UK-led Joint Expeditionary Force rehearses undersea critical infrastructure protection from the North Atlantic to the Baltic Sea

The Joint Expeditionary Force (JEF) has begun a month-long Response Option  activity Nordic Warden this week for strengthening security of the critical undersea infrastructure in the area from the North Atlantic to the Baltic Sea.

JEF partner nations, including Lithuania, will train at  Nordic Warden exchanging information and provide a synchronized and coordinated response to ensure security of critical undersea infrastructure.

Operation activities will include reconnaissance flights and patrols in cooperation with the JEF air forces and navies. Partner nations will also enhance information exchange and coordination to ensure better situation awareness to ships in the JEF area of responsibility. Operation Nordic Warden is controlled from the JEF headquarters in Northwood, UK.

The Response Option activity Nordic Warden is similar to the first JEF activity conducted in December 2023 in response to the critical infrastructure damage in the Baltic and North Sea regions, namely, the damage to the cable connecting Sweden and Estonia, as well as the pipeline between Finland and Estonia, with real capabilities.

From Lithuania’s perspective, partnership in the JEF is one of the initial means of response to any crisis, including damage to undersea infrastructure. It enables resource sharing, intelligence exchange and joint solutions to mutual regional issues.

The JEF is led by the United Kingdom, its comprises maritime, air and land capabilities contributed by the ten Northern European partners: UK, Denmark, Estonia, Latvia, Lithuania, Netherlands, Norway, Sweden, Finland and Iceland.  Geographical proximity, shared sea borders and economy means cooperation on undersea infrastructure security is not just effective but also vital.

Hybrid threats: Council paves the way for deploying Hybrid Rapid Response Teams

The European Council has approved the guiding framework for the practical establishment of the EU Hybrid Rapid Response Teams. This paves the way for such teams to be deployed upon request, to prepare against and counter hybrid threats and campaigns.
Hybrid Rapid Response Teams are one of the key instruments to support EU member states and partner countries in countering hybrid threats as part of the EU Hybrid Toolbox. As one of the key deliverables of the Strategic Compass, they will provide tailored and targeted short-term assistance to member states, Common Security and Defence Policy missions and operations, and partner countries in countering hybrid threats and campaigns.
In a deteriorating security environment, with increasing disinformation, cyber-attacks, attacks on critical infrastructure, instrumentalised migration, and election interference by malign actors, the Hybrid Rapid Response Teams will be an important new capability of the EU to counter new and emerging threats.

TSA announces appointment of members to Surface Transportation Security Advisory Committee

The Transportation Security Administration (TSA) appointed nine people as voting members of the Surface Transportation Security Advisory Committee (STSAC). With these appointments, two new and seven reappointed, the STSAC now includes 30 voting members.
The STSAC was established by Congress in 2019 to advise the TSA Administrator on surface transportation security matters, including recommendations for the development, refinement and implementation of policies, programs, initiatives, rulemakings, and security directives pertaining to the surface transportation sector.
The new members are:
- Christopher Hand, Director of Research, Brotherhood of Railroad Signalmen
- Kaitlyn Holmecki, Senior Manager, International Trade & Security Policy, American Trucking Association
The reappointed members are:
- Jared Cassity, Chief of Safety and Alternate National Legislative Director, SMART Transportation
- James Cook, Assistant Chief of Police, AMTRAK
- Brian Harrell, Vice President & Chief Security Officer, AVANGRID
- Norma Krayem, Vice President, Chair, Cybersecurity, Privacy & Digital Innovation Practice Group, Van Scoyoc Associates
- Robert Mims, Director, Technology Security, Southern Company Gas
- Christopher Trucillo, Chief of Police, New Jersey Transit Police Department
- Lowell Williams, Chief Executive Officer, Cold Iron Security
The STSAC members represent each mode of surface transportation, such as freight rail, highways, mass transit, over-the-road bus, passenger rail, pipelines, school bus industry and trucking among others. For a complete list, please see the STSAC Charter. The Committee also has 14 non-voting members who serve in an advisory capacity for two-year terms from the Departments of Defense, Energy, Homeland Security, and Transportation, as well as the Federal Bureau of Investigation.

