Name of School: Department: program



Download 185.45 Kb.
Page3/3
Date conversion21.02.2016
Size185.45 Kb.
1   2   3

Exec. Order No. 13,526. Classified National Security Information. 2009.


http://www.whitehouse.gov/the-press-office/executive-order-classified-national-security-information.
Exec. Order No. 13,556. Controlled Unclassified Information. 2010. http://www.whitehouse.gov/the-press-office/2010/11/04/executive-order-controlled-unclassified-information.
Warrick, J. “WikiLeaks Cable Dump Reveals Flaws of State Department's Information-Sharing Tool.Washington Post, December 30, 2010. Assessed June 23, 2014http://www.washingtonpost.com/wp-dyn/content/article/2010/12/30/AR2010123004962.html?wprss=rss_technology.
Lesson 11 Topic: Systems & Tools for Sharing Sensitive and Classified Information

1. Lesson Goals/Objectives:

  • Evaluate the systems commonly used for sharing SBU\CUI with critical infrastructure owners and operators and State and local homeland security officials, including the following:

    • HSIN-CS

    • US-Computer Emergency Readiness Team (US-CERT) for critical infrastructure owners and operators

    • HSIN –Intel/Homeland Security State and Local Intelligence Community of Interest (HS-SLIC) for State and local homeland security officials

  • Identify the two commonly used classified information sharing systems:

  • Homeland Secure Data Network (HSDN)

  • Homeland Top Secret Network (HTSN) (interoperable with JWICS)

  • Explain the steps for private sector partners and DHS contractors to gain and maintain authorized access to any DHS system that stores and transmits SBU or classified information:

  • Having a DHS sponsor

  • Vetting by the critical infrastructure sector or by DHS as a contractor or partner

  • Having the appropriate clearance level and need-to-know

  • Having been granted DHS Suitability

  • Obtaining a user account on the system

  • Passing the annual information security awareness test for the system

  • Assess the specific training requirements for accessing CUI/SBU information and the rules and procedures for uploading and downloading information from/to electronic media (e.g., USB drives) from government systems.


2. Discussion Topics:

  • Why are there strict rules about uploading any information onto a sensitive or classified system?

  • What is a Sensitive Compartmentalized Information Facility (SCIF)? What use are SCIFs in a homeland Security context?

  • What procedures would you expect to be in place for downloading For Official Use Only from a SECRET level system to a sensitive but unclassified system, or similarly, for downloading SECRET information from a TS system to a SECRET system?

  • Do you think it’s possible to securely electronically connect systems at different classification levels or should they be air-gapped? What are the tradeoffs?

  • How can an enterprise digital rights management system (eDRM) be used to control who can access certain sensitive but unclassified information and what they are permitted to do with it? How can enterprise digital rights management system be used to enhance information sharing?



3. Required Reading:

U.S. Department of Homeland Security, Office of the Inspector General. DHS’ Efforts to Improve the Homeland Security Information Network. 2008.



http://www.oig.dhs.gov/assets/Mgmt/OIG_09-07_Oct08.pdf.
U.S. Department of Homeland Security, About the Homeland Security Information Network, (2010), http://www.dhs.gov/files/programs/gc_1156888108137.shtm.
U.S. Department of Homeland Security. Homeland Security State & Local Intelligence Community of Interest (HS SLIC). 2010. http://www.dhs.gov/files/programs/gc_1233582654947.shtm.
U.S. Government Accountability Office GAO-09-40, Information Technology: Management

Improvements Needed on the Department of Homeland Security’s Next Generation Information Sharing System, (2008), http://www.gao.gov/new.items/d0940.pdf.
U.S. Department of Homeland Security, U.S. Computer Emergency Readiness Team. Welcome to US-CERT. 2010. http://www.us-cert.gov/.


