NPHS 1510: Federal and International Framework
Emergency Problem Solving, Decision-Making and Risk
 
Critical Assets
 
The US Department of Homeland Security is responsible for managing the security of government owned and privately owned assets designated as critical infrastructure or key resources (CI/KR). The 18 critical infrastructures and the lead agency responsible for their direct oversight is listed below.
 
Infrastructure Sector Responsible Agencies
 Agriculture and Food   Department of Agriculture
Department of Health and Human Services 
 Defense Industrial Base   Department of Defense 
 Energy   Department of Energy 
 Healthcare and Public Health   Department of Health and Human Services 
 National Monuments and Icons   Department of the Interior 
 Banking and Finance   Department of the Treasury 
 Water   Environmental Protection Agency 
 Chemical   Department of Homeland Security
 Commercial Facilities
Critical Manufacturing
Dams
Emergency Services
Nuclear Reactors, Materials, and Waste 		 Office of Infrastructure Protection 
 Information Technology
Communications 		 Office of Cybersecurity and Communications
 Postal and Shipping   Transportation Security Administration 
 Transportation Systems   Transportation Security Administration
 United States Coast Guard 
 Government Facilities   Immigration and Customs Enforcement
 Federal Protective Service 
 
Historically these agencies have performed risk analyses on the critical infrastructure in their sector.
 
Asset Risk Assessment
Below is a list of some of the more popular risk assessment methodologies. Some of the risk assessment methodologies are generic (e.g. CARVER, RAAMCAP). Others, such as the RAM Series developed by Sandia Laboratories, are specific to an industry or target.
  • CARVER: Criticality, Accessibility, Recoverability, Vulnerability, Effect/Espyability (Notoriety), Redundancy/Recognizability
  • MSHARPP: Mission, Symbolism, History, Accessibility, Recognizability, Population, Proximity of secondary/collateral targets
  • PSRAT: Port Security Risk Assessment Tool
  • ACAMS: Automated Critical Asset Management System
  • HLS-CAM: Homeland Security-Comprehensive Assessment Tool
  • PairPM: Pairwise Program Management
  • RAMCAP: Risk Analysis and Management for Critical Asset Protection
  • CAPRA: Critical Asset & Portfolio Risk Analysis
  • Sandia Labs RAM Series
    • RAM-D: Dams
    • RAM-C: Communities
    • RAM-W: Water (water treatment and wastewater)
    • RAM-WSM: Small Water Utilities
    • RAMT: High Voltage Electric Transmission Lines/ oil transmission lines
    • RAM-CF: Chemical Facilities
    • RAM-FE: Fossil Energy
  • RAMPART: Property Analysis and Ranking Tool
  • SEA: Security Evaluation Assessment, USAF/Navy Facilities
  • VSAT Water and Wastewater: Vulnerability Self Assessment Tool
In this session we will explore two of the more mature and comprehensive methodologies: CARVER and RAMCAP.
 