Your latest issue of Critical Infrastructure Protection & Resilience News has arrived

Download your copy now at www.cip-association.org/CIPRNews
Please find here your downloadable copy of the Spring 2024 issue of Critical Infrastructure Protection & Resilience News, the official magazine of the International Association of CIP Professionals (IACIPP), for the latest views, features and news, including a Review of the recent Critical Infrastructure Protection & Resilience North America conference and exhibition in Lake Charles, LA.
Critical Infrastructure Protection & Resilience News in this issue:
- Protecting Life - Securing Agriculture
- Protect our Electric Grid – Before it’s Too Late
- Connecting Unrelated Industries Strengthens All Sectors
- Why Airspace Awareness Matters for Critical Infrastructure Security
- Critical Infrastructure Resilience: Are we addressing the real challenges? In the right way?
- Break down cyber and physical security silos to improve protection and operations
- An Interview with CITGO
- Is Cybersecurity As Enchanted as Sleeping Beauty?
- CIPRE Review
- Agency News
- Industry News
Download your copy at www.cip-association.org/CIPRNews

CISA Unveils New Public Service Announcement – We Can Secure Our World

Cybersecurity and Infrastructure Security Agency (CISA) has launched We Can Secure Our World, the second PSA in its Secure Our World cybersecurity public awareness program. The PSA will be promoted widely across the U.S. on television, radio, digital ads, retail centers, social media platforms, and billboards throughout 2024. We Can Secure Our World builds on the success of CISA’s first ever public service announcement (PSA) which launched in September 2023.
A Pew Research Center survey conducted last year shows that 95% of American adults use the internet, 90% have a smartphone and 80% subscribe to high-speed internet at home. Additionally, the survey also reported nearly 70% of children and adolescents have been exposed to at least one cyber risk in the past year. With cyber threats increasing among Americans of all ages, CISA is working to empower all Americans to protect themselves from hackers getting into their devices through easy steps that anyone can do anywhere and anytime.
The Secure Our World cybersecurity public awareness program, initially launched in September 2023, with its first PSA receiving nearly 20,000 views on YouTube, and educational materials including “How to” videos and tip sheets, were downloaded approximately 50,000 times. CISA also had a video that aired at the NFL Experience in the week leading up to the Super Bowl. CISA had a Super Bowl-related social media campaign that garnered more than 200,000 views and reached audiences spanning America’s diverse population.
The Secure Our World program is designed to educate and empower individuals to take proactive steps in safeguarding their digital lives. Tapping into the nostalgia of beloved musical cartoon series from the 1970s and 1980s, the new PSA features lovable character Max from the first PSA and introduces “Joan the Phone” who teaches us how to stay safe online. Through engaging messaging encouraging simple steps to protect ourselves online, the program aims to raise awareness about the importance of cybersecurity and empower individuals to adopt best practices to mitigate online risks.
“Basic cyber hygiene prevents 98% of cyber attacks—why we’re on a mission to make cyber hygiene as common as brushing our teeth and washing our hands. BUT(!) “cyber” anything can seem overly technical and complicated to the vast majority of Americans from K through Gray—why we’re also on a mission to make such information more accessible,” said CISA Director Jen Easterly. “As someone who grew up with Saturday morning cartoons, I am super excited about what we’ve done with our new Secure Our World PSA to leverage a recognizable educational medium to promote cybersecurity best practices. We’re really excited to take public awareness of cyber safety to a whole new level of creativity.”

