Critical Infrastructure Protection Committee (CIPC) Highlights and...Critical Infrastructure Protection Committee (CIPC) Westin Buckhead Atlanta Atlanta, GA December 15-16, 2015 2

Critical Infrastructure Protection Committee (CIPC)Westin Buckhead AtlantaAtlanta, GA

December 15-16, 2015

2 RELIABILITY | ACCOUNTABILITY

Safety and Security

• Westin Buckhead Atlanta Staff will inform the CIPC concerning Fire and Evacuation Procedures for your safety


CIPC Voting Members and Attendees

• Wireless access is available: Network: WESTIN-MEETING Password: NERC2015WB

• Please sign and pass the Attendance Sheets


Securing Our Assets

16,000 Transmission Substations7098 Transmission Lines1057 GW of Generation334 million customers


Antitrust Guidelines

I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another.

The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions): • Discussions involving pricing information, especially margin (profit) and internal cost information and participants’

expectations as to their future prices or internal costs. • Discussions of a participant’s marketing strategies. • Discussions regarding how customers and geographical areas are to be divided among competitors. • Discussions concerning the exclusion of competitors from markets. • Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers. • Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before

being discussed.


Membership Expectations

Our CIPC Charter Section 3 states the following –Voting members of the CIPC are expected to:1. Bring subject matter expertise to the CIPC2. Be knowledgeable about physical and cyber security practices and challenges in

the electricity sector3. Attend and participate in all CIPC meetings4. Express their own opinions at committee meetings but also represent the

interests of their Regions5. Discuss and debate interests rather than positions6. Complete assigned Committee, Task Force, and Working Group assignments7. Maintain, at a minimum, a Secret Clearance, or to the extent not already

obtained, apply for a Secret Clearance


Conduct of the Meeting

Parliamentary Procedures:In the absence of specific provisions in NERC’s Rules ofProcedure, all committee meetings shall be conducted in accordance with the most recent edition of Robert’s Rules of Order, Newly Revised in all cases to which theyare applicable.


September 2015

Business Continuity Guideline TF

(Darren Myers)

Executive CommitteeDavid Revill, NRECA Chuck Abell, Chair, Ameren Melanie Seader, EEIDavid Grubbs, ERCOT Nathan Mitchell, Vice Chair, APPA Jack Cashin, EPSARoss Johnson, CEA Jim Brenton, Vice Chair, ERCOT Marc Child, Great River

Sam Chanoski, Secretary

Physical Security Subcommittee

(David Grubbs)

Cybersecurity Subcommittee

(Marc Child)

Operating Security Subcommittee

(Jim Brenton)

Policy Subcommittee(Nathan Mitchell)

Physical SecurityWG

(Ross Johnson)

Security Training WG

(William Whitney)

Control Systems Security

WG(Mikhail Falkovich)

Grid Exercise WG

(Tim Conway)

BES Security Metrics WG

(VACANT)

Physical Security Standard WG

(Allan Wick)

Compliance and Enforcement Input

WG(Paul Crist)

Physical Security Guidelines WG

(John Breckenridge)

Critical Infrastructure Protection Committee


Org Name Company Discipline

TRE David Grubbs – Executive Committee City of Garland OperationsTRE Jim Brenton, Vice Chair ERCOT CyberTRE Darrell Klimitchek STEC PhysicalFRCC Paul McClay TECO CyberFRCC Carter Manucy Fla Municipal PhysicalFRCC Joe Garmon Seminole OperationsMRO Marc Child – Executive Committee Great River CyberMRO Paul Crist LES PhysicalMRO (vacant) OperationsNPCC John Galloway ISO-NE OperationsNPCC Greg Goodrich NYISO CyberNPCC David Cadregari Iberdrola USA Networks PhysicalRFC Larry Bugh RFC CyberRFC Kent Kujala Detroit OperationsRFC Jeff Fuller DPL PhysicalSERC Chuck Abell, Chair Ameren OperationsSERC Cynthia Hill-Watson TVA CyberSERC Bruce Martin Duke Energy PhysicalSPP John Breckenridge KCPL PhysicalSPP Allen Klassen Westar OperationsSPP Eric Ervin Westar CyberWECC Allan Wick Tri-State PhysicalWECC Mike Mertz PNM CyberWECC Lisa Carrington Arizona Public Service OperationsAPPA Scott Smith Bryan TX Utilities PhysicalAPPA Nathan Mitchell, Vice Chair APPA PolicyCEA Francis Bradley CEA PhysicalCEA Ross Johnson – Executive Committee Capital Power PhysicalCEA David Dunn IESO PolicyNRECA Robert Richhart Hoosier PolicyNRECA David Revill – Executive Committee Georgia Trans Policy

CIPC Primary Voting Members


Proxies Received and Quorum

• Thanks to all proxies attending today and serving as a proxy for your primary voting member! Proxies received for this meeting: FRCC – Pat Boody representing Paul McClay NPCC – Brian Hogue representing David Cadregari MRO – Damon Ounsworth representing vacancy left by Joe Mayfield NRECA – Richie Field representing Robert Richhart


Proxies Received and Quorum

• Announcement of CIPC Quorum of Voting Members: Based on the voting members in attendance, including the proxies

received, we have achieved quorum for conducting CIPC business.


CIPC Roster Changes

New Voting MembersWECC – Lisa Carrington – Arizona Public ServiceNomination was approved by NERC Board of Trustees, November 2015

Vacancies of Voting Members:MRO vacancy is due to Joe Mayfield’s departure from WAPA

Thank you for your service to CIPC!

Chair’s Remarks by Chuck Abell

NERC CIPC Chair ReportChuck Abell

December 15, 2015


December 2015 Update

• Grid Security Conference – Philadelphia, PA• DHS Classified Briefing• CIPC Meeting Highlights Nominating Committee – EC Slate GridEx III Report out CIP V5 Update

• Next NERC CIPC Meeting Louisville, KY March 7-9, 2016

• Thank You!

Nominating SubcommitteeReportMike Mertz, Chair NERC Critical Infrastructure Protection Committee December 15-16, 2015

RELIABILITY | ACCOUNTABILITY2

• As per the CIPC Charter (Section 8-2), the Nominating Subcommittee Chair was appointed at the June 2015 CIPC to form a subcommittee of 5 members to prepare a slate of candidates for election as follows:

• September 2015 CIPC Meeting: Chair Vice-Chairs (2)

• December 2015 CIPC Meeting: Physical Security SME Cyber Security SME Operations SME Policy SME

Subcommittee Assignment


• The Nominating Subcommittee Members are: Mike Mertz, Chairo PNM Resources / WECC / Cyber

Paul Cristo Lincoln Electric System / MRO / Physical

Larry Bugho ReliabilityFirst / RFC / Cyber

Joe Mayfieldo Western Area Power Administration / MRO / Operations

John Breckenridgeo Kansas City Power & Light / SPP / Physical

Subcommittee Members


Subcommittee Meetings

• The Nominating Subcommittee held multiple conference calls to develop a list of candidates

• The nominating subcommittee members contacted all candidates to validate interest and availability to fulfill the role

• Nominating subcommittee finalized the ballot via email


Election Process

• The Nominating Subcommittee presents its slate of candidates.• The Secretary will open the floor for additional nominations.• Upon the close of nominations, elections will be held as follows: The first ballot will be composed of the Nominating Subcommittee’s

slate of candidates. If the slate is approved with a 2/3 majority, the slate is elected and the election is closed. If the slate fails, subsequent paper ballots will be distributed with

the names of all candidates listed in the order in which they were nominated.

• Each ballot will be tallied and any candidate receiving a 2/3 majority shall be deemed elected


For the Subject Matter Expert positions, the Subcommittee recommends the following: •Physical Security SME – David Grubbs, City of Garland •Cyber Security SME – Joe Garmon, Seminole Electric

Cooperative •Operations SME – John Galloway, ISO New England•Policy SME – Ross Johnson, Capital Power Corporation

CIPC Nominee Slate


E-ISAC Update and Physical Security Program

Bob Canada, Manager of Physical Security and AnalysisDecember 15, 2015

2

Topics Covered

• Beyond Mandatory Reporting!• Physical Security & Analysis Team Activities & Projects Initiatives

• Physical Security Advisory Group DBT Workshop Sept 1st-3rdo DBT final research completed.o DoE DBT comparison completedo Final draft by PSAG

Enhanced Background Investigation Screeningo Nov 6th meeting (FBI, DHS, DoE, NRC, Dominion, Entergy, Kansas City Power &

Light, and FP&L in attendance)o ESCC approval to form a smaller groupo Next meeting in January 2016

3

Topics Covered

Mission – to provide industry leadership and expertise to guide and support the E-ISAC• Overseen by, and reports to, ESCC• Responsible for providing ESCC oversight of E-ISAC• Acknowledges management role of NERC’s CEO and SVP/CSO• Must duly consider the effects of E-ISAC actions on legal,

financial, and other risks borne by NERCActivities• Develop and institute short and long term strategic visions• Define and maintain business strategy for products and services• Set goals for operation, capabilities, and controls• Provide industry leadership and guidance

4

What is the Status of Physical Security for the BES?

Over 55,000 substations over 100kv!

5

BeyondMandatory Reporting for Information Sharing

6

Preface

The E-ISAC is charged with: • Capturing, understanding, reporting and disseminating physical

security incidents that occur to sector members and the Bulk Power System (BPS)

• Reports to fellow E-ISAC members, law enforcement, and governmental bodies.

• Identify, prioritize, and coordinate the protection of critical power services, infrastructure service, and key resources

This information, when captured, is only disseminated in a non-attributed

format both internally and externally and can be extremely valuable in ongoing situational awareness, detection, and prevention of similar incidents.

7

Impacts of Weak Information Sharing

• Greater Risk to BES!• Isolation of Informed Entities!• Lack of Actionable Information!• Redundancies of Information Gathering!• Wasted Resources and Funding!• Delay of Pre-Attack Prevention Opportunities!• Potential loss of life and BES Reliability!

8

Sharing Partnerships

9

• Dynamic sharing among members can mitigate the rise of threats to BES

• Electricity Sector is at the forefront vulnerability of U.S. economic stability

• Reporting critical and timely information can help protect the BES• Strengthens existing partnership between private and public sector• Question? Have you shared information with the E-ISAC?

Benefits of Information Sharing

10

From the ESISTF Report

11

PS Bulletins June – Unmanned Aircraft Systems - PostedJuly – Incident Reporting Guide - PostedAug – Suspicious Activity and Surveillance Detection - PostedAug – Update to June bulletin on Unmanned Aircraft Systems- PostedSept – Suspicious Activity and Surveillance Detection Activity Reporting – PostedOct – Tabletop Exercise Template for Industry to use for Law Enforcement

training-PostedNov – Terrorism Trends Overseas - Posted

Design Basis Threat (DBT)Electric Sector Survivability Project for components.Enhanced Background Investigation ScreeningCollaborate on DoE’s DBT under development

E-ISAC Projects and Initiatives

12

What we are seeing from your reports sources?

13

Shooting Incidents• 230kV insulators• 115kV gang switch• Control building• 69/12kV transformer regulator

What’s getting reported?

14

Break Ins• Undisclosed facility type. Cut barbed wire, nothing stolen• Substation, cut fences, grounds stolen• Undisclosed facility type. Cut gate lock, tools stolen from

pickup truck.• Substation control house. Lock missing, copper stolen.• Undisclosed facility type. Remote location, video confirmed

there was unauthorized access.


15

Suspicious Activity• Photography of a substation• Photography of a generating station (2 separate incidents)• Photography of an LNG facility• Threatening phone call


16

Unmanned Aircraft Systems - UAS

17

Reports to E-ISAC from Mid-Year Report

18

Our 1st Monthly Report !

20

Reports from Entities

21

Physical Security Advisory Group

(PSAG)

22

PSAG Members

1. Ross Johnson, Capital Power2. Allan Wick, Tri-State G & T3. John Breckenridge, KCP&L4. David Godfrey, Garland P&L5. William Whitney III, Garland P&L 6. Jim McGlone, DoE Liaison7. Bob Canada, Manager, Physical

Security & Analysis – E-ISAC8. Travis Moran, Sr. Security Specialist-

E-ISAC9. Max Spector, Security Specialist, E-

ISAC10.Brian Harrell (Navigant)

10.Dan Jenkins, Dominion11.Ben Mayo, DHS (ES-Liaison)12.John Large, FP&L (EEI Security

Committee)13.Mike Hagee (SERC)14.Michael Lynch, DTE15.Darren Myers, Duke16.Jim Spracklen, PNNL 17.Tim Reagan, Ameren18.Barry Page, C4S2 Global19.Louie Dabdoub, Entergy20.Marc Sachs, Sr. VP and CSO, E-ISAC

23

PSAG Projects

1. Design Basis Threat (DBT)

2. Enhanced Background Investigation Screening

24

Design Basis Threat (DBT)

Another Tool for Industry Use!

SAG

PROJECT # 1

25

Project Progress

26

What is a Design Basis Threat?

• The DBT is used to determine the level of appropriate and cost effective physical protection measures required to protect against malicious acts i.e. theft / sabotage

• It is based on conservative assumptions that establish the magnitude of adversary force that the site’s protective systems should be designed to defeat, expressed in terms of numbers of adversaries and their capabilities

27

• Answers the question: “What are we protecting against?”• Development of potential adversary scenarios• Analysis of physical protection system (PPS) to determine

effectiveness • Identifying vulnerabilities of the PPS• Improving the system and prioritizing upgrades• Assessing risk and the cost-benefit tradeoffs

28

The DBT uses a graded threat approach (protect pencils like pencils and gold like gold). This takes into account factors such as:• Attractiveness & Consequence of loss of the asset. • Are there redundancies or ways to work around the loss? • Assets are identified and then prioritized into Asset Protection

Levels• Reach consensus on realistic and credible threats against US

power grid (consistent approach)• Critical HV transformers• Other critical nodes / infrastructure

29

1. Resolve outstanding discussion around the following:a. “Insider Threat” being in or out of DBTb. DoE Explosive Guidance

2. Review DoE’s DBT for comparison purposes to resolve differences

3. Seek opportunities for webinars and workshops4. Schedule annual review by Physical Security Advisory Group

NEXT STEPS?

30

Enhanced Background Investigation Screening

Project # 2

31

Project Progress

1. Born from Initial Discussions with PSAG Members, FBI and E-ISAC’s PSAT.

2. Nov 6th meeting (FBI, DHS, DoE, NRC, Dominion, Entergy, Kansas City Power & Light, and FP&L in attendance).

3. ESCC gave its approval to form a smaller group.4. Next meeting in January 2016 to come back with

recommendations and project planning strategy.

32

First Steps /Progress

• Discussions began months ago with FBI, DoE and DHS about concerns about background screening for critical positions.

• Reps from DoE, DHS, NRC, FBI Headquarters, FBI WMD Unit, FBI Legal and FBI Legislative Affairs have met on Nov 6th with NERC and PSAG members and very supportive.

• PSAG members have provided jobs which could be considered critical operationally or by access to critical functions or equipment.

• ESCC approved to move forward.

33

Possible Impact

1. FBI could conduct additional screening measures against additional terrorism databases

2. Incorporate the enhanced screening of new employees3. Incorporate a refresher background every 3-5 years4. Incorporating an Insider Threat Mitigation strategy across the

industry.5. Incorporating additional screening across other sectors (i.e.

telecommunication, water & finance)

34

Challenges Ahead

1. Awareness of and Acceptance of NERC Code of Conduct.2. Moving past corporate fear of regulatory avoidance strategies

with regard to voluntary reporting.3. Fostering relationships amongst hesitant partners through

personal relationships4. Go beyond the mandatory reporting paradigm5. Embrace larger threat perspective and how you fit into it 6. Understand that every little piece of intelligence helps!7. Entrusting partners to share their resources

ResourceStrengths

KnowledgeOf

Threats

BestInformation

SharingPractices

35

Register a user account on the portal today at:https://www.esisac.com/register.aspx

General Contact: [email protected] hour hotline: (404) 446-9780

Does your company’s Physical and Cyber SMEs have an E-ISAC Membership?

If Not, Why Not?

https://www.esisac.com/register.aspx

mailto:[email protected]

36

Physical Security Reliability Standard Implementation

Carl Herron, Principal CIP- Security Advisor (NERC) CIPC December 15-16, 2015Atlanta, Georgia


• Requirement R2 mandates that an unaffiliated third-party verify the result of the risk assessment performed under Requirement R1. The third-party for Requirement R2 must be either: A registered Planning Coordinator, Transmission Planner, or Reliability

Coordinator; or An entity that has transmission planning or analysis experience.

R2 – 3rd Party Verification


• Registered entity with applicable planning and reliability functions.

• Experience in power system studies and planning. • The third-party’s understanding of the MOD standards, TPL

standards, and facility ratings as they pertain to planning studies.

