, see security. The TSA Transportation Security threats against hazardous materials http://www.tsa.gov/stakeholders/trucking- Inspectors-Surface conduct security assessments transportation; (b) the means to identify the hazmat or contact [email protected]. under the Baseline Assessment for Security vulnerabilities to those threats; and (c) an Enhancement (BASE) program that evaluate the approach to address the vulnerabilities. For Hazardous Materials Endorsement Threat posture of mass transit and passenger rail more information, see Assessment Program The Hazardous Materials agencies in the Action Items in a comprehensive www.tsa.gov/stakeholders/documents-and- Endorsement Threat Assessment Program and systematic approach to elevate baseline reports-0. Contact the TSA Highway and Motor conducts a threat assessment for any driver security posture and enhance security program Carrier offices at [email protected]. seeking to obtain, renew and transfer a management and implementation. The results of hazardous materials endorsement on a state- the security assessments inform development of Hazmat Motor Carrier Security Action Item issued commercial driver’s license. For more risk mitigation programs and resource Training (SAIT) Program addresses the TSA information, visit www.tsa.gov/for- allocations, most notably security grants. For recommended security actions that were industry/hazmat-endorsement more information, visit developed for the hazmat transportation www.tsa.gov/stakeholders/advancing-security- industry. For more information, see Pipeline and Hazardous Materials Safety baseline or contact [email protected]. www.tsa.gov/stakeholders/trucking-hazmat or Administration: Risk Management Self- contact TSA Highway and Motor Carrier Evaluation Framework (RMSEF) provides a The Risk Management Process: An Interagency Division at [email protected]. basic framework for managing risk as part of Security Committee Standard This standard 59

Preventing Terrorism and Enhancing Security defines the criteria and processes that those The Infrastructure Survey Tool (IST) is a [email protected]. responsible for a facility's security should use voluntary, web-based security survey in determining its security level. This standard conducted by PSAs in coordination with facility Critical Infrastructure Tabletop Exercise provides an integrated, single source of owners and operators after an Assist Visit to Program, formerly known as Sector-Specific physical security countermeasures and identify and document the overall security and Tabletop Exercise Program (SSTEP), is designed guidance on countermeasure customization for resilience of the facility. The security survey is to assist critical infrastructure owners and all non-military federal facilities. For more conducted to: identify facilities’ physical operators in developing their own tabletop information, please see security, security forces, security management, exercises to meet the specific needs of their www.dhs.gov/files/committees/gc_11949782680 information sharing, protective measures, and facilities and stakeholders. The CITEP allows 31.shtm. dependencies related to preparedness, users to leverage pre-built exercise templates mitigation, response, resilience, and recovery; and vetted scenarios to build tabletop exercises Assist Visits are conducted by PSAs in identify security gaps; create facility protective to assess, develop, and update information collaboration with critical infrastructure and resilience measures indices that can be sharing processes, emergency plans, programs, owners and operators to assess overall facility compared to similar facilities; and track policies, and procedures. This program provides security and increase security awareness. progress toward improving critical exercise planners with tools, scenarios, question Assist Visits are augmented by either the infrastructure security. If you would like to sets, and guidance in developing an interactive Security Assessment on First Entry (SAFE) or learn more about ISTs, please contact discussion-based exercise for their communities the Infrastructure Survey Tool (IST). The [email protected]. of interest (COI). Each CITEP template can be SAFE tool is designed to assess the current customized and further developed to exercise security posture and identify options for facility Regional Resiliency Assessment Program and evaluate specific areas of concern for critical owners and operators to mitigate relevant (RRAP) is a cooperative assessment of specific infrastructure owners and operators. The CITEP threats. It is not intended to be an in-depth critical infrastructure within a designated fosters effective partnership building through security assessment. A SAFE may be the first geographic area and a regional analysis of the the development of improved information step toward an effective security program. It is surrounding infrastructure that address a sharing and collaboration. In addition, the generally intended for facilities that have little range of infrastructure resilience issues that CITEP enables the development of after-action or no security measures or planning in place. could have regionally and nationally significant reports that support mitigating risks while The IST is a web-based tool that provides the consequences. These voluntary, non-regulatory increasing the resilience of critical ability to collect, process, and analyze Assist RRAP projects are led by the Infrastructure infrastructure. Currently there are over 50 Visit survey data in real time. Data collected Security Division, within the Department of scenarios, both natural hazards and human during an Assist Visit is consolidated in the Homeland Security’s Cybersecurity and threats, that users can modify to meet their IST and then weighted and valued, which Infrastructure Security Agency and are organization’s needs. For more information, enables DHS to develop metrics, conduct selected each year by the Department with please contact the Infrastructure Stakeholder sector-by-sector and cross-sector vulnerability input and guidance from federal, state, and Security and Exercise Program at comparisons, identify security gaps and trends local partners. The goal of the RRAP is to [email protected]. across critical infrastructure sectors and sub- generate greater understanding and action sectors, and establish sector baseline security among public and private sector partners to Infrastructure Stakeholder Security Exercise survey scores. Private sector owners and improve the resilience of a region’s critical Program Well-designed and well-executed operators interested in an Assist Visit should infrastructure. Private sector owners and exercises are the most effective means of contact [email protected]. operators interested in receiving more assessing and validating policies, plans, information on the RRAP should contact procedures, training, equipment, assumptions, 60

Preventing Terrorism and Enhancing Security and inter-organizational agreements. IEDs, how to respond to suspicious objects and Exercises are vital for clarifying roles and how to work with responding agencies in the Highway and Motor Carrier Awareness Posters responsibilities, as well as improving event an IED is discovered or detonated on include Motor coach Awareness Posters for coordination and communication. As well as company property. The DVD incorporates terminals: “Watch for Suspicious Items” and identifying gaps in resources, exercises will interactive quizzes that can be used by pipeline “Watch for Suspicious Behaviors” for terminals measure performance and identify companies to test employees’ knowledge at the as well as a School Transportation Employee opportunities for improvement, increasing the end of each module. For more information, Awareness poster. For more information, see ability for critical infrastructure stakeholders contact [email protected]. www.tsa.gov/stakeholders/trucking-hazmat or to mitigate, respond to, and recover from contact [email protected]. threat-based incidents. The Infrastructure DHS Center of Excellence: National Stakeholder Security Exercise Program Transportation Security Center of Excellence Highway Information Sharing and Analysis (ISSEP) exercise team designs, develops, and (NTSCOE) is comprised of seven institutions: Center (ISAC) The TSA Trucking Security executes both discussion-based and operations- University of Connecticut, Tougaloo College, Program funds the First Observer ™ domain based exercises on behalf of Infrastructure Texas Southern University, Rutgers - The awareness program as well as a Call-Center and Security Division critical infrastructure State University of New Jersey, Long Island ISAC. The Highway ISAC creates products and community partners throughout the nation. University, University of Arkansas, and San bulletins and emails them to a distribution list The ISSEP exercise team conducts exercises to José State University. The NTSCOE addresses from TSA Highway and Motor Carrier and the support preparedness and resilience priorities all aspects of transportation security including First Observer program. For more information, specifically related to critical infrastructure identification of existing and emerging threats, contact www.firstobserver.com. and soft targets and assists stakeholders in development of new technologies for resilient identifying opportunities to tailor their infrastructure, establishment of national Homeland Security Information Network information sharing, response and recovery transportation security policies, training of (HSIN) - Highway and Motor Carrier Portal is procedures into decisive and actionable plans transportation professionals, and development part of the Critical Sector section of the HSIN through the after-action reporting process. For of undergraduate and graduate education to system (HSIN-CS). Membership to the portal is more information please contact the build and maintain a quality transportation provided once vetted by portal administrators. Cybersecurity and Infrastructure Security security workforce of the future. For more For more information, contact Agency Infrastructure Stakeholder Security information, see www.crti.uconn.edu/ or [email protected] or call 866-430-0162. and Exercise Program at [email protected]. contact [email protected]. Intermodal Security Training and Exercise Land Transportation and First Observer ™ Training TSA provides Program (I-STEP) supports TSA’s Office of funding for the First Observer ™ program Security Policy and Industry Engagement Pipeline under the Trucking Security Program grant. (OSPIE) Modal Security Managers with The First Observer ™ website has online exercises and training. The program is designed Countering Improvised Explosive Devices training modules for trucking, school buses, to support all transportation security partners Training for Pipeline Employees is a DVD- law enforcement, cargo, hazmat, highway with security objectives and training that has based training program to familiarize pipeline workers, among others. You can log on to the clear and consistent performance measures. For company employees and contractors with the website for training at: more information, see www.tsa.gov/i-step or threat posed by IEDs. This DVD employs four www.firstobserver.com/training/home.php or contact [email protected] 571-227-5150. modules that familiarize viewers with the contact [email protected] or 888- threat posed by IEDs, how to spot potential 217-5902. Laminated Security Awareness Driver Tip Card 61

Preventing Terrorism and Enhancing Security contains the following topics: bus operator heightening pipeline employee awareness of Drivers Association (OOIDA) members, school alerts; hijacking; evacuating the vehicle; suspicious activity and their importance in transportation industry personnel, tank truck awareness and what to look for; and possible keeping our Nation's pipeline system secure. To carrier employees, and truck rental company chemical/biological weapons. For more further enhance the information contained in employees. You can access the guides by clicking information, see the pipeline security awareness training CD, on “Documents and Reports” on the main www.tsa.gov/stakeholders/documents-and- TSA produced the brochures “Pipeline Security Highway and Motor Carrier page at reports-0 or contact [email protected]. Awareness for Employees” and “Good www.tsa.gov/highway. For more information, Neighbors! A Pipeline Security Neighborhood contact [email protected]. On the Tracks Rail Sabotage Awareness and Watch.” The CD and brochures may be Reporting (DVD & Poster) Training to provide requested on the TSA Pipeline Security website School Transportation Security Awareness those responsible for the safety and security of at www.tsa.gov/stakeholders/training-and- (STSA) training provides school bus drivers, our rail system with information on the nature exercises. For more information contact the school administrators, and staff members with of rail sabotage threats and the necessary steps Pipeline Security Division at information that will enable them to effectively to take in safeguarding against its [email protected]. identify and report perceived security threats, as execution. The video addresses where to look well as the skills to appropriately react and for potential sabotage threats, the categories of Protecting Pipeline Infrastructure: The Law respond to a security incident should it occur. threats to be on alert for, and the steps to take Enforcement Role is a DVD intended to For more information, see in reporting objects or activities that appear enhance the law enforcement community’s www.tsa.gov/stakeholders/school-transportation- out of the ordinary. This information reinforces understanding of pipeline systems and their security-awareness or contact the important role of front-line employees, who security issues. The DVD provides a basic [email protected]. have firsthand knowledge and experience understanding of how pipeline systems working in the field every day, in helping to function, the principle products they transport, Transportation Sector Network Management deter a terrorist attack on the rail system. For and includes a discussion of the threats and Highway and Motor Carrier Division Annual more information, contact vulnerabilities to pipelines. The primary Report TSA Highway and Motor Carrier [email protected]. audience for this DVD is local, state, and Division publishes an annual report and posts federal law enforcement, federal security the document on the following website Operation Secure Transport (OST) is security partners, and others involved with www.tsa.gov/sites/default/files/assets/pdf/interm awareness training for the over-the-road bus infrastructure security. Viewers should come odal/hwmc_annual_report_2006.pdf. industry. The training program will be away with a better understanding of the typical available on CD and online. The training measures taken to protect pipelines and actions TSA Counterterrorism Guides are designed for modules will be broken down into the following they can take to assist pipeline operators highway transportation security partners in the categories: driver; maintenance; terminal during times of heightened security alert. For trucking, highway infrastructure, motor coach, employees; management; and crisis response. more information and to request a copy, see and school transportation industries. These For more information, see www.tsa.gov/stakeholders/pipeline-security. guides are small flip-charts containing the www.tsa.gov/stakeholders/motorcoach or following topics: pre-incident indicators; targets; contact [email protected]. Safeguarding America’s Transportation System threats to highway; insider threat; cloned Security Guides are available for highway vehicle; hijacking prevention; suspicious Pipeline Security Awareness for the Pipeline passenger security motor coach personnel, packages; information on explosive devices; Industry Employee Training CD and Brochures private and contract carrier company prevention/mitigation; security planning; are a security awareness trainings centered on employees, Owner-Operator Independent security inspection checklist; security exercises; 62

Preventing Terrorism and Enhancing Security chemical, biological, nuclear, and radiological July 2003, for the following purposes: 1) These interagency, multi-jurisdictional exercises incidents; and federal, state and local POCs. identify critical port infrastructure and encourage important interaction among You can contact TSA HMC to order a copy, operations; 2) identify risks, threats, maritime stakeholders, including AMSCs, and pending available inventory at vulnerabilities and consequences; 3) develop enable effective cooperation and preparation for [email protected]. and implement strategies to mitigate risks; 4) maritime security contingencies. AMSTEP develop and implement a process for exercises help stakeholders maintain and Maritime Security continuously evaluating port security; and, 5) evaluate their ability to implement the jointly advise and assist the USCG Captain of the Port developed AMSPs. Stakeholders include federal (in the role of Federal Maritime Security agencies, state, local, territorial and tribal America’s Waterways Watch is a combined Coordinator) in developing, reviewing and governments, and private sector partners, and effort of the U.S. Coast Guard and its Reserve updating the local Area Maritime Security may include facility and vessel security and Auxiliary components to enlist the active Plan. For more information, see personnel. For more information, see participation of those who live, work or play www.uscg.mil/hq/cg5/cg544/amsc.asp, https://homeport.uscg.mil/mycg/portal/ep/home.d around America's waterfront areas. For more www.law.cornell.edu/cfr/text/33/103.305, or o. information, see http://aww.aww- https://homeport.uscg.mil/mycg/portal/ep/home. sp.com/americas_waterway_watch/home.html do. The U.S. Coast Guard Journal of Safety at Sea is or contact [email protected] 877-24WATCH (877- the voice of the U.S. Coast Guard Marine Safety 249-2824). Area Maritime Security Plans (AMSPs) are and Security Council and is published quarterly coordination and communication plans that with over 30,000 copies mailed out for each Area Committees and Area Contingency Plans align all levels of government (federal, state, issue. The audience includes a large segment of (ACPs) improve coordination between federal, tribal, territorial, and local) and private the private maritime industry population, state and local authorities and industry, and to industry port partners to prevent, protect including retired officers, fishing vessel captains, strengthen on-scene response to the discharge against, respond to, and initial recovery from a river pilots, ocean scientists, marine engineers, of oil and hazardous materials. Each USCG transportation security incident. The 43 tug/tow boat operators, shipping executives, Sector Commander has a port homepage on the AMSPs cover each of the Nation’s Captain of insurance operators, and maritime lawyers. USCG Homeport website; interested the Port Zones. Facilities and ports must Issues of Proceedings are available to the public prospective partners should check their implement security measures as outlined in at www.uscg.mil/proceedings. respective port page on Homeport for contact their approved security plans. The Maritime information. Many Harbor Safety Committees Security (MARSEC) Level (of which there are DHS Center of Excellence: Arctic Domain (HSC) also have their own state or locally- three) is set by the Commandant of the U.S. Awareness Center (ADAC) led by the University sponsored websites, maintained separately Coast Guard to reflect the prevailing threat of Alaska – Anchorage, develops and transitions from USCG Homeport. All U.S. critical ports environment to marine elements of the technology solutions, innovative products, and have Area Committees and Area Contingency national transportation system. For more educational programs to improve situational Plans. See the Area Maritime Security information, see awareness and crisis response capabilities Committees (AMSC), Area Committee and https://homeport.uscg.mil/mycg/portal/ep/home. related to emerging maritime challenges posed HSC postings at do. by the dynamic Arctic environment. For more https://homeport.uscg.mil/mycg/portal/ep/home. information, see do. AMSPs are exercised annually through the http://arcticdomainawarenesscenter.org/ or U.S. Coast Guard’s Area Maritime Security contact [email protected]. Area Maritime Security Committees (AMSCs) Training and Exercise Program (AMSTEP). were established under Title 33 CFR Part 103, 63

Preventing Terrorism and Enhancing Security

DHS Center of Excellence: Coastal Resilience security impact on risk, and developing environmental, facilities, incident management Center (CRC), led by the University of North management strategies to reduce risk. IRAM is and preparedness, investigations (maritime Carolina at Chapel Hill in partnership with managed by the MSRAM program manager. casualties and incidents), International Port Jackson State University in Mississippi, For more information, contact Security Program, marine safety, maritime conducts research and education to enhance [email protected]. domain awareness and information sharing, the nation’s ability to safeguard people, maritime security, and waterways, infrastructure, and economies from Harbor Safety Committees, or similar bodies, regulations/administrative adjudications, vessel catastrophic coastal natural disasters such as are a cooperative means to inform mariners standards, counter-piracy, Port Security floods and hurricanes. Resources include the about vessel traffic hazards and to reduce the Advisors, Maritime Transportation Security Act ADCIRC Prediction System for storm surge risk of navigation incidents. They may be (MTSA), Marine Safety Center, Mariner and coastal flooding and the Plan Integration established by local agreements, chartered by Credential Verification, and Mariner Credential for Resilience Scorecard (PIRS) for community States, or organized by other maritime Application Status. For more information, see hazard vulnerability reduction. For more stakeholders. Harbor Safety Committees https://homeport.uscg.mil/mycg/portal/ep/home.d information, visit frequently include participation from their o. https://coastalresiliencecenter.unc.edu/ or respective Captain of the Port. Some States contact [email protected]. require their Harbor Safety Committees to Maritime Passenger Security Courses address deliver safety plans and identify safety topics to improve passenger vessel employee DHS Center of Excellence: Maritime Security concerns to their respective lead state agencies. security awareness in their operating Center (MSC), led by Stevens Institute of Members of Harbor Safety Committees environments and to increase the effectiveness Technology, enhances maritime domain typically include representatives from the of their responses to suspicious items and awareness and develops strategies to support shipping industry, fishing industry, tug persons that they might encounter. Courses marine transportation system resilience and operators, vessel pilots, recreational boaters, available include: “Security Awareness for educational programs for current and aspiring marine patrols, government, and public or Passenger Vessel Employees”, “IED/VBIED homeland security practitioners. For more private environmental organizations. For more Recognition and Response for Passenger Vessels information, see www.stevens.edu/research- information, see the AMSC, Area Committee and Terminals”, “Crowd Control for Passenger entrepreneurship/research-centers- and HSC postings at Vessels and Terminals”, “Maritime Terrorism labs/maritime-security-center or contact https://homeport.uscg.mil/mycg/portal/ep/home. and Hijacking Situations”, “Terminal and [email protected]. do then select “Ports and Waterways,” or see Shipboard Evacuation”, and “Basic Screening www.harborsafetycommittee.blogspot.com. Procedures for Maritime Transportation Industry Risk Analysis Model (IRAM) is an Security.” To order, contact TSA Port & unclassified version of the Maritime Security Intermodal Security Division at Risk Analysis Model (MSRAM). IRAM is HOMEPORT is the primary on-line means of [email protected] or call 571-227-3556. available to industry partners to conduct a communicating alerts, announcements and local risk assessment of their own facilities and other information from the U.S. Coast Guard Maritime Security Risk Analysis Model is a vessels applying the same criteria employed by field units to their partners, including the terrorism risk management tool and process USCG Port Security Specialists (PSS) with private sector. Homeport also provides public used to conduct scenario-based risk assessments MSRAM. IRAM provides a baseline risk and protected community-of-interest chat and against critical infrastructure, key assets, and analysis capability for owners/operators and interactive information between partners. targets within each U.S. Coast Guard Captains assists in rank ordering terrorism-related Specific Homeport Topics Include: containers, of the Port area of responsibility. The execution targets/scenarios, evaluating owner/operator domestic vessels (U.S. flag vessels), of the MSRAM process is built upon the 64

