PSAM 16 - Paper Overview

PSAM 16 Conference Paper Overview

Welcome to the PSAM 16 Conference paper and speaker overview page.

Lead Author: Jason Reinhardt Co-author(s): Ron Lafond (ronald.lafond@cisa.dhs.gov), Derek Koolman (derek.koolman@cisa.dhs.gov), Raymond Ludwig (raymond.ludwig@associates.cisa.dhs.gov), Lindsey Miles (lindsey.miles@cisa.dhs.gov), Jeffrey Munns (jeffrey.munns@associates.cisa.dhs.gov), Merideth Secor (merideth.secor@cisa.dhs.gov), Lauren Wind (lauren.wind@associates.cisa.dhs.gov)

A Risk Assessment and Reduction Approach for National Critical Infrastructure
The United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) leads the National effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA must assess risks that cover a broad range of scenarios over a complex set of interdependent critical infrastructure (CI) systems. While many models and data sets exist that provide detailed analyses of threat and hazard impacts to CI, there is no overarching analytic structure that organizes and integrates these disparate sources into a unified risk assessment. CISA is building capabilities that will address these challenges to support stakeholders across all levels of government and the private sector. First, CISA has developed a National Critical Functions (NCFs) data structure to organize and describe critical infrastructure. This data set provides a set of decompositions structured as directed graphs that break down each identified NCF into enabling sub-functions that detail the operation and interdependencies across disparate CI systems. The functional description of NCFs serves as a complementary lens to the sector-based organization of CI and better facilitates systemic and cross-sector risk analysis. Additionally, CISA has begun developing the Risk Architecture, a technology-enabled analytic tool that contains a set of standards, scenarios, visualizations, and workflows that leverage the NCF and other integrated CI data sets. This paper describes the need for an integrated approach to CI risk assessment, describes the NCF decomposition structure, the principles and concepts behind the Risk Architecture, approaches to functional interdependency analysis, and provides initial use examples.

A Risk Assessment and Reduction Approach for National Critical Infrastructure

The United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) leads the National effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA must assess risks that cover a broad range of scenarios over a complex set of interdependent critical infrastructure (CI) systems. While many models and data sets exist that provide detailed analyses of threat and hazard impacts to CI, there is no overarching analytic structure that organizes and integrates these disparate sources into a unified risk assessment. CISA is building capabilities that will address these challenges to support stakeholders across all levels of government and the private sector. First, CISA has developed a National Critical Functions (NCFs) data structure to organize and describe critical infrastructure. This data set provides a set of decompositions structured as directed graphs that break down each identified NCF into enabling sub-functions that detail the operation and interdependencies across disparate CI systems. The functional description of NCFs serves as a complementary lens to the sector-based organization of CI and better facilitates systemic and cross-sector risk analysis. Additionally, CISA has begun developing the Risk Architecture, a technology-enabled analytic tool that contains a set of standards, scenarios, visualizations, and workflows that leverage the NCF and other integrated CI data sets. This paper describes the need for an integrated approach to CI risk assessment, describes the NCF decomposition structure, the principles and concepts behind the Risk Architecture, approaches to functional interdependency analysis, and provides initial use examples.

PSAM 16 Conference Paper Overview

Welcome to the PSAM 16 Conference paper and speaker overview page.

Paper JA248 Preview

Author and Presentation Info

Download paper JA248.

Download the presentation PowerPoint file.