• The third-party’s familiarity with the Interconnection within which the Transmission Owner (TO) is located.

R2 – 3rd Party Verifier Characteristics


• TO’s must demonstrate the appropriate rigor and analysis when performing R1 and R2. Consider how the following questions can be answered: Why certain stations or substations are identified to meet the criteria in

Requirement R1 Similarly, why certain stations or substations were not identified by

Requirement R1 What are defining characteristics of stations and substations identified by

Requirement R1 How the third party verifying the risk assessment meets the qualifications

in Requirement R2 and the means the third party used to ensure effective verification

Compliance Expectations


Self-Certification

• ERO Enterprise-wide self-certification for CIP-014 requirements for identification of critical assets

• Conducted by each Regional Entity• Supports monitoring of effective implementation Tailored and limited: Is the standard applicable? If so, did the registered entity complete the risk assessment/verification

requirements? Did the risk assessment result in critical assets? If so, how many? Was notice to a Transmission Operator (TOP) required for a primary

control center?


Timing and Approach

• Self-certification timing November 2015: Communicated in CMEP Implementation Plan

• March 15, 2016: Notice to all TOs, including request for answers to the limited questions

• May 1, 2016: Information due from all TOs• FERC Audits in 2016In coordination with the ERO Enterprise• Minimize duplication of efforts


Timing and Approach: Security Plans

• Informal registered entity site visits to share progress • Already underway: NERC and Regional Entity coordination• Focused on security plan effectiveness



CIP Standards and Compliance Update: 2016 PlanTobias Whitney, Manager of CIP Compliance, NERCDecember 2015


• Enforcement date (High and Medium Impact): April 1, 2016 Risk-based compliance monitoring plan for 2016 for High and Medium

Impact requirements Concerted outreach on Low Impact requirements for 2017 and 2018

Key Dates


• Confirm effective CIP-002 identifications based on impact rating criteria (high and medium focus)

• Focused Audits in 2016 ROP required 3 year audits for RC, BA, and TOPs Coordination with FERC on certain audits

• Risk-based approach to timing, scope

2016 Compliance Monitoring Approach


Highlights

Risk-Based approach to timing and scope

Scheduled for 2016FERC coordination

CIP-002 Identifications: the foundation


• Understand program effectiveness and support transition Registered entity approaches Program and general controls discussions Limited sampling or testing for effectiveness based on risk

• Identify successes and challenges• Focus on Risk Identification

Goals of 2016 approach


• ERO Enterprise CIP-002 Self Cert Timingo November 2015: NERC will include approach in CMEP IP Document o February 1, 2016: Notice to all applicable entities including the table that

required to be filled out by each Registered Entityo May 1, 2016: Information due from all entities

Purpose o Understand identification of each registered entity’s high, medium and low

impact facilities– Based on CIP-002 Attachment A (Impact Rating Criteria)

o Shape and inform future areas of focus

All Registered Entities Subject to CIP Standards


• Scheduled audits and risk-based, spot-checks in 2016• Tailored scope based on risk (identified in 2016 CMEP

Implementation Plan (IP)) CIP-002 R1 and R2 CIP-005 R1 and R2 CIP-006 R1, R2 and R3 CIP-007 R1, R2, R3 and R5

• Scope may be modified based on the entity’s IRA

2016 ERO Monitoring


• 2016 CIP Risk Elements System Downtime Unauthorized Access Corruption of Operational Data

• Similar to the InfoSec Risk Triad Confidentiality Integrity Availability

Risk Elements

System Downtime

Unauthorized Access

CIP V5

Corruption of Operational

Data


• Risk-based and considers the type of entity (Type 1, 2 or 3)• 2016 activities support identification of entity-specific risk

Transition to 2017 Compliance Monitoring Approach

Type 1“New High and

Medium”

Control CentersSubstationsGeneration

No V3 compliance

history

<40 Entities

Type 2“Limited V3-V5 Scope Change”

Primarily Control Centers

Significant V3 History

<50 Entities

Type 3“Large Entity

with High, Med, Low”

Control CentersSubstationsGeneration

Significant V3 History

<50 Entities

Type 4“Small Entity

w/Low”

Small Substation &

Gen Mix

No V3 Compliance

History

>1000 Entities


• Effective in 2017 and 2018• Outreach informed by 2015 transition program and 2016

compliance monitoring activities, focused on Type 4 registered entities and risk Small Group Advisory Sessions Workshops, webinars, and other education

Low Impact Requirements


• January - Supply Chain Technical Conference• (Possible) FERC Order and New Directives• Industry initiated standards development January Webinar Project Plano TO Control Centero BES Cyber Assets/Programmable Deviceso Virtualizationo External Routable Connectivityo Other considerations

• Interpretations • FERC Audits• NERC oversight

2016 Key Activities


• Transition Program Page http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-

Implementation-Study.aspx

• CIP Curriculum http://www.nerc.com/pa/CI/Documents/2015_CIP_Curriculum%20%20(as

%20of%2020150728)_AD.pdf

Resources

http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx

http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx

http://www.nerc.com/pa/CI/Documents/2015_CIP_Curriculum%20%20(as%20of%2020150728)_AD.pdf


CIP v5 Transition Project Survey

Dr. Joseph B. BaughPMP, CISA, CISSP, CISM, CRISC

Senior Compliance Auditor, Cyber SecurityCIPC Meetings, Atlanta GA

December 15, 2015W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

Speaker Introduction• Electrical Utility Experience (42 years)

– Senior Compliance Auditor, Cyber Security– IT Manager & Power Trading/Scheduling Manager– IT Program Manager & Project Manager – PMP, CISSP, CISA, CRISC, CISM, NSA-IAM/IEM certs– NERC Certified System Operator– Barehand Qualified Transmission Lineman

• Educational Experience – Degrees earned: Ph.D., MBA, BS-Computer Science– Academic & Technical Course Teaching Experience (20 years)

• PMP, CISA, CISSP, CISM, ITIL, & Cisco exam preparation • Business Strategy, Leadership, and Management • Information Technology and IT Security • Project Management

2

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

Agenda

• Discuss Survey • Review Quantitative Data (specific questions)

– Demographic Questions– Time on Task

• Review Qualitative Data (open-ended questions)– Top Three Challenges– Top Three Organizational Culture Issues– Anything Else to Add? (wrap-up question)

• Address Questions

3


Why Do A Survey?

• Several common issues were observed by CIP Team during WECC CIP v5 Outreach and Audits– Registered Entities’ CIP v5 compliance concerns– Increasing flow of entity CIP v5 questions

• Desire to gain a better understanding of CIP v5 issues in the WECC region – What do the entities need/think/expect/fear during

the CIP v5 Transition period?– How can WECC CIP Team tailor effective outreach?– Share results with WECC, NERC, and other regions.

4


Survey Design• Examined CIP v5 issues

in three key segments:– Registered Entities– ERO members– Consultants

• Skip logic examined perspectives on: – Challenges– Cultural Issues– Time on Task

5


Survey Data Collection• Used SurveyMonkey® to develop and deliver the

survey online• Sent initial survey request to June 2015 CIPUG

Attendee list • Developed additional snowball sampling by

requesting recipients forward common link to other interested parties

• Collected data anonymously via common URL emailed directly to initial sampling and as forwarded to others

6


Establishing the Survey’s Validity• Ran pilot study to test the data collection instrument (July

30 – August 3, 2015)– Small groups from each of the three categories– Generated minor changes in some questions– Validated skip logic flow– Deleted all pilot study test data prior to survey Go-Live

• Emailed initial live survey link to targeted sampling of Compliance personnel in WECC region (August 4, 2015)– 345 Registered Entities in WECC (NERC, 2015 August 14)– Initial distribution list from July CIPUG (367 individuals)– Emailed two reminders (August 10 & 13, 2015)– Requested snowball sampling in the three emails

• Closed the survey as scheduled (August 14, 2015)

7


Establishing the Survey’s Validity

• Survey targeted response rate goals to achieve a ± 5 Confidence Interval [CI] at the 95% Confidence Level [CL] for Quantitative responses

• Needed 188 responses from initial distribution list (367) to achieve the desired CI value at a 95% CL

• Obtained 204 responses and achieved CI and CL goals

8


Source: Creative Research Systems

Establishing the Survey’s Validity• Two email reminders boosted response rates• Obtained 204 responses (55.6% response rate) by close of

survey– Achieved 95% CL goal, – Exceeded CI goal (CI of ± 4.58 %)

9


Survey Development

Pilot Study (test

results deleted)

Live Survey Data Collection

Quantitative and Qualitative Data

AnalysisPresent

Data

Data Analysis Processes• Quantitative data

– Demographic data, and– Data relative to time and personnel on task

• Charts derived from SurveyMonkey® data sets• Calculations in Excel® for MAC 2011 (v14.5.3)

• Qualitative data – Challenges and organizational culture issues– Analyzed with HyperRESEARCH® Qualitative Data Analysis

Software [QDAS] package (v3.0.3)• Examined for emerging themes and patterns• Conclusions drawn from aggregated data across all three survey

categories

10


Demographic Questions

• Applied to entire sampling• Set the context for segmented skip logic and

subsequent data analyses– How long have you worked in the Electric Industry?– Which Electric Industry segment do you currently support? – How long have you worked in your current segment?– How many employees does your organization employ?– What is your primary role in the Electric Industry relative

to CIP compliance?

11


Industry Tenure

• Fairly even distribution of electrical industry experience.– Smallest segment:

16-20 years (10.8%)

– Largest segments: • 0-5 years (25%)• 20+ years (27%)

12


Industry Segment

• Expected overload on Compliance segment (43.6%)

• Good distribution across remaining segments

• Ten “Other” responses addressed entity-specific roles

13


Segment Tenure

• Many compliance personnel move into area near end of career, thus 0-5 years tenure is not surprising


14


Organization Size

• Overload on large entities (54.4%) reflective of larger CIP v5 effort


15


Primary Role• Expected large

percentage of Registered Entities (78.9%)

• First instance of skip logic providesthree paths through survey to target specific role responses

16


ERO Time on Task

• CIP Auditors and Enforcement personnel

• CIP v5 Transition outreach includes preparing for and presenting formal outreach sessions and responses to entity questions

• Represents a major component of weekly WECC CIP team workflow

17


Work on CIP v5 Transition Project?• Applied separately to Registered Entity & Consultant categories• Second instances of skip logic (1 per category)

– “Yes” response continued down category branch; – “No” response ended survey

18


Registered Entities (160)

148 Yes (92.5%)

12 No (7.5%)

Consultants (26)

3 No (11.5%)

23 Yes (88.5%)

Work with Consultant?• Applied to Registered

Entity category only• Third instance of skip logic

– “Yes” response applies consultant level of involvement question

– “No” response skips consultant level question

• Data indicates numerous WECC entities are using consultants on the CIP v5 Transition

19


87 Yes (59%)

61 No (41%)

Are you currently working with or have previously worked with a Consultant, Contractor, or Vendor on your CIP v5 Transition Project?

Consultant Involvement

• Applied to Registered Entity category only

• Estimates consultant level of involvement in Registered Entity CIP v5 Transition Project

• Data indicates consultants are generally supporting CIP v5 Transition Projects, but not leading them

20


Consultant Involvement• 15 Consultants

responded to this question

• Consultants working on 287 Entity projects across all regions

• Average of 19 clients with CIP v5 projects per consultant

• Qualitative Data indicates consultant resources and/or availability may be limited

21


Registered Entity FTEs on Task

• 111 RE participants responded to this question

• Total of 1400 RE FTEs working on CIP v5 projects

• Average of 13 FTE on each CIP v5 project

22


Time on TaskAll Project Members

• Optional question at end of survey

• Applied to all three categories

• 140 Participants• Represents a major

component of weekly project team workflow

23


Qualitative Data Analysis

• Open-ended questions posed to each category• Similar questions that probe into the Registered Entity

experience from three different perspectives• ERO Members:

– Describe the top three challenges or obstacles to the transition that you have observed at entities during CIP v5 outreach and transition audit activities.

– Describe up to three organizational cultural issues related you have observed during your interactions with Registered Entities in your ERO group.

– Generated 93 coded segments

24


Qualitative Data Analysis

• Registered Entities:– Describe the top three challenges or obstacles to the

transition that you have observed during your CIP v5 transition activities.

– Describe up to three organizational cultural issues you have observed during your CIP v5 Transition project.

– What external and/or internal CIP v5 resources are available or what resources should be made available to you during the CIP v5 transition project?

– Generated 949 coded segments

25


Qualitative Data Analysis• Consultants:

– Describe the top three challenges or obstacles to the transition that you have observed at your client(s) during your CIP v5 transition activities.

– Describe up to three organizational cultural issues you have observed during your client(s) CIP v5 Transition project.

– Generated 119 coded segments• Final Optional Wrap-up Question asked of all

Participants:– Is there anything else you would like to add to help us better

understand issues related to the CIP v5 transition?– Response segments coded concurrently with other questions

26


Identifying Key Themes

• Coded open-ended responses

• 1161 coded segments• Identified top

challenges and cultural issues

• Grouped coded segments into major themes

27


Top Three Challenge Themes

• Confusion (302)– Unclear ERO Guidance, Uncertainty, and Technical

Issues

• The Triple Constraints (192)– Resource, Time, and Cost Management

• Organizational Issues (117)– Business Silos and Low Management Support

28


Confusion: Unclear ERO Expectations• Unclear Expectations

– Inconsistent information concerning Standards.– A lack of industry-wide consensus or consistency about

key terms.– Not enough direction on how or what the bar really is to

meet compliance.– Lack of clarity in the CIP V5 Standards creating an

atmosphere of paralysis on what to do. – It appears the requirements are not fully developed or

changing and it's hard to hit a moving target.

29


Triple Constraints: Scope & Resources• Handling the transition as a managed project, preferably as an

IT project following PMI standards.– Determining front burner vs. back burner issues– Managing expectations– Getting to a common understanding of project needs with CIP

SMEs and common prioritization of deliverables.– Changing/increasing scope creates change management issues

• Required External Resources– Project team has limited knowledge of detailed operations and

equipment– Setting up CIP v5 project leadership, structure, and organization,

outside of the regular operational work group organizations.– Our organization has brought in additional external resources

30


Triple Constraints: Time• Resource time constraints; Not enough time!

– Approximately 900 documents requiring revision – Lack of staff hours to complete all the documentation required– Time was difficult to accurately project.– Employee time to complete required changes while performing

other job duties; No increase in FTEs.– Time constraints; NERC-imposed (4/1/16) and self-imposed (too

late on beginning implementation process).• Between day-to-day operations, multiple projects and CIP v5

readiness preparation, we get pulled in too many directions; • Not enough time to focus and dedicate as much time to our

CIP V5 transition Project.

31


Triple Constraints: Cost• Budget Constraints

– Human and capital costs of implementation– Funding for new hardware and systems– The process for maintaining compliance evidence adds

significant “overhead”– Keeping costs in check; getting enough money

• The extreme high cost of compliance associated with a Medium Impact designation coupled with last minute ill devised “compliance clarifications” necessitates compliance program development delay.

• Medium Impact compliance cost is debilitating for this small entity.

32


Organizational Issues: Business Silos• There are some entrenched fiefdoms and business

unit leaders are not willing to give up operational "turf" to Compliance– Silos are hindering entities in progress to CIP v5– Silos within organizations often create barriers – With the increase of facilities in scope, more business

units need to work together and not work in silos• Entities duplicating efforts (but not necessarily

results) by dividing the same CIP V5 requirements among different (and disassociated) business groups

33


Organizational Issues: Poor Management Support

• CEO/Executive [poor] understanding of CIP requirements– Reluctance to transition to v5 early. Legal department feels it

could be unfavorable– Management resistance to necessary investments

• Internal management misunderstanding of the v3 to v5 transition requirements– Convincing management money should be spent on upgrading

physical security and network security – No physical security department and having to get the C-level to

agree to create one• Changing direction makes harder to garner the support of our

senior management when we have to tell them a different story each time we stand in front of them.

34


Top Three Cultural Themes35


• Change (157)– Cultural Changes, Resistance to Change, Poor Buy-in,

and Change Management– Business Silos also appeared as a cultural change

issue, but were aggregated under the Organizational Issues theme

• Education (80)– Training, Learning Curves, and Collaboration

• Emotional Factors (23) – Fear, Anxiety, Frustration, and Internal Conflict

Cultural Issues: Change• Culture shock with compliance requirements• Moving from nothing to version 5

– Substation personnel now dealing with CIP for first time, as substations come into scope [Medium and Low-impact]

– Newness of CIP and buy-in with many work groups– Bringing operations into scope and the massive culture shift– Up to 2014, there was no cyber security policy in place in our site

• Standardizing processes across a large geographical area– Appreciating that V3 to V5 may require thorough house cleaning– Obsession in using existing V3 evidence, perhaps with minor

changes

36


Cultural Issues: Resistance to Change• Desire to maintain status quo

– Not done that way before, why do I have to change now– That's not the way we do it; that's not a good way to do it; or

"Not invented here!”– Egos are always an issue - especially some with more than 10

years of experiences.– Keeping things the same rather than look at changes that

could provide future benefits or simplify compliance• Lack of understanding of why new areas now have to

comply with CIP• Poor buy-in with field personnel new to CIP

37


Cultural Issues: Education• Learning Curves

– Having previously been a "Null" list entity, steep learning curve to figure out which devices may be cyber assets in Low-impact BES Assets.