Preventing Terrorism and Enhancing Security assessments and judgments made by U.S. funds for transportation infrastructure security access to U.S. Coast Guard-regulated secure Coast Guard field commanders across the activities to implement Area Maritime Security areas. Most mariners licensed by the U.S. Coast country in close partnerships with regional Plans and facility security plans among port Guard also require a credential. The TWIC® is Area Maritime Security Committees, which authorities, facility operators, and state and valid for five-years from date of issuance, and all include maritime industry security local government agencies required to provide TWIC® cardholders are subject to recurrent professionals. The resultant extensive national port security services. For more information, vetting for potential disqualifying factors. For dataset contains risk evaluations of a wide see https://www.fema.gov/port-security-grant- more information, see www.tsa.gov/for- array of scenarios for all the significant assets program or contact the FEMA Centralized industry/twic or contact 855-347-8371. For operating in the U.S. maritime domain. Scheduling and Information Desk at general TWIC® issues, please contact MSRAM offers a dynamic analysis interface [email protected] or 1-800-368-6498. [email protected]. capable of generating tailored results and supports operational, tactical and strategic The Port State Information Exchange (PSIX) U.S. Coast Guard Auxiliary is the uniformed decisions. For more information, contact system contains vessel specific information volunteer component of the United States Coast [email protected]. derived from the United States Coast Guard's Guard. The Auxiliary conducts safety patrols on Marine Information Safety and Law local waterways, assists the U.S. Coast Guard National Vessel Movement Center (NVMC) Enforcement System (MISLE). The information with homeland security duties, teaches boating provides the maritime industry with a means contained in PSIX represents a weekly safety classes, conducts free vessel safety checks to submit a Notice of Arrival and a Notice of snapshot of Freedom of Information Act (FOIA) for the public, and performs many other support Departure, which fulfills USCG and the U.S. data on U.S. flag vessels, foreign vessels activities. The Auxiliary has members in all 50 Customs and Border Protection requirements. operating in U.S. waters, and U.S. Coast Guard states, Puerto Rico, the Virgin Islands, American For more information, see www.nvmc.uscg.gov contacts with those vessels. Information on Samoa and Guam. For more information, visit or contact [email protected] 800-708-9823 or open cases or cases pending further action is www.cgaux.org/. 304-264-2502. considered privileged information and is excluded from the PSIX system until the U.S. Coast Guard National Maritime Center Port Interagency Information Sharing relevant cases are complete and closed. PSIX (NMC) issues Merchant Mariner Credentials Assessment consists of a recurring process of can be accessed at the following link: (MMC) to fully qualified U.S. mariners, approves interviews with U.S. Coast Guard Sector http://cgmix.uscg.mil/PSIX/Default.aspx. and audits training programs and courses personnel and selected federal, state, local offered by mariner training organizations personnel, and private partners who Transportation Worker Identification throughout the U.S., and provides information participate in joint maritime planning, Credential (TWIC®) is a security program about merchant mariner records. For more prevention, response and recovery missions. designed to ensure that only authorized information, see www.uscg.mil/nmc or contact Port Interagency Information Sharing reports individuals who complete a TSA Security NMC Customer Service Center 888-IASKNMC are currently only released to the participants, Threat Assessment and do not pose a national (1-888-427-5662). although a publicly-releasable version of the or transportation security threat may gain report is under consideration for 2012. To unescorted access to secure areas of the U.S. Coast Guard Navigation Center supports schedule participation in next year’s annual Nation's maritime transportation system. On safe and efficient maritime transportation by interviews, please contact the study team at successful completion of the assessment, TSA delivering accurate and timely maritime [email protected]. issues a biometric security card, termed the information, vessel monitoring system support TWIC® card, which permits maritime facilities and Global Position System (GPS) augmentation Port Security Grant Program (PSGP) provides and vessels to grant the cardholder unescorted signals that permit high-precision positioning 65

Preventing Terrorism and Enhancing Security and navigation. For additional information, see Intercity Bus Security Grant Program (IBSGP) passenger rail systems. For more information, www.navcen.uscg.gov/. provides funds to owners and operators of contact [email protected]. intercity bus systems to protect critical surface Vessel Documentation (for US Flag Vessels) transportation infrastructure and the traveling The Mass Transit and Passenger Rail - Field The National Vessel Documentation Center public from acts of terrorism and to increase Operational Risk and Criticality Evaluation facilitates maritime commerce and the the resilience of transit infrastructure. For (FORCE) is a threat-based, risk-managed availability of financing, while protecting more information, see www.fema.gov/intercity- protocol that evaluates threat, vulnerability, and economic privileges of U.S. citizens through the bus-security-grant-program or contact the consequence from a variety of vantage points, enforcement of regulations, and provides a FEMA Centralized Scheduling and Information focusing primarily on the rail and bus properties register of vessels available in time of war or Desk at [email protected] or 1-800-368- but also surveying intermodal and emergency to defend and protect the United 6498. interdependent critical infrastructure and key States of America. See resources. It is also adaptable to assist with new www.uscg.mil/hq/cg5/nvdc/ for more Intercity Passenger Rail (IPR) Program start-up properties about to come online or information or call 800-799-8362 or 304-271- provides funding to the National Railroad transit agencies with aggressive future 2400 (7:30 a.m. to 5:00 p.m. Eastern Time). Passenger Corporation (Amtrak) to protect expansion initiatives as well as regions hosting critical surface transportation infrastructure special security events. For more information, Mass Transit and Rail Security and the traveling public from acts of terrorism contact [email protected]. and to increase the resilience of the Amtrak The Homeland Security Information Network rail system. For more information, see Mass Transit Employee Vigilance Campaign The (HSIN) – Freight Rail Portal has been designed /www.fema.gov/intercity-passenger-rail-amtrak “NOT ON MY SHIFT” program employs to provide consistent, real time information or contact the FEMA Centralized Scheduling professionally-designed posters to emphasize the sharing capabilities in an integrated, secure, and Information Desk at [email protected] essential role that mass transit and passenger web-based forum to coordinate and collaborate or 1-800-368-6498. rail employees play in security and terrorism directly with our security partners. prevention in their systems. Adaptable Membership to the Freight Rail portal is Keep the Nation’s Railroad Secure Brochure templates enable each transit agency to tailor provided once vetted by portal administrators. assists railroad employees to recognize signs of the product to its operations by including the For more information, contact a potential terrorist act. It is to be used in system logo, photographs of their own agency’s conjunction with a railroad company’s existing employees at work, and quotes from the senior [email protected], security policies and procedures and may be leadership, law enforcement and security [email protected], or 866-430-0162. modified to display the company’s emergency officials, or frontline employees. The contact information for ease of reference. For personalized approach has proven effective in Homeland Security Information Network – more information, contact gaining employees’ attention and interest, Public Transit Portal (HSIN-PT) has been [email protected]. supporting the participating transit and rail integrated into the HSIN network to provide agencies’ efforts to maintain vigilance for one-stop security information sources and Mass Transit and Passenger Rail - Bomb indicators of potential terrorist activity. TSA outlets for security advisories, alerts and Squad Response to Transportation Systems designs the posters based on the preferences of notices. Membership to the Public Transit Through training and scenario-based exercises, the mass transit or passenger rail agency. For portal is provided once vetted by portal this program expands regional capabilities to more information contact administrators. For more information, contact respond to a threat or incident involving a [email protected]. [email protected]. suspected explosive device in mass transit and 66

Preventing Terrorism and Enhancing Security

Mass Transit Security and Safety Roundtables environment. For more information, contact or 1-800-368-6498. TSA, the Federal Transit Administration [email protected]. (FTA), and FEMA co-sponsor the annual Nuclear Security Transit Security and Safety Roundtables, Motorcoach Guidance: Security and Emergency bringing together law enforcement chiefs; Preparedness Plan (SEPP) is a guideline and National Nuclear Forensics Expertise security directors and safety directors from the template that you may use in developing a Development Program (NNFEDP) aims to nation’s 60 largest mass transit and passenger SEPP. The steps involved in this process provide a stable foundation from which to rail agencies; Amtrak; and federal security include an evaluation of current security develop and sustain the nuclear forensics partners to discuss terrorism prevention and procedures, an identification of threats and workforce. This interagency program is response challenges and to work collaboratively vulnerabilities to your operation, and the dedicated to maintaining a vibrant academic in developing risk mitigation and security development of policies and procedures to pathway from undergraduate to post-doctorate enhancement solutions. The Roundtables also effectively address deficiencies. For more study in disciplines directly relevant to nuclear provide a forum for agency safety and security information, see forensics, such as radiochemistry, geochemistry, officials to share effective practices and develop www.tsa.gov/sites/default/files/publications/pdf/ nuclear physics, nuclear engineering, materials relationships to improve coordination and grants/6th_2009_ibsgp_security_emergency_pr science, and analytical chemistry. NNFEDP collaboration. For additional information, eparedness_plan_template.pdf or contact promotes a unique interdisciplinary approach contact [email protected]. [email protected]. that encourages collaboration among academic programs, universities, and DOE’s national Mass Transit Security Training Program Rail Security Rule Overview On November 26, laboratories. Initiatives include undergraduate Guidelines is a focused security training 2008, DHS published a regulation governing outreach and scholarships; graduate fellowships, initiative under the Transit Security Grant security in the freight rail industry. The internships, and mentoring; post-doctorate Program (TSGP) in February 2007. The regulation not only affects freight railroads, but fellowships; university education awards; and resulting Mass Transit Security Training their customers as well. This presentation junior faculty awards. For more information, see Program provides guidelines to mass transit provides a high-level overview of the Rail http://scuref.org, and passenger rail agencies on the types of Security Rule and information regarding the www.dhs.gov/blog/2012/08/28/supporting-next- training to be provided by category of requirements of the regulation. For more generation-nuclear-forensic-scientists, or contact employee. For more information, visit information, contact the Freight Rail Branch at [email protected]. www.tsa.gov/stakeholders/building-security- [email protected]. force-multipliers or contact Nuclear Sector Classified Threat Briefing The [email protected]. Transit Security Grant Program provides Cybersecurity and Infrastructure Security funds to owners and operators of transit Agency Nuclear Sector Specific Agency Mass Transit Smart Security Practices is a systems (which include intra-city bus, coordinates both regularly scheduled and compilation of smart security practices drawn commuter bus, ferries, and all forms of incident-specific classified briefings for cleared from the results of the comprehensive security passenger rail) to protect and increase the sector partners. For more information, please assessments completed under the BASE resilience of critical surface transportation contact the Nuclear SSA at program. This compilation fosters infrastructure and the traveling public from [email protected]. communication nationally among security acts of terrorism. For more information, see professionals in mass transit and passenger www.fema.gov/transit-security-grant-program Nuclear Sector Information Sharing Standard rail to expand adoption of effective practices, or contact the FEMA Centralized Scheduling Operating Procedure (SOP) is designed to tailored as necessary to each agency operating and Information Desk at [email protected] enhance the effectiveness of voluntary 67

Preventing Terrorism and Enhancing Security information coordination and distribution communities and the State, Local, Tribal, massive amounts of information from multiple among members of the Nuclear Sector Territorial Government Coordinating Council sources to more reliably detect threats to the Information Sharing Environment. The (SLTTGCC). ACAMS is designed to help state security of the Nation, its infrastructures and to information-sharing processes are developed as and local governments build critical the health and welfare of its populace. These suggested practices and must be used in infrastructure protection programs in their new technologies will also improve the conjunction with, and subordinate to, legal, local jurisdictions and implement the NIPP. dissemination of information and related regulatory, and industry standard processes ACAMS provides a set of tools and resources technologies. Educational opportunities are that are established within and recognized by that help law enforcement, public safety, and geared towards educating the next generation of the Nuclear Sector and its industry and emergency response personnel collect, homeland security professionals with initiatives government members. For more information, prioritize, analyze, and visualize critical that span the entire career development please contact the Nuclear Sector Specific infrastructure to prepare, prevent, respond, pipeline, ranging from K-12 programs through Agency at [email protected]. and recover from an attack, natural disaster, or undergraduate and graduate level work, to emergency. ACAMS is provided at no cost for professional education and training. For more Nuclear Sector Overview introduces readers to state and local use and is protected from public information, see the Nuclear Reactors, Materials, and Waste disclosure through the Protected Critical www.purdue.edu/discoverypark/vaccine/ and Sector. It includes facts, roles and Infrastructure Information (PCII) program. For www.ccicada.org/ or contact responsibilities, and sector initiatives and more information, see www.dhs.gov/acams or [email protected]. activities. For more information, contact contact [email protected] 866-634-1958. [email protected]. DHS Emeritus Center of Excellence: National Critical Infrastructure Information Notices are Consortium for the Study of Terrorism and Radiological Emergency Preparedness Program intended to provide warning to critical Responses to Terrorism, led by the University of (REP) coordinates the national effort to provide infrastructure owners and operators when a Maryland, advances science-based knowledge state, local, and tribal governments with particular cyber event or activity has the about the human causes and consequences of relevant and executable planning, training, potential to impact critical infrastructure terrorism as a leading resource for security and exercise guidance and policies necessary to computing networks. This document is professionals. START will provide security ensure that adequate capabilities exist to distributed only to those parties who have a professionals with objective data and the highest prevent, protect against, mitigate the effects of, valid “need to know,” a direct role in securing quality, data-driven research findings terrorism respond to, and recover from incidents networks or systems that enable or support and closely related asymmetric threats, involving commercial nuclear power plants U.S. critical infrastructures. Access is limited counterterrorism and community resiliency to (NPPs). For more information, to a secure portal (https://portal.us-cert.gov) ensure that homeland security policies and visit: www.fema.gov/radiological-emergency- and controlled distribution list. For more operations reflect these understandings about preparedness-program. information, contact the US-CERT Secure human behaviors. For more information, see Operations Center at [email protected]; 888-282- www.start.umd.edu or Protecting, Analyzing, & Sharing 0870. [email protected]. Information DHS Emeritus Center of Excellence: National DHS Geospatial Information Infrastructure Center for Visualization and Data Analytics (GII) is a body of geospatial data and application Automated Critical Asset Management System (CVADA), co-led by Purdue University and services built to meet common requirements (ACAMS) is a secure, web-based portal Rutgers University, creates the scientific basis across the DHS mission space. OneView developed in partnership with state and local and enduring technologies needed to analyze (https://gii.dhs.gov/oneview) is a lightweight, 68

Preventing Terrorism and Enhancing Security web-based geographic visualization and With a library of products that increases on an analysis that provides a method for individual Food and Agriculture Sector Criticality average of every 2 hours, HSIN-CS enables users to access and interact with all GII Assessment Tool (FASCAT) is a web-based tool federal, state, local and private sector critical services. The GII also maintains the DHS used to identify specific systems-based criteria, infrastructure owners and operators to Earth KML service, which provides unique for the Food and Agriculture Sector. communicate, coordinate, and share sensitive authoritative infrastructure data and various Developed by the Food Protection and Defense and sector-relevant information to protect their static and dynamic situational awareness feeds Institute, a DHS Emeritus Center of critical assets, systems, functions and networks, in standard geographic information system Excellence, FASCAT is used for Homeland at no charge to sector stakeholders. To request (GIS) data formats to authorized Homeland Infrastructure Threat and Risk Analysis access to HSIN-CS, contact Security Information Network (HSIN) users at Center data call submissions and identification [email protected]. When requesting the federal, state, and local levels and within of infrastructure critical systems for industry access, please indicate the critical infrastructure the private sector. owners and operators. For more information, sector to which your company belongs and see www.foodshield.org or contact include your name, company, official email DHS National Operations Center (NOC) [email protected]. address, and supervisor’s name and phone Common Operating Picture (COP) is a secure, number. web-based geospatial information systems Homeland Security Information Network is a portal that provides situational awareness and web-based knowledge management tool Homeland Security Information Network- decision support to homeland security partners designed to increase collaboration between Federal Operations (HSIN FedOps) is the at all levels of government. The DHS NOC federal, state, local, tribal, territorial, private primary information sharing platform for COP integrates and fuses 800+ data layers and sector, and international entities. It provides a homeland security partners regarding acute, partner IT systems and databases into a one- reliable and secure system for information emergent incidents, events, and threats affecting stop-shop clearinghouse for information sharing between partners engaged in the the homeland. HSIN FedOps enables mission regarding acute, emergent incidents/events. homeland security mission. HSIN is composed partners at all levels of government to of many diverse compartments called coordinate and share incident, events, and DHS Open Source Enterprise Daily and Communities of Interest. Each COI is designed threat information in near-real time. For access Weekly Intelligence Reports provide open and maintained by its own administrators. to HSIN FedOps, contact the National source information on several topics of interest. HSIN is a secure system and access to Operations Center HSIN Desk Officer at The following are currently available open compartments is granted by invitation only. A [email protected]. When requesting access, source reports: The DHS Daily Digest Report, single user may be invited to multiple COIs please provide name, agency/organization, The DHS Daily Cyber Report, The DHS Daily depending on their need to access that supervisor’s name/e-mail/phone number, and Human Trafficking and Smuggling Report, The information. Applications can be obtained by your official e-mail address and phone number. DHS Daily Terrorism Report, and The DHS sending a request to [email protected]. Weekly Weapons and Munitions Trafficking For more information, visit www.dhs.gov/hsin “If You See Something, Say Something®” and Smuggling Report. These reports may be or contact the HSIN Help Desk at 1-866-430- Campaign In July 2010, the Department of accessed on the Homeland Security 0162 or [email protected]. Homeland Security (DHS) launched the national Information Network or private sector partners “If You See Something, Say Something®” may request that they be added to distribution Homeland Security Information Network- campaign that raises public awareness of the by emailing [email protected] Critical Sectors (HSIN-CS) HSIN-CS is the indicators of terrorism and terrorism-related with subject line reading “Request DHS Daily primary information-sharing platform between crime, as well as the importance of reporting [name] Report.” the critical infrastructure sector stakeholders. suspicious activity to state and local law 69

Preventing Terrorism and Enhancing Security enforcement. The campaign was originally which can result in inconsistent national security. They feature prominent implemented and trademarked by the New communication and hinder timely decision- speakers from both the public and private York Metropolitan Transportation Authority making within the homeland security sectors who shed light on how to best leverage and is licensed to DHS for creating a community. To prevent such problems, DHS corporate security efforts and analytic nationwide campaign. For more information, uses an Infrastructure Data Taxonomy to capabilities to address issues such as terrorism, visit www.dhs.gov/see-something-say- enable transparent and consistent insider threat, cyber security, critical something. communication about Critical infrastructure infrastructure protection, and other national between government and private sector security challenges. Each symposium draws 200- Identity Management enhances security by partners with its structured terminology. The 400 private sector and other homeland security improving authentication for persons to enable Infrastructure Data Taxonomy allows its users professionals. For more information, including seamless and secure interactions among to designate an asset as belonging to a group, upcoming CSS dates, see www.dhs.gov/private- federal, state, local, and private sector and then apply additional, associated taxonomy sector-engagement. stakeholders ensuring that they have levels to detail the specifics of the asset and comprehensive, real-time, and relevant describe its functions. For more information, I&A Private Sector Engagement Public-Private information. Through this research, financial see Analytic Exchange Program (AEP) and other private sector businesses can www.dhs.gov/files/publications/gc_1226595934 The AEP enables government and private sector streamline and strengthen the identity 574.shtm or visit https://taxonomy.iac.anl.gov/ analysts to gain a greater understanding of how verification process reducing the risks of to use the tool or contact: [email protected]. their distinct missions can benefit from public- identity fraud. For more information, please private collaboration on topics of mutual contact [email protected]. INFOGRAMs The Emergency Management & interest. Each year, public and private sector Response-Information Sharing & Analysis subject matter experts work together on virtual Information Sharing Snapshot This two-page Center (EMR-ISAC) was established to provide teams to develop unclassified analytic snapshot describes the Information Sharing information services that support the deliverables reflecting emerging and high Environment. The ISE is designed to improve infrastructure protection and resilience visibility topics related to homeland security the overall effectiveness of information sharing activities of all Emergency Services Sector over the course of six months. These deliverables between and among federal, state, local, tribal, (ESS) departments, agencies, and are broadly disseminated at the unclassified and territorial governments and the private organizations (public and private) nation-wide. level to all stakeholders. For more information, sector. To enable the protection of critical InfoGrams contain four short articles issued including deliverables created through the AEP, infrastructure, the Department of Homeland weekly about Critical Infrastructure Protection see www.dhs.gov/private-sector-engagement. Security established an information-sharing (CIP) and Critical Infrastructure Resiliency network that is guided primarily by the (CIR) trends and developments. To acquire a Joint DHS/FBI Classified Threat and Analysis National Infrastructure Protection Plan (NIPP) no-cost subscription to EMR-ISAC information, Presentations provide classified intelligence and and works in coordination with the efforts of send an e-mail request to [email protected]; to analysis presentations to mass transit and the Federal ISE. For more information, see inquire about the practice of CIP or CIR within passenger rail security directors and law www.dhs.gov/xlibrary/assets/NIPP_InfoSharing an ESS organization, call 301-447-1325. enforcement chiefs in more than 20 metropolitan .pdf. areas simultaneously through the Joint I&A Private Sector Engagement Corporate Terrorism Task Force network secure video Infrastructure Data Taxonomy (IDT) Critical Security Symposia (CSS) The CSS are a series teleconferencing system. The briefings occur on infrastructure and their elements can be of regional day-long conferences held around an approximately quarterly to semi-annual described and categorized in various ways, the country focused on topics critical to basis, with additional sessions as threat 70