National Security Memorandum on Critical Infrastructure Security and Resilience

On April 30, 2024, the White House National Security Council (NSC) published the National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience. This memo builds on the important work that the Cybersecurity and Infrastructure Security Agency (CISA) and agencies across the federal government have been undertaking in partnership with America’s critical infrastructure communities for more than a decade. It also replaces Presidential Policy Directive 21 (PPD-21) on Critical Infrastructure Security and Resilience, which was issued more than a decade ago to establish national policy on critical infrastructure security and resilience.
Why Now?
Image of infrastructure-related icons over glowing, streaks of blue and white  lights
The threat environment has significantly changed since PPD-21 was issued, shifting from counterterrorism to strategic competition, advances in technology like Artificial Intelligence, malicious cyber activity from nation-state actors, and the need for increased international coordination. This change in the threat landscape, along with increased federal investment in U.S. critical infrastructure, prompted the need to update PPD-21 and issue the new memo.
The NSM will help ensure U.S. critical infrastructure can provide the nation a strong and innovative economy, protect American families, and enhance our collective resilience to disasters before they happen, strengthening the nation for generations to come. This NSM specifically:
- Empowers the Department of Homeland Security to lead a whole-of-government effort to secure U.S. critical infrastructure, with CISA acting as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure. The Secretary of Homeland Security will be required to submit to the President a biennial National Risk Management Plan that summarizes U.S. government efforts to mitigate risk to the nation’s critical infrastructure.
- Reaffirms the designation of 16 critical infrastructure sectors and establishes a federal department or agency responsible for managing risk within each of these sectors.
- Elevates the importance of minimum security and resilience requirements within and across critical infrastructure sectors, consistent with the National Cyber Strategy, which recognizes the limits of a voluntary approach to risk management in the current threat environment.
PPD-21 pre-dates the establishment of CISA. CISA actively engaged in updating the framework established by PPD-21 to detail how the U.S. government secures and protects critical infrastructure from cyber and physical threats.
CISA has already been working toward the goals of the NSM. We have already re-established the Federal Senior Leadership Council, which has made impressive strides through the FSLC’s robust collaboration model toward meeting our shared goals. When the FSLC was re-chartered, the group not only took on new authorities, but a heavy lift to inform how we define, modernize, and protect our critical infrastructure sectors.

DHS Has Strengthened the Securing the Cities Program, but Actions Are Needed to Address Key Remaining Challenges

The Department of Homeland Security's Securing the Cities program is trying to reduce the risk of terrorist attacks in high-risk urban areas. This program helps state and local agencies in 13 regions detect radiological and nuclear materials that could be used in such attacks—such as by funding the purchase of wearable radiation detectors for police officers.
The agency regularly meets with the regions to check in and help address specific issues with this program. However, the agency hasn't clearly communicated to the regions how it plans to measure performance and progress.
The Department of Homeland Security's Countering Weapons of Mass Destruction Office (CWMD) has taken multiple steps to strengthen the Securing the Cities (STC) program and is working with regions to address remaining program implementation challenges. CWMD awards funding to support STC regions' program administration. It also funds the procurement and deployment of radiological and nuclear detection equipment and training for the law enforcement officers and other agency partners who use it. To strengthen the program, CWMD has increased outreach and communication activities, developed templates for regional planning and quarterly reporting, and ensured regions' access to long-term federal funding to sustain their STC-related capabilities.
As CWMD continues to improve the program, it is also working with STC regions to address challenges that may affect program implementation. Regions identified several key challenges, including staff attrition and turnover; availability and difficulty of scheduling training courses; and keeping partner agencies engaged with the STC program mission among other competing priorities.
The U.S. faces an enduring threat that terrorists could steal or smuggle nuclear or radiological materials to use in a terrorist attack. The Department of Homeland Security initiated the STC program as a pilot in 2007 to reduce the risk of such attacks by developing and enhancing sustainable radiological and nuclear detection capabilities of state and local agencies in high-risk urban areas. The program includes 13 regions. CWMD awarded about $300 million to these regions through fiscal year 2023.
The CWMD Act of 2018 included a provision for GAO to evaluate the STC program once CWMD completed an assessment of the program, which it did in 2022. This report evaluates (1) CWMD's efforts to strengthen the STC program and address regions' challenges and (2) the extent to which CWMD is measuring and tracking STC regions' performance.
GAO reviewed CWMD and STC regions' documents, interviewed officials from CWMD and from each region, and visited two regions carrying out training exercises. GAO compared CWMD's performance assessment approach with key practices for assessing program effectiveness that GAO identified in prior work.
GAO is making five recommendations, including that CWMD clearly communicate performance expectations to STC regions, collect quality information from the regions, and ensure regions' timely progress through program phases and toward achieving program goals. DHS concurred with the recommendations.
CWMD's approach to measuring and tracking regions' performance—outlined in a 2023 revision to its STC program implementation plan—generally follows the key practices and their supporting actions for assessing program effectiveness. For example, CWMD uses weekly or biweekly meetings with the STC regions to provide tailored information that regions need to address specific issues affecting their program implementation. However, it has not clearly communicated to the regions the performance expectations and planned assessment approach adopted in the revised plan. By doing so, CWMD would increase the transparency and accountability for results being achieved through the program.
CWMD is collecting and reviewing regional performance data to set targets and benchmarks for assessments that it plans to begin in fiscal year 2025. However, it needs to take additional steps to ensure that information collected from the regions is timely, consistent, complete, and accurate. CWMD officials also stated that they need to complete ongoing and planned efforts to better oversee and hold regions accountable for their performance and timely progress through program phases and toward achieving program goals. By taking these steps, CWMD will be in a better position to use evidence to manage the STC program more effectively, demonstrate regions' progress toward meeting the program goals, and communicate these results to stakeholders.