– We did not have Critical Assets under version 3, so many of our IT staff were not involved in compliance activities, it’s a major learning curve

– Lack of IT training for currently staffed field technicians• Inspiring SME's to really dig into the changes early• Educating all personnel on more stringent CIPv5

requirements• Training 1000's to meet new reporting requirements

38


Cultural Issues: Emotional Factors• Frustration

– If you are registered as a TOP but don’t impact the reliable operation of the BES, where is the impact?

– Getting everyone on the same page – No one wants to know more than what they need for their

job – they are all in information overload.• Fear & Trust Issues

– Lack of trust that transition period will be viewed upon by ERO as a period where we may not have met either version due to the changing state.

– Maintaining compliance during the transition– This is obviously due to a lack of trust, although I think WECC

has done a good job trying to address that

39


Summary• The survey was received with interest, response

rates were excellent, results may be generalized (±16) across the WECC population of 345 Registered Entities

• Participants were generally appreciative of WECC CIP v5 outreach and accessibility for entity questions

• Time and resources are huge concerns for all entities, as the clock is ticking inexorably down to April 1, 2016

40


Conclusions from RE Perspective• The CIP v5 transition has been a large undertaking • The CIPv5 transition represents a massive

organizational change initiative effort for all entities, both technically and culturally

• Frustration and exasperation exist due to enormity of required changes, lack of resources, and associated costs

• It is a very difficult task for smaller entities• “Be merciful, I am doing the best I can to be fully

compliant...”

41


References

• Creative Research Systems. (n.d.). The Survey System: Sample Size Calculator. Retrieved from http://www.surveysystem.com/sscalc.htm

• NERC. (2015 Aug 14). NERC_Compliance_Registry_Matrix_Excel20150814.xls. Retrieved from http://www.nerc.com/pa/comp/Pages/Registration-and-Certification.aspx

42


http://www.surveysystem.com/sscalc.htm

http://www.nerc.com/pa/comp/Pages/Registration-and-Certification.aspx

Speaker Contact Information

Joseph B. Baugh, Ph.D.PMP, CISA, CISSP, CRISC, CISMSenior Compliance Auditor -Cyber SecurityWestern Electricity Coordinating Council (WECC)jbaugh (at) wecc (dot) biz(C) 520.331.6351 (O) 360.600.6631

43


NATF Security Practices Group Activity Update

Jim Rowan, NATF Program Program Manager - Security

NERC CIPC MeetingDecember 15-16, 2015

How you feel after one more change to what you have been working on!!

3

Discussion Topics

• Brief NATF Overview

• Resiliency Project

• Security Practices Group Projects

• EO Awareness Projects

• Other Activities

NATF Membership

Organization types (75 Members)– Investor-owned– State/Municipal– Cooperative– Federal/Provincial– ISO/RTO

Expertise– 3600 subject-matter experts

Coverage (North America Wide)– 85% Peak Demand– 75% 100kV and higher circuits• Membership open to companies that

own/operate 50 circuit miles 100 kV transmission or, operate 24/7 control center

4

NATF SPG Monthly Calls

Security Practices Group– Held on 4th Thursday of every month from 3:00 – 5:00

PM EST• Changes by exception

– Topic Areas• Peer Reviews/Assist Visit Report Out• Project(s) Update• Operational Exchange Lessons Learned• Survey Discussions• “Hot Topics”• Principles of Excellence of the Month• Open Mic

5

NATF SPG Monthly Calls

Physical Working Group– Held on 3rd Tuesday of every month from 11:00 – 12:00

AM EST• Changes by exception

– Topic Areas• Project(s) Update• Operational Exchange Lessons Learned• “Hot Topics”• Open Mic

6

7

Discussion Topics






Resiliency Project

• Series of White Papers• Joint effort with EPRI• Background focus of efforts that began in

2015• Resiliency Summit at EPRI Charlotte

– March 1-2

9

Discussion Topics


• Physical Security Work Group Project: CIP-014-1 R4 and R5 Practice Guides





Projects for 2015

• Practices for Cyber Asset Categorization• Practices for Protecting Unused Physical Ports

Against Use• Device Security Capability Management• Practices for Security Metrics• Central Security Control Center & Job

Description Practices Document (CONOPS)

Projects for 2016 (So far)

• Practices for Cyber Asset Categorization• Practices for Security Metrics

– Implementation

• Security Assist Visits– Cyber and Physical Security– Exercise implementation as requested

• V5 Sustainability Issues• Central Security Control Center & Job Description

Practices Document (CONOPS)

12

Discussion Topics







EO Awareness Projects• EO Awareness Articles

– Over 400 articles in library– Distribution list approaching 200– Cyber and Physical security articles from throughout the

world– Distributed on Monday afternoons– “FLASH” reports issued for immediate concerns– Members only - Must opt-in by email to [email protected]

• Other activities as requested– ASIS– DefCon


14

Discussion Topics • Brief NATF Overview






Other Activities – For NATF Members Only

•Peer reviews now include physical security element

•Assist visit modules for cyber and physical security

•Internal Control Design and Effectiveness Testing Practice document

Other Activities – For NATF Members Only

• Development of risk and controls • Illustrative examples for security applications

• Workshops• May 17-19

• Joint Compliance and Security Workshop• Nov 1-2

• Security Workshop

Questions?

Legislative UpdateCritical Infrastructure Protection CommitteeDecember 15, 2015

Nathan Mitchell, American Public Power Association


Energy Legislation - Highway Bill

• Grid security provisions added to House highway bill (H.R. 22) --included in final bill. Passed by House (359 to 65), then Senate (83-16) on Dec. 3. President Obama signed into law on Dec. 4, 2015.

• Resolves conflicts between environmental and grid reliability requirements

• Gives Secretary of Energy broader authority to address grid security emergencies

• Requires DOE to draft plan for creation of strategic transformer reserve.


Grid Security - CISA

• House H.R. 1560, the Protecting Cyber Networks Act o Approved by Permanent Select Committee on Intelligence, then passed 307-116

by House on April 22, 2015. H.R. 1731, the National Cybersecurity Advancement Act of 2015o Approved by Committee on Homeland Security, then passed 355-63 by House on

April 23, 2015.• Senate S. 754, the Cybersecurity Information Sharing Act of 2015o Approved by Senate Intelligence Committee, then passed 74-21 by Senate on

Oct. 28, 2015.• House-Senate Negotiations Both include liability protection. Congressional leaders predict “long road ahead” for talks.


Electricity Sector Coordinating Council (ESCC)Critical Infrastructure Protection CommitteeDecember 15, 2015

Nathan Mitchell, American Public Power Association


ESCC

• Electricity Subsector Coordinating Council (ESCC)• Information Sharing E-ISAC Member Executive Committee CRISP

• Government Industry Coordination Grid Ex III – ESCC Table Top Exercise ESCC Playbook Version 5.0 Transformer Reserve

• Leveraging R&D/Tools & Technologies


ESCC

• Cross-Sector Coordination Water Sector Downstream Natural Gas Telecommunications Financial Services Transportation

• Senior Executive Working Group – ESCC Summary of Conclusions


SEWG Summary of Conclusions

• Enhanced Background Investigation Screening for Critical Employees (EBISCE) Working Group Owners: DOE, DHS, FBI, ESCC, and the E-ISAC.

• EMP Partnership Owners: DOE, DHS, ESCC, EPRI

• DHS Cybersecurity Insurance Initiative: Owner: DHS

• Supply Chain Working Group: Owners: DOE, DHS, ESCC, and other relevant sectors



• Exercises (2016 DOE Clear Path and Cascadia Rising) Owner: DOE

• Messaging Opportunities: Owner: ESCC, DOE, DHS

• Grid Cybersecurity Innovation Investment Initiative: Owner: DOE with input from DHS

• Cybersecurity Risk Information Sharing Program (CRISP) Next Steps Owner: E-ISAC and ESCC, with support from DOE and National Labs



• Developing Cyber Mutual Assistance Concept Owner: ESCC with support from trade associations and E-ISAC

• Measuring ESCC Progress Owner: ESCC


GridEx IIICIPC Update

Atlanta, GADecember, 2015


Since Your Last Brief

• Weekly Core Planning Team Calls• Bi-Weekly GEWG Calls• Provided inject planning master worksheet for entities• Finalized a downloadable package of injects• Provided a package of email templates for each inject• Series of inject tests and communications tests• RC to RC coordination and planning calls• RC to Entity coordination and planning calls• Exercise portal training videos available for planners and players• Continued work with National Labs on injects and exercise tools


And we ran an exercise

350 +Organizations

4,000 +Players


Timeline

GridEx Working

Group

Initial Planning

Phase

Mid-term Planning

Phase

Final Planning

Phase

GridEx III

After Action

Confirm exercise infrastructure

Finalize attack vectors and impacts

Work on scenario narrative

Finalize baseline MSEL

Develop Controller and Player materials

Draft After Action Survey

Send injects and oversee player actions

Capture player actions and findings

Facilitate Executive Tabletop

Distribute survey

Analyze findings and lessons learned

Draft Final Report

Finalize custom injects with RCs

Distribute materials

Conduct training

Set up venue and logistics

December 10 2014 March 11-12 June 10-11 Sept 3 Nov 18-19 Q1 2016January 23

Establish Working Group Members Establish Mail

list GridEx

Awareness

Confirm objectives

Establish boundaries

Confirm tools

2015 Conference Dates

GEWGReform

Jax Atlanta DC

RCs identify Active Organizations in their control area

RCs establish and participate in RC-to-RC and RC-to-Entity coordination calls

RCs and entities understand and develop customized injects

Reliability Coordinator Planning Activities


• Collect and Review summary results• Collect and Review Lessons Learned• Contribute to and Review initial Draft After Action• Publish After Action Report Previous After Action Reports http://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEX.aspx

• Close out the GEWG for GridEx III

Before Your Next Brief


• The industry is growing in capability and maturity• Likewise the planning and execution of GridEx needed to grow

in capability and maturity.• From a Planning perspective - The GEWG was critical in enabling

early development and completion of the scenario narrative, the MSEL, Inject artifacts, and templates for distribution of the injects.

• From an exercise execution perspective - exercise specific tools (E-ISAC, Simulation Deck, Social media components, news reports, training elements, etc..) provided a rich exercise environment for organizations to utilize.

General Thoughts on GridExIII


• Participants need to perform two tasks: Fill out the survey – send Bill Lawrence an email Complete the Lessons Learned documents – Same Bill Lawrence <[email protected]>

• At the next CIPC we will cover key Lessons Learned items within the After Action Report

• In prep for GridEx IV we will typically have a call for volunteers in the Q3 CIPC meeting

• By the Q4 2016 CIPC meeting we will have an initial GEWG IV established and ready for the IPC

Call to Action! & Next Steps


Physical Security Working Group

Ross Johnson, CPPCapital Power

Progress

• Contributed to the PSAG's Design Basis Threat• DBT will be complete this week• Q1 2016 - we will host monthly PSRG teleconferences explaining the DBT,

and how to use it in a threat vulnerability assessment

Progress

• We have begun discussions within the PSRG on the development of a security management program template for the electricity sector

• We waited until November to see a DHS-approved document for something similar for the Dams CI sector

• I intend to push ahead in Q1 2016 and ask for writing assistance

Progress

• I will be facilitating a webinar for ASIS International in April on the protection of the North American interconnected grid

• Will include Brian Harrell, Bob Canada, Darren Nielsen, and Louie Dabdoub• Started with Brian and Bob's successful ASIS International seminar on the

subject at Anaheim in the end of September – it was rated as one of the top ten of the week by the attendees

Questions?

Threat & Incident ReportingGuideline (TF)Update - December 2015

John Breckenridge, CPP


CIP Committee StructureCIPC Executive

Committee

Physical Security SubcommitteeDavid Grubbs

Cyber Security Subcommittee

Mark Child

Operating Security Subcommittee

Carl Eng

Policy SubcommitteeNathan Mitchell

Protecting Sensitive Information TF

Physical Security EvAnalysis WGJoint w/ OC & PC

Physical Security Training WG

Control System Security WG

Cyber Security Analysis WG

Joint w/ OC & PC

Cyber Security Training WG

Information Sharing TF

HILF Implementation TF

Grid Exercise WG

Cyber Attack TreeTF

BES Security Metrics WG

Personnel Security Clearance TF

Compliance & Enforcement WG

Physical Security Guideline TF

How we fit in!


Threat & Incident Reporting Guideline TF

Activity Highlights• Changes made reference to E-ISAC Input from Orlando Stephenson (some quick fixes to update links) Sam Chanoski participating w/ comments

• Team/Task Force starting to be formed Need to get a new Chartero Review and Revise

Conference Calls/E-mails to team Plan to have finished product (TBD)

• Ensure no conflicts w/other reporting requirements OE-417, RCIS, etc.

• Any comments or willingness to participate Contact Randy Duncan/816-556-2160 [email protected]


BES Security Metrics WGCIPC Progress Report

Nathan Mitchell, Interim-ChairDecember 15, 2015


Security Metrics Development Roadmap2015 and Beyond

We are here


BESSMWG Activities

June 2015 CIPC Update• NERC State of Reliability Report including new Security Metrics

chapter approved by NERC Board of Trustees on May 14, 2015• Drafted “strawman” Security Metrics Development Roadmap to

plan future BESSMWG activities• June 9, 2015, BESSMWG met to review Roadmap and define

future directionActivities Since June 2015• Conducted 2 conference calls to accept the Roadmap and to

review/assess the relative value of over 150 metrics from the “universe of security metrics”

• Met F2F Sept 15, 2015, to further define the proposed next set of security metrics and potentially enhance the existing metrics


Results of BESSMWG Assessment

BESSMWG Assessment Number of Metrics

Suitable for near-term development (during 2015) 0

Suitable for mid-term development (by end-2016) 4

Suitable for long-term development (2017 and later) 27

Unsuitable 26

Unsuitable as the data is already available through NERC’s compliance monitoring and enforcement program

97

Total considered 154


Potential Enhancements to Existing Metrics

Metric Potential Enhancement

Reportable Cyber Security Incidents

Further breakdown of the reported data as a sub-metric

Reportable Physical Security Incidents

Further breakdown of the reported data as a sub-metric

ES-ISAC Membership Develop a more meaningful sub-metric based on demographic data

Industry-Sourced Information Sharing

Develop a measure of the value of information shared as a sub-metric

Global Cyber Vulnerabilities

Replace with a sector-based future threat trending metric


Timeline

• Establish Roadmap direction and timeline (completed)• Present Roadmap to CIPC (completed)• Consider and prioritize proposed new metrics from the

“universe of security metrics” (completed) Draft definitions for development during 2016 (Pending committee

meeting)

• Enhance the approved metrics (February 2016)• Finalize detailed definitions for new metrics, including data

sources (February 2016) Consider pilot program to field test new metrics If necessary, prepare NERC data request to collect data for new metrics

• Obtain approval and roll-out new/updated metrics and security chapter for 2016 State of Reliability Report (March 2016)


Request from CIPC

• Need members to participate and keep the momentum• Need a volunteer to take on a leadership role and Chair the

Committee• Next Face to Face meeting Wednesday December 16 from 1:00-

4:30pm at NERC’s offices• February meeting possibly after the NERC BOT meeting in

Sarasota Florida.


NERC CIPC Compliance and Enforcement Input Working

Group

NERC CIPC Update

December 15-16th, 2015

Paul Crist

NERC CIPC Compliance and Enforcement Input Working Group Update

• CEIWG Conference Calls- November 12th, 2015

NERC CIPC Compliance and Enforcement Input Working Group UpdateAgenda Items:

• Lessons Learned Updates• Communications to BES Cyber Systems and BES Cyber Assets

• Approved by Standards Committee and Posted on NERC website

• Transmission Owner Control Centers• Comment period closed on 11/6/15• Reviewing Comments

• Vendor Access Management• Approved by Standards Committee and Posted on NERC website

NERC CIPC Compliance and Enforcement Input Working Group Update

•Meetings• Next Conference Call January 14th, 2016 at 1:00 CST

• 2nd Thursday of the Month at 1:00 CST(Let me know if you need the call-in information)

Questions?