Preventing Terrorism and Enhancing Security developments may warrant. For more (NIH)/National Library of Medicine (NLM) for are made available to government agencies, law information, contact approved peer-reviewed journal articles and enforcement, schools, and private sector [email protected]. other releasable manuscripts. A separate cloud- partners. Recent products include the annual based repository has been established through reports on mass attacks in public spaces National Information Exchange Model (NIEM) a commercial provider for ready access to (released July 2019) and an operational guide to Program is a federal, state, local and tribal digitally formatted scientific datasets establishing threat assessment capabilities at K- interagency initiative providing a national associated with the journal articles and other 12 school that offers actionable steps to approach and common vocabulary for scholarly works. For more information, see Enhancing School Safety Using a Threat information exchange. NIEM has a robust www.ncbi.nlm.nih.gov/pmc/funder/dhs or Assessment Model (released July 2019). All training curriculum that is accessible both in contact [email protected]. NTAC publications are available at classroom and online. The primary audience for www.secretservice.gov/protection/ntac/. the NIEM Training Program is executives, The Nationwide Suspicious Activity Reporting project and program managers, architects and Initiative Program Management Office (PMO) Protected Critical Infrastructure Information technical implementers within federal, state, initiated operations in March 2010 with the (PCII) Program was created by Congress under local, tribal and private entities. Additional challenge of ensuring that regardless of where the Critical Infrastructure Information (IIC) Act information on the training courses and NIEM in the country suspicious activity is reported, of 2002 and implemented in federal regulation can be obtained by visiting www.niem.gov or e- these potential indicators of terrorist activity under 6 CFR part 29. The program protects CII mailing [email protected]. can be analyzed and compared to other SAR voluntarily submitted by private sector or state, information nationwide. The NSI incorporates local, tribal and territorial owner operators to National Science and Technology Council the informal processes that traditionally exist the federal government from disclosure under (NSTC) Subcommittee on Biometrics and within law enforcement agencies into the the Freedom of Information Act, state/local Identity Management (BIdM) encourages standards, policies, and processes developed by disclosure laws, civil litigation, and regulatory greater collaboration and sharing of the NSI that allow law enforcement agencies to use. To qualify for PCII protections, information information on biometric activities among easily share information with the critical must be voluntarily submitted, not customarily government departments and agencies; partners that need it to help prevent potential found in the public domain, and not submitted in commercial entities; state, regional, and terrorist attacks. For more information, see lieu of compliance with any regulatory international organizations; and the general http://nsi.ncirc.gov/default.aspx. requirement. Information about the PCII public. For more information, see Program can be found at www.dhs.gov/pcii. For www.biometrics.gov/nstc/default.aspx or The National Threat Assessment Center additional information, contact pcii- contact [email protected]. (NTAC) is a component of the U.S. Secret [email protected] or the PCII Help Desk at 866- Service that conducts research, training, 844-8163. National Science and Technology Council consultation, and information sharing on (NSTC) Subcommittee on Open Science threat assessment and the prevention of Sensitive Security Information Program (SoS) oversees all agencies efforts to improve targeted violence. NTAC’s work is based on its Sensitive Security Information (SSI) is the public’s access to the results of federally original research into attacks directed at information obtained or developed which, if funded research; specifically, peer-reviewed government officials and agencies, workplaces, released publicly, would be detrimental to scholarly publications and digital data. DHS K-12 schools, colleges and universities, and transportation security, and is defined at 49 has established a repository through PubMed mass attacks in public spaces, which served as CFR Part 1520. SSI is not authorized for public Central (PMC), developed and maintained by the building blocks for the Secret Service’s disclosure and is subject to handling and the National Institutes of Health threat assessment model. All NTAC’s reports safeguarding restrictions. The TSA SSI 71

Preventing Terrorism and Enhancing Security

Program, the central SSI authority for all of (TRIPwire) is the DHS 24/7 online, foundation” designed to support information DHS, develops SSI guidance and training collaborative, information-sharing network for sharing for the National Response Framework materials to assist transportation security bomb squad, law enforcement, and other first and the National Incident Management System, partners in the recognition and safeguarding of responders to learn about current terrorist IED including the Incident Command System. SSI. The SSI Program also develops SSI tactics, techniques, and procedures. The system UICDS middleware is transparent to system policies and procedures, analyzes and reviews combines expert analyses and reports with operators during operations and requires no records for SSI content, and coordinates with relevant documents, images, and videos special training. UICDS is owned by the federal stakeholders, other government agencies and gathered directly from terrorist sources to government and available at no-cost. It is built Congress on SSI-related issues. For more assist law enforcement to anticipate, identify, around data standards and the National information about SSI or for assistance in and prevent IED incidents. To request Information Exchange Model. UICDS enables identifying SSI, visit www.tsa.gov/for- additional information, contact the information sharing across domains, roles, industry/sensitive-security-information or Cybersecurity and Infrastructure Security hazards, echelons and applications. UICDS contact [email protected]. Agency Office for Bombing Prevention at allows information sharing between disparate, [email protected] or view proprietary emergency management Cybersecurity and Infrastructure Security www.tripwire.dhs.gov/ied/appmanager/iedporta applications. UICDS users share what, when Agency Classified Threat Briefings CISA l/ieddesktop?_nfpb=true&_pagelabel=login. and with whom they want in accordance with coordinates both regularly scheduled and existing or emerging sharing agreements. Users incident-specific classified briefings for cleared The Evolving Threat: What You Can Do of UICDS are emergency managers and incident sector partners. For more information, contact Webinar discusses analysis of the latest commanders in Federal, state, local and tribal the CISA Sector Outreach & Programs Division intelligence analyzed by I&A, and consists of a organizations as well as critical infrastructure at [email protected]. brief synopsis of evolving threats, followed by a owners/operators. Operational and protective measures presentation. demonstration pilot programs have been ongoing Surveillance Detection Awareness on the Job is Additionally, the protective measures portion in multiple locations throughout the United a 90-minute interactive web presentation of the webinar is available at States. For more information about UICDS and designed to raise awareness of suspicious https://connect.hsin.gov/p55204456. For more to download the free software development kit, behaviors that might indicate potential information, please contact the Cybersecurity go to: www.uicds.us. surveillance activities. This virtual production and Infrastructure Security Agency offers cross-sector examples of suspicious Commercial Facilities Sector Specific Agency at U.S. Coast Guard Maritime Information activities and behaviors and provides [email protected]. eXchange (“CGMIX”) makes U.S. Coast Guard information to help identify and report such maritime information available on the public behaviors in a timely manner. The webinar TSA Alert System is an emergency notification internet in the form of searchable databases. features a moderated roundtable discussion of alert system for highway and motor carrier Much of the information on the CGMIX website five diverse examples of surveillance and security partners. The system can send a comes from the USCG Marine Information for detection, as well as information about the message via phone, email or SMS (text) based Safety and Law Enforcement (MISLE) resources available for timely reporting of on the person’s priority contact preference. information system. For more information, see suspicious activities. The live webinar is Contact TSA to become a TSA Alert subscriber http://cgmix.uscg.mil/. available for download on HSIN-CS. For more at [email protected]. information, contact [email protected]. Unified Incident Command and Decision Technical Resources for Incident Prevention Support (UICDS) is a national “middleware Soft Targets and Crowded Places 72

Preventing Terrorism and Enhancing Security and Insider Threat Mitigation Soft Targets and Crowded Places Task Force types of insider threats, whether non-violent or (ST-CP TF): The ST-CP TF provides guidance violent, increases an organization’s ability to to public and private sector partners to identify protect both its people and sensitive information. Soft Targets and Crowded Places (ST-CPs), innovative means to increase security and This resource is available at: such as sports venues, shopping venues, mitigate risks the nation faces from terrorists www.dhs.gov/insider-threat-trailer-and-video#. schools, and transportation systems, are or other violent extremist actors to soft targets locations that are easily accessible to large and crowded places. The term ST-CP is Pathway to Violence Video: The Pathway to numbers of people and that have limited typically defined as locations or environments Violence video provides information regarding security or protective measures in place that are easily accessible, attract large the behavioral indicators that assailants often making them vulnerable to attack. DHS has numbers of people on a predictable or semi- demonstrate before a violent act. Behavioral been working for many years to address ST-CP predictable basis, and may be vulnerable to experts reference research conducted by security and preparedness, with recent shifts in attacks using simple tactics and readily Frederick Calhoun and Steve Weston on threat the threat landscape calling for renewed available weapons. The Insider Threat management and further describe the six departmental focus on leveraging and Mitigation program is coordinated and progressive steps that may be observable by maximizing its ST-CP security authorities, consistent with standards set forth by the colleagues. The video also includes law capabilities, and resources in an integrated and Department of Defense, Office of Director of enforcement expert interviews that discuss coordinated manner. National Intelligence - National Insider Threat engagement strategies and recommended Task Force (NITTF) and Carnegie Mellon responses to someone potentially on a pathway Cybersecurity and Infrastructure Security University Software Engineering Institute. to violence. This resource is available at: Agency Security of Soft Targets and Crowded www.dhs.gov/pathway-violence-video. Places—Resource Guide: Segments of our Insider Threat (InT) Mitigation Web Site: The society are inherently open to the public, and InT Mitigation web site provides a Pathway to Violence Action Guide: The Guide by nature of their purpose do not incorporate comprehensive step-by-step guide to developing explains warning signs that may lead to violence strict security measures. Given the increased an InT program, options for consideration for and what individuals can do to mitigate a emphasis by terrorists and other extremist protecting assets, how to recognize and report potential incident. This resource is available at: actors to leverage less sophisticated methods to an InT as well as assessing and responding to www.dhs.gov/sites/default/files/publications/dhs- inflict harm in public areas, it is vital that the enhance security in workplace violence, cyber pathway-to-violence-09-15-16-508.pdf. public and private sectors collaborate to and physical threats. This resource is available enhance security of locations such as at: www.dhs.gov/cisa/insider-threat-mitigation Insider Threat Fact Sheet: This fact sheet transportation centers, parks, restaurants, or [email protected]. describes some of the Department of Homeland shopping centers, special event venues, and Security resources to help organizations design a similar facilities. The resource guide is a Understanding the Insider Threat video and comprehensive program that protects against catalog of CISA soft target resources, many of trailer: The Insider Threat trailer (1 minute) workplace violence, and physical and cyber which were created in collaboration with and video (30 minutes) conveys the importance insider threats. This resource is available at: CISA’s partners to ensure they are useful and of a comprehensive InT program. The video www.dhs.gov/publication/fact-sheet-insider- reflective of the dynamic environment we live uses security and behavior experts to discuss threat-mitigation-program. in. The resource guide is located here: how insider threats manifest in a variety of www.dhs.gov/publication/securing-soft-targets- ways including terrorism, workplace violence, Insider Threat Management Team Workshop and-crowded-places-resources. and breaches of cybersecurity. Understanding (Pilot Phase): This workshop is currently being how to recognize and respond to these various piloted with the regions and will be released in 73

Preventing Terrorism and Enhancing Security the coming months. It is intended to serve as human resources personnel can mitigate the an in-person, field-delivered workshop focused risk of and appropriately react in the event of on scenario-based training to assist an active shooter situation. The desk reference organizations as they build multi-disciplinary guide, pocket card and poster are available on teams to assess suspicious behavior and the following website, and is available in recommend appropriate actions to mitigate various different languages, to include Spanish potential insider threats. at www.dhs.gov/cisa/human-resources-or- security-professional. Options for Consideration Active Shooter Preparedness Video: The Options for Interagency Security Committee : The ISC Consideration video demonstrates possible provides guidance to the federal facility actions that individuals can take if confronted security community on how to integrate Insider with an active shooter scenario. This Threat activities within the organization and instructive video reviews the choices of facility’s overall security programs. This running, hiding, or as an option of last resort, guidance is coordinated and consistent with the fighting the shooter. The video also shows how federal National Insider Threat Task Force. to assist authorities once law enforcement arrives. This resource is available at: Violence in the Federal Workplace: A Guide for www.dhs.gov/cisa/options-consideration-active- Prevention and Response 2019: The shooter-preparedness-video. importance of synchronizing a Workplace Violence program with an Insider Threat On-line Training: FEMA Emergency program is detailed in this guide which Management Institute Independent Study provides comprehensive information to assist Courses: The below on-line training produced in the creation of an effective workplace in coordination with CISA ST-CP TF, which violence prevention and response program. includes Insider Threat security and This resource is available awareness, are available at: www.dhs.gov/publication/isc-violence- at: www.dhs.gov/cisa/training-awareness. federal-workplace-guide. o IS-906: Workplace Security Awareness o IS-914: Surveillance Awareness: What You Can Do o IS-915: Protecting Critical Infrastructure Against Insider Threats

Active Shooter Resources include a desk reference guide, a reference poster, and a pocket-size reference card to address how employees, managers, training staff, and 74

Safeguarding and Securing Cyberspace

Safeguarding and Securing Cyberspace

The Department has the lead for the federal government for securing civilian government computer systems, and works with industry and state, local, tribal and territorial governments to secure critical infrastructure and information systems. The Department works to: analyze and reduces cyber threats and vulnerabilities; distribute threat warnings; and coordinate the response to cyber incidents to ensure that our computers, networks, and cyber systems remain safe.

For more information, please contact across all 18 CIKR sectors, within state Cybersecurity Assessment [email protected]. governments and large urban areas. CSEP affords critical infrastructure sector Tools Cyber Resiliency Review (CRR) is an participants a portfolio of assessment tools, assessment that the Cyber Security techniques, and analytics, ranging from those The Cybersecurity and Infrastructure Evaluation Program offers to measure and that can be self-applied to those that require Security Agency (CISA) offers a dynamic suite enhance the implementation of key expert facilitation or mentoring outreach. The of assessments through the Vulnerability cybersecurity capacities and capabilities of CSEP works closely with internal and Management and Coordination’s (VMC) critical infrastructure and key resources external stakeholders to measure key National Cybersecurity Assessments and (CIKR). The purpose of the CRR is to gather performances in cybersecurity management. Technical Services (NCATS) branch. Cyber information regarding cybersecurity The Cyber Resiliency Review is being Hygiene (CyHy) scans, Remote Penetration performance from specific CIKR to gain an deployed across all 18 Critical Infrastructure Testing (RPT), Risk and Vulnerability understanding of the relationships and sectors, state, local, tribal, and Territorial Assessments (RVA), Red Team Assessments impacts of CIKR performance in protecting governments. For more information, contact (RTA), Validated Architecture Design Reviews critical infrastructure operations. The results [email protected]. (VADR), Critical Product Evaluations (CPE), can be used to evaluate a provider and Security Architecture Review (SAR) independent of other assessments, used with Cybersecurity Evaluation Tool (CSET) is a assessments are all freely-available to federal, regional studies to build a common desktop software tool that guides users local, state, tribal, territorial, critical perspective on resiliency, and used to examine through a step-by-step process for assessing infrastructure and private sector agencies. systems-of-systems (i.e., large and diverse the cyber security posture of their industrial These services will provide tactical mitigation operating and organizing models). The key control system and enterprise information of vulnerabilities while assisting stakeholders goal of the CRR is to ensure that core process- technology networks. CSET is available for with maintaining a practical understanding of based capabilities exist, are measurable, and download or in DVD format. To learn more or operational risks, challenges, and effective are meaningful as predictors for an download a copy, visit www.us- countermeasures which can assist with organization’s ability to manage cyber risk to cert.gov/ics/downloading-and-installing-cset. guiding data-driven strategies, policies, and national critical infrastructure. For more To obtain a DVD copy, send an e-mail with initiatives. The CISA NCATS teams will work information about the CRR visit www.us- your mailing address to [email protected]. with stakeholders to implement technical and cert.gov/resources/assessments. management/procedural capabilities, thereby Cyber Secure Dashboard (CSD) is organized reducing vulnerabilities in a measurable Cybersecurity Evaluation Program (CSEP) according to the nationally accepted fashion to inform economic analysis efforts. conducts voluntary cybersecurity assessments cybersecurity framework established by the

75

Safeguarding and Securing Cyberspace

National Institute of Standards and of cyber risk across the sector. The ESS-CRA protective measures which enhance the Technology (NIST). Developed by the Critical is intended to provide a risk profile that ESS security and resiliency of the critical IT Sector Infrastructure Resilience Institute (CIRI), a partners can use to enhance the security and functions. For more information, see DHS Center of Excellence led by the resilience of the ESS disciplines. By www.dhs.gov/xlibrary/assets/nipp_it_baseline_ University of Illinois Urbana-Champaign, increasing the awareness of risks across the risk_assessment.pdf or contact CSD cross references the DoD-mandated public and private sector domains, the ESS- [email protected]. control requirements of the NIST SP 800-171 CRA serves as a foundation for ongoing r1 with the cybersecurity control standard, the national-level collaboration to enhance the Cybersecurity Incident NIST SP 800-53r4. The goal of CSD is to security and resilience of the ESS disciplines. provide concrete, best practices The ESS-CRA is an initial effort to assess ESS Resources, Detection, and implementation guidance to simplify and cyber risks across the ESS disciplines and Prevention Resources expedite the process for every manufacturer, serves as a baseline of national-level risk. The and to create a clear path to maintain future assessment addresses those operational or Current Cybersecurity Activity is a regularly compliance. For more information, see strategic risks to the ESS infrastructure that updated summary of the most frequent, high- www.ciri.illinois.edu or are of national concern based upon the impact types of security incidents currently www.cybersecuredashboard.com/ or contact knowledge and subject matter expertise of being reported to the US‑CERT. For more [email protected]. those participating in the sector’s risk information, see www.us-cert.gov/current/ or assessment activities. The ESS-CRA describes contact [email protected] 888-282-0870. Cyber Risk Scoring and Mitigation (CRISM) an effort that required resources and provides a mathematical approach to coordination from across all disciplines of ESS Cyber Crimes Center (C3) ICE Homeland analyzing the cyber risks of a company’s to assess cyber risks to ESS critical Security Investigations C3 supports the ICE hardware and software systems. Developed by infrastructure. This risk assessment provides HSI cyber mission through the programmatic the CIRI, a DHS Center of Excellence led by the basis for an ESS cyber risk management oversight and coordination of investigations of the University of Illinois Urbana-Champaign, plan or roadmap that will ensure that Federal cyber related criminal activity. ICE HSI C3 the tool scans network configurations and resources are applied where they offer the brings the full range of ICE HSI cyber gives companies an overall picture of their most benefit for mitigating risk by lowering investigations and computer forensic assets network’s vulnerabilities. CRISM analyzes vulnerabilities, deterring threats, and together in a single location to coordinate and and scores the exploitability of those minimizing the consequences of attacks and support investigations into cyber related vulnerabilities and provides a prioritized list other incidents. The report also encourages a criminal activities; C3 is home to the Child of mitigation steps to be taken to reduce the similar risk-based allocation of resources Exploitation Investigations Unit, the risk and improve security. For more within State and local entities and the private Computer Forensics Unit, and the Cyber information, see www.ciri.illinois.edu or sector. For more information, please contact Crimes Unit. contact [email protected]. [email protected]. www.ice.gov/cyber-crimes. Emergency Services Sector Cyber Risk Information Technology Sector Risk Cyber Investigation Section (CIS) CIS is Assessment (ESS-CRA) is the first ESS-wide Assessment (ITSRA) provides an all-hazards designed to target and proactively investigate cyber risk assessment completed under the risk profile that public and private IT Sector major international criminals. This goal is NIPP framework, and it will inform partners can use to inform resource allocation accomplished through a combination of long- collaborative and synchronized management for research and development and other

76

Safeguarding and Securing Cyberspace term undercover operations, close payments industry. The information acquired currently offers two innovative intrusion partnerships with other U.S. government is used to enhance the Secret Service's prevention services: Domain Name Service agencies, and consistently refined strategic capabilities to prevent and mitigate attacks (DNS) Sink-holing and E-mail (SMTP) targeting. In conjunction with this unique against financial and critical infrastructures. Filtering. For enrollment information, please role, CIS has prototyped numerous advanced CIS also leverages a team of full-time analysts contact the CSPs listed on the ECS webpage: technical systems that allow for the who utilize foreign language capabilities www.dhs.gov/cisa/ecs. integration and re-use of diverse forms of (primarily Russian and related languages); in evidence from all U.S. jurisdictions and depth knowledge of online techniques and Hunt and Incident Response Teams (HIRT) foreign partners. Also included under this vernacular; and cutting-edge technological The Cybersecurity and Infrastructure unit are analysts and Criminal Research methods to expand the section's cyber Security Agency provides free, onsite Specialists who focus on foreign language investigative capabilities. assistance to organizations needing websites, money laundering activities, and For more information, see immediate investigation and resolution of digital/electronic currency. For more www.secretservice.gov/ectf.shtml. cyber-attacks. CISA members of HIRT can information, see perform a preliminary diagnosis to determine www.secretservice.gov/ectf.shtml. Cyber Forensics the products developed the extent of compromise from a cyber- through this program are cyber forensic incident. At the customer’s request, a team U.S. Secret Service Cyber Intelligence Section analysis devices used by law enforcement in will visit the organization to review networks, CIS is a USSS Headquarters-based the daily investigation of criminal and identify infected systems, and collect data for investigative unit focused on long term, terrorist activity and the tools developed allow follow-on analysis. HIRT provides mitigation strategic investigations and serving as a investigators to visualize, analyze, share, and strategies, helps restore service, and provides support network for field-based cyber present data derived from cell phones, GPS recommendations to improve overall network investigations. The CIS investigative mission devices, computer hard drives, networks, and control systems security. Learn more at is to identify, locate, and apprehend high- personal data assistants, and other digital www.dhs.gov/cisa/national-cybersecurity- value international cyber criminals involved media. For more information, contact SandT- communications-integration-center. in cyber intrusions, identity theft, credit card [email protected]. fraud, bank fraud, and other computer-related National Computer Forensics Institute (NCFI) crimes. The information and coordination Enhanced Cybersecurity Services (ECS) The Is the result of a partnership between the provided by CIS is a crucial element to Cybersecurity and Infrastructure Security Secret Service and the State of Alabama. The successfully investigate, prosecute, and Agency’s ECS program is a near real-time goal of this facility is to provide a national dismantle international criminal intrusion prevention and analysis capability standard of training on a variety of electronic organizations. that helps U.S.-based companies protect their crimes investigations. This program will offer CIS collects, analyzes, and disseminates data computer systems against unauthorized state and local law enforcement officers the in support of Secret Service investigations access, exploitation, and data exfiltration. training necessary to conduct computer worldwide and generates new investigative ECS works by sharing sensitive and classified forensics examinations, respond to network leads based upon this intelligence. CIS cyber threat information with accredited intrusion incidents, and conduct basic leverages technology and information Commercial Service Providers (CSPs). These electronic crimes investigations. The NCFI obtained through private partnerships to CSPs in turn use that information to block will also train prosecutors, and judges on the monitor developing technologies and trends in certain types of malicious traffic from entering importance of computer forensics to criminal cybercrime and their effects on the financial customer networks. The ECS program investigations. This training acts as a force