RAMCAP: Risk Analysis and Management for Critical Asset Protection
 
RAMCAP was developed by the American Society of Mechanical Engineers (ASME) under contract from the Department of Homeland Security. It is an extensive system designed to address the specific problems associated with heavy industrial facilities particularly those that might become terrorist targets (e.g. nuclear power plants, chemical actories, etc.) RAMCAP is comprised of seven steps of analysis. The RAMCAP package has extensive worksheets for recording and compuing the elements of the assessments at each step.
  1. Asset Characterization and Screening - the analysis of a facility or system’s operational processes to identify critical assets and hazards, while making a preliminary forecast of potential consequences from a terrorist act. The assets evaluated include both physical and cyber assets. The analysis includes identification of existing layers of protection.
  2. Threat Characterization - the identification of specific and general modes of attack that may be used by terrorists against a given target. DHS has developed a set of baseline threats that are to be evaluated for each asset or system. These threats are based on the collective activities of law enforcement and intelligence organizations that are charged with developing an understanding of the means, methods and motivations of terrorists. The threats include various modes of attack (e.g., air, land, and water), and various sizes of attacks (e.g., small, medium, large). The owner/operator then applies these threats to the facility or system based on in-depth knowledge of the operation’s assets. Consequently, not all threats apply to all assets, so some threats will be screened from further consideration.
  3. Consequence Analysis - the identification of the worst reasonable consequences that could be generated by the specific threat. This step looks at facility or system design, layout and operation in order to identify the types of consequences that might result. Consequences that are quantified include financial costs, fatalities and injuries. Consequences that are noted qualitatively are psychological impacts and effects on national security or government functions. The SSGs describe the step-by-step approach to consequences based on the spectrum of threats as defined by DHS.
  4. Vulnerability Analysis - the determination of the likelihood for a successful attack using a specific threat on a particular asset. This involves analyzing the existing security capabilities, countermeasures and mitigation strategies and their effectiveness in reducing the probability of a successful attack.
  5. Threat Assessment - Threat assessment includes two steps: an evaluation of asset attractiveness and a full threat assessment. Asset assessment considers the perceived value to the terrorist of attacking a given facility or system considering the deterrence value of security measures and the robustness of the potential target. This area is assessed by the owner/operator. Threat assessment is performed by DHS and includes normalized assessments of attractiveness in light of the high level objectives of terrorists and intelligence-based assessments of adversary capabilities and intent.
  6. Risk Assessment - a systematic and comprehensive evaluation of the previously developed terrorism related data for a given facility or system. The owner/operator risk assessment creates a foundation for selecting strategies and tactics to defend against terrorist attacks by establishing priorities based on risk.
  7. Risk Management - the deliberate process of understanding risk and deciding upon and implementing action (e.g., defining security countermeasures, consequence mitigation features or characteristics of the asset) to achieve an acceptable level of risk at an acceptable cost. Risk management is characterized by the identification, evaluation and control of risks to a level commensurate with an assigned or accepted value.
 
CARVER: Criticality, Accessibility, Recoverability, Vulnerability, Effect/Espyability (Notoriety), Redundancy/Recognizability
 
CARVER is a comprehensive risk assessment methodology originally developed by the US military during World War II and extended. It is in wide use by all branches of the US Defence establishment and by a number of corporations. CARVER is an acronym for the measurement dimensions of the methodology. The dimensions and a n overview of their interpretation are given below.
  1. Criticality – Single points of failure, Degree of importance to system operations
  2. Accessibility – Ease of access to critical assets
  3. Recoverability – The time and effort to recover system operation after an adverse event
  4. Vulnerability – Level of exposure to attack based on adversary capability
  5. Effect – Scope and magnitude of adverse consequences that would result from malicious actions and responses to them
  6. Recognizability – Likelihood that potential adversaries would recognize that an asset was critical
Each potential target asset is assessed along the dimensions using a matrix format (i.e. the CARVER Matrix). Each subsystem or significant component of the asset is assessed. Each assessment for each CARVER dimension is given a score on a scale of 1 to 10 where a lower score is favorable to the attacker and a higher score is favorable to the defense of the asset. The individual CARVER scores are summed for each component to give a total score. Lower total scores signify that a component is at a higher risk. A typical CARVER Matrix is given below.
 
  Criticality  Accessibility  Recoverability  Vulnerability  Effect  Redundancy Total
 Score 
Target
Component		 
 Component A 108566439
 Component B 44836833
 Component C 1081096447
 Component D 33866733
 Component E 68623429
 
A CARVER Matrix spreadsheet template can bee downloaded by clicking here.
 
Exercise     Develop a risk assessment for the University of Pittsburgh using the CARVER methodology.
 
Resources     FEMA 452 Risk Management Series: Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings, January 2005.

Risk Analysis and Management for Critical Asset Protection (RAMCAP)American Society of Mechanical Engineers.

Critical Infrastructure Sectors
 
         
Copyright © 2011 Ken Sochats