Lesson 12 Topic: Standard Operating Procedures (SOPs) for Maintaining Critical Infrastructure Information Sharing Portals

1. Lesson Goals/Objectives:

  • Explain and evaluate the basic building blocks that comprise an effective Standard Operating Procedure (SOP) for a Critical Infrastructure Information Sharing Portal or Network such as HISN-CS or others as adopted by the critical infrastructure sectors:

  • Nominating, Vetting, and Validation

  • Data Management Process

  • Routine Communication

  • Incident Communication

  • Alerts, Warnings, and Notifications

  • Suspicious Activity Reporting

  • Assess how the various sectors tailor the basic building blocks above to meet sector needs.


2. Discussion Topics:

  • Does the Nominating, Vetting, and Validation Standard Operating Procedure limit the Portal access to just private sector members of the sector or are Federal, State, and local government sector able to join?

  • Is the Data Management Process fully the responsibility of the Sector Coordinating Councils Information Sharing Working Group or can DHS/IP provide some support (e.g., with refreshing information)?

  • Does the Data Management Process Standard Operating Procedure specify what data is permissible to post and what is not? If inappropriate data were posted, what recourse would the Information Sharing Working Group have?

  • Do any of the Standard Operating Procedures cross reference information management tools that are made available by the National Infrastructure Coordination Center off of links on the Homeland Security Information Network - Critical Sector homepage, e.g., the Integrated Common Analytical Viewer (iCAV) Geographic Information System?

  • Using the Food and Agriculture (F&A) Routine Communication SOP as an example, what type of data will be routinely posted to the Food and Agriculture Portal?

  • Using the Food and Agriculture Incident Communication SOP as an example, what type of data will be posted during incidents (e.g., terrorist attacks, natural disasters) to the Food and Agriculture Portal?

  • Are sectors permitted to post their own Alerts, Warnings, and Notifications independent of what the National Infrastructure Coordination Center posts to the Homeland Security Information Network - Critical Sector homepage?

  • Are sectors permitted to change the color-coded threat levels for their sector independent of what DHS does with the National Terrorism Advisory System (NTAS)? [at www.dhs.gov/files/programs/ntas.shtm ] See, for example, the Electric Sector Information Sharing and Analysis Center Portal at www.nerc.com/page.php?cid=6|69|312.

  • Do you think that most sectors would be interested in developing a voluntary SARs SOP? What about those sectors that have mandatory SARs requirements from a regulatory agency? Can you see any value to having both types of SARs systems?

  • In what way do you think that fusing SARs information with national Intelligence would help the Government in “connecting the dots”?




  1. Required Reading:

Department of Homeland Security. National Terrorism Advisory System (NTAS). www.dhs.gov/files/programs/ntas.shtm.


Department of Justice. Nationwide SAR Initiative (NSI). 2010. http://nsi.ncirc.gov.

Lesson 13 Topic: Other Information Sharing Mechanisms

1. Lesson Goals/Objectives:

  • Evaluate the variety of additional information sharing mechanisms used to support the NIPP government-private partnership and enable information sharing between key critical infrastructure and resilience partners, including:

  • DHS email

  • Smart phones/Personal Digital Assistants

  • Teleconferences

  • Webinars

  • Digital Billboards

  • Chat on HSIN-CS

  • Video Teleconferences (VTCs)

  • DHS Blogs (http://blog.dhs.gov )

  • DHS PSAs

  • Law Enforcement Online (LEO)

  • Regional Information Sharing System

  • InfraGard

  • Conferences, Summits, and Workshops

  • Assess the potential for emerging technologies to promote collaborative information sharing.

  • Explain how social networking media can be used to promote critical infrastructure information sharing within and across sectors and by various levels of government.


2. Discussion Topics:

  • Which one of the other information sharing mechanisms do you feel is the best means of sharing information? You may want parse your answer into routine vs. incident information sharing.

  • When Secure Mobile Environment – Portable Electronic Devices become available (e.g., as government furnished COMSEC equipment) for critical infrastructure owners and operators use, what do you see as their advantages for sharing classified information?

  • Since Secure Mobile Environment – Portable Electronic Devices will be Government controlled COMSEC items, and only available in limited quantities, who should get them in the critical infrastructure sectors? What criteria should the Government use in allocating these scarce items?

  • What are the advantages for communicating during a national crisis of having subscribed to the GETS and WPS services?