77

Safeguarding and Securing Cyberspace multiplier for the Secret Service and other systems. For more information, visit www.us- Infrastructure Security Agency’s Cyber federal law enforcement agencies, thus cert.gov/ics/Industrial-Control-Systems-Joint- Essentials is a guide for leaders of small reducing the volume of cybercrime cases Working-Group-ICSJWGw. businesses as well as leaders of small and impacting the federal judicial process. For local government agencies to develop an more information, see www.ncfi.usss.gov. Malware Analysis and Response CISA actionable understanding of where to start collects, analyzes, and exchanges malware implementing organizational cybersecurity National Cyber Awareness System the US- information 24 hours a day. Participants can practices. Consistent with the National CERT National Cyber Awareness System submit malware artifacts (tools, malicious Institute of Standards and Technology’s offers a variety of up-to-date information on code, other attack technology, or indications Cybersecurity Framework and other general cybersecurity topics, threats and like access statistics indicating a possible DNS standards, the Cyber Essentials are the vulnerabilities via subscription lists and feeds attack) electronically to CISA. Learn more at starting point to cyber readiness. Reducing an for alerts, bulletins, and tips. For more www.dhs.gov/how-do-i/report-cyber-incidents. organization’s cyber risk requires a holistic information, visit www.us-cert.gov/cas/ or approach, similar to that taken to address contact [email protected] 888-282-0870. Cybersecurity and Infrastructure Security other operational risks. For more information Agency’s Enhanced Cybersecurity Services visit www.cisa.gov/cyber-essentials U.S. Computer Emergency Readiness Team (ECS) Program provides near real-time Vulnerability Notes Database includes intrusion prevention and analysis to help Cybersecurity Advisors (CSAs) act as technical descriptions of each vulnerability, as U.S.-based companies and state and local principal field liaisons in cybersecurity and well as the impact, solutions and governments protect systems against provide a federal resource to regions, workarounds, and lists of affected vendors. unauthorized access, exploitation, and data communities, and businesses. Their primary For more information, see theft. ECS shares sensitive and classified goal is to assist in the protection of cyber www.kb.cert.org/vuls or contact info@us- cyber threat information with accredited components essential within the nation’s cert.gov 888-282-0870. Commercial Internet Service Providers who CIKR. Equally important is their role in then block malicious traffic from customer supporting cybersecurity risk management Industrial Control Systems (ICS) Support The networks. ECS does not replace but augments efforts at the state and local homeland Cybersecurity and Infrastructure Security an organization’s existing cybersecurity security initiatives. CSAs will work with Agency partners with and serves the resources by providing an additional layer of established programs in state and local areas, industrial control systems community to defense against known or suspected cyber such as Protective Security Advisors, FEMA reduce risk to these unique, potentially high- threats, while also providing early detection of emergency management personnel, and fusion risk systems. Industrial control systems are potential compromise. Learn more at center personnel. For more information, defined as the devices, systems, networks, and www.dhs.gov/cisa/enhanced-cybersecurity- contact the program at controls used to operate and/or automate services-ecs. [email protected]. industrial processes. CISA plays a critical role by coordinating efforts among government and Cyber Exercise Program (CEP) was control system owners, operators, and vendors Cybersecurity Technical established in 2004 to strengthen the on vulnerabilities, threats, and risks. CISA reliability and resiliency of the Nation’s leads the ICS Joint Working Group (ICSJWG) Resources critical cyber infrastructure through the to facilitate information sharing and reduce development, design, and conduct of scenario- the risk to the nation’s industrial control Cyber Essentials The Cybersecurity and based cyber exercises. The CEP can build a

78

Safeguarding and Securing Cyberspace

Cyber Tabletop Exercise Package (CTEP) for discussion-based exercises (e.g., two-hour information and presentations, cybersecurity most any critical infrastructure/key resource seminars) to large-scale, internationally- news, events and outreach information, see sector and has already co-produced CTEPs for scoped, operations-based exercises (e.g., multi- www.cyber.st.dhs.gov/ or contact sandt-cyber- the Chemical, Critical Manufacturing, and the day, full-scale exercises). NCEPP offers the [email protected]. Healthcare and Public Health Sectors. The following services at no cost: National Level CTEP provides organizations all the materials Exercises, including Cyber Storm and Cybersecurity in the Gaming Subsector needed to plan and conduct a discussion-based Tabletop the Vote, end-to-end cyber exercise Webinar focused on cybersecurity threats, cyber exercise. The CTEP includes two planning and conduct, cyber exercise vulnerabilities, and best practices specific to scenarios designed to help assess security consulting and subject matter expert support, the gaming and casino industry. More than policies and procedures for both the “business” cyber planning support, and off-the-shelf 100 gaming industry representatives and “operational” aspects of an organization. resources. For entities that prefer to develop participated in the Webinar, which was Highly customizable, it gives the planner the their own exercises, NCEPP provides subject designed to raise awareness of cybersecurity flexibility to use organizational goals and matter experts to consult on exercise design within the Gaming Subsector. The Critical objectives, or choose goals and objectives and development. These subject matter Infrastructure Protection Cybersecurity (CIP included in the package. Also included in the experts can review scenarios, participate in CS) program and I&A discussed some of the package are planning guides, templates, planning calls, and provide exercise controller latest cyber threats specific to the Gaming checklists to guide and track the planning and/or observer support. For more Subsector and steps industry can take to process, Situation Manuals, and post-exercise information, please contact [email protected]. improve their cyber resilience. These steps instructions. For more information, please include managing employees to mitigate contact [email protected]. Department of Homeland Security Science insider threats, communicating with gaming and Technology Directorate Physical and machine vendors about vulnerabilities, Cybersecurity Strategy Development The Cyber Security (DHS S&T PCS) develops and securing newly digital IP surveillance Cybersecurity and Infrastructure Security transitions new technologies, tools, and systems, and conducting cybersecurity Agency’s National Cyber Exercise and techniques to protect and secure systems, assessments. For more information, email Planning Program (NCEPP) was established networks, infrastructure, and users, [email protected]. in 2004 to increase cyber preparedness and improving the foundational elements of our resilience across the entire spectrum of DHS nation’s critical infrastructure and the world’s Cybersecurity in the Retail Subsector Webinar stakeholders. They develop and support information infrastructure; and, to provide provides retail employees and managers with integrated cyber-focused exercises and coordination and leadership for research and an overview of the cyber threats and guidance for Federal departments and development across federal, state, and vulnerabilities facing the industry. The agencies, state, local, tribal, and territorial municipal governments, international webinar also reviews the types of cyber governments, critical infrastructure sectors, partners, the private sector, and academia to systems and infrastructure used by the retail international partners, and special events. improve cybersecurity research industry and steps that retail personnel can Following DHS’s Homeland Security Exercise infrastructure. DHS S&T PCS frequently take to address the unique vulnerabilities to and Evaluation Program (HSEEP) model, works with the private sector to develop those cyber resources. For more information NCEPP plans cyber exercises tailored to its requirements and engage transition partners contact [email protected]. public and private sector partners on an as- for the tools, technologies and techniques that needed and as-available basis. Exercises result from PCS’s work. For more information Industrial Control Systems Cybersecurity range from small-scale, limited-scope, about PCS and its specific projects, workshop Training is provided through either 8-hour

79

Safeguarding and Securing Cyberspace lessons through a virtual learning portal or 5- vulnerabilities to those cyber resources. Also day instructor led training for control system Cybersecurity Education and Workforce includes One-pager/invitation. For more and IT professionals. Course goals include risk Development Program (CEWD) fosters information, please contact the Commercial reduction for control systems in critical effective cybersecurity education and Facilities Sector Specific Agency at infrastructure, identification of DHS tools and workforce development programs by [email protected]. resources, and coordination of event facilitating the availability of professionals management with DHS. For more qualified to support the nation’s cybersecurity Cybersecurity Information Products and information, visit www.us- needs. To support national cybersecurity Recommended Practices provide current cert.gov/ics/training-available-through-ics- workforce development, CEWD developed the cybersecurity information resources and cert#need. IT Security Essential Body of Knowledge recommend security practices to help industry (EBK), an umbrella framework that links understand emerging control systems cyber The Cybersecurity Assessment and Risk competencies and functional perspectives to security issues and mitigate vulnerabilities. Management Approach (CARMA), created by IT security roles to accurately reflect a This information will help users reduce their the National Cyber Security Division’s national perspective. For more information, exposure and susceptibility to cyber-attacks (NCSD) Critical Infrastructure Protection see www.us-cert.gov/itsecurityebk/. and exploits. For a complete list and access to Cyber Security (CIP CS) program, developed a cybersecurity information products, visit flexible, repeatable, and reusable cyber risk Cybersecurity in the Emergency Services www.us- management approach to help CIKR sectors, Sector Webinar is a one-hour overview of the cert.gov/control_systems/csdocuments.html. state and local governments, and other public types of cyber systems and infrastructure that and private sector organizations manage cyber the Emergency Services Sector utilizes. The Cybersecurity Webinars, as an information critical infrastructure risk. CARMA webinar also addresses the threats and sharing mechanism, can increase the level of incorporates lessons from a wide variety of vulnerabilities to those cyber resources and is participation and activity among public and cyber risk management activities. CARMA available on the Homeland Security private sector stakeholders by engaging them accounts for the virtual and distributed Information Network – Critical Sectors in a cybersecurity discussion. The National nature of cyber critical infrastructure and the (HSIN-CS) Emergency Services Sector Portal. Cyber Security Division’s Critical complexity of the missions and services it For access and more information, contact Infrastructure Protection Cyber Security supports; considers strategic security goals [email protected]. (CIP-CS) Program can help plan, coordinate, and can guide all levels of cyber risk efforts; and execute a cybersecurity webinar in and allows infrastructure owners and Cybersecurity in the Retail Sector Webinar partnership with sector stakeholders by operators to integrate their established cyber This webinar will provide retail employees identifying webinar topics to address goals risk frameworks into the approach or use the and managers with an overview of the cyber and objectives; assisting the host organization approach as a foundation for broader threats and vulnerabilities facing the with determining participants, timeframe, enterprise risk management efforts. CARMA industry. Viewers of the webinar will gain a and speakers; developing a webinar outline; is a comprehensive, functions-based risk heightened sense of the importance of inviting other Department of Homeland management strategy that focuses on cyber strengthening cybersecurity in the retail Security (DHS) components to participate and critical infrastructure and effectively workplace. The webinar also will review the coordinate on topics of interest; and working identifies, assesses, and manages shared types of cyber systems and infrastructure used with the sponsoring sector or organization to risks. For more information, email by the retail industry and steps that retail provide follow-up materials. CIP-CS has [email protected]. personnel can take to address the unique partnered with the Commercial Facilities and

80

Safeguarding and Securing Cyberspace

Emergency Services Sectors to produce them. To view the IT SSP, visit represented using the Security Content webinars. For more information, email www.dhs.gov/sector-specific-plans. For more Automation Protocol (SCAP). This data [email protected]. information, contact [email protected]. enables automation of vulnerability management, security measurement, and Domain Name System Security Extensions The National Cyber Security Division’s compliance. NVD includes databases of (DNSSEC) Deployment Coordinating (NCSD) Critical Infrastructure Protection security checklists, security-related software Initiative provides cryptographic support for Cyber Security (CIP-CS) program developed a flaws, mis-configurations, product names, and domain name system (DNS) data integrity flexible, repeatable, and reusable cyber risk impact metrics. For more information, visit and authenticity. DHS sponsors a community- management approach to help CIKR sectors, http://nvd.nist.gov/ or contact [email protected]. based, international effort to transition the state and local governments, and other public current state of DNSSEC to large-scale global and private sector organizations manage cyber Open Source Infrastructure Cyber Read File deployment, including sponsorship of the critical infrastructure risk. This approach— compiles important cybersecurity and cyber DNSSEC Deployment Working Group, a the Cybersecurity Assessment and Risk infrastructure news articles across CIKR group of experts active in the development or Management Approach—incorporates lessons sectors and provides a repository of deployment of DNSSEC. It is open for anyone from a wide variety of cyber risk management cybersecurity open source information. The interested in participation. The DNSSEC activities. CARMA is a comprehensive, Read Files are intended to increase awareness website contains articles, published research functions-based risk management strategy of cybersecurity issues—thus aiding sectors papers, DNSSEC tools, case studies, workshop that focuses on cyber critical infrastructure during strategic cybersecurity risk information, and presentation materials. For and effectively identifies, assesses, and management planning. Modeled on the more information, see www.dnssec- manages shared risks. For more information, Department of Homeland Security’s Daily deployment.org/. email [email protected]. Open Source Infrastructure Report, the monthly Open Source Infrastructure Cyber Industrial Control System Cybersecurity Read File focuses on cybersecurity and cyber Standards and References provide an Network Security Information Exchange infrastructure. Articles are drawn from open extensive collection of cybersecurity standards (NSIE) The NSTAC recommended the source news resources and are organized by and reference materials as a ready resource establishment of an Industry-government date and the sector(s) they affect. In the Open for the industrial control system stakeholder partnership to reduce the vulnerability of the Source Infrastructure Cyber Read File, CIP community. To view the collection, visit Nations’ telecommunications systems to CS applies knowledge of how issues could www.us-cert.gov/ics/Standards-and- electronic intrusion. The NSTAC formed inform sectors’ strategic planning efforts by References. separate government and industry NSIEs to including contextual information in addition share ideas on technologies and techniques for to the news article. The additional context Information Technology Sector Specific Plan addressing and mitigating the risks to the helps increase understanding of how (IT SSP) outlines the IT Sector security public network and its supporting cybersecurity impacts critical infrastructure partners’ joint implementation of the NIPP infrastructures. For more information, visit protection efforts. Sector-Specific Agencies risk management framework. It describes an www.dhs.gov/publication/nsie-fact-sheet. and other organizations, including State and approach for identifying, assessing, Federal government agencies, may share the prioritizing, and protecting critical IT Sector National Vulnerability Database (NVD) is the Read File with their stakeholders, many of functions, establishing shared IT Sector goals U.S. government repository of standards- whom may not be aware of cybersecurity and objectives, and aligning initiatives to meet based vulnerability management data issues relevant to their activities. For more

81

Safeguarding and Securing Cyberspace information, email [email protected]. Technology’s 2014 Framework for Improving contact the Chemical Sector Specific Agency Critical Infrastructure Cybersecurity. It at [email protected]. The Information Marketplace for Policy and provides tools and resources tailored to the Analysis of Cyber-Risk & Trust (IMPACT) is nuclear industry to allow users to identify, Information Sharing the only freely-available legally collected and assess, and manage sector-specific distributed repository of large-scale cybersecurity risks, threats, and Automated Indicator Sharing (AIS) enables cybersecurity data and analytics tools, vulnerabilities. For more information, please real-time, bi-directional exchange of cyber allowing researchers to advance the state-of- contact the Nuclear Security Specific Agency threat indicators with the goal of reducing the the-art in cyber-risk R&D and decision at [email protected]. number of cyber-attacks. For more support. The intent is to accelerate design, information, visit production, and evaluation of next-generation Roadmap to Enhance Cyber Systems Security www.dhs.gov/cisa/automated-indicator- cyber security solutions, including commercial in the Nuclear Sector The Roadmap to sharing-ais. products. Data providers legally provide the Enhance Cyber Systems Security in the data to be shared through the repository, data Nuclear Sector describes coordinated activities Cyber Information Sharing and Collaboration hosts provide the infrastructure to store the to improve cyber systems security in the Program (CISCP) is a voluntary information- repository data and transfer it to authorized Nuclear Sector. It provides nuclear control sharing program among critical infrastructure recipients, and the coordinating center and cyber systems vendors, asset owners and and the Federal Government. The program provides a centralized mechanism for operators, and relevant government agencies, builds a community of trust and enhances cataloging available data and manages the with a common vision, goals, and objectives collaboration between participants. For more submission and review of data requests. The for cyber systems security in the sector. It also information, visit www.dhs.gov/cisa/cyber- goal of the distributed structure is to provide provides milestones to focus specific efforts information-sharing-and-collaboration- secure, centralized access to multiple sources and activities for achieving the vision, goals, program-ciscp. of data and promote data sharing while and objectives over the next 10 to 15 years, protecting the privacy of the data producers addressing the Nuclear Sector’s most urgent and the security of their networks and data. challenges, as well as its longer-term needs to IMPACT continually adds new data reduce the cyber security risk to nuclear Software Assurance (SwA) containing the latest cybersecurity attacks so industrial cyber systems. For more that the research community will have the information, please contact the Nuclear Sector Software Assurance Program (SwA) Software most recent information to help improve the Specific Agency at [email protected]. Assurance is the level of confidence that quality of research results. For more software is free from vulnerabilities, either information, visit www.impactcybertrust.org/. Roadmap to Secure Control Systems in the intentionally designed into the software or Chemical Sector The Roadmap to Secure accidentally inserted and that software Nuclear Sector Cybersecurity Framework Control Systems in the Chemical Sector applications function in the intended manner. Implementation Guidance The Nuclear Sector describes a plan for voluntarily improving Grounded in the National Strategy to Secure Cybersecurity Framework Implementation cybersecurity in the Chemical Sector. It brings Cyberspace, the SwA Program develops Guidance serves as a resource for the Nuclear together Chemical Sector stakeholders, practical guidance and tools, and promotes Sector to effectively prioritize and apply government agencies, and asset owners and research and development of secure software cybersecurity principles laid out in the operators with a common set of goals and engineering. Resources including articles, National Institute of Standards and objectives. For more information, please webinars, podcasts, and tools for software

82

Safeguarding and Securing Cyberspace security automation and process improvement possible. It is actively being adopted or Technology (NIST), the SwA Forum and are constantly updated at the SwA considered for adoption by a wide range of Working Group Sessions provide a venue for Community Resources and Information cyber threat-related organizations and participants to share their knowledge and Clearinghouse located at communities around the world. All interested expertise in software security while https://buildsecurityin.us-cert.gov/swa/. For parties are welcome to participate in evolving interacting and networking with key leaders more information, contact STIX as part of its open, collaborative in industry, government, and academia. The [email protected]. community and leverage the upcoming STIX gatherings are unique in focus by bringing web site and collaborative forums. For more together private sector stakeholders to Automating Software Assurance Under SwA information, see protecting key information technologies, most sponsorship, MITRE, in collaboration with www.mitre.org/work/tech_papers/2010/10_142 of which are enabled and controlled by government, industry, and academic 0/10_1420.pdf. software. During the Forums, the SwA stakeholders, is improving the measurability Program offers free tutorials. Several of these of security through enumerating baseline Resilient Software Assurance promotes the tutorials are available on line from the security data, providing standardized security and resilience of software across the Software Engineering Institute's Virtual languages as means for accurately development, acquisition, and operational Training Environment (VTE) at communicating the information, and lifecycle; as such, SwA is scoped to address www.vte.cert.org/vteweb/go/3719.aspx. encouraging sharing of this information with Trustworthiness, Dependability (correct and users by developing repositories (see Security predictable execution), Conformance, and Software Assurance (SwA) Resources To Automation & Measurement: Survivability. The focus on Resilience and support SwA in higher education, SwA and http://buildsecurityin.us- Survivability enables stakeholders to the Software Engineering Institute (SEI) have cert.gov/swa/measurable.html). Sponsored by understand and proactively act to design, developed Software Assurance Curriculum the Software Assurance Program, MITRE build, acquire, and operate software and Materials (https://buildsecurityin.us- issues electronic newsletters and information software-enabled services with knowledge cert.gov/swa/mswa.html) which are freely on the following technologies employed in that software must be able to operate in non- available for download. This curriculum is automating SwA: Common Vulnerabilities benign environments. Moreover, if formally recognized by the Institute of and Exposures (CVE); Common Weakness compromised, damage to the software will be Electrical and Electronics Engineers (IEEE) Enumeration (CWE); Common Attack Pattern minimized and it will recover quickly to an and the Association for Computing Machinery Enumeration and Classification (CAPEC); acceptable level of operating capacity; it’s (ACM). At the Forum and Working Group Open Vulnerability and Assessment Language "rugged." Several initiatives have focused on Sessions, SwA distributes CDs of SwA (OVAL); and Malware Attribute Enumeration developing rugged software that is attack- resources. Included on the CDs are guides, and Characterization (MAEC). Structured aware and self-defending. See reports, and brochures on numerous topics Threat Information eXpression (STIX) is a https://buildsecurityin.us- such as: quickly evolving, collaborative community- cert.gov/swa/resilient.html for details. • SwA Capability Benchmarking driven effort to define and develop a language Documents (https://buildsecurityin.us- to represent structured threat information. Software Assurance (SwA) Forum and cert.gov/swa/proself_assm.html) The STIX language is meant to convey the full Working Group Sessions Four times per year, • SwA Ecosystem Page range of cyber threat information and strives under the co-sponsorship of organizations in (https://buildsecurityin.us- to be fully expressive, flexible, extensible, DHS, the Department of Defense (DoD), and cert.gov/swa/ecosystem.html) automatable, and as human-readable as the National Institute of Standards and