Physical Security Standard WGProgress Report

Allan Wick, ChairToni Linenberger, Vice-ChairBrian Harrell, Vice ChairDecember 16, 2015


Team Members

Chair Allan WickVice-Chair Toni Linenberger

Brian HarrellEC Sponsor Nathan MitchellNERC Staff Laura BrownTeam Members Kurt Aikman

Bruce W. BarnesTim BaschRichard BoucheyJohn BreckenridgeBob CanadaMark L. ComerSteen J. FjalstadMike HageeRoss JohnsonMike KetchensCraig P. LawrenceChris McColmLeslie (Les) MortonBarry PageBobby ParkerPeter ScaliciMatt StrykerDouglas G. Williams


• Past quarter CIP-014 implementation survey – Mike Hagee team leado Posted October 20, 2015o Cancelled November 4, 2015

– Response to industry feedback– Survey responses destroyed without consideration

• Next quarter TBD

Progress


DOE/OE International Efforts on GMDSeptember 2013

DOE Report at NERC CIPC

• Classified brief feedback: [email protected]

• Sector Specific Plan – very close to being online

• Transformer Reserve – Development of the plan

• EMP – INL study available early 2016

• Space Weather – Establish benchmarks

• Clear Path / Cascadia Rising virtual meeting today at 1pm• Dial Conference Number: 1-202-586-3551• http://meet95915393.adobeconnect.com/clear_path_4/


http://meet95915393.adobeconnect.com/clear_path_4/

Sector Outreach and Programs Division (SOPD) Resource Guide

National P rotection and Programs Directorate Office of Infrastructure Protection

October 2015

This page intentionally left blank

SOPD RESOURCE GUIDE OCTOBER 2015 ii

TABLE OF CONTENTS

Introduction..................................................................................................................................................... 1

Cross-Sector Resources .................................................................................................................................. 1

Planning and Security ................................................................................................................................ 1

Training ....................................................................................................................................................... 2

Foundational Courses............................................................................................................................. 3

Security Awareness Series ..................................................................................................................... 4

Exercise Programming ............................................................................................................................... 6

Information Sharing ................................................................................................................................... 7

Policy ............................................................................................................................................................ 9

Higher Education...................................................................................................................................... 10

Chemical Sector Resources .......................................................................................................................... 13

Commercial Facilities Sector Resources..................................................................................................... 16

Critical Manufacturing Sector Resources .................................................................................................. 19

Dams Sector Resources ................................................................................................................................ 20

Emergency Services Sector Resources........................................................................................................ 24

Nuclear Sector Resources............................................................................................................................. 27

SOPD RESOURCE GUIDE OCTOBER 2015 iii

This page intentionally left blank

SOPD RESOURCE GUIDE OCTOBER 2015 iv

Introduction The Office of Infrastructure Protection, Sector Outreach and Programs Division (SOPD) is committed to improving the security and resilience of our Nation’s critical infrastructure by strengthening our relationship with public and private sector stakeholders; and providing cross-sector and sector-specific tools, training, and materials. This guide is a comprehensive catalog of SOPD resources, many of which were created in collaboration with our partners to ensure they are useful and reflective of the evolving security landscape. More information about the division can be found at http://www.dhs.gov/sector-outreach-and-programs-division.

Cross-Sector Resources

Planning and Security Active Shooter Preparedness Resources – Preparedness resources include a desk reference guide; a poster; and a pocket-size reference card to address how employees, managers, training staff, and human resources personnel can mitigate the risk of and appropriately react in the event of an active shooter situation. Access to all these resources can be found on the Active Shooter Preparedness Webpage (http://www.dhs.gov/active-shooter-preparedness). Materials are also available in Spanish. For more information, please contact [email protected].

Business Continuity Planning Suite – User-friendly and scalable for optimal organizational use, the Suite is designed to reduce the potential impact of a disruption to business. The Suite includes business continuity planning training, business continuity and disaster recovery plan generators, and a business continuity plan validation. The planning suite can be downloaded at http://www.ready.gov/business-continuity-planning-suite.

DHS YouTube Critical Infrastructure Videos – A number of short video Webisodes are available on the DHS YouTube Channel. Related Webisode titles include Joint Operations Centers, Critical Infrastructure Interdependencies, Special Event Preparedness, Critical Infrastructure Protection, and Reducing Vulnerabilities. Watch the critical infrastructure videos in the Counterterrorism playlist on the DHS YouTube Channel (https://www.youtube.com/playlist?list=PL8D0A2FC24D742C77).

Suspicious Activity Reporting for Critical Infrastructure Tool – This tool is a standardized means by which critical infrastructure stakeholders can report suspicious or unusual activities to the government via sector portals on the Homeland Security Information Network—Critical Infrastructure (HSIN-CI). Reports submitted via the tool are reviewed by the National Infrastructure Coordinating Center (NICC), shared with appropriate government recipients, redacted, and then posted to HSIN-CI. To request access to HSIN-CI, please contact [email protected].

SOPD RESOURCE GUIDE OCTOBER 2015 1

http://www.dhs.gov/sector-outreach-and-programs-division

http://www.dhs.gov/active-shooter-preparedness


http://www.ready.gov/business-continuity-planning-suite

https://www.youtube.com/playlist?list=PL8D0A2FC24D742C77

Vehicle Inspection Guide and Video – The DHS Vehicle Inspection Guide and Video serves as a reference for public and private sector partners on how to mitigate risk from vehicle-borne improvised explosive devices (VBIED) and how to strengthen security of critical infrastructure by providing a step-by-step explanation of how to conduct a thorough vehicle inspection systematically, efficiently, and safely. The video covers an interview of vehicle occupants with a focus on indicators of suspicious behavior. The video also presents a detailed, systematic vehicle inspection that highlights potential indicators to recognize during an inspection. The guide provides vital knowledge of “hot spots” and “IED indicators” for multiple types of vehicles. For more information, please contact the Chemical Sector-Specific Agency at [email protected] or the IP Protective Security Coordination Division, Office for Bombing Prevention at [email protected].

Critical Infrastructure Learning Series – The Critical Infrastructure Learning Series provides one-hour, Web-based seminars conducted by senior critical infrastructure experts on the tools, trends, issues, and best practices for infrastructure security and resilience. Recent learning series Webinar topics include Insider Threat, Active Shooter, and Conducting Security Assessments - A Guide for Schools and Houses of Worship. Series offerings are available at no cost and are highly recommended for government officials and private sector partners responsible for critical infrastructure risk management, security, and emergency management functions. To view these and other pre-recorded Webinars, or to register for updates, go to http://www.dhs.gov/critical-infrastructure-learning-series.

Joint Critical Infrastructure Partnership (JCIP) Webinars Series – The Sector Outreach and Programs Division (SOPD), in partnership with the Regional Consortium Coordinating Council (RC3) and InfraGard, produces one-hour interactive sessions designed to assist critical infrastructure owners and operators, physical security and information security professionals, Chief Information Officers, risk managers, business continuity planners, information technology directors, and local homeland security and emergency management staff in their efforts to enhance the preparation, security, and resilience of communities and their critical infrastructure assets. All materials (PowerPoint slides, etc.) presented during these Webinars can be accessed via HSIN at https://hsin.dhs.gov/ci/sites/ppp/Document%20Library/Forms/AllItems.aspx.

Training DHS.gov Webpage: Critical Infrastructure Training – The Webpage provides links to a wide variety of no-cost, cross-sector, and sector-specific training programs and resources which are available to public and private sector partners. The classroom and Web-based courses provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities. View the list of trainings at http://www.dhs.gov/critical-infrastructure-training.




http://www.dhs.gov/critical-infrastructure-learning-series

https://hsin.dhs.gov/ci/sites/ppp/Document%20Library/Forms/AllItems.aspx

http://www.dhs.gov/critical-infrastructure-training

Independent Online Study Courses Developed by SOPD

The following courses are available through the Federal Emergency Management Agency’s Emergency Management Institute (EMI) independent study program. http://training.fema.gov/is/cisr.aspx

Foundational Courses

IS-821.A: Critical Infrastructure Support Annex – The National Response Framework (NRF) presents the guiding principles that enable all response partners to prepare for and provide a unified national response to disasters and emergencies—from the smallest incident to the largest catastrophe. As part of the NRF, Support Annexes describe how Federal departments and agencies, the private sector, volunteer organizations, and nongovernmental organizations (NGOs) coordinate and execute the common support processes and administrative tasks required during an incident. The actions described in the Support Annexes are not limited to particular types of events, but are overarching in nature and applicable to nearly every type of incident. This course provides an introduction to the Critical Infrastructure Support Annex to the NRF. The training may be accessed on the Federal Emergency Management Agency (FEMA) Emergency Management Institute (EMI) Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-821.a.

IS-860.C: Introduction to the National Infrastructure Protection Plan – The security and resilience of the Nation’s critical infrastructure is essential to the Nation’s security, public health and safety, economic vitality, and way of life. The purpose of this course is to present an overview of the National Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure Security and Resilience (NIPP 2013), which provides the unifying framework for the integration of existing and future critical infrastructure security and resilience efforts into a single national program. Updated to include Presidential Policy Directive 21: Critical Infrastructure Security and Resilience policy, the training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-860.c.

IS-913.A: Achieving Results through Critical Infrastructure Partnership and Collaboration – The purpose of this course is to introduce the skills and tools to effectively achieve results for critical infrastructure security and resilience through partnership and collaboration. At the end of this course, the participants will be able to 1) Explain the value of partnerships for infrastructure security and resilience, 2) Identify strategies to build successful critical infrastructure partnerships, 3) Describe methods to work effectively in a critical infrastructure partnership, 4) Identify processes and techniques used to sustain critical infrastructure partnerships, and 5) Identify strategies and methods for achieving results through critical infrastructure partnerships. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?CODE=IS-913.a.

IS-921.A: Implementing Critical Infrastructure Security and Resilience Programs – This course introduces those with critical infrastructure duties and responsibilities at the State, local, tribal, and territorial levels to the information they need and the resources available to secure and


http://training.fema.gov/is/courseoverview.aspx?code=IS-821.a

http://training.fema.gov/is/courseoverview.aspx?code=IS-860.c

http://training.fema.gov/is/courseoverview.aspx?CODE=IS-913.a

http://training.fema.gov/is/cisr.aspx

improve resilience of the Nation’s critical infrastructure. At the end of this course, the participants will be able to 1) Summarize critical infrastructure responsibilities; 2) Identify the range of critical infrastructure protection government and private-sector partners at the Federal, State, local, tribal, territorial, and regional levels; 3) Describe processes for effective information sharing with critical infrastructure partners; and 4) Identify various methods for assessing and validating information. The training may be accessed on the FEMA EMI Website at https://training.fema.gov/is/courseoverview.aspx?code=IS-921.a.

Security Awareness Series

IS-906: Workplace Security Awareness – This Security Awareness Series course provides guidance to individuals and organizations across all 16 critical infrastructure sectors on how to improve security in the workplace. The course is self-paced and takes about an hour to complete. The comprehensive cross-sector training, which is appropriate for a broad audience regardless of knowledge and skill level, uses innovative multimedia scenarios and modules to illustrate potential security threats. Threat scenarios include Access & Security Control, Criminal & Suspicious Activities, Workplace Violence, and Cyber Threats. The course also features interactive knowledge reviews, employee tools, and additional resources. A certificate is given to participants who complete the entire course. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-906.

IS-907: Active Shooter: What You Can Do – This Security Awareness Series course provides guidance to individuals, including managers and employees, on preparing to respond to an active shooter situation. The course is self-paced and takes about 45 minutes to complete. This comprehensive cross-sector training, which is appropriate for a broad audience regardless of knowledge and skill level, uses interactive scenarios and videos to illustrate how individuals who become involved in an active shooter situation should react. Topics within the course include 1) Actions one should take when confronted with an active shooter and responding law enforcement officials, 2) How to recognize potential indicators of workplace violence, 3) Actions one should take to prevent and prepare for potential active shooter incidents, and 4) How to manage an active shooter incident. This course also features interactive knowledge reviews, a final exam, and additional resources. A certificate is given to participants who complete the entire course. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-907.

IS-912: Retail Security Awareness: Understanding the Hidden Hazards – The purpose of this Security Awareness Series course is to make persons involved in commercial retail operations aware of the actions they can take to identify and report suspicious purchases or thefts of products that actors could use in terrorist or other criminal activities. The course provides an overview of steps to identify and monitor high-risk product inventories and report suspicious activities to law enforcement agencies. The course is designed for retail managers, loss prevention specialists, risk management specialists, product managers, sales associates, and others involved in retail operations. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=is-912.


https://training.fema.gov/is/courseoverview.aspx?code=IS-921.a

http://training.fema.gov/is/courseoverview.aspx?code=IS-906


http://training.fema.gov/is/courseoverview.aspx?code=is-912

IS-914: Surveillance Awareness: What You Can Do – The purpose of this Security Awareness Series course is to make critical infrastructure employees and service providers aware of actions they can take to detect and report suspicious activities associated with adversarial surveillance. At the end of this course, participants will be able to 1) Identify potential targets of adversarial surveillance; 2) Describe the information obtained by surveillance that is of interest to adversaries; 3) Recognize indicators of surveillance within the everyday environment; 4) Identify actions that you can take to detect potential adversarial surveillance incidents; 5) Describe the importance of identifying and reporting suspicious activities associated with adversarial surveillance; and 6) Specify actions you can take to report potential incidents of adversarial surveillance. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-914.

IS-915: Protecting Critical Infrastructure Against Insider Threat – This Security Awareness Series course provides guidance to critical infrastructure employees and service providers on how to identify and take action against insider threats to critical infrastructure. At the end of the course, the participants will be able to 1) Describe the threat that malicious insiders pose to critical infrastructure, 2) Identify common characteristics and indicators associated with malicious insiders, and 3) Identify actions that can be taken against insider threats. The training may be accessed on the FEMA EMI Website at http://www.training.fema.gov/is/courseoverview.aspx?code=IS-915.

IS-916: Critical Infrastructure Security: Theft and Diversion – What You Can Do - This Security Awareness Series course introduces critical infrastructure personnel to the information they need and the resources available to identify threats and vulnerabilities to critical infrastructure from the theft and diversion of critical resources, raw materials, and products that can be used for criminal or terrorist activities. At the end of this course, participants will be able to: 1) Describe the threat that theft and diversion pose to critical infrastructure protection and resilience; 2) Recognize which of your resources, raw materials, products, or technologies are vulnerable to theft and diversion; 3) Identify commonly used theft and diversion methods and schemes; 4) Recognize suspicious behaviors and activities associated with theft and diversion; and 5) Identify measures for protecting against theft and diversion. The training may be accessed on the FEMA EMI Website at http://training.fema.gov/is/courseoverview.aspx?code=IS-916.

For more information about critical infrastructure security and resilience training courses from the Office of Infrastructure Protection, please contact [email protected].



http://www.training.fema.gov/is/courseoverview.aspx?code=IS-915

mailto:[email protected].

Texas A&M Engineering Extension Service

Developed in partnership with SOPD, the Texas A&M Engineering Extension Service delivers these Critical Infrastructure Security and Resilience courses at the State, local, and regional levels. https://teex.org/Pages/Search.aspx?q=Critical Infrastructure Protection

AWR-213: Basic Critical Infrastructure Protection – This critical infrastructure awareness course provides public and private critical infrastructure partners with essential knowledge and awareness necessary to understand and follow the guiding principles, roles, and responsibilities that underlie the Nation’s collaborative strategy for critical infrastructure protection. Topics covered in this one-day course include 1) Objectives in achieving critical infrastructure protection efforts through the implementation of the NIPP, 2) Roles and responsibilities of critical infrastructure partners, 3) The risk management framework process, 4) Critical infrastructure partnering mechanisms, 5) Critical infrastructure information sharing network, and 6) Exploration of critical infrastructure collaborative efforts in the jurisdiction. Register at https://teex.org/Pages/Class.aspx?course=AWR213&courseTitle=Critical+Infrastructure+Key +Resources+Awareness+Course

MGT-414 Advanced Critical infrastructure Protection Classroom Course – This management-level course is intended for critical infrastructure owners, operators, and managers; State, local, tribal, and territorial government senior officials and managers; DHS infrastructure protection personnel; Sector-Specific Agency personnel; and other Federal agency managerial personnel. The purpose of the course is to extend the knowledge, skills, and abilities developed in the awareness level course (AWR-213) and to formulate considerations for the resilience of jurisdictional assets leveraging cross-sector partnerships. Topics covered in this one-day course include critical infrastructure review, cross-sector consequences, local jurisdiction next steps, national and community resilience, and resilience concepts. Register at https://teex.org/Pages/Class.aspx?course=MGT414&courseTitle=Advanced+Critical+Infrastr ucture+Protection

For more information about these courses, please contact [email protected].