UNDRR and ISC to review Hazard Information Profiles ahead of 2025 Global Platform

Three years after their initial release, the United Nations Office for Disaster Risk Reduction (UNDRR) and the International Science Council (ISC) are undertaking a review of the UNDRR/ISC Hazard Information Profiles (HIPs) ahead of the Global Platform that will take place in 2025. These HIPs provide an authoritative reference on the scope, name, and definitions of hazards of relevance to the Sendai Framework for Disaster Risk Reduction.
The HIPs were hailed as "groundbreaking" in the Report of the Midterm Review of the Sendai Framework in 2023 and continue to provide extensive information to various stakeholders across different sectors, including disaster risk reduction planning, monitoring, training, and research. They are widely utilized by intergovernmental bodies, national governments, disaster management agencies, statistical offices, private sectors, and academic institutions, fostering a more comprehensive and unified approach to disaster risk monitoring, recording, and planning.
For example, The International Organization for Migration (IOM) and the World Health Organization (WHO) have incorporated these profiles in their reference systems and are employing them in some of their trainings globally. Additionally, UNDRR uses these profiles for monitoring disasters, while numerous other stakeholders use them as foundational tools for disaster planning and response efforts, research and teaching.
In this review cycle, particular emphasis will be placed on the "multi-hazard context," aiming to enhance understanding of the interplay between different hazards, which can result in cascading, compound, and complex events. This will facilitate the utilization of the profiles for multi-hazard risk assessment and early warning systems.
Leveraging the latest advancements in machine learning, efforts will be made to make the HIPs more machine-actionable, thereby expanding their usability and applications.
Leading this initiative is a steering group chaired by Professor Virginia Murray, comprising representatives from 18 agencies and institutions involved in disaster risk reduction. The steering group will oversee the review process, with eight dedicated technical teams focusing on specific hazard types proposing revisions to the existing HIPs. Additional groups will concentrate on addressing multi-hazard contexts and enhancing machine actionability. The detailed composition of the Steering Group is available here.

CIPRNA Announced Preliminary Conference Programme

Critical Infrastructure Protection & Resilience North America, taking place on 12th-14th March 2024 in Lake Charles, Louisiana, and co-hosted by IACIPP and Infragard Louisiana, has announced the Preliminary Conference Program for the 2024 conference and exhibition, and you can download the agenda at www.ciprna-expo.com/PSG.

The Guide provides you the outline program, excellent international expert speakers and schedule of events to help you plan your participation.

You can also register online today and save with the Early Bird delegate rates at www.ciprna-expo.com/register

Confirmed Speakers include:
– Dr David Mussington, Executive Assistant Director for Infrastructure Security, Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA)
- Brian Harrell, VP & Chief Security Officer, AVANGRID
- Michael Hill, Program Specialist, Cybersecurity and Infrastructure Security Agency
- Emilio Salabarria, Senior Program Manager for Cybersecurity, The Florida Center for Cybersecurity: Cyber Florida
- Dr. Srinivas Bhattiprolu, Global Head of Advanced Consulting Services, Nokia
- Ed Landgraf, Chairman, Coastal And Marine Operators
- Kimberly Heyne, ChemLock Program Manager, Cybersecurity and Infrastructure Security Agency (CISA)
- Dan Frazen, CO-CEM, Agriculture Emergency Coordinator (All-Hazards), Colorado Department of Agriculture
- Dr. Joshua Bergerson, Principal Infrastructure Analyst, Argonne National Laboratory
- Chris Essid, Sector Branch Chief, Cybersecurity and Infrastructure Security Agency (CISA)
- Budge Currier, Assistant Director Public Safety Communications, California Office of Emergency Services (Cal OES)
- Terrence Check, Senior Legal Council, CISA
- Rola Hariri, Defense Industrial Base Liaison, Cybersecurity and Infrastructure Security Agency (CISA)
- Lester Millet, President, Infragard Louisiana & Safety Risk Agency Manager, Port of South Louisiana
- Michael Finch, Technology Services Director, Lane County Department of Technology Services
- Richard Tenney, Senior Advisor, Cyber, Cybersecurity and Infrastructure Security Agency (CISA)
- Andrew A Bochman, Senior Grid Strategist-Defender, DOE / Idaho National Lab
- Jim Henderson, CEO, Insider Threat Defense Group