83

Safeguarding and Securing Cyberspace

• FAQs and Fact Sheets on SwA Forums assurance models. The SwA Checklist Community at and Working Groups provides a consolidated view of current www.linkedin.com/groups?home=&gid=17765 (https://buildsecurityin.us- software assurance goals and best practices in 55&trk=anet_ug_hm. cert.gov/swa/faq.html) the context of an organized SwA initiative. • Whitepapers from the Software Assurance The checklist includes mappings between the The Top 25 Common Weakness Enumerations Community (https://buildsecurityin.us- SwA Checklist practices and practices (CWE) In cooperation with the System cert.gov/swa/ttpe_research.html) identified in existing SwA maturity models Administration, Audit, Network Security • Evaluating and Mitigating Software and related capability maturity models. This (SANS) Institute, SwA and MITRE issued the Supply Chain Security Risk, May 2010 mapping provides a valuable reference for report, “Improve Security and Software (https://buildsecurityin.us- those wishing to improve their software Assurance: Tackle the CWE Top 25 – The cert.gov/swa/downloads/MitigatingSWsup assurance capabilities. For more information, Most Dangerous Programming Errors.” The plyChainRisks10tn016.pdf) see https://buildsecurityin.us- Top 25 CWEs represent the most significant • SwA Pocket Guide Series - free, cert.gov/swa/proself_assm.html#checklist. exploitable software constructs that have downloadable documents on critical made software so vulnerable. Communicating software assurance topics Software Assurance (SwA) Outreach As part and addressing these problematic issues will (https://buildsecurityin.us- of an extensive outreach effort, the SwA serve to improve software security, both cert.gov/swa/pocket_guide_series.html). participates in conferences and webinars with during development and while in operation. the International Information Systems Read more and see the list of “Top 25 CWE The Software Assurance (SwA) Email Security Certification Consortium (ISC)2, the Programming Errors” at Newsletter provides excellent updates and Information Systems Security Association, https://buildsecurityin.us-cert.gov/swa/cwe/. new information related to the SwA program. Open Web Application Security Project To subscribe, email [email protected] and put (OWASP), and other organizations interested ‘subscribe’ in the subject line and ‘subscribe in application security. More about SwA sw.assurance’ in the body of the email. relevant webinars is available on the BSI and CRIC websites. For more information, visit Software Assurance (SwA) Checklist for https://buildsecurityin.us- Software Supply Chain Risk Management cert.gov/swa/webinars.html. Moreover, SwA SwA developed and deployed the “SwA supports online communities of interest, such Checklist for Software Supply Chain Risk as the Software Assurance Education Management” which identifies common Discussion Group on LinkedIn at elements of publicly available software www.linkedin.com/groups?mostpopular=&gid =3430456 and the Software Assurance Mega- Securing and Managing Our Borders

The Department of Homeland Security secures the nation's air, land, and sea borders to prevent illegal activity while facilitating lawful travel and trade. The Department's border security and management efforts focus on three interrelated goals: effectively secure U.S. air, land, and sea points of entry; safeguard and streamline lawful trade and travel; and disrupt and dismantle transnational criminal and terrorist organizations.

84

Securing and Managing Our Borders

integrity of the immigration system. The BTI Call-Center "First Observer" trained specialists Border and Economic Security Institute delivers transformational technology- serve as the first line of communication for all driven solutions, data-informed policies, matters related to this anti-terrorism and workforce development opportunities for today's security awareness program. Well trained 1-800 BE ALERT The public can report Homeland Security Enterprise. For more responders provide nationwide first responder suspicious activity to the U.S. Customs and information, see www.uh.edu/bti/ or contact and law enforcement contact numbers and Border Protection via a toll free telephone [email protected]. electronic linkage to registered participants. reporting system. To report suspicious activity: Reported caller information is entered into a Call 800-BE ALERT or 800-232-5378. For more DHS Center of Excellence: Criminal secure reporting system that allows for an information on U.S. Border Patrol Checkpoints Investigations and Network Analysis (CINA) electronic transfer to the Information Sharing call 877-227-5511. International Callers dial +1 Center, led by George Mason University, and Analysis Center (ISAC) for further 703-526-4200. develops strategies and solutions to enhance investigation by industry analysts. The call criminal network analysis, forensics, and center may also be utilized during an incident CBP deploys the government’s largest law investigative processes for on-the-ground use by of national significance. Call the center 24 x 7 enforcement workforce to protect at and agents and officers to counteract transnational 888-217-5902. For more information, see between ports of entry, supported by air and crime. For more information, see www.firstobserver.com. marine assets. For more information on CBP, https://cina.gmu.edu or contact visit www.cbp.gov. [email protected]. Homeland Security Investigations (HSI) Tip- line is a 24x7 centralized intake center CBP Laboratories and Scientific Services DHS Center of Excellence: Cross Border Threat established to receive tips from the public and coordinates technical and scientific support to Screening and Supply Chain Defense (CBTS) law enforcement. The Tip-line receives, all CBP trade and border protection activities. Center, led by Texas A&M University, assists analyzes, documents, and disseminates tip For more information, visit DHS operations that protect the global supply information regarding more than 400 laws www.cbp.gov/about/labs-scientific-svcs. chain and reduce the risk of exposing people enforced by the Department of Homeland and infrastructures to new and evolving Security. Highly trained intelligence research CBP Newsroom, News Magazine and Alerts biological threats to the nation’s people, specialists have the knowledge and experience compiles the latest information on noteworthy agriculture, and economy. For more to quickly disseminate actionable leads to the occurrences documenting apprehensions of information, contact responsible DHS field office, both in the United criminals, seizures of illegal drugs, rescues [email protected]. States and to HSI attaché offices around the missions, and many other agency success world. With broad access to law enforcement stories from around the country. These eAllegations provides concerned members of the and commercial computer databases, Tip-line highlights can be found at public a means to confidentially report specialists can enhance tip information prior to www.cbp.gov/newsroom. suspected trade violations to CBP. For more forwarding to the responsible field office. With information, or to initiate an investigation, visit real-time access to interpreter services, DHS Center of Excellence: The Borders, Trade, https://eallegations.cbp.gov or contact the Trade information can be collected using more than and Immigration (BTI) Institute, led by the Remedy Law Enforcement Office of 300 languages. The Tip-line can also quickly University of Houston, conducts and transitions International Trade at: 800-BE-ALERT (800- connect federal, state, local, and tribal law research, develops innovative solutions, and 232-5378). enforcement officers with their local HSI duty provides education that enhances the Nation's agent. To contact the HSI Tip-line, call toll free ability to secure the borders, facilitate Highway and Motor Carrier First Observer ™ 866- 347-2423 or use the internet-based HSI legitimate trade and travel, and ensure the 85

Securing and Managing Our Borders

Tip Form at www.ice.gov/tips. Also available is Counter-Proliferation Investigations Unit Account Service Desk provides customer a “widget” that can be placed on the websites of reaches out to applicable high-tech industries to technical support services 24 hours a day, 7 partner organizations and companies to allow monitor weapons of mass destruction and their days a week, including information about ACE for one-click access to the HSI Tip Form. components that are potential targets for illegal Secure Data Portal account access, account trafficking. Through Project Shield America, management, and running ACE Reports. The ICE National Border Enforcement Security ICE works in partnership with U.S. Customs ACE Help Desk is the first point of contact for Task Force (BEST) Unit (NBU) ICE Homeland and Border Protection and U.S. companies that all ACE users experiencing system difficulties. Security Investigations (HSI) in partnership manufacture, sell or export strategic technology To reach the ACE Help Desk, call 866-530-4172 with CBP, federal, international, state, and and munitions. For more information, see or email [email protected] local law enforcement agencies, expanded its www.ice.gov/project-shield-america or contact ongoing Border Crimes Initiative by creating a ICE headquarters, Project Shield America Automated Commercial System (ACS) is CBP’s multi-agency initiative called the BEST. The program manager at (703) 287-6900. legacy automated import processing system program is designed to identify, disrupt, and that has been primarily retired as import dismantle organizations that seek to exploit Trade Facilitation processing capabilities have been transitioned vulnerabilities along the U.S. borders and to the Automated Commercial Environment threaten the overall safety and security of the Automated Export System (AES) is the (ACE). Currently, electronic entry American public. The BESTs are designed to electronic way to file export declarations and payment/collection processes and a limited set increase information sharing and collaboration ocean manifest information with CBP. For more of data queries are still conducted in ACS, among the participating agencies, focusing information about AES, including technical however CBP is in the process of migrating this toward the identification, prioritization, and documentation, software vendors, and other functionality to ACE. For more information, see investigation of emerging or existing threats. items of interest, visit www.cbp.gov/trade/aes. www.cbp.gov/trade/acs/catair or contact 571- For more information, see www.ice.gov/best/. 468-5000. Automated Commercial Environment (ACE) is Operation Stonegarden Grant Program (OPSG) the commercial trade processing system that Cargo Systems Messaging Service (CSMS) is a OPSG funds are intended to enhance connects CBP, the international trade messaging platform for distributing timely cooperation and coordination among local, community and PGAs. It is the U.S. Single service messages to automated cargo systems tribal, territorial, state, and federal law Window, the primary processing system users as well as courtesy messages on related enforcement agencies in a joint mission to through which trade-related data required by trade processing information. To receive CSMS secure the United States’ borders along routes all government agencies is submitted and messages, subscribe at: of ingress from international borders to include processed. ACE facilitates legitimate trade https://csms.cbp.gov/csms.asp?display_page=1. travel corridors in states bordering Mexico and while strengthening border security by Canada, as well as states and territories with providing government officials with better CBP Client Representatives are the first points international water borders. For more automated tools and information. All import of contact for importers, exporters, information, see www.fema.gov/homeland- manifest, cargo release, post release, export and transportation providers, and brokers wishing security-grant-program. PGA integration functionality scheduled for to automate any of their Customs processes. delivery in ACE is now available. For more Client Representatives are the contact point for Project Shield America is the first line of information about ACE, visit all system-related problems and questions from defense against those who compromise U.S. www.cbp.gov/trade/automated. trade partners. For more information, see national security by violating export laws, www.cbp.gov/trade/automated/getting- sanctions and embargoes. Specifically, the ICE Automated Commercial Environment (ACE) started/transmitting-data-cbp-electronic-data- 86

Securing and Managing Our Borders interchange-edi. provided to the trade community. As the official interests, and 5. establish how the U.S. Coast representative, the Executive Director of Trade Guard and CBP will interact with other CBP INFO Center Self Service Q&A Database Relations will promote compliance with Small government agencies to jointly facilitate the is a searchable database with over 600 answers Business Regulatory Enforcement Fairness Act expeditious recovery of the national MTS and to questions about CBP programs, (SBREFA) and, to the extent possible, the the resumption of commerce in support of the requirements, and procedures. If visitors to the recommendations of the National Ombudsman DHS Global Supply Chain Security Strategy. At site are unable to find an answer to their and the Regional Regulatory Fairness Boards. the port level, maritime industry engagement question, they may also submit an inquiry or Should you have any concerns which you feel in trade recovery is accomplished through complaint for personal assistance. To use the have not been resolved in an appropriate incident management structures that are searchable database, visit manner, contact the Executive Director of mobilized on a case by case basis and are https://help.cbp.gov/app/home or call the CBP Trade Relations at: dependent upon the severity of an incident INFO Center at 877-CBP-5511 or 703-526-4200. www.cbp.gov/trade/stakeholder- impacting the local components of the MTS engagement/user-fee-advisory-committee. within a U.S. Coast Guard Captain of the Port CBP Trade Outreach The Office of Trade (COTP) Zone. For more information, call 202- Relations (OTR) serves as the CBP point of CBP/USCG Joint Protocols for the Expeditious 372-1092 or visit the U.S. Coast Guard’s Office contact for the international trade community Recovery of Trade The CBP/USCG Joint of Port and Facility Compliance (CG-FAC) by supporting communications between CBP Protocols for the Expeditious Recovery of Trade webpage, www.dco.uscg.mil/our- and the private sector. Situated within the inform national level decision-making to organization/assistant-commandant-for- Office of the Commissioner, OTR is responsible facilitate the stabilization and recovery of basic prevention-policy-cg-5p/inspections-compliance- for industry engagement, dissemination of functions of the marine transportation system cg-5pc/cgfac/. information, and solicitation of input from the (MTS) after a Transportation Disruption as private sector and PGAs to include new defined by the SAFE Port Act of 2006. The Customs Rulings Online Search System importers, exporters and small businesses. For protocols are activated when needed as an (CROSS) is a searchable database of CBP more information, visit engagement forum among national level rulings that can be retrieved based on simple or www.cbp.gov/trade/stakeholder- maritime industry associations, CBP, the U.S. complex search characteristics using keywords engagement/trade-relations. Coast Guard, and other federal agencies with and Boolean operators. CROSS has the added maritime trade responsibilities to inform functionality of CROSS referencing rulings CBP Small Business Regulatory Fairness federal decision-making. The protocols 1. from the initial search result set with their Representative The Executive Director Trade support Presidential Directives that pertain to modified, revoked or referenced counterparts. Relations for U.S. Customs and Border maritime security and the protection of the Rulings collections are separated into Protection was selected by the Commissioner to national economy and national defense,2. Headquarters and New York and span the serve as the Regulatory Fairness establish a national level communications years 1989 to present. Collections can be Representative for the agency and is process to be employed by the U.S. Coast searched individually or collectively. For more responsible for performing as the link between Guard, CBP, and other federal agencies, as information, see https://rulings.cbp.gov/home. the international trading community and senior well as the maritime industry, following or CBP managers. In addition, the Executive prior to an event that causes a major Customs-Trade Partnership Against Terrorism Director of Trade Relations is responsible for disruption to the MTS, 3. consider the collateral (CTPAT) is a voluntary government-business policy review, planning and counsel to the impacts of a major disruption of the MTS on initiative developed in order to strengthen and Commissioner, Department of Homeland international commerce, 4. support federal improve the international supply chain to Security, and Congress on the quality of service decision-making and the protection of federal increase U.S. border security against the threat 87

Securing and Managing Our Borders of terrorism. Through CTPAT, businesses in the protection/red-lists/. “frequent travelers” who make several program ensure the integrity of their security international trips per year, there is no practices, communicate, and verify the security Secure Freight Initiative (SFI) and Importer minimum number of trips an applicant must criteria of their business partners within the Security Filing and additional carrier make to qualify. For more information, visit supply chain. For more information, or to apply requirements (10+2) The Secure Freight www.globalentry.gov, or contact online, visit www.cbp.gov/ctpat. You may also Initiative, through partnerships with foreign [email protected] 866-530-4172. email the program at OFO- governments, terminal operators, and carriers, [email protected] enhances the DHS capability to assess the Traveler Redress Inquiry Program (DHS TRIP) security of U.S.-bound maritime containers by provides a single point of contact for individuals Importer Self-Assessment Program (ISA) has scanning them for nuclear and other radioactive who have inquiries or seek resolution regarding now transitioned into the CTPAT Trade materials before they are laden on vessels difficulties they experienced during their travel Compliance program (TC) as of October 2019. bound for the U.S. For more information, please screening at airports, at train stations, or The TC program provides the opportunity for visit www.cbp.gov/border-security/ports- crossing U.S. borders. Log on to the DHS TRIP importers to assume responsibility for entry/cargo-security/importer-security-filing- (www.dhs.gov/trip) website to initiate an monitoring their own compliance. Public 102 or contact [email protected]. inquiry. For more information, contact the TSA information regarding this program, including Contact Center, 866-289-9673. frequently asked questions, policy information, Travel Facilitation best practices, and requirements can be found Trusted Traveler Programs (TTP) provide at www.cbp.gov/trade/trade- expedited travel for pre-approved, low risk Border Entry Wait Times U.S. Customs and community/outreach-programs/trade-program- travelers through dedicated lanes and kiosks Border Protection’s RSS feeds of border wait contacts/CTPAT-poc upon arrival in the U.S. These programs times make it easier to view air and land border include NEXUS, SENTRI, FAST (for wait times through a desktop RSS reader as Informed Compliance Publications are available commercial drivers), and Global Entry. NEXUS, well as on electronic devices, such as smart on a specific trade issues, and summarize SENTRI, and FAST program members receive phones. For more information, visit practical information for the trade community technology-enabled credentials while Global http://apps.cbp.gov/bwt/. to better understand their obligations under Entry members use their passport. All the customs and related laws. For more programs facilitate border processing by Entry Process into United States CBP information, see website link confirming membership, identity, and running welcomes more than 1.1 million international www.cbp.gov/trade/rulings/informed- law enforcement checks. For more information travelers into the United States at land, air, compliance-publications. about trusted traveler programs, visit and sea ports on an average day. U.S. citizens https://ttp.dhs.gov. and international visitors may consult Red Lists of Cultural Objects at Risk publications and factsheets for information to Red Lists present the categories of cultural simplify their entry into the U.S. For TSA Pre✓® Application Program The TSA objects that can be subjected to theft and traffic. information about international travel, Contact Pre ® Application Program, one of the DHS They help individuals, organizations and ✓ the CBP Information Center at 877-227-5511. Trusted Traveler programs, allow pre-approved, authorities, such as police or customs officials, low-risk travelers to use expedited screening identify objects at risk and prevent them from Global Entry, one of the CBP trusted traveler lanes at U.S. airports for domestic travel and being illegally sold or exported. For more programs, allows pre-approved, low-risk departures from a U.S. airport to a foreign information, visit travelers expedited clearance upon arrival into country. For more information about the TSA https://icom.museum/en/activities/heritage- the U.S. Although this program is intended for Pre✓® Application Program, visit 88

Securing and Managing Our Borders https://www.tsa.gov/precheck. To enroll, visit https://universalenroll.dhs.gov/workflows?servic ecode=11115V&service=pre-enroll.

Western Hemisphere Travel Initiative (WHTI) requires citizens of the U.S., Canada, and Bermuda to present a passport or other acceptable document that denotes identity and citizenship when entering the U.S. For more information about WHTI, visit https://www.cbp.gov/travel/us-citizens/western- hemisphere-travel-initiative/faqs or contact CBP INFO Center at 877-227-5511 or 703-526- 4200, TDD: 866-880-6582.