Exercise Programming Cross-Sector Active Shooter Security Seminar and Exercise Workshop – This is a one-day workshop designed to be applicable to any sector for general awareness of how to respond to an active shooter incident. The workshop will enhance awareness of an active shooter event by educating participants on the history of active shooter events and describing common behaviors, conditions, and situations associated with active shooters. The intent of the program is to foster communication between critical infrastructure owners and operators, and local emergency response teams through discussions on interoperability; communications; and best practices for planning, preparedness, and response. For more information, or to obtain a list of scheduled events, please contact the Sector Outreach and Programs Division at [email protected].


https://teex.org/Pages/Class.aspx?course=AWR213&courseTitle=Critical+Infrastructure+Key+Resources+Awareness+Course

https://teex.org/Pages/Class.aspx?course=AWR213&courseTitle=Critical+Infrastructure+Key+Resources+Awareness+Course

https://teex.org/Pages/Class.aspx?course=MGT414&courseTitle=Advanced+Critical+Infrastructure+Protection

https://teex.org/Pages/Class.aspx?course=MGT414&courseTitle=Advanced+Critical+Infrastructure+Protection


https://teex.org/Pages/Search.aspx?q=Critical%20Infrastructure%20Protection


Dealing with Workplace Violence Tabletop Exercise (TTX) – The Office of Infrastructure Protection’s Sector Outreach and Programs Division developed the exercise to address workplace violence situations. The TTX is in three modules: the pre-incident phase, to include recognizing potential warning signs of workplace violence; the incident and response phase; and the assessment phase. The TTX will focus discussions on how to limit escalation and reduce the threat of violent behavior. In the event that an incident does occur, it also addresses how facilities can work with their employees and public/private partners to ensure they are prepared and able to quickly recover from an event. For more information, please contact the Sector Outreach and Programs Division at [email protected].

Regional Resiliency Assessment Program (RRAP) Discussion-Based Exercises – These exercises are offered to those jurisdictions participating in the RRAP. The core component of these efforts will be a capstone Tabletop Exercise (TTX) delivered approximately one-year after completion of the assessment. The core objective of this TTX will be to determine changes to a jurisdiction’s or sector’s overall baseline resilience as a result of the implementation of protective measures suggested by the RRAP process. In the intervening year, the SOPD Stakeholder Readiness and Exercise team coordinates with the RRAP exercise planning team to deliver other requested preparatory activities such as workshops to help shape the capstone TTX. For more information, please contact the Sector Outreach and Programs Division at [email protected].

Stakeholder Readiness & Exercises (SRE) Program – Stakeholder Readiness and Exercises works with critical infrastructure stakeholders to plan, develop, and facilitate a wide range of exercises to test plans and procedures; identify gaps; and recognize lessons learned and best practices. By working with these partners, SRE develops scenarios and exercise plans that directly address the most salient threats to their communities, enhancing their ability to respond to and recover from all-hazards events. For more information about SRE, or to request an exercise, please email [email protected].

Sector-Specific Tabletop Exercise Program (SSTEP) – The SSTEP is a risk management tool tailored for critical infrastructure sectors and partners to assess and update existing plans, policies, and procedures. The SSTEP allows users to leverage pre-built exercise templates and tailor them to their community’s specific needs. SSTEP materials include a model exercise and support documentation that can be refined and further developed to exercise and evaluate specific areas of concern for critical infrastructure owners and operators. For more information, please contact the Sector Outreach and Programs Division at [email protected].

Information Sharing Homeland Security Information Network (HSIN) Communities of Interest (COI) – HSIN is a Web-based knowledge management tool designed to provide a reliable and secure system for information sharing and to increase collaboration between Federal, State, local, tribal, territorial, private sector, and international entities engaged in the homeland security mission. HSIN is composed of many diverse compartments called Communities of Interest (COI), each of which is designed and maintained by its own administrators. HSIN is a secure system, and access to compartments is granted by invitation only. A single user may be invited to multiple






COIs, depending on their need to access that information. For more information, visit http://www.dhs.gov/hsin, or contact the HSIN Help Desk at 1-866-430-0162 or [email protected].

Homeland Security Information Network - Critical Infrastructure (HSIN-CI) – HSIN-CI is the primary information sharing platform between the critical infrastructure sector stakeholders and government. With a library of products that increases nearly every two hours, HSIN-CI enables Federal, State, local, and private sector critical infrastructure owners and operators to communicate, coordinate, and share sensitive and sector-relevant information to protect their critical assets, systems, functions, and networks at no charge to sector stakeholders. To request access to HSIN-CI, please contact [email protected]. When requesting access, indicate the critical infrastructure sector to which the company belongs and include name, company, official email address, and supervisor’s name and phone number.

• Critical Infrastructure Training Portal – The portal is located on the HSIN-CI page and offers a single point of entry for relevant training, guidance documents, presentations, brochures, instructional videos, and links to external educational resources. The portal is available to HSIN-CI users only. For more information about HSIN-CI, go to http://www.dhs.gov/hsin.

Information Sharing Snapshot – This two-page snapshot describes the Information Sharing Environment (ISE), which is designed to improve the overall effectiveness of information sharing between and among Federal, State, local, tribal, and territorial governments and the private sector. To enable the protection of critical infrastructure, the U.S. Department of Homeland Security established an information-sharing network that is guided primarily by the National Infrastructure Protection Plan (NIPP) and works in coordination with the efforts of the Federal ISE. For more information, email [email protected] or see http://www.dhs.gov/xlibrary/assets/NIPP_InfoSharing.pdf.

Open Source Infrastructure Report (OSIR) – This report is IP’s flagship report, produced five days a week, and is distributed as a monthly newsletter that summarizes and highlights key stories derived from open sources. The report provides event summaries and links to the full content for the reader’s convenience. The report is widely read and received by over 40,000 partners. The collected information is also used to provide content (i.e., sector intel reports that include cyber threat and analysis) for our 20+ sector/partner specific portals. For more information, please email [email protected].

The Partnership Bulletin – The Partnership Bulletin is designed as a quick reference guide for widest distribution to public and private sector stakeholders to provide upcoming cross-sector training opportunities and exercises, along with critical infrastructure events and key announcements. To receive this bulletin directly, send your request to [email protected].

The Partnership Quarterly – The Partnership Quarterly newsletter includes critical infrastructure security and resilience articles, highlights cross-sector initiatives, provides training and exercise opportunities, new tools, and resources available to public and private sector stakeholders. To subscribe or submit story ideas, email [email protected] with “Partnership Quarterly” in the email subject line.


http://www.dhs.gov/hsin



http://www.dhs.gov/homeland-security-information-network


http://www.dhs.gov/xlibrary/assets/NIPP_InfoSharing.pdf




Policy National Infrastructure Advisory Council (NIAC) – The NIAC provides advice to the President, through the Secretary of the U.S. Department of Homeland Security, on the security of the critical infrastructure sectors and their information systems. The Council is composed of a maximum of 30 members appointed by the President from private industry, academia, and State and local government. For more information, see www.dhs.gov/niac or contact [email protected].

National Infrastructure Protection Plan (NIPP) 2013 – The NIPP provides the unifying structure for the integration of a wide-range of efforts for the enhanced protection and resilience of the Nation’s critical infrastructure into a single national program. For more information, see http://www.dhs.gov/national-infrastructure-protection-plan or to request materials contact [email protected].

National Infrastructure Protection Plan (NIPP) Sector Partnership – The partnership is intended to improve the protection and resilience of the Nation’s critical infrastructure sectors. It provides a forum for 16 designated critical sectors to engage with the Federal Government regularly on national planning, risk mitigation, program identification and implementation, and information sharing. Additional information for private sector owners and operators of critical infrastructure may be found at http://www.dhs.gov/critical-infrastructure-sector-partnerships or contact the Sector Outreach and Programs Division at [email protected].

Regional Consortium Coordinating Council (RC3) Member and Mission Landscape Study – The RC3 completed its Member and Mission Landscape Study utilizing open-source research and interviews with executive directors and leaders of the Council’s member organizations to examine five key regional partnership areas: the value the RC3 provides its membership, the composition and reach of RC3’s member organizations, member organization missions, critical infrastructure security and resilience activities, and member challenges and requirements for continued partnership sustainment. This research is aimed to ultimately determine initiatives and priorities, as well as document best practices, for the council and regional coalitions to enhance the awareness and delivery of security and resilience tools and communications to public-private partnerships. The Member and Mission Landscape Study can be accessed at https://rtriplec.files.wordpress.com/2014/11/rc3-member-and-mission-landscape-studyfinal-072214.pdf or request a copy at [email protected].

Sector-Specific Plans – The plans represent collaboration between government and private sector partners to develop, update, and maintain Sector-Specific Plans (SSP) for all 16 sectors. SSPs support the National Infrastructure Protection Plan (NIPP) by establishing a coordinated approach to national priorities, goals, and requirements for critical infrastructure protection. Each SSP provides the means by which the NIPP is implemented for each sector, as well as a national framework to address the sector’s unique characteristics and risk landscape. SSPs for each critical infrastructure can be located at http://www.dhs.gov/critical-infrastructure-sectors. The NIPP framework can be located at http://www.dhs.gov/national-infrastructure-protectionplan. For more information, please contact the Sector Outreach and Programs Division at [email protected].


http://www.dhs.gov/niac


http://www.dhs.gov/national-infrastructure-protection-plan


http://www.dhs.gov/critical-infrastructure-sector-partnerships


https://rtriplec.files.wordpress.com/2014/11/rc3-member-and-mission-landscape-study-final-072214.pdf

https://rtriplec.files.wordpress.com/2014/11/rc3-member-and-mission-landscape-study-final-072214.pdf


http://www.dhs.gov/critical-infrastructure-sectors




SLTTGCC Summary of Regional Reports: Critical Infrastructure Programs 2011-2013 In 2011, the State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC) launched a multiyear effort to study the composition, activities, and needs of State and local critical infrastructure protection (CIP) programs in each of the 10 Federal regions. This document consolidates summaries of the 10 reports into a quick reference guide of the major themes. The report can be accessed through HSIN-CI at https://hsin.dhs.gov/ci/regional/slttgcc/Lists/Announcements/Attachments/58/SLTTGCC%2 0Regional%20Reports%20Summary%20FINAL%20July%202014.pdf. To request access to HSIN-CI, please contact [email protected].

Higher Education

Critical Infrastructure Security and Resilience

Higher Education Initiative

The SOPD Stakeholder Education and Training Section and the George Mason University School of Business, Center for Infrastructure Protection and Homeland Security (CIP/HS) develop graduate course prototype syllabi, case studies, and classroom exercises in critical infrastructure security and resilience. These courses cover topics in critical infrastructure security and resilience, such as partnerships, risk management, information sharing, systems analysis, policies and strategies, and cybersecurity. The courses are intended to foster critical infrastructure education programs that produce and sustain the leaders and workforce required for the government and the private sector to effectively protect critical infrastructure. As critical infrastructure security and resilience spans numerous fields of study, including computer science, criminal justice, engineering, homeland security, global security, and public policy, the prototype syllabi and related materials are publicly available to the higher education community to provide a foundation for critical infrastructure education. These courses may be incorporated into the curriculum of any program and used by any institution of higher learning. The materials can be downloaded at: http://cip.gmu.edu/courses/.

Graduate Level Curricula – These courses can be used as stand-alone classes or part of a graduate degree or concentration.

• Introduction to Critical Infrastructure Security and Resilience • Information Sharing for Critical Infrastructure Security and Resilience • Critical Infrastructure Security and Resilience Capstone • Critical Infrastructure Security and Resilience: Sector Approaches and Cross-Sector

Interdependencies


https://hsin.dhs.gov/ci/regional/slttgcc/Lists/Announcements/Attachments/58/SLTTGCC%20Regional%20Reports%20Summary%20FINAL%20July%202014.pdf

https://hsin.dhs.gov/ci/regional/slttgcc/Lists/Announcements/Attachments/58/SLTTGCC%20Regional%20Reports%20Summary%20FINAL%20July%202014.pdf


http://cip.gmu.edu/courses/

• Critical Infrastructure Security and Resilience: The Cyber Dimension • Critical Infrastructure Security and Resilience: The International Dimension • Risk Management for Critical Infrastructure Security and Resilience • Critical Infrastructure Security and Resilience Systems Analysis • Methods, Policies, and Strategies • Critical Infrastructure Security and Resilience: Identifying, Assessing, and Addressing

Emergent Threats

• Designing Resilient Infrastructure

Critical Infrastructure Security Graduate/Professional Certificate – The five courses below can be used to create a concentration or certificate in critical infrastructure.

• Foundations of Critical Infrastructure Security and Resilience • Advanced Topics in Critical Infrastructure Security and Resilience • Assessing and Managing Risk to Critical Infrastructure Systems • Critical Infrastructure Security, Resilience, and Cybersecurity • Partnering and Information Sharing for Critical Infrastructure Security and Resilience

Master’s in Public Administration (MPA): Critical Infrastructure Concentration Courses –The prototype syllabi have been modified to fit into MPA programs with a critical infrastructure focus.

• Critical Infrastructure: Emergency Planning and Response • Federal Budgeting and Critical Infrastructure • Infrastructure Protection and Emergency Response: Interagency Communication and

Coordination • Organization Theory and Behavior: Organizing for Critical Infrastructure • Program Evaluation • Project Management • The Public Policy Process and Critical Infrastructure/Domestic Security Policy • Third Party Governance and Critical Infrastructure Protection

Case Studies and Classroom Exercises – The case studies and exercises can be used on their own or in addition to the course syllabi.

• Blackout: A Case Study of the 2003 North American Power Outage and Exercise – On August 14, 2003, large portions of Ohio, Michigan, Pennsylvania, Massachusetts, New York, Connecticut, New Jersey, and Ontario, Canada, went dark in a matter of seconds. The loss of electricity not only caused the lights to go out, but also shut down airports, subways, trains, and tunnels. The exercise centers on strategy and planning activities in an interdependency-rich environment.


• Collapse: A Case Study of the Minneapolis I-35W Bridge Disaster and Exercises – On August 1, 2007, the city’s fire department was dispatched to the I-35W Bridge just after 6:00 p.m. at the peak of rush hour. The entire eight-lane span had fallen into the Mississippi River, taking with it more than 100 vehicles. This case highlights the challenges of planning and response in a highly-vulnerable, multi-threat environment that is a nexus of multiple infrastructure modes.

• Derailed: A Case Study of the 2001 Howard Street Tunnel Fire with Exercises – On July 18, 2001, civil defense sirens wailed in Baltimore, Maryland, to alert citizens of a fire below the city. Thick, black smoke billowed from both ends of the 1.7 mile Howard Street Tunnel that crossed the city’s downtown area. In addition to the fire, a forty-inch wide water main ruptured above the tunnel and water seeped into the tunnel and flooded the streets and surrounding businesses. About 1,200 customers lost power, and Internet service from Washington, D.C., to New York City slowed. The 2001 Howard Street Tunnel freight train derailment in Baltimore is a compelling case study that illustrates the central role that information sharing has in critical infrastructure security and resilience. The multi-modal and multi-sector consequences present a rich opportunity for participants to think critically about how information sharing strategies can be developed and implemented to mitigate risks and improve response.

• Expansion of Lifeline Services in Colorado Springs, CO – This exercise describes and assesses the current state of three lifeline infrastructures in Colorado Springs. The case study can be adapted to any city or metropolitan area

• ACME Amazium Refinery All-Hazards Performance Profile Exercise – This is an exercise in writing an all-hazards performance profile for a fictitious facility in Memphis, Tenn., using the U.S. Department of Homeland Security’s Threat and Hazard Identification and Risk Assessment (THIRA) process (U.S. Department of Homeland Security, 2013).

For more information about the Higher Education Initiative, please contact [email protected].



Chemical Sector Resources Chemical Facility Security: Best Practices Guide for an Active Shooter Incident – This booklet draws upon best practices and findings from tabletop exercises to present key guidance for chemical facility planning and training, and poses specific questions that an effective active shooter response and recovery plan will answer. For more information, please contact the Chemical Sector-Specific Agency (SSA) at [email protected].

Chemical Sector Classified Briefing – The Chemical SSA sponsors a classified briefing for cleared industry representatives as needed. The intelligence community provides briefings on both physical and cyber threats, as well as other topics of interest for chemical supply chain professionals. For more information contact the Chemical SSA at [email protected].

Chemical Sector Industrial Control Systems (ICS) Security Resource DVD - The chemical industry, in partnership with DHS, has collected a wealth of cybersecurity information to assist owners and operators in addressing ICS security. The DVD contains a wide-range of useful information, including ICS training resources, existing standards, reporting guidelines, cybersecurity tabletop exercises, and the National Cyber Security Division’s Cyber Security Evaluation Tool. The DVD is available for free upon request. For more information, or to obtain a copy of the DVD, please contact the Chemical SSA at [email protected].