  • What would be the risks of using social networking media to communicate about a terrorist threat to, or attack on, the Homeland? Does your analysis change if the threat is a natural disaster?

  • What would be some innovative ways for Emergency Management or First Responders to use social networking media to communicate during a natural disaster?

  • What are some of the drawbacks associated with the use of mobile devices in this arena?

  • What are some other solutions to the issues presented by the various mechanisms and technologies by which information is shared?


3. Required Reading:
U.S. Department of Homeland Security. The Blog @ Homeland Security,” (2014), https://www.dhs.gov/news-releases/blog.

U.S. Department of Homeland Security, Protective Security Advisors.


http://www.dhs.gov/files/programs/gc_1265310793722.shtm.

U.S. Department of Homeland Security, Protective Security Advisors.


http://www.dhs.gov/files/programs/gc_1265310793722.shtm.
Secure Products Wiki. General Dynamics Sectera Edge Secure Mobile Environment Portable Electronic Device (SME PED). 2010. http://www.secureproductswiki.com/SCIPProducts/GDSecteraEdge.
L-3 Guardian®. Secure Mobile Environment Portable Electronic Device (SME PED). 2010.

http://www2.l-3com.com/cs-east/pdf/l-3%20guardian%20faqs.pdf.


Federal Bureau of Investigation. LEO. http://www.fbi.gov/about-us/cjis/leo.
Federal Communications Commission. Government Emergency Telecommunications Service.

2010. http://transition.fcc.gov/pshs/services/priority-services/wps.html.


National Communications System, “Government Emergency Telecommunications Service,” (2010), http://transition.fcc.gov/pshs/services/priority-services/gets.html.

Regional Information Sharing Systems. RISS. http://www.riss.net/.


4. Additional Recommended Reading:

Comfort, Louise K. "Risk and Resilience: Inter-Organizational Learning Following the Northridge Earthquake of 17 January 1994." Journal of Contingencies and Crisis Management 2(3) (1994): 157-70. http://www.cdm.pitt.edu/Portals/2/PDF/Publications/RISK_AND_RESILIENCE.pdf.



U.S. Department of Homeland Security. 2011 Chemical Sector Security Summit. 2011.


http://www.dhs.gov/xlibrary/assets/2011-chemical-security-summit-carafano.pdf.
Dinh, T.L. and Nguyen-Ngoc, A.V. “A Conceptual Framework for Designing Service Oriented Inter-Organizational Information Systems.” Proceedings of the 2010 Symposium on Information and Communication Technology (2010): 147-154.

http://dl.acm.org/citation.cfm?id=1852640&bnc=1.



Longstaff, P.H. "Security, Resilience, and Communication in Unpredictable Environments Such as Terrorism, Natural Disasters, and Complex Technology," Edited by Center for Information Policy Research. Cambridge, MA: Harvard University, 2005. http://pirp.harvard.edu/pubs_pdf/longsta/longsta-p05-3.pdf.

Lesson 14 Topic: Delivery and Presentation of Research Papers

1. Lesson Goals/Objectives:

  • Deliver the course research paper to the instructor in accordance with the due date (i.e., by the last class)

  • Demonstrate the ability to succinctly summarize and present the research paper in 10 – 20 minutes (depending on class size)

  • Have the opportunity for an open and wide-ranging discussion of any of the information sharing topics or issues covered during the course


2. Discussion Topics:

  • There are no pre-identified discussion topics since class time will be used for research paper presentations and for open discussion.


3. Required Reading:

  • There are no required readings.



Lesson 15 Topic: Delivery and Presentation of Research papers
1. Lesson Goals/Objectives:

  • Deliver the course research paper to the instructor in accordance with the due date (i.e., by the last class)

  • Demonstrate the ability to succinctly summarize and present the research paper in 10 – 20 minutes (depending on class size)

  • Have the opportunity for an open and wide-ranging discussion of any of the information sharing topics or issues covered during the course


2. Discussion Topics:

  • There are no pre-identified discussion topics since class time will be used for research paper presentations and for open discussion.


3. Required Reading:

  • There are no required readings.



1   2   3


The database is protected by copyright ©essaydocs.org 2016
send message

    Main page