89

Securing and Managing Our Borders

INDEX (HSSTAC), 20 A AgConnect, 33 American Wood Council:, 36 A Guide to Naturalization, 27 Assist Visits, 60 Academic Engagement Assistance to Firefighters Grants (AFG), 36, 41 Automating Software Assurance, 83 Automated Commercial Environment (ACE) Account Service Desk, 86 Department of Homeland Security Science and Technology Directorate Cyber Automated Indicator Sharing (AIS), 82 Security Division (DHS S&T CSD), 79 AUXCOMM Training, 33 Electronic Crimes Task Force (ECTF) Program, 16 Minority Serving Institutions (MSIs) Programs, 8 B National Nuclear Forensics Expertise Development Program (NNFEDP), 67 Science and Technology Directorate’s Career Development Grants (CDG) Best Practices for Anti – Terrorism Security (BPATS), 22 Program, 51 Bomb Threat Management Planning Course, 44 Activity Reporting Bombing Prevention “If You See Something, Say SomethingTM” Campaign, 69 Bomb-making Materials Awareness Program (BMAP), 44 1-800 BE ALERT, 85 Countering IEDs Training for Pipeline Employees, 61 AIRBUST Program, 42 DHS Center of Excellens:Awareness & Location of Explosives-Related Threats Dams Sector Suspicious Activity Reporting Fact Sheet, 56 (ALERT), 44 Forced Labor Resources, 8 Improvised Explosive Device (IED) Counterterrorism Workshop, 45 General Aviation Secure Hotline, 43 Multi-Jurisdiction Improvised Explosive Device (IED) Security Plan (MJIEDSP), Highway and Motor Carrier First Observer ™ Call-Center, 85 45 Highway ISAC, 61 Protective Measures Course, 45 Homeland Security Investigations (HSI) Tip-line, 85 Technical Resource for Incident Prevention (TRIPwire), 72 HOMEPORT, 64 Border Security Human Rights Violators and War Crimes Center, 8 1-800 BE ALERT, 85 On the Tracks Rail Sabotage Awareness and Reporting (DVD & Poster), 62 Border Entry Wait Times, 88 Report an IPR Violation, 18 CBP Border Security, 85 School Transportation Security Awareness (STSA), 62 CBP Laboratories and Scientific Services, 85 Suspicious Activity Reporting Fact Sheet, 57 CBP Newsroom, News Magazine and Alerts, 85 Suspicious Activity Reporting Tool, 57 eAllegations, 85 Advisory Council Entry Process into United States, 88 Advisory Committee on Commercial Operations of Customs and Border Global Entry, 88 Protection (COAC), 10 Highway and Motor Carrier First Observer ™ Call-Center, 85 Area Maritime Security Committees (AMSCs), 63 Homeland Security Investigations (HSI) Tip-line, 85 Aviation Security Advisory Committee (ASAC), 42 ICE HSI National Security Investigations Division, 17 DHS Data Privacy and Integrity Advisory Committee (DPIAC), 16 ICE National Border Enforcement Security Task Force (BEST) Unit (NBU), 86 Harbor Safety Committees, 64 National Vessel Movement Center (NVMC), 65 Homeland Security Advisory Council (HSAC), 12 Operation Stonegarden Grant Program (OPSG), 86 Multi-Band Radio (MBR) Technology, 31 Secure Freight Initiative (SFI) and Importer Security Filing and additional National Infrastructure Advisory Council (NIAC), 51 carrier requirements (10+2), 88 National Science and Technology Council (NSTC) Subcommittee on Biometrics Traveler Redress Inquiry Program (DHS TRIP), 88 and Identity Management (BIdM), 71 Western Hemisphere Travel Initiative (WHTI), 89 The Homeland Security Science and Technology Advisory Committee Broad Agency Announcements (BAA), 19 90

Securing and Managing Our Borders

Building a Roadmap to Resilience - A Whole Community Training, 36 CIS Ombudsman Recommendations, 28 Building a Roadmap to Resilience - A Whole Community Training., 40 CIS Ombudsman Teleconferences, 27 CIS Ombudsman Updates, 27 C Civics and Citizenship Toolkit - A Collection of Educational Resources for Immigrants, 27 Carrier Liaison Program (CLP), 26 Civil Rights and Civil Liberties Chemical Facility Anti-Terrorism Standards (CFATS) Chemical Facility Security Civil Rights and Civil Liberties Training at Fusion Centers, 7 Tip Line, 46 Community Roundtables, 7 Chemical Facility Anti-Terrorism Standards (CFATS) Frequently Asked CRCL Monthly Newsletter, 7 Questions, 46 Environmental Justice Annual Implementation Report, 7 Chemical Security Equal Employment Opportunity (EEO) Reports, 8 Chemical Facility Anti-Terrorism Standards (CFATS) Presentations, 46 If You Have the Right to Work, Don’t Let Anyone Take it Away Poster, 8 Chemical Facility Anti-Terrorism Standards (CFATS) Risk-Based Performance Introduction to Arab American and Muslim American Cultures, 8 Standards (RBPS), 46 Language Access, 8 Chemical Facility Security: Best Practice Guide for an Active Shooter Incident, Minority Serving Institutions (MSIs) Programs, 8 46 No te Engañes (Don’t be Fooled), 9 Chemical Sector Classified Briefing, 47 Online Detainee Locator System, 18 Chemical Sector Industrial Control Systems (ICS) Security Resource DVD, 47 Posters on Common Muslim American Head Coverings, Common Sikh American Chemical Sector Security Awareness Guide, 47 Head Coverings, and the Sikh Kirpan, 9 Chemical Sector Training Resources Guide, 47 Preventing International Non-Custodial Parental Child Abduction, 9 Chemical Security Analysis Center (CSAC), 46 Privacy Impact Assessments (PIAs), 15 Chemical Security Assessment Tool (CSAT), 46 Quarterly NGO Civil Rights / Civil Liberties Committee Meeting, 9 Chemical Security Compliance Assistance Visit (CAV) Requests, 47 Resources for Victims of Human Trafficking and Other Crimes, 9 Chemical Security Summit, 47 The Office of Civil Rights and Civil Liberties (CRCL) Annual Reports to Chemical Stockpile Emergency Preparedness Program (CSEPP), 47 Congress, 7 Chemical-Terrorism Vulnerability Information (CVI), 47 Victim Assistance Program (VAP), 9 Federal Motor Carrier Safety Administration: Guide to Developing an Effective Commercial Facilities Security Plan for the Highway Transportation of Hazardous Materials, 59 Active Threat Recognition for Retail Security Officers, 52 Hazmat Motor Carrier Security Action Item Training (SAIT) Program, 59 Commercial Facilities Sector Pandemic Planning Documents, 52 Hazmat Motor Carrier Security Self-Assessment Training Program, 59 Cybersecurity in the Gaming Subsector Webinar, 79 Hazmat Trucking Guidance: Highway Security-Sensitive Materials (HSSM) Cybersecurity in the Retail Subsector, 79 Security Action Items (SAIs), 59 DHS Lodging Video: “No Reservations: Suspicious Behavior in Hotels”, 54 Infrastructure Protection Sector-Specific Tabletop Exercise Program (IP- DHS Retail Video: "What's in Store - Ordinary People/Extraordinary Events", 52 SSTEP), Chemical Sector Tabletop Exercise (TTX), 48 DHS Sports Leagues/Public Assembly Video: “Check It! How to Check a Bag”, 53 Know Your Customer, 48 Evacuation Planning Guide for Stadiums, 53 Monthly Chemical Sector Suspicious Activity Calls, 48 Hotel and Lodging Advisory Poster, 53 Pipeline and Hazardous Materials Safety Administration Infrastructure Protection Sector-Specific Table Top Exercise Program (SSTEP) Risk Management Self-Evaluation Framework (RMSEF), 59 for the Commercial Facilities Retail/Lodging Subsectors and Sports Roadmap to Secure Control Systems in the Chemical Sector, 82 Leagues/Public Assembly Subsectors, 53 Security Seminar & Exercise Series for Chemical Industry Stakeholders, 48 IS-906 Workplace Security Awareness, 53 Surveillance Detection for Law Enforcement and Security Professionals, 46 IS-907 Active Shooter: What You Can Do, 53 Voluntary Chemical Assessment Tool (VCAT), 48 IS-912 Retail Security Awareness: Understanding the Hidden Hazards, 54 Web-Based Chemical Security Awareness Training Program, 48 Mountain Resorts and Outdoor Events Protective Measures Guides, 54 Who’s Who in Chemical Sector Security, 48 Protective Measures Guide for the U.S. Lodging Industry, 54 Protective Measures Guide for U.S. Sports Leagues, 54 91

Securing and Managing Our Borders

Retail and Shopping Center Advisory Poster, 54 Consequences of Terrorism, 50 Sports Venue Bag Search Procedures Guide, 54 DHS Geospatial Information Infrastructure (GII), 68 Sports Venue Credentialing Guide, 55 DHS YouTube Critical Infrastructure Videos, 50 Threat Detection & Reaction for Retail & Shopping Center Staff, 55 Expert Judgment and Probability Elicitation, 50 Conference or Forum Homeland Security Information Network (HSIN - Highway and Motor Carrier Chemical Security Summit, 47 Portal, 61 Community Roundtables, 7 Homeland Security Information Network-Critical Sectors (HSIN-CS), 69 Critical Manufacturing Partnership Road Show, 52 INFOGRAMs, 70 Critical Manufacturing Security Conference, 52 Information Sharing Snapshot, 70 Critical Manufacturing Working Groups, 11 Infrastructure Data Taxonomy (IDT), 70 Mass Transit Security and Safety Roundtables, 66 Infrastructure Protection Sector-Specific Tabletop Exercise Program (IP- Public Transportation Emergency Preparedness Workshop - Connecting SSTEP), Chemical Sector Tabletop Exercise (TTX), 48 Communities Program, 29 IS-860.a National Infrastructure Protection Plan (NIPP), 14 Quarterly NGO Civil Rights / Civil Liberties Committee Meeting, 9 IS-890.a Introduction to the Interagency Security Committee (ISC), 14 SAFECOM Guidance on Emergency Communications Grants, 32 National Infrastructure Advisory Council (NIAC), 51 Security Seminar & Exercise Series for Chemical Industry Stakeholders, 48 NPPD/IP Sector-Specific Agency Sector Snapshots, Fact Sheets and Brochures, Software Assurance (SwA) Forum and Working Group Sessions, 83 15 Technologies for Critical Incident Preparedness (TCIP) Conference and NPPD/IP SOPD Critical Infrastructure Sector Snapshots, Fact Sheets and Exposition, 36 Brochures, 51 Cooperative Research and Development Agreements (CRADAs), 19 NPPD/IP Training Page, 51 Counterfeit Protection Office of Infrastructure Protection (IP) and National Infrastructure Protection Electronic Crimes Task Force (ECTF) Program, 16 Plan (NIPP) Booths, 15 Financial Crimes Task Forces, 16 Pipeline Security Awareness for the Pipeline Industry Employee Training CD Crisis Event Response and Recovery Access (CERRA), 33 and Brochures, 62 Critical Infrastructure Protected Critical Infrastructure Information (PCII) Program, 71 Active Shooter Resources, 74 Protective Security Advisors, 51 American National Standards Institute – Homeland Security Standards Panel Public Transportation Emergency Preparedness Workshop - Connecting (ANSI-HSSP), 14 Communities Program, 29 Communications Sector Specific Plan (COMM SSP), 30 Sector-Specific Pandemic Influenza Guides, 58 Critical Infrastructure Information Notices, 68 Sector-Specific Plans, 15 Critical Infrastructure Learning Series, 48 SOPD Classified Threat Briefings, 72 Critical Infrastructure Resource Center, 49 Surveillance Detection Awareness on the Job, 72 Critical Infrastructure Sector Snapshots, 49 Surveillance Detection for Law Enforcement and Security Professionals, 46 Critical Infrastructure Training Module, 49 The Cutting Edge Tools Resilience Program Website, 49 Critical Infrastructure Training Portal, 14 The Cybersecurity Assessment and Risk Management Approach (CARMA), 80 Cross-Sector Active Shooter Security Seminar and Exercise Workshop, 49 The DHS Operations Special Events Program (SEP), 11 Cyber Resiliency Review (CRR), 75 The Joint Counterterrorism Awareness Workshop Series (JCTAWS), 50 Cybersecurity Evaluation Program (CSEP), 75 Critical Infrastructure Tabletop Exercise Program (CITEP), 60 Cybersecurity in the Emergency Services Sector, 34 Critical Manufacturing DHS Center of Excellence: FASCAT (Food & Agriculture Sector Criticality Critical Manufacturing Cybersecurity Tabletop Exercise, 52 Assessment Tool), 50 Critical Manufacturing Partnership Road Show, 52 DHS Center of Excellence:Global Terrorism Database, 50 Critical Manufacturing Security Conference, 52 DHS Center of Excellence:National Consortium for the Study of Terrorism and SOPD/TSA Joint Exercise Program, 52 Responses to Terrorism (START), 50, 68 CWMD Industry Engagement Program, 11 DHS Center of Excellence:Training Programs related to the Human Causes and Cyber Information Sharing and Collaboration Program (CISCP), 82 92

Securing and Managing Our Borders

Cyber Risk Scoring and Mitigation (CRISM), 76 Roadmap to Secure Control Systems in the Chemical Sector, 82 Cyber Secure Dashboard (CSD), 75 Sector-Specific Plans, 15 Cybersecurity Software Assurance (SwA) Checklist for Software Supply Chain Risk Automating Software Assurance, 83 Management, 84 Critical Manufacturing Cybersecurity Tabletop Exercise, 52 Software Assurance (SwA) Email Newsletter, 84 Current Cybersecurity Activity, 76 Software Assurance (SwA) Forum and Working Group Sessions, 83 Cyber Exercise Program (CEP), 78 Software Assurance (SwA) Outreach, 84 Cyber Forensics, 77 Software Assurance (SwA) Resources, 83 Cyber Investigation Section (CIS), 76 Software Assurance Program (SwA), 82 Cyber Resiliency Review (CRR), 75 Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act), Cybersecurity Advisors (CSAs), 78 21 Cybersecurity Education and Workforce Development Program (CEWD), 80 The Cybersecurity Assessment and Risk Management Approach (CARMA),, 80 Cybersecurity Evaluation Program (CSEP), 75 The National Cyber Security Division’s (NCSD) Critical Infrastructure Cybersecurity Evaluation Tool (CSET), 75 Protection Cyber Security (CIP CS), 81 Cybersecurity in the Emergency Services Sector, 34 The TechSolutions Program, 22 Cybersecurity in the Emergency Services Sector Webinar, 80 The Top 25 Common Weakness Enumerations (CWE), 84 Cybersecurity in the Gaming Subsector Webinar, 79 U.S. Computer Emergency Readiness Team (US-CERT) Vulnerability Notes Cybersecurity in the Retail Sector Webinar, 80 Database, 78 Cybersecurity in the Retail Subsector, 79 Unified Incident Command and Decision Support (UICDS), 72 Cybersecurity Information Products and Recommended Practices, 80 Cybersecurity and Infrastructure Security Agency (CISA), 13 Cybersecurity Strategy Development, 79 Cybersecurity and Infrastructure Security Agency (CISA) Security of Soft Targets Cybersecurity Webinars, 80 and Crowded Places—Resource Guide, 73 Dams Sector Roadmap to Secure Control Systems, 56 Cybersecurity and Infrastructure Security Agency’s Enhanced Cybersecurity Defense Technology Experimental Research (DETER), 19 Services (ECS) Program, 78 Department of Homeland Security Science and Technology Directorate Cyber Security Division (DHS S&T CSD), 79 D Domain Name System Security Extensions (DNSSEC) Deployment Coordinating Initiative, 81 Dams Electronic Crimes Task Force (ECTF) Program, 16 Active and Passive Vehicle Barriers Guide, 55 Emergency Services Sector Cyber Risk Assessment (ESS-CRA), 76 Consequence-Based Top Screen (CTS) Reference Guide, 56 Financial Crimes Task Forces, 16 Consequence-Based Top Screen Fact Sheet, 55 Homeland Open Security Technologies, 20 Crisis Management Handbook, 56 Identity Management, 70 Dams and Energy Sector Interdependency Study, 56 Industrial Control System Cybersecurity Standards and References, 81 Emergency Preparedness Guidelines for Levees: A Guide for Owners and Information Technology Sector Risk Assessment (ITSRA), 76 Operators, 57 Information Technology Sector Specific Plan (IT SSP), 81 Estimating Economic Consequences for Dam Failure Scenarios, 57 National Computer Forensics Institute (NCFI), 77 Estimating Loss of Life for Dam Failure Scenarios, 57 National Cyber Awareness System, 78 IS-870 Dams Sector: Crisis Management Overview, 57 National Vulnerability Database (NVD), 81 Personnel Screening Guide for Owners and Operators, 57 Network Security Information Exchange (NSIE), 55, 81 Physical Security Measures for Levees Brochure, 57 Open Source Infrastructure Cyber Read File, 81 Roadmap to Secure Control Systems, 56 Privacy Impact Assessments (PIAs), 15 Suspicious Activity Reporting Fact Sheet, 56, 57 Research and Standards Integration Program (RSI), 21 Suspicious Activity Reporting Tool, 57 Resilient Software, 83 Waterside Barriers Guide, 56 Roadmap to Enhance Cyber Systems Security in the Nuclear Sector, 82 93

Securing and Managing Our Borders

Web-Based Training Fact Sheet, 57 CBP Laboratories and Scientific Services, 85 Dams and Energy Sector Interdependency Study, 55 Defense Technology Experimental Research (DETER), 19 Dams Sector Cybersecurity Capability Maturity Model (C2M2), 58 DHS Industry Liaisons, 12 Dams Sector Cybersecurity Capability Maturity Model (C2M2) Implementation DHS Small Business Innovation Research (SBIR), 20 Guide, 58 DHS Technology Transfer Program, 20 Dams Sector Cybersecurity Framework Implementation Guidance, 58 FEMA Industry Liaison Program, 12 Dams Sector Cybersecurity Program Guidance, 58 FEMA Small Business Industry Liaison Program, 12 Dams Sector Security Guidelines, 58 Office of Small and Disadvantaged Business Utilization (OSDBU), 13 Dams Sector Tabletop Exercise Toolbox (DSTET), 56 Planning Guidelines and Design Standards (PGDS) for Checked Baggage Dealing with Workplace Violence, 49 Inspection Systems, 21 DHS Center of Excellence Project 25 Compliance Assessment Program (P25 CAP), 21 Awareness & Location of Explosives-Related Threats (ALERT), 44 SECURETM Program, 21 Coastal Hazards Center of Excellence (CHC), 34, 64 Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act), DHS Center of Excellence: FASCAT (Food & Agriculture Sector Criticality 21 Assessment Tool), 50 The Acquisition Planning Forecast System (APFS), 19 Expert Judgment and Probability Elicitation, 50 The Catalog of Federal Domestic Assistance (CFDA), 19 Global Terrorism Database, 50 National Consortium for the Study of Terrorism and Responses to Terrorism E (START), 50, 68 Security Patrol Scheduling Using Applied Game Theory, 10 Economic Security Training Programs related to the Human Causes and Consequences of DHS Center of Excellence: Security Patrol Scheduling Using Applied Game Terrorism, 50 Theory, 10 DHS Center of Excellence: Arctic Domain Awareness Center (ADAC), 63 Estimating Economic Consequences for Dam Failure Scenarios, 57 DHS Center of Excellence: Center for Accelerating Operational Efficiency (CAOE), Electronic System for Travel Authorization (ESTA), 26 10 Emergency Alert System (EAS), 30 DHS Center of Excellence: Coastal Resilience Center (CRC), 34, 64 Emergency Services DHS Center of Excellence: Criminal Investigations and Network Analysis (CINA) Center for Domestic Preparedness (CDP), 33 Center, 85 Cybersecurity in the Emergency Services Sector, 34 DHS Center of Excellence: Critical Infrastructure Resilience Institute (CIRI), 49 Cybersecurity in the Emergency Services Sector Webinar, 80 DHS Center of Excellence: Cross Border Threat Screening and Supply Chain DisasterAssistance.gov, 37 Defense (CBTS) Center, 85 Donations and Volunteers Information, 37 DHS Center of Excellence: Maritime Security Center (MSC), 64 Emergency Communications Guidance Documents and Methodologies, 30 DHS Center of Excellence: The Borders, Trade, and Immigration (BTI) Institute, Emergency Data Exchange Language (EDXL), 30 85 Emergency Food and Shelter National Board Program, 37 DHS Compliance Assurance Program Office (CAPO), 7 Emergency Planning Exercises, 34 DHS Emeritus Center of Excellence: Center for Zoonotic and Animal Disease Emergency Services Personal Readiness Guide for Responders and Their Defense (ZADD), 58 Families, 34 DHS Emeritus Center of Excellence: Food Protection and Defense Institute (FPDI), Emergency Services Sector (ESS), 34 58 Emergency Services Self-Assessment Tool (ESSAT), 34 DHS Emeritus Center of Excellence: National Center for Visualization and Data First Responder Communities of Practice, 35 Analytics (CVADA), 68 First Responders ‘Go Kit’, 35 DHS National Operations Center (NOC) Common Operating Picture (COP), 69 Government Emergency Telecommunications Service (GETS), 31, 32 DHS Silicon Valley Innovation Program (SVIP), 19 INFOGRAMs, 70 Doing Business with DHS National Emergency Communications Plan (NECP), 31 CBP Industry Partnership and Outreach Program, 10 94