Chemical Sector Portal on the Homeland Security Information Network - Critical Infrastructure (HSIN-CI) – The Homeland Security Information Network - Critical Infrastructure (HSIN-CI) is a secure information-sharing platform for the critical infrastructure community and includes the HSIN-CI Chemical portal. The HSIN-CI Chemical portal is available to both public and private Chemical Sector stakeholders as a key tool for security and incident preparedness and response information. HSIN-CI Chemical users can communicate, collaborate, and receive general and threat information impacting Chemical Sector stakeholders during operationally significant situations For example, during a hurricane, the portal regularly provides alerts and incident bulletins. To gain access to HSIN-CI and the Chemical Sector portal, interested individuals should e-mail [email protected] with a request for nomination to the Chemical Sector portal that includes their name, company, work e-mail address, and title/position description. E-mail addresses must match the company name.

Chemical Sector PS-PREP™ Framework Guide – As part of the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep™), DHS and the Chemical Sector Coordinating Council have developed the Chemical Sector PS-Prep™ Framework Guide for use by sector partners. The Chemical Sector PS-Prep Framework Guide provides a data set that includes extensive lists of laws, regulations, programs, and practices relevant to preparedness, and worksheets that align industry regulations and practices to individual elements of the standards for a defined scope. For more information, please contact the Chemical SSA at [email protected].

Chemical Sector Security Awareness Guide – The purpose of this document is to assist owners and operators in their efforts to improve security at their chemical facility and to provide information on the security threats presented by explosive devices and cyber







vulnerabilities. For more information, please contact the Chemical SSA at [email protected].

Chemical Sector Security Summit – The Chemical SSA annually co-sponsors the Chemical Sector Security Summit (Summit) with the Chemical Sector Coordinating Council (SCC). The Summit consists of workshops, presentations, and discussions covering current security regulations, industry best practices, and tools for the Chemical Sector. In addition, the event is designed for industry professionals throughout the Chemical Sector to provide participants a broad representation from the chemical stakeholder community, senior DHS and other government officials, and congressional staff. For information on the Summit, please visit www.dhs.gov/chemical-sector-security-summit.

Chemical Sector-Specific Tabletop Exercise Program (SSTEP), Cyber Tabletop Exercise (TTX) – This tabletop exercise is designed to allow participants the opportunity to address key issues, threats, gaps, and concerns affecting the Chemical Sector through a series of facilitated discussions. Focusing on information sharing and coordination activities during incidents, this TTX offers chemical stakeholders the opportunity to assess existing capabilities to respond to and recover from a cybersecurity incident triggered by a terrorist attack. For more information, please contact the Chemical SSA at [email protected].

Chemical Sector Training Resources Guide - The guide contains a list of free or low-cost training, Web-based classes, seminars, and documents that are routinely available through one of several component agencies within DHS. The list was compiled to assist facility security officers in training their employees on industry best practices, physical and cybersecurity awareness, and emergency management and response. For more information, please contact the Chemical SSA at [email protected].

Infrastructure Protection Sector-Specific Tabletop Exercise Program (IP-SSTEP), Chemical Sector Tabletop Exercise (TTX) - The IP-SSTEP Chemical Sector TTX is an unclassified and adaptable exercise developed to create an opportunity for public and private critical infrastructure stakeholders and their public safety partners to address gaps, threats, issues, and concerns identified in previous exercises and their after-action review processes. The TTX allows participants an opportunity to gain an understanding of issues faced prior to, during, and after a terrorist threat/attack and the need to coordinate with other entities, both private and government, regarding their facility. It also includes the tools for companies or facilities to conduct a Homeland Security Exercise and Evaluation Program (HSEEP) compliant TTX. For more information, please contact the Chemical SSA at [email protected].

Playbook for an Effective All Hazards Response – This handbook provides a Standard Operating Procedure (SOP) to assist the chemical sector with preparing for, responding to, and recovering from an all-hazards emergency. The intended audience for this SOP is the Chemical Sector Coordinating Council (SCC) membership and the Chemical SSA. It defines the respective roles and responsibilities of the Chemical SCC and Chemical SSA as well as their interaction in support of a coordinated public-private sector response to an all-hazards emergency. Please contact [email protected] for requests and more information.



http://www.dhs.gov/chemical-sector-security-summit





Roadmap to Secure Control Systems in the Chemical Sector – The Chemical SSA, in coordination with public and private sector members of the Chemical Sector Roadmap Working Group, created a plan for voluntarily improving cybersecurity in the Chemical Sector. This Roadmap brings together Chemical Sector stakeholders, government agencies, and asset owners and operators with a common set of goals and objectives. It also provides milestones to focus specific efforts and activities for achieving the goals, while addressing the Chemical Sector’s most urgent challenges, long-term needs, and practices to reduce the cybersecurity risk to industrial control systems (ICS). This document will be supplemented by the Chemical Sector-Specific NIST Framework Implementation Guide in FY16. Please contact [email protected] for requests.

Security Seminar & Workshop Series for Chemical Industry Stakeholders – The Chemical SSA supports requests from state chemical industry councils, industry associations, and emergency management agencies for presentations, training, exhibits, and exercises which improve the security and resilience of the chemical industry by soliciting the appropriate subject matter experts and regional representatives throughout the U.S. Department of Homeland Security (DHS) Office of Infrastructure Protection and other agencies. DHS representatives provide presentations and tabletop exercises on a variety of topics, including active shooter, vehicle-borne improvise explosive devices, and cybersecurity. Participation in events is subject to budget and travel restrictions. Please contact [email protected] for requests and more information.

Threat and Suspicious Activity Reporting Teleconference – The Chemical SSA hosts a monthly unclassified threat briefing and suspicious activity reporting teleconference for chemical facility owners, operators, and supply-chain professionals. To participate, apply for access to HSIN-CI where call-in information is posted to the Chemical portal. This briefing is scheduled monthly at 11 a.m. ET. For more information, please contact the Chemical SSA at [email protected].

Who’s Who in the Chemical Sector – The U.S. Department of Homeland Security has multiple components, directorates, offices, and divisions—many of whom interact with the private sector on a consistent basis. This guide was created by the Chemical SSA to clarify roles and responsibilities and to enhance sector stakeholders’ understanding of “Who Is Who.” Please contact [email protected] for requests and more information.






Commercial Facilities Sector Resources Active Threat Recognition for Retail Security Officers – This 85-minute presentation discusses signs of criminal and terrorist activity, types of surveillance, and suspicious behavioral indicators. To access the presentation, please register at https://share.dhs.gov/attrrso/event/registration.html. After submitting the short registration form and setting a password of your choice, you will receive an email confirmation with instructions for logging in to view the material and corresponding fact sheet. For more information, please contact the Commercial Facilities Sector-Specific Agency (SSA) at [email protected].

Commercial Facilities Sector Pandemic Planning Documents – Public assembly venue owners and operators use these pandemic influenza planning documents to enhance pandemic operational response planning. These guides provide key steps and activities for managers of public assembly venues to consider when operating their facilities during pandemic situations. These guides are used in connection with the worksheet which displays the status of operational activities that venues should use to respond to the influenza's impact on venues and surrounding areas. A checklist outlines the various activities that should be considered by public assembly venues when developing a pandemic response plan. Planning documents can be accessed at http://www.dhs.gov/publication/commercial-facilities-pandemic-influenza-guides.

DHS Lodging Video: “No Reservations: Suspicious Behavior in Hotels” – The video is designed to raise hotel employee awareness of suspicious behavior by highlighting the indicators of suspicious activity. It also provides information to help employees identify and report suspicious activities and threats in a timely manner. The video can be viewed at http://www.dhs.gov/video/no-reservations-suspicious-behavior-hotels-english. It is also available in Spanish. For more information, please contact the Commercial Facilities SSA at [email protected].

DHS Retail Video: "What's in Store - Ordinary People/Extraordinary Events" – This video is for retail employees of commercial shopping venues to alert them of the signs of suspicious behavior in the workplace that might lead to a catastrophic act. The video is intended to both highlight suspicious behavior, as well as encourage staff to take action when suspicious behavior is identified. The video can be viewed at http://www.dhs.gov/video/what%E2%80%99s-store-ordinary-people-extraordinary-events. It is also available in Spanish. For more information, please contact the Commercial Facilities SSA at [email protected].

DHS Sports Leagues/Public Assembly Video: “Check It! How to Check a Bag” – The video is designed to raise frontline facility employee awareness by highlighting the indicators of suspicious activity. It also provides information to help employees properly search bags in order to protect venues and patrons across the country. View the Check It! video at http://www.dhs.gov/video/nppd-bag-check-video. For more information, please contact the Commercial Facilities SSA at [email protected].


https://share.dhs.gov/attrrso/event/registration.html


http://www.dhs.gov/publication/commercial-facilities-pandemic-influenza-guides

http://www.dhs.gov/video/no-reservations-suspicious-behavior-hotels-english


http://www.dhs.gov/video/what%E2%80%99s-store-ordinary-people-extraordinary-events


http://www.dhs.gov/video/nppd-bag-check-video


Evacuation Planning Guide for Stadiums – This product is intended to assist stadium owners and operators with developing an evacuation plan and determining when and how to evacuate, conduct shelter-in-place operations, or relocate stadium spectators and participants. The guide is available at http://www.dhs.gov/publication/evacuation-planning-guides. For more information, please contact the Commercial Facilities SSA [email protected].

Hotel and Lodging Advisory Poster – This poster was created for all U.S. lodging industry staff to increase awareness of a lodging property’s potential for being used for illicit purposes and suspicious behavior. The poster also outlines appropriate actions for employees to take if they notice suspicious activity. It was designed in tandem with the Commercial Facilities Sector Coordinating Council and the Lodging Subsector, and is available at http://www.dhs.gov/xlibrary/assets/ip_cikr_hotel_advisory.pdf. For more information, please contact the Commercial Facilities SSA at [email protected].

Infrastructure Protection Sector-Specific Table Top Exercise Program (SSTEP) for the Commercial Facilities Sector – The SSTEP allows users to leverage pre-built exercise templates and tailor them to their community’s specific needs in order to assess, develop, and update plans, programs, policies, and procedures within an incident management functional area. The SSTEP is an all-hazards risk management tool designed for use by critical infrastructure owners and operators that focuses on information sharing and coordination between sector-specific entities, the facility or venue, first responders, and other relevant stakeholders. The SSTEP materials provide a model exercise and support documentation that can be refined and further developed to exercise and evaluate specific areas of concern. The ability for public and private sector organizations to plan and execute Homeland Security Tabletop Exercise and Evaluation Program (HSEEP)-based exercises will continue to enhance security and resilience by enabling these organizations to identify strengths and areas for improvement within their operating plans, techniques, and procedures. These identified issues are then developed into an improvement plan that clearly outlines those measures necessary to improve on current concepts. For more information, please contact the Commercial Facilities SSA at [email protected].

Mountain Resorts and Outdoor Events Protective Measures Guides – These guides are a compilation of materials shared by industry leaders which are intended for reference and guidance purposes only. They provide an overview of protective measures that can be implemented to assist owners and operators of commercial facilities in planning and managing security at their facilities or events, as well as examples of successful planning, organizing, coordinating, training, communications, and operational activities. For more information, please contact the Commercial Facilities SSA at [email protected].

Protective Measures Guide for the U.S. Lodging Industry – Produced in collaboration with the American Hotel & Lodging Association, the Protective Measures Guide for the U.S. Lodging Industry offers options for hotels to consider when implementing protective measures. This guide provides an overview of threat, vulnerability, and protective measures designed to assist hotel owners and operators in planning and managing security at their facilities. For more information, please contact the Commercial Facilities SSA at [email protected].


http://www.dhs.gov/publication/evacuation-planning-guides


http://www.dhs.gov/xlibrary/assets/ip_cikr_hotel_advisory.pdf





Protective Measures Guide for U.S. Sports Leagues – This protective measures guide provides an overview of best practices and protective measures designed to assist sports teams and owners/operators of sporting event venues with planning and managing security at their facility. The guide also provides examples of successful planning, organizing, coordinating, training, communications, and operational activities that result in a safe sporting event experience. For more information, please contact the Commercial Facilities SSA at [email protected].

Retail and Shopping Center Advisory Poster – This awareness poster is intended to help train retail employees on the recognition of suspicious behavior that could indicate bomb-making activities, provides specific details on what may be considered suspicious, and encourages reporting of suspicious behavior. For more information, please contact the Commercial Facilities SSA at [email protected].

Sports Venue Bag Search Procedures Guide – This guide provides suggestions for developing and implementing bag search procedures at sporting event venues that host major sporting events. The purpose for establishing bag search procedures is to control items which are hand-carried into the sports venue. The bag search procedures should be a part of the venue’s overall security plan and should be tested and evaluated as outlined in the security plan. The actual implementation of bag search procedures and the level of search detail will depend upon the threat to the venue as determined by the venue’s security manager. For more information, please contact the Commercial Facilities SSA at [email protected].

Sports Venue Credentialing Guide – This guide provides suggestions for developing and implementing credentialing procedures at sporting event venues that host professional sporting events. The purpose for establishing a credentialing program is to control and restrict access to a sports venue, and provide venue management with information on those who have access. Credentialing can also be used to control and restrict vehicle movement within a venue. For more information, please contact the Commercial Facilities SSA at [email protected].

Threat Detection & Reaction for Retail & Shopping Center Staff – This 20-minute presentation is intended for point-of-sale staff, but is applicable to all employees of a shopping center, mall, or retail facility. It uses case studies and best practices to explain suspicious behavior and items, how to reduce the vulnerability to an active shooter threat, and the appropriate actions to take if employees notice suspicious activity. The presentation can be viewed on the HSIN-CI Commercial Facilities portal at https://share.dhs.gov/p21849699/?launcher=false&fcsContent=true&pbMode=normal. For more information, please contact the Commercial Facilities SSA at [email protected].

Webinar: Cybersecurity in the Retail Sector – This Webinar will provide retail employees and managers with an overview of the cyber threats and vulnerabilities facing the industry. Participants will gain a heightened sense of the importance for strengthening cybersecurity in the retail workplace. The Webinar reviews the types of cyber systems and infrastructure used by the retail industry and steps that retail personnel can take to address the unique vulnerabilities to those cyber resources. The Webinar is available on HSIN-CI at https://share.dhs.gov/p78334832/?launcher=false&fcsContent=true&pbMode=normal. For more information, please contact the Commercial Facilities SSA at [email protected].






https://share.dhs.gov/p21849699/?launcher=false&fcsContent=true&pbMode=normal


https://share.dhs.gov/p78334832/?launcher=false&fcsContent=true&pbMode=normal


Critical Manufacturing Sector Resources Critical Manufacturing Cybersecurity Tabletop Exercise – In partnership with Critical Manufacturing Sector Coordinating Council members and the DHS National Cyber Security Division (NCSD) exercise program, the Critical Manufacturing SSA has developed a cybersecurity tabletop exercise to highlight potential cybersecurity vulnerabilities. This exercise is divided into two modules that focus on threats to business and industrial control systems. This unclassified tabletop exercise is easily deployable and can be administered by an organization’s IT personnel. For more information, please contact the Critical Manufacturing Sector-Specific Agency (SSA) at [email protected].

Critical Manufacturing Partnership Road Show – This program provides Critical Manufacturing Sector members an opportunity to participate in onsite visits to various DHS locations. The visits include briefings on current threats to the United States, including the Critical Manufacturing Sector, and related infrastructure. For more information, contact the Critical Manufacturing SSA at [email protected].

Critical Manufacturing Portal on The Homeland Security Information Network Critical Infrastructure (HSIN-CI) – HSIN-CI is the primary information-sharing platform for the Critical Manufacturing Sector. The portal is available to both public and private Critical Manufacturing Sector stakeholders and is a key tool for security information awareness. Access enhances the ability of users to receive information and communicate during operationally significant situations. For example, during a hurricane, the portal provides alerts and regularly posted incident bulletins. Interested individuals should contact [email protected] with a request for nomination that includes name, company, and email address. Email addresses must match the company name. Once nominated, registrants will receive an electronic link to an application for completion.

Critical Manufacturing Security Conference – The Critical Manufacturing Security Conference features various vendors and presenters pertinent to the manufacturing arena. Designed for industry professionals throughout the sector, this event provides an important opportunity for Critical Manufacturing Sector security partners to engage in meaningful dialogue and share ideas to enhance sector security. For more information, contact the Critical Manufacturing SSA at [email protected].





Dams Sector Resources Consequence Assessment for Dam Failure Course (E261) – This course provides dam owners; professional staff of the dam safety programs; emergency managers at the Federal, State, local, tribal, and territorial levels; and private sector dam safety, security, and incident management personnel with information needed to define and estimate consequences for dam failure scenarios. The objectives of this course are to assist participants with the concepts of how the consequence assessment is an important part of risk management strategies, how to establish initial priorities using consequence data, and how consequence estimation plays an important role in emergency preparedness efforts. For more information, please contact the Dams Sector-Specific Agency (SSA) at [email protected].