Full speaker list: www.ciprna-expo.com/speakers2024
Download Agenda: www.ciprna-expo.com/PSG
Schedule of Events/Agenda: www.ciprna-expo.com/schedule
List of Exhibitors: www.ciprna-expo.com/exhibition/exhibitors
Registration: www.ciprna-expo.com/register

Join the community in Lake Charles on 12th-14th March 2024 for some more great discussions on securing America's critical infrastructure and assets.

Airports Efforts to Enhance Electrical Resilience

The nation's commercial service airports require continuous, reliable electricity to power airfield operations and airport facilities. FAA and airports are responsible for ensuring the resilience of airports' electrical power systems—including the ability to withstand and recover rapidly from electrical power disruptions.

GAO was asked to review major power outages at airports and steps federal agencies and airports are taking to minimize future disruptions. This report describes (1) the extent to which selected airports reported they had experienced electrical power outages since 2015, (2) actions selected airports have taken to improve the resilience of their electrical power systems, and (3) actions FAA has taken to help airports develop and maintain resilient electrical power systems.

GAO conducted semi-structured interviews with officials from 41 selected airports of varying sizes, representing 72 percent of passenger enplanements. GAO administered a follow-up survey to these 41 airports, focusing on the extent to which they had experienced electrical outages; 30 responded to the survey, representing 53 percent of total enplanements. GAO also reviewed applicable statutes and regulations and analyzed funding data to identify examples of electrical power projects. Further, GAO interviewed FAA officials and airport, academia, state government, and energy stakeholders.

A power outage can significantly disrupt an airport's operations. One 2017 outage at Hartsfield-Jackson Atlanta International Airport led to about 1,200 cancelled flights and cost an airline around $50 million.

Many of the nation's airports are enhancing their ability to withstand and rapidly recover from power disruptions. They're improving their electrical infrastructure, including installing backup generators or solar panels. Some airports are also considering installing microgrids—systems that independently generate, distribute, and store power. The FAA is offering new and expanded grant programs to help fund these projects.

Twenty-four of the 30 commercial service airports that responded to GAO's survey and interviews reported experiencing a total of 321 electrical power outages—i.e., an unplanned loss of power lasting 5 minutes or longer—from 2015 through 2022. Eleven of these airports reported having six or more outages over this 8 year period. Airports reported that these outages affected a range of airport operations and equipment (see table). Not all responding airports were able to provide detailed information about their outages, and some provided estimates about affected activities.

Selected airports reported taking several actions to improve the electrical power resilience of their airports, including (1) conducting electrical infrastructure assessments, (2) undertaking projects to improve electrical infrastructure, and (3) installing equipment to generate additional backup power. For example, 40 of the 41 airports GAO interviewed reported planning or completing an infrastructure project to increase electrical power resilience. Of these, four airports reported installing microgrids. Such microgrid systems are capable of independently generating, distributing, and storing power.

The Federal Aviation Administration (FAA) is administering new and expanded grant programs and issuing guidance to support airports' electrical resilience efforts. For example:

- Airport Improvement Program funding eligibility was expanded to include the Energy Supply, Redundancy, and Microgrids Program projects, which may include certain electrical power resilience projects.

- The new Airport Terminal Program provides funding for airport terminal development projects, including those that may strengthen resilience.

- FAA issued program guidance and conducted airport outreach to help increase airports' awareness of available federal funding for resilience projects.

1 2 3 10