Securing and Managing Our Borders

National Interoperability Field Operations Guide (NIFOG), 31 Fire Prevention & Safety (FP&S), 37 Public Transportation Emergency Preparedness Workshop - Connecting First Responder Safety Research and Special Studies, 38, 40 Communities Program, 29 Follow FEMA online, 23 Safety and Security of Emergency Response Vehicles Brochure, 36 Form I-9, 25 Technologies for Critical Incident Preparedness (TCIP) Conference and Fraud Exposition, 36 Commercial Fraud, 16 Telecommunications Service Priority (TSP) Program, 32 Electronic Crimes Task Force (ECTF) Program, 16 The R-Tech Bulletin, 36 How to Protect Your Rights, 16 Unified Hazard Mitigation Assistance (HMA) Grant Programs, 40 Identity Management, 70 Webinar: The Ready Responder Program for the Emergency Services Sector, 36 Intellectual Property Rights (IPR) e-Recordation and IPR Search, 18 Wireless Priority Service (WPS), 32 Intellectual Property Rights (IPR) Fact Sheet, 17 Emergency Services Sector – Continuity Planning Suite (ESS-CPS), 33 Intellectual Property Rights (IPR) Help Desk, 18 Emergency Support Function (ESF) #14 – Cross-Sector Business and Intellectual Property Rights (IPR) Seizure Statistics, 18 Infrastructure, 12 National Intellectual Property Rights Coordination Center (IPR Center), 18 Employment Eligibility Verification Program Webinars, 25 Operation Genesius, 18 Enduring Security Framework (ESF), 49 Operation Guardian, 18 Enhanced Cybersecurity Services (ECS), 77 Operation In Our Sites, 18 E-Verify, 25 Report an IPR Violation, 18 Exercise Area Maritime Security Training and Exercise Program (AMSTEP), 63 G Critical Manufacturing Cybersecurity Tabletop Exercise, 52 Cross-Sector Active Shooter Security Seminar and Exercise Workshop, 49 Grant Program Cyber Exercise Program (CEP), 78 Grants, 38 Emergency Planning Exercises, 34 Minority Serving Institutions (MSIs) Programs, 8 Infrastructure Protection Sector-Specific Table Top Exercise Program (SSTEP) Nonprofit Security Grant Program, 51 for the Commercial Facilities Retail/Lodging Subsectors and Sports Operation Stonegarden Grant Program (OPSG), 86 Leagues/Public Assembly Subsectors, 53 SAFECOM Guidance on Emergency Communications Grants, 32 Infrastructure Protection Sector-Specific Tabletop Exercise Program (IP- Science and Technology Directorate’s Career Development Grants (CDG) SSTEP), Chemical Sector Tabletop Exercise (TTX), 48 Program, 51 Intermodal Security Training and Exercise Program (I-STEP), 61 Unified Hazard Mitigation Assistance (HMA) Grant Programs, 40 Mass Transit and Passenger Rail - Bomb Squad Response to Transportation Gray Market and Lever-Rule Protection, 19 Systems, 66 Self-Facilitated Tabletop Exercises, 39 SOPD/TSA Joint Exercise Program, 52 H The Joint Counterterrorism Awareness Workshop Series (JCTAWS), 50 Hazardous Materials Endorsement Threat Assessment Program, 59 Health F Center for Domestic Preparedness (CDP), 33 Commercial Facilities Sector Pandemic Planning Documents, 52 FEMA App, 23 Food and Agriculture Sector Criticality Assessment Tool (FASCAT), 69 FEMA Higher Education Program, 34 National Science and Technology Council (NSTC) Subcommittee on Biometrics FEMA National Continuity Programs: Policy, Plans, and Evaluation Division, 29 and Identity Management (BIdM), 71 FEMA Podcast, 23 Planning for 2009 H1N1 Influenza: A Preparedness Guide for Small Business, FEMA Private Sector Communicators Collaboration, 23 58 FEMA Regulatory Materials, 37 Sector-Specific Pandemic Influenza Guides, 58 95

Securing and Managing Our Borders

Help Desk Critical Infrastructure Information Notices, 68 CBP INFO Center Self Service Q&A Database, 87 Current Cybersecurity Activity, 76 eAllegations, 85 DHS Geospatial Information Infrastructure (GII), 68 Intellectual Property Rights (IPR) Help Desk, 18 DHS Open Source Enterprise Daily and Weekly Intelligence Reports, 69 Language Access, 8 Highway ISAC, 61 Traveler Redress Inquiry Program (DHS TRIP), 88 Homeland Security Information Network-Critical Sectors (HSIN-CS), 69 Homeland Security Information Network-Federal Operations (HSIN FedOps), 69 HOMEPORT, 64 Hometown Security Initiative, 12 Identity Management, 70 HSI Illicit Finance and Proceeds of Crime Unit (IFPCU), 17 INFOGRAMs, 70 HSI Trade-based Money Laundering (TBML)/Trade Transparency Unit, 17 Information Sharing Snapshot, 70 Human Rights Assistance Infrastructure Data Taxonomy (IDT), 70 Blue Campaign to Combat Human Trafficking, 7 Joint DHS/FBI Classified Threat and Analysis Presentations, 70 Forced Labor Resources, 8 Monthly Chemical Sector Suspicious Activity Calls, 48 Guidance to Federal Financial Assistance Recipients Regarding Title VI National Cyber Alert System, 78 Prohibition Against National Origin Discrimination Affecting Limited National Science and Technology Council (NSTC) Subcommittee on Biometrics English Proficient Persons, 8 and Identity Management (BIdM), 71 Human Rights and Vulnerable Populations, 8 Nuclear Sector Classified Threat Briefing, 67 Human Rights Violators and War Crimes Center, 8 Nuclear Sector Information Sharing Standard Operating Procedure (SOP), 67 ICE HSI National Security Investigations Division, 17 Port Interagency Information Sharing Assessment, 65 No te Engañes (Don’t be Fooled), 9 Port State Information Exchange (PSIX), 65 Preventing International Non-Custodial Parental Child Abduction, 9 Protected Critical Infrastructure Information (PCII) Program, 71 Resources for Victims of Human Trafficking and Other Crimes, 9 SOPD Classified Threat Briefings, 72 Victim Assistance Program (VAP), 9 Surveillance Detection Awareness on the Job, 72 Hunt and Incident Response Teams (HIRT), 77 Surveillance Detection for Law Enforcement and Security Professionals, 46 Technical Resource for Incident Prevention (TRIPwire), 72 I The Evolving Threat: What You Can Do Webinar, 72 The National Information Exchange Model (NIEM) Program, 71 I&A Private Sector Engagement Corporate Security Symposia (CSS), 70 TSA Alert System, 72 I&A Private Sector Engagement Public-Private Analytic Exchange Program (AEP), U.S. Coast Guard Maritime Information eXchange (“CGMIX”), 72 70 U.S. Coast Guard Navigation Center, 65 ICE Mutual Agreement between Government and Employers (IMAGE) Program, Unified Incident Command and Decision Support (UICDS), 72 26 Information Technology ICE Social Media, 23 Information Technology Sector Risk Assessment (ITSRA), 76 Immigration Information Technology Sector Specific Plan (IT SSP), 81 USCIS Social Media, 23 Infrastructure Stakeholder Security Exercise Program, 60 Importer Self-Assessment Program (ISA), 88 Infrastructure Survey Tool (IST), 60 Improvised Explosive Device (IED) Search Procedures Course, 45 Insider Threat Programs for the Critical Manufacturing Sector Implementation Industrial Control Systems (ICS) Support, 78 Guide, 52 Industrial Control Systems Cybersecurity Training, 79 Integrated Public Alert and Warning System (IPAWS), 31 Information Sharing and Threat Brief Intellectual Property “If You See Something, Say SomethingTM” Campaign, 69 CBP Directives Pertaining to Intellectual Property Rights, 16 Automated Critical Asset Management System (ACAMS), 68 Commercial Fraud, 16 Chemical Sector Classified Briefing, 47 How to Protect Your Rights, 16 Civil Rights and Civil Liberties Training at Fusion Centers, 7 Intellectual Property Rights (IPR) Continuous Sample Bond, 17 Intellectual Property Rights (IPR) Enforcement: A Priority Trade Issue, 17 96

Securing and Managing Our Borders

Intellectual Property Rights (IPR) e-Recordation and IPR Search, 18 DisasterAssistance.gov, 37 Intellectual Property Rights (IPR) Fact Sheet, 17 Donations and Volunteers Information, 37 Intellectual Property Rights (IPR) Help Desk, 18 FEMA Emergency Management Institute Independent Study Program, 35 Intellectual Property Rights (IPR) Seizure Statistics, 18 FEMA Learning Resource Center (LRC), 35 National Intellectual Property Rights Coordination Center (IPR Center), 18 FEMA Library, 35 Operation Genesius, 18 First Responder Communities of Practice, 35 Operation Guardian, 18 Industrial Control System Cybersecurity Standards and References, 81 Operation In Our Sites, 18 National Vulnerability Database (NVD), 81 Report an IPR Violation, 18 NPPD/IP Training Page, 51 Interagency Security Committee (ISC), 74 Software Assurance (SwA) Resources, 83 Intercity Bus Security Grant Program (IBSGP), 66 Software Assurance Program (SwA), 82 Intercity Passenger Rail (IPR) Program, 66 Tornado Safety Initiative, 40 Investigation U.S. Computer Emergency Readiness Team (US-CERT) Vulnerability Notes Commercial Fraud, 16 Database, 78 Cyber Forensics, 77 Cyber Investigation Section (CIS), 76 M Electronic Crimes Task Force (ECTF) Program, 16 Financial Crimes Task Forces (FCTF), 16 Malware Analysis and Response, 78 Forced Labor Resources, 8 Homeland Security Investigations (HSI) Tip-line, 85 Human Rights Violators and War Crimes Center, 8 N ICE HSI National Security Investigations Division, 17 National Fire Incident Reporting System (NFIRS), 38 ICE National Border Enforcement Security Task Force (BEST) Unit (NBU), 86 National Level Exercise (NLE) 2020, 35 Intellectual Property Rights (IPR) Enforcement National Mass Care Exercise, 38 A Priority Trade Issue, 17 National Urban Security Technology Laboratory (NUSTL), 20 Intellectual Property Rights (IPR) e-Recordation and IPR Search, 18 Newsletter National Computer Forensics Institute (NCFI), 77 CBP’s Newsroom, News Magazine and Alerts, 85 National Intellectual Property Rights Coordination Center (IPR Center), 18 Coast Guard Blogs and News, 22 Operation Genesius, 18 CRCL Monthly Newsletter, 7 Operation Guardian, 18 Critical Infrastructure Information Notices, 68 Operation In Our Sites, 18 DHS Social Media Engagement, 23 Report an IPR Violation, 18 FEMA Private Sector E-alerts, 12 IS-1171: Overview of Interagency Security Committee (ISC) Publications, 14 Highway ISAC, 61 Israel-U.S. Binational Industrial Research and Development (BIRD) Foundation,, National Cyber Awareness System, 78 20 Private Sector Updates, 13 Software Assurance (SwA) Email Newsletter, 84 L The Blog @ Homeland Security, 22 The R-Tech Bulletin, 36 Library TSA Alert System, 72 Cargo Systems Messaging Service (CSMS), 86 NFIRS References, 39 Critical Infrastructure Training Portal, 14 Nuclear Sector Cybersecurity Framework Implementation Guidance, 82 Customs Rulings Online Search System (CROSS), 87 Nuclear Security Cybersecurity Education and Workforce Development Program (CEWD), 80 National Nuclear Forensics Expertise Development Program (NNFEDP), 67 DHS Social Media Engagement, 23 Nuclear Sector Classified Threat Briefing, 67 97

Securing and Managing Our Borders

Nuclear Sector Information Sharing Standard Operating Procedure (SOP), 67 Human Rights and Vulnerable Populations, 8 Nuclear Sector Overview, 68 ICE Office of Public Affairs (OPA), 13 Roadmap to Enhance Cyber Systems Security in the Nuclear Sector, 82 Mass Transit Security and Safety Roundtables, 66 Sector-Specific Plans, 15 National Business Emergency Operations Center, 29 National Earthquake Hazards Reduction Program, 29 O National Security Telecommunications Advisory Committee (NSTAC) Recommendations, 31, 55 Office of the Citizenship and Immigration Services Ombudsman (CIS Ombudsman) No te Engañes (Don’t be Fooled), 9 Annual Reports to Congress, 27 Nuclear Sector Information Sharing Standard Operating Procedure (SOP), 67 Online Resources to Prevent Child Exploitation, 9 Office of Small and Disadvantaged Business Utilization (OSDBU), 13 Outreach and Engagement Operation Genesius, 18 Acquisition Planning Forecast System (APFS), 19 Private Sector Division/Office of External Affairs, 13 Advisory Committee on Commercial Operations of Customs and Border Private Sector Updates, 13 Protection (COAC), 10 Protective Security Advisors, 51 American National Standards Institute – Homeland Security Standards Panel Public Private Partnerships: An Introductory Course, 39 (ANSI-HSSP), 14 Public Transportation Emergency Preparedness Workshop - Connecting Area Committees and Area Contingency Plans (ACPs), 63 Communities Program, 29 CBP Client Representatives, 86 Quarterly NGO Civil Rights / Civil Liberties Committee Meeting, 9 CBP Industry Partnership and Outreach Program, 10 Regional and Disaster Private Sector Liaisons, 13 CBP Trade Outreach, 87 SAFECOM Program, 32 Communications Sector Specific Plan (COMM SSP), 30 Security Seminar & Exercise Series for Chemical Industry Stakeholders, 48 Community Emergency Response Team (CERT), 37 Self-Facilitated Tabletop Exercises, 39 Community Roundtables, 7 Software Assurance (SwA) Outreach, 84 CRCL Monthly Newsletter, 7 Suspicious Activity Reporting Tool, 57 CRCL’s Facebook Page, 23 The Blog @ Homeland Security, 22 Critical Manufacturing Partnership Road Show, 52 The Cybersecurity Assessment and Risk Management Approach (CARMA), 80 Critical Manufacturing Working Groups, 11 The DHS Operations Special Events Program (SEP), 11 Customs and Border Protection (CBP) Social Media, 23 The Homeland Security Science and Technology Advisory Committee Customs and Border Protection (CBP) State, Local and Tribal Liaison, 11 (HSSTAC), 20 Customs-Trade Partnership Against Terrorism (CTPAT), 87 The Joint Counterterrorism Awareness Workshop Series (JCTAWS), 50 Cyber Security Advisors (CSAs), 78 The National Council of Statewide Interoperability Coordinators, 31 DHS Center for Faith-based & Neighborhood Partnerships (CFBNP), 11 Unified Incident Command and Decision Support (UICDS), 72 DHS Industry Liaisons, 12 USCIS Social Media, 23 DHS Loaned Executive Program, 12 DHS Private Sector Office (PSO), 12 P DHS Small Business Innovation Research (SBIR) Program, 20 DHS Social Media Engagement, 23 Partners in Prevention: Vehicle Rentals and Vehicle Ramming Video, 53 Electronic Crimes Task Force (ECTF) Program, 16 Planning and Response to an Active Shooter: An Interagency Security Committee FEMA Industry Liaison Program, 12 Policy and Best Practices Guide (Non-FOUO), 14 FEMA Private Sector Division Web portal, 23 Policy Guidance FEMA Private Sector E-alerts, 12 American National Standards Institute – Homeland Security Standards Panel FEMA Small Business Industry Liaison Program, 12 (ANSI-HSSP), 14 Grants, 38 Cybersecurity Strategy Development, 79 Homeland Security Advisory Council (HSAC), 12 IS-860.a National Infrastructure Protection Plan (NIPP), 14

98

Securing and Managing Our Borders

IS-890.a Introduction to the Interagency Security Committee (ISC), 14 Voice over Internet Protocol (VoIP) Project, 32 National Incident Management System (NIMS), 15 Prevention National Response Framework (NRF), 15 Customs-Trade Partnership Against Terrorism (CTPAT), 87 NPPD/IP Sector-Specific Agency Sector Snapshots, Fact Sheets and Brochures, DHS Lodging Video: “No Reservations: Suspicious Behavior in Hotels”, 54 15 INFOGRAMs, 70 Office of Infrastructure Protection (IP) and National Infrastructure Protection Public Transportation Emergency Preparedness Workshop - Connecting Plan (NIPP) Booths, 15 Communities Program, 29 Sector-Specific Plans, 15 Protection Port Security Grant Program (PSGP), 65 Active Threat Recognition for Retail Security Officers, 52 Preparedness Area Maritime Security Committees (AMSCs), 63 General Automated Critical Asset Management System (ACAMS), 68 Community Preparedness Training: Implementing Simple Activities for Chemical Stockpile Emergency Preparedness Program (CSEPP), 47 Everyone (IS-909), 37 Comprehensive Security Assessments and Action Items, 59 Emergency Planning Exercises, 34 Cybersecurity in the Emergency Services Sector, 34 FEMA Emergency Management Institute Independent Study Program, 35 Cybersecurity in the Emergency Services Sector Webinar, 80 FEMA Emergency Management Institute Programs, 35 Dams Sector Consequence-Based Top Screen (CTS) Reference Guide, 56 FEMA Learning Resource Center (LRC), 35 Emergency Preparedness Guidelines for Levees: A Guide for Owners and FEMA Library, 35 Operators, 57 FEMA Private Sector Division web portal, 23 Grants, 38 Information Technology Sector Specific Plan (IT SSP), 81 INFOGRAMs, 70 National Incident Management System (NIMS), 15 Multi-Jurisdiction Improvised Explosive Device (IED) Security Plan National Response Framework (NRF), 15 (MJIEDSP), 45 Public Private Partnerships: An Advanced Course, 39 National Earthquake Hazards Reduction Program, 29 The Technical Assistance (TA) Program, 30 Recommended Security Action Items for Fixed Base Operators, 44 Mitigation SAFECOM Guidance on Emergency Communications Grants, 32 Are You Ready?, 36 Surveillance Detection Awareness on the Job, 72 Business Continuity Planning Suite, 29 Telecommunications Service Priority (TSP) Program, 32 Emergency Data Exchange Language (EDXL), 30 Tornado Safety Initiative, 40 Emergency Services Personal Readiness Guide for Responders and Their Video Quality in Public Safety (VQiPS), 36 Families, 34 Recovery Emergency Services Sector Cyber Risk Assessment (ESS-CRA), 76 Community Emergency Response Team (CERT), 37 Evacuation Planning Guide for Stadiums, 53 DisasterAssistance.gov, 37 Multi-Band Radio (MBR) Technology, 31 Donations and Volunteers Information, 37 National Earthquake Hazards Reduction Program, 29 Emergency Food and Shelter National Board Program, 37 National Emergency Communications Plan (NECP), 31 Tornado Safety Initiative, 40 National Flood Insurance Program, 38 Response National Interoperability Field Operations Guide (NIFOG), 31 Area Committees and Area Contingency Plans (ACPs), 63 National Security Telecommunications Advisory Committee (NSTAC) Communications Sector Specific Plan (COMM SSP), 30 Recommendations, 31, 55 Dams Sector Crisis Management Handbook, 56 Planning for 2009 H1N1 Influenza: A Preparedness Guide for Small Emergency Communications Guidance Documents and Methodologies, 30 Business, 58 Emergency Data Exchange Language (EDXL), 30 Ready Business, 29 Emergency Services Sector (ESS), 34 Ready.gov, 39 First Responder Communities of Practice, 35 Sector-Specific Pandemic Influenza Guides, 58 First Responders ‘Go Kit’, 35 Unified Hazard Mitigation Assistance (HMA) Grant Programs, 40 Government Emergency Telecommunications Service (GETS), 31, 32 99

Securing and Managing Our Borders

National Business Emergency Operations Center, 29 Critical Infrastructure Sector Snapshots, 49 National Emergency Communications Plan (NECP), 31 Cybersecurity Information Products and Recommended Practices, 80 National Interoperability Field Operations Guide (NIFOG), 31 Dams and Energy Sector Interdependency Study, 56 Public Transportation Emergency Preparedness Workshop - Connecting Dams Sector Active and Passive Vehicle Barriers Guide, 55 Communities Program, 29 Dams Sector Consequence-Based Top Screen (CTS) Reference Guide, 56 Technologies for Critical Incident Preparedness (TCIP) Conference and Dams Sector Crisis Management Handbook, 56 Exposition, 36 Dams Sector Personnel Screening Guide for Owners and Operators, 57 The R-Tech Bulletin, 36 Dams Sector Roadmap to Secure Control Systems, 56 Unified Incident Command and Decision Support (UICDS), 72 Dams Sector Suspicious Activity Reporting Fact Sheet, 56 Voice over Internet Protocol (VoIP) Project, 32 Dams Sector Waterside Barriers Guide, 56 Webinar: The Ready Responder Program for the Emergency Services Sector, DHS Geospatial Information Infrastructure (GII), 68 36 DHS Open Source Enterprise Daily and Weekly Intelligence Reports, 69 Wireless Priority Service (WPS), 32 DHS Privacy Office Annual Reports to Congress, 16 PrepTalks, 30 Emergency Communications Guidance Documents and Methodologies, 30 Privacy Emergency Preparedness Guidelines for Levees: A Guide for Owners and DHS Privacy Office, 15 Operators, 57 DHS Privacy Office Disclosure and Transparency, 16 Emergency Services Personal Readiness Guide for Responders and Their Privacy Impact Assessments (PIAs), 15 Families, 34 Prize Challenges, 21 Entry Process into United States, 88 Product Development Environmental Justice Annual Implementation Report, 7 Department of Homeland Security Science and Technology Directorate Cyber Equal Employment Opportunity (EEO) Reports, 8 Security Division (DHS S&T CSD), 79 Estimating Economic Consequences for Dam Failure Scenarios, 57 System Assessment and Validation for Emergency Responders (SAVER) Estimating Loss of Life for Dam Failure Scenarios, 57 Program, 22 Evacuation Planning Guide for Stadiums, 53 Technologies for Critical Incident Preparedness (TCIP) Conference and Federal Motor Carrier Safety Administration: Guide to Developing an Effective Exposition, 36 Security Plan for the Highway Transportation of Hazardous Materials, 59 The TechSolutions Program, 22 General Aviation Security Guidelines, 43 Transportation Security Laboratory (TSL), 22 Guidance to Federal Financial Assistance Recipients Regarding Title VI Video Quality in Public Safety (VQiPS), 36 Prohibition Against National Origin Discrimination Affecting Limited Project CAMPUS Sentinel, 26 English Proficient Persons, 8 Project iGuardian, 9 Hazmat Trucking Guidance: Highway Security-Sensitive Materials (HSSM) Publication Security Action Items (SAIs), 59 Active Shooter Resources, 74 Hotel and Lodging Advisory Poster, 53 Air Cargo Screening Technology List-For Passenger Aircraft, 42 If You Have the Right to Work, Don’t Let Anyone Take it Away Poster, 8 Air Cargo Watch, 42 Informed Compliance Publications, 88 Are You Ready? An In-Depth Guide to Citizen Preparedness, 36 Intellectual Property Rights (IPR) Enforcement: A Priority Trade Issue, 17 Area Maritime Security Plans (AMSPs), 63 Intellectual Property Rights (IPR) Fact Sheet, 17 CBP/USCG Joint Protocols for the Expeditious Recovery of Trade, 87 Intellectual Property Rights (IPR) Seizure Statistics, 18 Certified Cargo Screening Program, 43 Keep the Nation’s Railroad Secure (Brochure), 66 Chemical Facility Security: Best Practice Guide for an Active Shooter Incident, Know Your Customer, 48 46 Laminated Security Awareness Driver Tip Card, 61 Chemical Sector Security Awareness Guide, 47 Mass Transit Employee Vigilance Campaign, 66 Chemical Sector Training Resources Guide, 47 Mass Transit Smart Security Practices, 67 Commercial Facilities Sector Pandemic Planning Documents, 52 Motorcoach Guidance: Security and Emergency Preparedness Plan (SEPP), 67 Consequence-Based Top Screen Fact Sheet, 55 Mountain Resorts and Outdoor Events Protective Measures Guides, 54 100