Consequence-Based Top Screen Fact Sheet – This fact sheet provides information pertaining to the Consequence-Based Top Screen (CTS) methodology, including how it was developed, its primary purpose, and a description of the Web-based tool. For more information, please contact the Dams SSA [email protected].

Dam Security and Protection Technical Seminar (E260) – This seminar provides owners/operators, State dam safety officials, and other sector stakeholders with information pertaining to security, protection, and crisis management issues in order to improve understanding of dam-related security and protection concepts. The goals of this seminar are to help integrate security, protection, and resilience strategies into stakeholders’ respective risk management strategies, and leverage existing Dams Sector reference materials to provide the depth and breadth of dam security and resilience expertise and knowledge. For more information, please contact the Dams SSA at [email protected].

Dams and Energy Sector Interdependency Study – This study examines the interdependencies between two critical infrastructure sectors— Dams and Energy—with a particular emphasis on the variability of weather patterns and competing demands for water, which determine the amount of water available for hydroelectric power generation. For more information, please contact the Dams SSA at [email protected].

Dams Sector Active and Passive Vehicle Barriers Guide – This guide assists dam owners and operators in understanding the need for vehicle barriers as part of an overall security plan, and helps familiarize security personnel with the various types of active and passive vehicle barriers. The guide also provides a very cursory level of technical information regarding barriers and includes references to assist owners and operators in properly designing and selecting vehicle barriers and their appurtenant safety and security systems. For more information, please contact the Dams SSA at [email protected].

Dams Sector Consequence-Based Top Screen (CTS) – This methodology allows for the identification of critical facilities within the Dams Sector (i.e., those high-consequence facilities whose failure or disruption could be potentially associated with the highest possible impact among Dams Sector assets). This methodology which considers a worst reasonable case scenario, serves as an effective all-hazards criticality screening tool for a consequence-based approach. For more information, please contact the Dams SSA at [email protected].








Dams Sector Consequence-Based Top Screen (CTS) Reference Guide – This guide provides users with information pertaining to the Top Screen methodology, how it was developed, its primary purpose, and a description of the Web-based tool. For more information, please contact the Dams SSA at [email protected].

Dams Sector Crisis Management Handbook – This handbook provides an introduction to crisis management measures for dam owners and explains how such measures are an important component of an overall risk management program. In addition, it describes major components of crisis management and provides a template and guidelines that might be useful in developing these components for other dams. For more information, please contact the Dams SSA at [email protected].

Dams Sector Information Sharing Drill – This drill identifies the sector’s capability to receive, share, and respond to security-related information; tests information sharing processes and procedures currently in place; and identifies and addresses information sharing gaps, issues, and concerns that could affect the sector during heightened threat conditions. For more information, please contact the Dams SSA at [email protected].

Dams Sector Personnel Screening Guide for Owners and Operators – This guide assists non-Federal owners and operators of dams, locks, and levees with developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribute to enhanced facility security by ensuring that untrustworthy individuals do not gain employment or access to sensitive facilities or information. For more information, please contact the Dams SSA at [email protected].

Dams Sector Roadmap to Secure Control Systems – This handbook describes a plan and strategic vision for voluntary improvement of the cybersecurity posture of control systems within the Dams Sector. Designing, operating, and maintaining a facility to meet essential reliability, safety, and security needs requires careful evaluation and analysis of physical, cyber, and human risk factors. The interaction of both internal and external processes and business systems must also be considered. A cyber event, whether caused by an external adversary, an insider threat, or inadequate policies and procedures, can initiate a loss of system control resulting in negative consequences. This Roadmap recognizes this interconnectivity, but restricts its scope by addressing the cyber issues of control systems. For more information, please contact the Dams SSA at [email protected].

Dams Sector Security Awareness Guide – Levees – This guide assists levee owners in identifying security concerns, coordinating proper response, and establishing effective partnerships with local law enforcement and first responder communities. For more information, please contact the Dams SSA at [email protected].

Dams Sector Security Awareness Guide – This is a non-FOUO version of the Dams Sector Security Awareness Handbook to allow for wider distribution to owners and operators. For more information, please contact the Dams SSA at [email protected].









Dams Sector Security Guidelines – This handbook consolidates effective industry security practices into a framework for owners and operators to select and implement security activities and measures that promote the protection of personnel, public health, public safety, and public confidence. For more information, please contact the Dams SSA at [email protected].

Dams Sector Suspicious Activity Reporting Fact Sheet – This fact sheet provides information regarding the online Suspicious Activity Reporting tool within the HSIN-CI Dams Portal. This online tool was established to provide sector stakeholders with the capability to report and retrieve information pertaining to suspicious activities. For more information, please contact the Dams SSA at [email protected].

Dams Sector Suspicious Activity Reporting Tool – This is an online reporting tool within the HSIN-CI Dams Portal that was established to provide sector stakeholders with the capability to report and retrieve information pertaining to suspicious activities that may potentially be associated with pre-incident surveillance, and those activities related to the exploration or targeting of a specific critical infrastructure facility or system. For more information, please contact the Dams SSA [email protected].

Dams Sector Tabletop Exercise Toolbox (DSTET) – This exercise toolbox provides dam owners and operators with exercise planning resources to address sector-specific threats, issues, and concerns related to the protection of dams. DSTET allows exercise participants to address key issues through a series of facilitated discussions both with physical and cyber scenarios. The intent of the toolbox is to enhance effective information sharing and coordination between owners and operators, first responders, and relevant stakeholders during various threat and incident phases as detailed in the corresponding scenarios. For more information, please contact the Dams SSA at [email protected].

Dams Sector Waterside Barriers Guide – This guide was developed to assist dam owners and operators in understanding the possible need for waterside barriers as part of their overall security plan. It provides owners, operators, and security personnel with a very cursory level of information on barriers and their use, maintenance, and effectiveness—elements that must be carefully taken into account when selecting waterside barriers. For more information, please contact the Dams SSA at [email protected].

Emergency Preparedness Guidelines for Levees: A Guide for Owners and Operators – This document aims to assist public and private stakeholders that have responsibilities as owners or operators in managing levees, floodwalls, pumping stations, and any other components of flood risk management systems. The intent of the document is to provide guidance in preparing for and responding to potential natural and manmade incidents at levees. For more information, please contact the Dams SSA at [email protected].

Estimating Economic Consequences for Dam Failure Scenarios – This document provides information describing the economic consequence estimation approaches most commonly used in the United States and discusses the advantages and limitations of each approach. For more information, please contact the Dams SSA [email protected].









Estimating Loss-of-Life for Dam Failure Scenarios – This document provides information describing loss-of-life estimation approaches most commonly used in the United States and Canada, and discusses the advantages and limitations of each approach. For more information, please contact the Dams SSA [email protected].

IS-870.A: Dams Sector: Crisis Management – This online training course addresses crisis management activities as an important component of an overall risk management program and provides dam and levee stakeholders with recommendations to assist in the development of various plans focused on enhancing preparedness, protection, recovery, and resilience capabilities. The training course describes the purpose and basic elements of emergency action plans, recovery plans, and continuity plans; and addresses the basic elements of an effective exercise program. Access to this course can be found at http://training.fema.gov/is/courseoverview.aspx?code=IS-870.a. For more information, please contact the Dams SSA at [email protected].

IS 871.A: Dams Sector: Security Awareness (FOUO) – This online training course provides information to enhance the ability to identify security concerns, coordinate proper response, and establish effective partnerships with local law enforcement and first responder communities. The training course describes common security vulnerabilities, potential indicators of threats, surveillance detection, and reporting of incidents and suspicious activities. Access to this course can be found at https://hsin.dhs.gov/ci/ds/training/is871a/index.htm. For more information, please contact the Dams SSA at [email protected].

IS 872.A: Dams Sector: Protective Measures (FOUO) – This online training course addresses protective measures related to physical, cyber, and human elements; and describes the importance of these measures as components of an overall risk management program. The training course describes the basic elements of the risk management model and discusses the steps required to develop and implement an effective protective program. Access to this course can be found at https://hsin.dhs.gov/ci/ds/training/is872a/index.htm. For more information, please contact the Dams SSA [email protected].

Physical Security Measures for Levees Fact Sheet – Provides information on physical security measures that a levee owner could employ and the factors affecting the selection of those measures. For more information, please contact the Dams SSA at [email protected].

Protective Measures Handbook (FOUO) – This handbook provides an introduction to protective measures for dam owners. It assists in selecting protective measures addressing the physical, cyber, and human elements, and includes recommendations for developing site security plans. For more information, contact the Dams SSA at [email protected].

Security Awareness Handbook (FOUO) – This handbook assists in identifying security concerns, coordinating proper response, and establishing effective partnerships with local law enforcement and first responder communities. For more information, contact the Dams SSA at [email protected].





https://hsin.dhs.gov/ci/ds/training/is871a/index.htm


https://hsin.dhs.gov/ci/ds/training/is872a/index.htm





Emergency Services Sector Resources Continuity Planning for First Responders Brochure – The Continuity Planning for First Responders brochure was developed by the Emergency Services Sector (ESS) and FEMA Continuity of Operations Division. The brochure was designed to further educate first responders on continuity of operations planning (COOP), the goal of continuity, how to manage your COOP, the National Continuity Programs (NCP), the role of ESS, and the partnership between NCP and ESS. For access and more information, contact the Emergency Services Sector at [email protected].

Emergency Services Information Sharing Bulletin (ESS-ISB) – The ESS-ISB is a monthly security and resilience focused bulletin which provides access to current information for sector stakeholders. With a goal of focusing on process and products which address the requirements of the ESS stakeholders, the ESS-ISB provides information that is vital to the security and resilience of the sector’s stakeholders, including current and new sector-focused tools, tactics, and training. For access and more information, contact the Emergency Services Sector at [email protected].

Emergency Services Personal Readiness Guide for Responders and Their Families – This trifold handout provides a description of the Ready Campaign, the Emergency Services Sector-Specific Agency (SSA), a list of Website resources, and instructions on family preparedness that include suggestions on developing an emergency kit and family emergency plan. For more information, please contact the Emergency Services SSA at [email protected].

Emergency Services Sector-Cyber Risk Assessment (ESS-CRA) – The 2012 ESS-CRA is the first ESS-wide cyber risk assessment tool that analyzes strategic cyber risks to ESS infrastructure. The ESS-CRA process provided a national risk profile that ESS partners can use to prioritize how they spend resources and where to focus training, education, equipment investments, grant requests, and those areas requiring further study. Cyber risks to each discipline are ranked from high to low in terms of likelihood and consequence. The assessment approach is not intended to be guidance for individual entity’s risk management activities. Instead, by increasing the awareness of risks across the public and private sector domains, the ESS-CRA serves as a foundation for ongoing national-level collaboration to enhance the security and resilience of ESS disciplines. If you have any further questions about the Emergency Services Sector-Cyber Risk Assessment, please send an email to [email protected].

Emergency Services Sector Cybersecurity Initiative – The Emergency Services Sector Cybersecurity Initiative is an ongoing effort to enable ESS to better understand and manage cyber risks and to coordinate the sharing of cyber information and tools between subject matter experts (both inside and outside the Federal government) and the ESS disciplines. Additional information can be found at http://www.dhs.gov/emergency-services-sector-cybersecurityinitiative.






http://www.dhs.gov/emergency-services-sector-cybersecurity-initiative

http://www.dhs.gov/emergency-services-sector-cybersecurity-initiative

Emergency Services Sector Resilience Development Project – The Emergency Services Sector Resilience Development Project is a suite of existing resources and best practices that are specifically tailored to meet the unique resilience needs of the first responder community. For more information, please contact [email protected].

Emergency Services Sector Roadmap to Secure Voice and Data Systems – To address the cyber risks identified in the ESS-CRA, the Emergency Services Sector Roadmap to Secure Voice and Data Systems (Roadmap) was developed. The Roadmap identifies and discusses several measures to address cyber risk and includes justification for the response, sector context, barriers to implementation, and suggestions for implementation. The Roadmap is intended to serve as a guide and reference document for ESS personnel as they adapt to the growing prevalence of and reliance upon digital technologies and other cyber infrastructure in the sector. If you have any questions about the Roadmap, please send an email to [email protected].

Emergency Services Sector-Specific Tabletop Exercise Program (ES-SSTEP) – The ESSSTEP tool allows critical emergency services personnel to develop interactive, discussion-based exercises for their communities of interest at both the sector or facility level. The ESSSTEP affords the opportunity for public and private critical infrastructure stakeholders and their public safety partners to exercise incident management plans, programs, policies, and procedures in order to address potential gaps, vulnerabilities, and other pertinent issues. Additional information can be found at http://www.dhs.gov/publication/es-sstep-fact-sheet or contact the Emergency Services Sector at [email protected].

Safety and Security of Emergency Response Vehicles Brochure – This brochure outlines and recommends how to keep emergency response vehicles and equipment safe from theft incidents. Emergency responders will learn how to prevent the loss of property by actively enforcing effective theft prevention measures. For more information, please contact the Emergency Services SSA at [email protected].

The Emergency Services Sector Cybersecurity Initiative – In accordance with Executive Order 13636, the ESS Cybersecurity initiative is intended to enhance the security and resilience of the Emergency Services Sector and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, confidentiality, privacy, and civil liberties. The Cybersecurity Initiative assists the ESS organizations by providing the full range of cybersecurity-related resources provided by the U.S. Department of Homeland Security. For access and more information, contact the Emergency Services Sector at [email protected].

The Emergency Services Sector – Resilience Development Webinar Series (ESS-RDWS) – The ESS-RDWS will be an ongoing resilience-focused Webinar series concentrated on the first responder, focusing on education and awareness, capacity building, and knowledge validation. For access and more information, contact the Emergency Services Sector at [email protected].

Training Video: First Responders ‘Go Kit’ – This video is designed to demonstrate step-bystep content first responders should have in their personal and family emergency kits. For access and more information, contact the Emergency Services Sector at [email protected].




http://www.dhs.gov/publication/es-sstep-fact-sheet




Webinar: Cybersecurity in the Emergency Services Sector – The one-hour course provides an overview of the types of cyber systems and infrastructure that the Emergency Services Sector utilizes and the types of threats and vulnerabilities associated with those IT resources. The Webinar is available on the Homeland Security Information Sharing - Critical Infrastructure (HSIN-CI) Emergency Services Sector portal. For access and more information, contact the Emergency Services Sector at [email protected].

Webinar: The Ready Responder Program for the Emergency Services Sector – The one-hour Web-based seminar focuses on first responder preparedness and best practices and how the Ready Responder program contributes to a safer, more secure, and more resilient America. The Webinar is available on the Homeland Security Information Sharing – Critical Infrastructure (HSIN-CI) Emergency Services Sector portal. For access and more information, contact the Emergency Services Sector at [email protected].




Nuclear Sector Resources Nuclear Sector Classified Threat Briefing – The Nuclear SSA coordinates both regularly scheduled and incident-specific classified briefings for cleared sector partners. For more information, please contact the Nuclear Sector-Specific Agency (SSA) at [email protected].

Nuclear Sector Information Sharing Standard Operating Procedure (SOP) – This document is designed to enhance the effectiveness of voluntary information coordination and distribution among members of the Nuclear Sector Information Sharing Environment. The information-sharing processes are developed as suggested practices and must be used in conjunction with, and subordinate to, legal, regulatory, and industry standard processes that are established within and recognized by the Nuclear Sector and its industry and government members. For more information, please contact the Nuclear SSA at [email protected].

Nuclear Sector Integrated Response Exercises – DHS, the Federal Bureau of Investigation (FBI), the Nuclear Regulatory Commission (NRC), the Nuclear Energy Institute (NEI), and the nuclear power industry coordinate exercises to enhance the capabilities of responders to integrate with onsite security personnel in response to a security incident at a nuclear power plant site. Both tabletop and full-scale exercises culminate at a site. For more information, please contact the Nuclear SSA at [email protected].

Nuclear Sector Security Awareness Guide – This document will assist Nuclear Sector owners and operators in their efforts to improve security at their facility, reaffirm awareness of the security risks to the sector, and provide a list of activities or actions that can be taken to reduce that risk. For more information, please contact the Nuclear SSA at [email protected].

Nuclear SSA Monthly Unclassified Threat Briefing – The Nuclear SSA holds an unclassified security teleconference for nuclear facility owners and operators, plant managers, and security professionals on the first Wednesday of every month. The teleconference provides the opportunity for both the Office of Intelligence and Analysis and Office for Bombing Prevention of the U.S. Department of Homeland Security to brief the Nuclear Sector on significant changes to the threat environment, results of recent terrorism investigations, and other reported suspicious incidents. The Industrial Control Systems Cyber Emergency Response Team (ICSCERT) also briefs the Nuclear Sector on recent cyber alerts and advisories. For more information, please contact the Nuclear SSA at [email protected].