Securing and Managing Our Borders

National Emergency Communications Plan (NECP), 31 CBP Laboratories and Scientific Services, 85 National Interoperability Field Operations Guide (NIFOG), 31 Critical Infrastructure Resource Center, 49 NPPD/IP Sector-Specific Agency Sector Snapshots, Fact Sheets and Brochures, Defense Technology Experimental Research (DETER), 19 15 Department of Homeland Security Science and Technology Directorate Cyber NPPD/IP SOPD Critical Infrastructure Sector Snapshots, Fact Sheets and Security Division (DHS S&T CSD), 79 Brochures, 51 DHS Small Business Innovation Research (SBIR) Program, 20 Nuclear Sector Information Sharing Standard Operating Procedure (SOP), 67 DHS Technology Transfer Program, 20 Nuclear Sector Overview, 68 FEMA Learning Resource Center (LRC), 35 Office of Infrastructure Protection (IP) and National Infrastructure Protection FEMA Library, 35 Plan (NIPP) Booths, 15 Homeland Open Security Technologies, 20 Open Source Infrastructure Cyber Read File, 81 Mass Transit Security Technology, 20 Physical Security Measures for Levees Brochure, 57 Planning Guidelines and Design Standards (PGDS) for Checked Baggage Posters on Common Muslim American Head Coverings, Common Sikh American Inspection Systems, 21 Head Coverings, and the Sikh Kirpan, 9 Project 25 Compliance Assessment Program, 21 Protective Measures Guide for the U.S. Lodging Industry, 54 Research and Standards Integration Program (RSI), 21 Protective Measures Guide for U.S. Sports Leagues, 54 SAFECOM Program, 32 Rail Security Rule Overview, 67 Science & Technology Basic Research Focus Areas, 21 Retail and Shopping Center Advisory Poster, 54 SECURETM Program, 21 Risk Communication Best Practices and Theory, 31 Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act), Safeguarding America’s Transportation System Security Guides, 62 21 Safety and Security of Emergency Response Vehicles Brochure, 36 System Assessment and Validation for Emergency Responders (SAVER) Sector-Specific Pandemic Influenza Guides, 58 Program, 22 Software Assurance (SwA) Checklist for Software Supply Chain Risk The Homeland Security Science and Technology Advisory Committee Management, 84 (HSSTAC), 20 Sports Venue Credentialing Guide, 55 The TechSolutions Program, 22 Suspicious Activity Reporting Fact Sheet, 57 Transportation Security Laboratory (TSL), 22 The Coast Guard Journal of Safety at Sea, 63 Risk Assessment The Office of Civil Rights and Civil Liberties (CRCL) Annual Reports to In-person Congress, 7 Comprehensive Security Assessments and Action Items, 59 The Top 25 Common Weakness Enumerations (CWE), 84 Port Interagency Information Sharing Assessment, 65 Transportation Sector Network Management Highway and Motor Carrier Web Division Annual Report, 62 Chemical Facility Anti-Terrorism Standards (CFATS) Risk-Based Transportation Security Administration Counterterrorism Guides, 62 Performance Standards (RBPS), 46 User’s Guide on Security Seals for Domestic Cargo, 44 Chemical Security Analysis Center (CSAC), 46 Web-Based Training Fact Sheet, 57 Chemical Security Assessment Tool (CSAT), 46 Who’s Who in Chemical Sector Security, 48 Chemical Security Compliance Assistance Visit (CAV) Requests, 47 Cyber Resiliency Review (CRR), 75 R Cyber Security Evaluation Program (CSEP), 75 Cyber Security Evaluation Tool (CSET), 75 Radiological Emergency Preparedness Program (REP), 68 Emergency Services Sector Cyber Risk Assessment (ESS-CRA), 76 Ready.gov Seasonal Message Campaigns, 23 Emergency Services Self-Assessment Tool (ESSAT), 34 Red Lists of Cultural Objects at Risk, 88 Expert Judgment and Probability Elicitation, 50 Regional Resiliency Assessment Program (RRAP), 60 Food and Agriculture Sector Criticality Assessment Tool (FASCAT), 69 Research Tool Hazmat Motor Carrier Security Self-Assessment Training Program, 59 Industry Risk Analysis Model (IRAM), 64 101

Securing and Managing Our Borders

Information Technology Sector Risk Assessment (ITSRA), 76 Excellence (NTSCOE), 61 Maritime Security Risk Analysis Model (MSRAM), 64 Federal Motor Carrier Safety Administration: Guide to Developing an Effective Mass Transit and Passenger Rail - Field Operational Risk and Criticality Security Plan for the Highway Transportation of Hazardous Materials, 59 Evaluation (FORCE), 66 First Observer ™ Training, 61 Multi-Jurisdiction Improvised Explosive Device (IED) Security Plan Hazmat Motor Carrier Security Action Item Training (SAIT) Program, 59 (MJIEDSP), 45 Hazmat Motor Carrier Security Self-Assessment Training Program, 59 National Vulnerability Database (NVD), 81 Hazmat Trucking Guidance: Highway Security-Sensitive Materials (HSSM) Network Security Information Exchange (NSIE), 55, 81 Security Action Items (SAIs), 59 Pipeline and Hazardous Materials Safety Administration: Risk Management Highway and Motor Carrier Awareness Posters, 61 Self-Evaluation Framework (RMSEF), 59 Highway and Motor Carrier First Observer ™ Call-Center, 85 Security Patrol Scheduling Using Applied Game Theory, 10 Highway ISAC, 61 Software Assurance (SwA) Checklist for Software Supply Chain Risk Homeland Security Information Network (HSIN) – Freight Rail Portal, 66 Management, 84 Homeland Security Information Network (HSIN) - Highway and Motor Carrier The Cutting Edge Tools Resilience Program Website, 49 Portal, 61 The National Cyber Security Division’s (NCSD) Critical Infrastructure Intermodal Security Training and Exercise Program (I-STEP), 61 Protection Cyber Security (CIP CS), 81 Keep the Nation’s Railroad Secure Brochure, 66 Tornado Safety Initiative, 40 Laminated Security Awareness Driver Tip Card, 61 Voluntary Chemical Assessment Tool (VCAT), 48 National Vessel Movement Center (NVMC), 65 Roadmap to Secure Control Systems in the Dams Sector, 56 Pipeline and Hazardous Materials Safety Administration Risk Management Self-Evaluation Framework (RMSEF), 59 S Rail Security Rule Overview, 67 Secure Freight Initiative (SFI) and Importer Security Filing and additional Science and Technology Directorate (S&T) Industry Liaison, 13 carrier requirements (10+2), 88 Security and Protection of Dams and Levees Workshop (L260), 57 Software Assurance (SwA) Checklist for Software Supply Chain Risk Security and Resiliency Guide: Counter- Improvised Explosive Device (IED) Management, 84 Concepts, Common Goals, and Available Assistance (SRG C-IED), 45 Transportation Sector Network Management Highway and Motor Carrier Self-Check, 25 Division Annual Report, 62 Sensitive Security Information (SSI) Program, 71 TSA Counterterrorism Guides, 62 Soft Targets and Crowded Places, 72 User’s Guide on Security Seals for Domestic Cargo, 44 Soft Targets and Crowded Places Task Force (ST-CP TF), 73 Surveillance and Suspicious Activity Indicators Guide for Dams and Levees, 56 Staffing for Adequate Fire and Emergency Response (SAFER), 40 Stop the Bleed, 9 T Study in the States, 26 Submit a Request for Case Assistance to the CIS Ombudsman, 28 The Border Interagency Executive Council (BIEC), 10 Supply Chain The Continuity Guidance Circular (CGC), 30 Air Cargo Screening Technology List-For Passenger Aircraft, 42 The Cybersecurity and Infrastructure Security Agency (CISA), 75 Automated Commercial Environment (ACE), 86 The Emergency Services Sector Cybersecurity Initiative, 33 Automated Commercial System (ACS), 86 The Information Marketplace for Policy and Analysis of Cyber-Risk & Trust Automated Export System (AES), 86 (IMPACT), 82 Cargo Systems Messaging Service (CSMS), 86 The National Integration Center Technical Assistance (TA) Program, 29 CBP Client Representatives, 86 The National Mass Care Strategy, 38 Certified Cargo Screening Program, 43 The National Threat Assessment Center (NTAC), 71 Customs-Trade Partnership Against Terrorism (CTPAT), 87 The Risk Management Process: An Interagency Security Committee Standard, 59 DHS Center of Excellence: National Transportation Security Center of The Student and Exchange Visitor Program (SEVP), 26

102

Securing and Managing Our Borders

The Supply Chain Resilience Guide, 41 Active Threat Recognition for Retail Security Officers, 52 Trade Facilitation Chemical Sector Industrial Control Systems (ICS) Security Resource DVD, 47 Automated Commercial Environment (ACE), 86 Countering IEDs Training for Pipeline Employees, 61 Automated Commercial System (ACS), 86 DHS Retail Video: "What's in Store - Ordinary People/Extraordinary Events", Automated Export System (AES), 86 52 Cargo Systems Messaging Service (CSMS), 86 DHS YouTube Critical Infrastructure Videos, 50 CBP Client Representatives, 86 Emergency Services Sector (ESS) Video, 34 CBP Directives Pertaining to Intellectual Property Rights, 16 First Responders ‘Go Kit’, 35 CBP INFO Center Self Service Q&A Database, 87 Introduction to Arab American and Muslim American Cultures, 8 CBP Trade Outreach, 87 On the Tracks Rail Sabotage Awareness and Reporting (DVD & Poster), 62 CBP/USCG Joint Protocols for the Expeditious Recovery of Trade, 87 Operation Secure Transport (OST), 62 Customs Rulings Online Search System (CROSS), 87 Pipeline Security Awareness for the Pipeline Industry Employee Training CD Customs-Trade Partnership Against Terrorism (CTPAT), 87 and Brochures, 62 Informed Compliance Publications, 88 Protecting Pipeline Infrastructure: The Law Enforcement Role, 62 Training Threat Detection & Reaction for Retail & Shopping Center Staff, 55 Independent Study Video Quality in Public Safety (VQiPS), 36 Community Preparedness Training: Implementing Simple Activities for Webinar: The Ready Responder Program for the Emergency Services Sector, Everyone (IS-909), 37 36 FEMA Emergency Management Institute Independent Study Program, 35 Web IS-860.a National Infrastructure Protection Plan (NIPP), 14 Airport Watch/AOPA Training, 42 IS-870 Dams Sector: Crisis Management Overview, 57 Alien Flight/Flight School Training, 43 IS-890.a Introduction to the Interagency Security Committee (ISC), 14 Automated Critical Asset Management System (ACAMS) Web-based IS-906 Workplace Security Awareness, 53 Training, 49 IS-907 Active Shooter: What You Can Do, 53 Bomb-making Materials Awareness Program (BMAP), 44 IS-912 Retail Security Awareness: Understanding the Hidden Hazards, 54 Business Continuity Planning Suite, 29 Public Private Partnerships: An Introductory Course, 39 Chemical Sector Training Resources Guide, 47 Public Private Partnerships:An Advanced Course, 39 Critical Infrastructure and Key Resources (CIKR) Training Module, 49 In-person Critical Infrastructure Learning Series, 48 Aviation Safety & Security Program, 42 Critical Infrastructure Training Portal, 14 Center for Domestic Preparedness (CDP), 33 Cyber Exercise Program (CEP), 78 Chemical Facility Anti-Terrorism Standards (CFATS) Presentations, 46 Cybersecurity Education and Workforce Development Program (CEWD), 80 Civil Rights and Civil Liberties Training at Fusion Centers, 7 Cybersecurity in the Emergency Services Sector, 34 Critical Manufacturing Partnership Road Show, 52 Cybersecurity in the Emergency Services Sector Webinar, 80 Critical Manufacturing Security Conference, 52 Cybersecurity in the Gaming Subsector Webinar, 79 Cross-Sector Active Shooter Security Seminar and Exercise Workshop, 49 Cybersecurity in the Retail Sector Webinar, 80 FEMA Emergency Management Institute Programs, 35 Cybersecurity in the Retail Subsector Webinar, 79 Improvised Explosive Device (IED) Counterterrorism Workshop, 45 Cybersecurity Webinars, 80 Protective Measures Course, 45 Dams Sector Web-Based Training Fact Sheet, 57 Risk Communication Best Practices and Theory, 31 DHS Lodging Video: “No Reservations: Suspicious Behavior in Hotels”, 54 Surveillance Detection for Law Enforcement and Security Professionals, 46 DHS Sports Leagues/Public Assembly Video: “Check It! How to Check a Bag”, The National Information Exchange Model (NIEM) Program, 71 53 Training Programs related to the Human Causes and Consequences of FEMA Learning Resource Center (LRC), 35 Terrorism, 50 First Observer ™ Training, 61 Victim Assistance Program (VAP), 9 Hazmat Motor Carrier Security Action Item Training (SAIT) Program, 59 Video Hazmat Motor Carrier Security Self-Assessment Training Program, 59 103

Securing and Managing Our Borders

Improvised Explosive Device (IED) Threat Awareness and Detection, 45 Border Entry Wait Times, 88 Intermodal Security Training and Exercise Program (I-STEP), 61 Comprehensive Security Assessments and Action Items, 59 Know Your Customer, 48 Countering IEDs Training for Pipeline Employees, 61 Maritime Passenger Security Courses, 64 DHS Center of Excellence: National Transportation Security Center of Mass Transit Security Training Program Guidelines, 67 Excellence (NTSCOE), 61 NPPD/IP Training Page, 51 Federal Motor Carrier Safety Administration: Guide to Developing an Pipeline and Hazardous Materials Safety Administration: Risk Management Effective Security Plan for the Highway Transportation of Hazardous Self-Evaluation Framework (RMSEF), 59 Materials, 59 School Transportation Security Awareness (STSA), 62 First Observer ™ Training, 61 Software Assurance (SwA) Outreach, 84 Hazmat Motor Carrier Security Action Item Training (SAIT) Program, 59 Surveillance Detection Awareness on the Job, 72 Hazmat Motor Carrier Security Self-Assessment Training Program, 59 The Evolving Threat: What You Can Do Webinar, 72 Hazmat Trucking Guidance: Highway Security-Sensitive Materials (HSSM) Web-Based Chemical Security Awareness Training Program, 48 Security Action Items (SAIs), 59 Transit Security Grant Program (TSGP), 67 Highway and Motor Carrier Awareness Posters, 61 Transportation Security Highway and Motor Carrier First Observer ™ Call-Center, 85 Air Highway ISAC, 61 Air Cargo Screening Technology List-For Passenger Aircraft, 42 Homeland Security Information Network – Public Transit Portal (HSIN-PT), Air Cargo Watch, 42 66 AIRBUST Program, 42 Homeland Security Information Network (HSIN) – Freight Rail Portal, 66 Airport Watch/AOPA Training, 42 Homeland Security Information Network (HSIN) - Highway and Motor Airspace Waivers, 43 Carrier Portal, 61 Alien Flight/Flight School Training, 43 Joint DHS/FBI Classified Threat and Analysis Presentations, 70 Aviation Safety & Security Program, 42 Keep the Nation’s Railroad Secure Brochure, 66 Aviation Security Advisory Committee (ASAC), 42 Laminated Security Awareness Driver Tip Card, 61 Certified Cargo Screening Program, 43 Mass Transit and Passenger Rail - Bomb Squad Response to Transportation General Aviation Maryland Three Program, 43 Systems, 66 General Aviation Secure Hotline, 43 Mass Transit and Passenger Rail - Field Operational Risk and Criticality General Aviation Security Guidelines, 43 Evaluation (FORCE), 66 Paperless Boarding Pass Pilot, 43 Mass Transit Employee Vigilance Campaign, 66 Planning Guidelines and Design Standards (PGDS) for Checked Baggage Mass Transit Security and Safety Roundtables, 66 Inspection Systems, 21 Mass Transit Security Technology, 20 Private Aircraft Travel Entry Programs, 43 Mass Transit Security Training Program Guidelines, 67 Recommended General Aviation Security Action Items for General Aviation Mass Transit Smart Security Practices, 67 Aircraft Operators and Recommended Security Action Items for Fixed Base Motorcoach Guidance: Security and Emergency Preparedness Plan (SEPP), Operators, 44 67 Secure Flight, 44 On the Tracks Rail Sabotage Awareness and Reporting (DVD & Poster), 62 User’s Guide on Security Seals for Domestic Cargo, 44 Operation Secure Transport (OST), 62 Intermodal Pipeline and Hazardous Materials Safety Administration Intermodal Security Training and Exercise Program (I-STEP), 61 Risk Management Self-Evaluation Framework (RMSEF), 59 Sector-Specific Plans, 15 Pipeline Security Awareness for the Pipeline Industry Employee Training CD SOPD/TSA Joint Exercise Program, 52 and Brochures, 62 Transportation Security Laboratory (TSL), 22 Protecting Pipeline Infrastructure: The Law Enforcement Role, 62 Traveler Redress Inquiry Program (DHS TRIP), 88 Public Transportation Emergency Preparedness Workshop - Connecting Trusted Traveler Programs (TTP), 88 Communities Program, 29 Land 104

Securing and Managing Our Borders

Rail Security Rule Overview, 67 Border Entry Wait Times, 88 Safeguarding America’s Transportation System Security Guides, 62 Entry Process into United States, 88 School Transportation Security Awareness (STSA), 62 Global Entry, 88 Transportation Sector Network Management Highway and Motor Carrier Traveler Redress Inquiry Program (DHS TRIP), 88 Division Annual Report, 62 Trusted Traveler Programs (TTP), 88 TSA Alert System, 72 Western Hemisphere Travel Initiative (WHTI), 89 TSA Counterterrorism Guides, 62 TSA Pre✓® Application Program, 88 Sea America’s Waterways Watch, 63 Area Committees and Area Contingency Plans (ACPs), 63 U Area Maritime Security Committees (AMSCs), 63 USCIS Citizenship Resource Center, 27 Area Maritime Security Plans (AMSPs), 63 USCIS Information for Employers and Employees, 27 Area Maritime Security Training and Exercise Program (AMSTEP), 63 USCIS Public Engagement Division (PED), 27 Coast Guard Blogs and News, 22 USCIS Report Fraud, 27 Coastal Hazards Center of Excellence (CHC), 34, 64 USCIS Resources, 27 Harbor Safety Committees, 64 USFA National Fire Department Registry, 40 HOMEPORT, 64 USFA On-Duty Firefighter Fatalities, 40 Industry Risk Analysis Model (IRAM), 64 USITC Exclusion Orders, 18 Maritime Passenger Security Courses, 64 Maritime Security Risk Analysis Model (MSRAM), 64 National Vessel Movement Center (NVMC), 65 V Port Interagency Information Sharing Assessment, 65 Verification Programs Videos, 25 Port State Information Exchange (PSIX), 65 Violence in the Federal Workplace: A Guide for Prevention and Response, 14 Secure Freight Initiative (SFI) and Importer Security Filing and additional Visa Waiver Program (VWP), 27 carrier requirements (10+2), 88 The Coast Guard Journal of Safety at Sea, 63 Transportation Worker Identification Credential (TWIC), 65 W U.S. Coast Guard Auxiliary, 65 Wireless Emergency Alerts (WEA), 30 U.S. Coast Guard Maritime Information eXchange (“CGMIX”), 72 U.S. Coast Guard National Maritime Center (NMC), 65 U.S. Coast Guard Navigation Center, 65 Y Vessel Documentation (for US Flag Vessels), 66 Travel Facilitation Youth Preparedness, 41

105