Roadmap to Enhance Cyber Systems Security in the Nuclear Sector – The Roadmap to Enhance Cyber Systems Security in the Nuclear Sector describes coordinated activities to improve cyber systems security in the Nuclear Sector. It provides nuclear control and cyber systems vendors, asset owners and operators, and relevant government agencies with common vision, goals, and objectives for cyber systems security in the sector and milestones to focus specific efforts and activities for achieving these vision, goals, and objectives over the next 10 to 15 years, addressing the Nuclear Sector’s most urgent challenges, as well as its longer term needs to reduce the cybersecurity risk to nuclear power plant cyber systems. For more information, please contact the Nuclear SSA at [email protected].







I

Catalog of Federally Sponsored

Counter-IED Training and Education

Resources for Private Sector Partners National Protection and Programs Directorate (NPPD)

Office of Infrastructure Protection (IP)

Office for Bombing Prevention (OBP)

October 2015

Homeland

Security

http://www.dhs.gov/

This product was developed in coordination with the Joint Program Office for Countering

Improvised Explosive Devices (JPO C-IEDs)

I

Introduction

The Catalog of Federally Sponsored Counter-IED Training and Education Resources for Private

Sector Partners lists explosives and improvised explosive devices (IED)-related Federal

resources of value to the private sector. The Catalog was developed by the Department of

Homeland Security (DHS) Office for Bombing Prevention (OBP) in collaboration with Federal

interagency partners through the Joint Program Office for Countering Improvised Explosive

Devices (JPO C-IED). The JPO C-IED is responsible for coordinating the implementation of the

recently updated U.S. Policy for Countering IEDs. The resources in this Catalog support goals

and capabilities outlined in the revised policy and are intended to enhance the effectiveness of

U.S. counter-IED efforts, including:

Enhancing the ability to deter, detect, and prevent IEDs before threats become imminent.

Ensuring that protection and response efforts effectively neutralize or mitigate the consequences of attacks that do occur.

Leveraging and integrating a “whole-of-government” approach across law enforcement, diplomatic, homeland security, and military disciplines.

Promoting and enhancing information sharing and cooperation between all levels of government and the private sector.

The Catalog identifies training and education resources that are provided directly by the Federal

Government or are federally sponsored, but delivered by a partner organization, such as the

National Domestic Preparedness Consortium. These resources may also be listed in other

catalogs maintained by individual Federal agencies or partner organizations. Courses included

within this Catalog will be periodically updated to ensure accuracy and applicability.

Organization

The resources in this Catalog are organized by course level, following the format of Federal

Emergency Management Agency (FEMA) National Training and Education Division (NTED)

course catalogs. Courses are listed at the awareness, performance, and management levels to

accommodate different job functions within the stakeholder community.

Awareness-level courses are designed for stakeholders who require the skills to recognize and report a potential IED incident or who are likely to witness or investigate an event involving the use of hazardous and/or explosive devices.

Performance-level courses are designed for stakeholders who perform tasks during the initial response to an IED event.

Management-level courses are designed for resource managers and/or decision-makers who develop plans and coordinate the prevention of, or response to, an IED event.

Within each course level, the resources are organized alphabetically.

http://www.dhs.gov/obp


http://www.whitehouse.gov/sites/default/files/docs/cied_1.pdf

https://www.firstrespondertraining.gov/catalog.do?a=nted


II

Core Capabilities

The Catalog’s holdings align with the five mission areas and corresponding core capabilities

outlined within the National Preparedness Goal. The chart below illustrates the mission areas and

core capabilities, including the three core capabilities common to all mission areas.

Prevention Protection Mitigation Response Recovery

Planning

Public

Information and

Warning

Operational

Coordination

Intelligence and

Information

Sharing

Interdiction and

Disruption

Screening,

Search, and

Detection

Forensics and

Attribution

Planning

Public Information

and Warning

Operational

Coordination

Intelligence and

Information

Sharing

Interdiction and

Disruption

Screening,

Search, and

Detection

Access Control

and Identity

Verification

Cybersecurity

Physical

Protective

Measures

Risk Management

for Protection

Programs and

Activities

Supply Chain

Integrity and

Security

Planning

Public

Information and

Warning

Operational

Coordination

Community

Resilience

Long-term

Vulnerability

Reduction

Risk and

Disaster

Resilience

Assessment

Threat and

Hazard

Identification

Planning

Public Information and

Warning

Operational

Coordination

Critical Transportation

Environmental

Response/ Health and

Safety

Fatality Management

Services

Infrastructure Systems

Mass Care Services

Mass Search and

Rescue Operations

On-scene Security and

Protection

Operational

Communications

Public and Private

Services and

Resources

Public Health and

Medical Services

Situational

Assessment

Planning

Public Information

and Warning

Operational

Coordination

Economic

Recovery

Health and Social

Services

Housing

Infrastructure

Systems

Natural and

Cultural

Resources

Training and Resource Delivery

Method of delivery for the training and resources identified in the Catalog follow a model adapted

from the FEMA NTED course catalogs. Training is delivered to qualified participants in four ways:

http://www.fema.gov/national-preparedness-goal

III

1. Document: Training and/or guidance is provided in a document resource.

2. Residential: Training and/or guidance occurs at the training provider's facility. 3. Mobile: Training and/or guidance occurs at or near the location of the agency that

requests the training. 4. Web-Based: Training and/or guidance is self-paced and delivered via computer and

Internet connection.

Cost/Funding Source for Resources

There are three options for paying for resources:

1. Federally Funded: There is no cost to the requesting organization; providers pay all costs.

2. Homeland Security Grant Program: The requesting organization must pay for its

participants’ costs, but costs are allowable using authorized Homeland Security Grants. 3. Participant Fee: The requesting organization pays for its participants’ costs.

Participants should contact the training or resource provider with any questions about funding.

Catalog Updates or Questions

Please contact U.S. Department of Homeland Security (DHS) Office for Bombing Prevention

(OBP) at [email protected] should you have any questions, revisions, or course updates related

to this catalog.


IV

Course Listings Course Name Course Provider Page Awareness-Level Courses

Active Threat Recognition for Retail Security Officers

Federal Emergency Management Agency, Emergency Management Institute

1

Blast Injury Fact Sheets Centers for Disease Control and Prevention 1

"Check It!" U.S. Department of Homeland Security, Office of Infrastructure Protection 1

IED Counterterrorism Workshop U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

1

Improvised Explosive Device Threat Awareness and Detection

U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

2

Improvised Explosive Devices, Package Inspection and Mail Room Procedures

State of New Jersey 2

"No Reservations: Suspicious Behavior in Hotels"

U.S. Department of Homeland Security, Office of Infrastructure Protection 3

Retail Security Awareness - Understanding the Hidden Hazards


3

Safeguarding Hotels from the Threat of Terrorism


Surveillance Awareness: What You Can Do


4

Surveillance Detection Awareness on the Job


Threat Detection & Reaction for Retail & Shopping Center Staff


Understanding and Planning for School Bomb Incidents (UPSBI), AWR-132-W - Web-Based

New Mexico Institute of Mining and Technology 5

"What's in Store: Ordinary People/Extraordinary Events"


Workplace Security Awareness Federal Emergency Management Agency, Emergency Management Institute

5

V

Performance-Level Courses

Bomb Threat Management Workshop U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

6

Bombings: Injury Patterns and Care Centers for Disease Control and Prevention 6

IED Protective Measures Course U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

6

IED Search Procedures Workshop U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

7

Land Transportation Antiterrorism Training Program (LTATP)

Federal Law Enforcement Training Center 7

Medical Management of CBRNE Events Texas A&M Engineering Extension Service 7

A Prepared Jurisdiction: Integrated Response to a CBRNE Incident

Louisiana State University 8

Sports Venue Bag Search Procedures Guide


Surveillance Detection Course for Law Enforcement & Security Professionals


8

Vehicle-Borne IED (VBIED) Detection Course


8

Management-Level Courses

Protective Measures Guide for Mountain Resorts (FOUO)


Protective Measures Guide for Outdoor Venues (FOUO)


Protective Measures Guide for the U.S. Lodging Industry (FOUO)


Protective Measures Guide for U.S. Sports Leagues (FOUO)


1

Awareness-Level Courses

Active Threat Recognition for Retail Security Officers

An 85-minute presentation discussing signs of criminal and terrorist activity, types of surveillance, and suspicious behavioral indicators. Mission Area: Prevention; Protection Core Capability: Public Information and Warning

Course Level: Awareness

Targeted Audience: All private sector and public sector employees

Course Provider: FEMA EMI

Delivery Mechanism: Web-based

Cost/Funding Source: Federally funded

Prerequisites: None

Course Length: 1 hour

To Schedule: http://www.dhs.gov/commercial-facilities-training

Blast Injury Fact Sheets

The Center for Disease Control and Prevention (CDC), in collaboration with the Terrorism Injuries: Information, Dissemination and Exchange (TIIDE) partners and with leadership from America Trauma Society, has developed 17 topic-specific fact sheets on the treatment of blast injuries. Fact sheet topics range from blast lung and blast abdomen to the treatment of pediatric and older adult populations. The fact sheets have been disseminated both nationally and internationally as part of mass casualty response efforts. Mission Area: Response Core Capability: Mass Care Services


Targeted Audience: Emergency medical services and health care providers

Course Provider: CDC


Cost/Funding Source: American College of Emergency Physicians (ACEP)

Prerequisites: None

Course Length: N/A

To Schedule: http://www.acep.org/blastinjury/

"Check It!"

Designed to raise the level of awareness for front-line facility employees by highlighting the indicators of suspicious activity, this video provides information to help employees properly search bags in order to protect venues and patrons across the country. Mission Area: Prevention; Protection Core Capability: Public Information and Warning; Screening, Search, and Detection


Targeted Audience: Private sector

Course Provider: DHS/IP



Prerequisites: None

Course Length: 8 minutes

To View: http://www.dhs.gov/xlibrary/videos/nppd_bag_check_042810.wmv

IED Counterterrorism Workshop

This workshop enhances the participant’s understanding of the IED threat, surveillance detection methods, and soft target awareness. The workshop also covers awareness and prevention measures, as well as collaborative information-sharing resources to enable first responders and critical infrastructure owners, operators, and security staff to deter, prevent, detect, and protect against the illicit and terrorist use of explosives in the United States. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: SLTT first responders and public and private sector critical infrastructure owners, operators, and security personnel

Course Details

http://www.dhs.gov/commercial-facilities-training

http://www.dhs.gov/commercial-facilities-training

http://www.acep.org/blastinjury/

http://www.dhs.gov/xlibrary/videos/nppd_bag_check_042810.wmv


2

Course Provider: DHS/IP/OBP

Delivery Mechanism: Mobile

Cost/Funding Source: DHS

Prerequisites: None

Course Length: 8 hours

For More Information: http://www.dhs.gov/bombing-prevention-training-courses#IED Counterterrorism To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].


This course focuses on identifying IEDs. The training provides awareness-level information for staff, management, and security to recognize, report, and react to unusual activities and threats in a timely manner. Mission Area: Prevention; Protection Core Capability: Public Information and Warning




Delivery Mechanism: Virtual (instructor-led)


Prerequisites: None


To Schedule:

Contact local Protective Security Advisor (PSA)

(http://www.dhs.gov/protective-security-

advisors) or send an email to

[email protected].


This course was designed to be delivered in four configurations and can be delivered in a one-, two-, or three-day course based upon the needs of the course participant. Section one can also be a standalone course delivered in one day.

The first section provides emergency responders and private sector security professionals with a basic knowledge of explosives, IEDs, and booby traps; how to recognize them; and what to do when they encounter them. In addition, responders and security professionals are taught how to recognize suspicious packages, package and mail handling procedures, and what to do when they encounter a suspicious package. Lastly, they are taught about bomb threats, from receipt, to clearing the bomb threat. Section one is a prerequisite to both section two and section three. The second section of the course focuses on Vehicle-Borne Improvised Explosive Devices (VBIED) and relies upon the basic concepts taught during the first section of the course. This section provides case studies of VBIEDs, including the attack on the Alfred P. Murrah Building in Oklahoma City; VBIED construction and indicators; vehicle search techniques and procedures; and a practical exercise. The third section of the course, also reliant upon the concepts taught during the first section, focuses on using x-ray technology to recognize suspicious items and improvised explosive devices. This section provides an overview of x-ray technology; images produced by x-ray; recognition of typical construction of items that will commonly be x-rayed, such as laptop computers, cell phones, cameras, GPS, and music players; and images that suggest indicators of an IED. Several practical exercises using the participant's x-ray technology, when the course is held onsite, or slides, when held in a facility that does not have access to x-ray technology, are also included. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency management agency, emergency medical services, fire service, governmental administrative, hazardous material, health care providers, law enforcement, public health, public safety communications, public works, and other private sector representatives

Course Provider: State of New Jersey

http://www.dhs.gov/bombing-prevention-training-courses%23IED%20Counterterrorism


http://www.dhs.gov/protective-security-advisors






3


Cost/Funding Source: Homeland Security Grant

Prerequisites: None

Course Length: 8-24 hours

To Schedule: http://www.ndpci.us/training/ied-training.php


Designed to raise the level of awareness for hotel employees by highlighting the indicators of suspicious activity, this video provides information to help employees identify and report suspicious activities and threats in a timely manner. Also available in Spanish. Mission Area: Prevention; Protection Core Capability: Public Information and Warning






Prerequisites: None


To View: http://www.dhs.gov/video/commercial-facilities-sector-training-and-resources-13


The purpose of this course is to make persons involved in commercial retail operations aware of the actions they can take to identify and report suspicious purchases or thefts of products that actors could use in terrorist or other criminal activities. To achieve this goal, the course provides an overview of prevention steps aimed at identifying and monitoring high-risk inventory products and reporting suspicious activities to law enforcement agencies. At the end of this course, the participants will be able to: 1) Identify steps they can take to help prevent their inventory from being used to manufacture or deploy home-made explosives; 2) Describe the importance of identifying and reporting suspicious purchases and activities in the retail sector; and 3) Specify additional

actions they can take to protect their inventory from misuse or theft.

Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: This course is designed for retail managers, loss prevention specialists, risk management specialists, product managers, sales associates, and others involved in retail operations.



Cost/Funding Source: N/A

Prerequisites: None


To Schedule: http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=IS-912


Developed in collaboration with the American Hotel & Lodging Association, this training provides information on key terrorism topics with reference to actual events. The Webinar includes a high-level briefing on the threat climate for the hotel industry and specific protective measures, focusing on observing and reporting suspicious activity and items. The Webinar focuses on terrorism topics including, but not limited to, lessons learned from Mumbai-style attacks, IED awareness and response, and active shooter scenarios. Mission Area: Prevention; Protection Core Capability: Public Information and Warning; Physical Protective Measures






Prerequisites: None


To View: https://share.dhs.gov/p23934518/

http://www.ndpci.us/training/ied-training.php


http://www.dhs.gov/video/commercial-facilities-sector-training-and-resources-13


http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=IS-912


https://share.dhs.gov/p23934518/

4


The purpose of this course is to make critical infrastructure employees and service providers aware of actions they can take to detect and report suspicious activities associated with adversarial surveillance. To achieve this goal, the course provides an overview of surveillance activities and the indicators associated with them, as well as the actions that employees and service providers can take to report potential surveillance incidents. At the end of this course, the participants will be able to identify potential targets of adversarial surveillance, describe the information obtained by surveillance that is of interest to adversaries, recognize indicators of surveillance within the everyday environment, identify actions that you can take to detect potential adversarial surveillance incidents, describe the importance of identifying and reporting suspicious activities associated with adversarial surveillance, and specify actions you can take to report potential incidents of adversarial surveillance. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: The course is designed for critical infrastructure owners and operators, employees, and service providers, as well as those with critical infrastructure protection duties and responsibilities at the State, local, tribal, and territorial levels.




Prerequisites: None


To Schedule: http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-914


Part of the Department’s "If You See Something, Say Something™" campaign to raise public awareness of potential indicators of terrorism, crime, and other threats and to

emphasize the importance of reporting suspicious activity to law enforcement authorities. This free, online interactive session of video scenarios, commentary by a panel of experts, and questions and comments will better prepare participants to guard against surveillance activities. Mission Area: Prevention; Protection Core Capability: Public Information and Warning






Prerequisites: None

Course Length: 1 hour To View: https://share.dhs.gov/sdaware-roundtable/


This course uses case studies and best practices to explain suspicious behavior and packages, how to reduce the vulnerability to an active shooter threat, and the appropriate actions to take if employees notice suspicious activity. Mission Area: Prevention; Protection Core Capability: Public Information and Warning


Targeted Audience: This presentation is intended for point-of-sale staff, but is applicable to all employees of a shopping center, mall, or retail facility.




Prerequisites: None



http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-914


https://share.dhs.gov/sdaware-roundtable/



5


UPSBI addresses the issues involved in school bomb threats and designing safe and effective response plans for school bomb incidents. In addition, UPSBI provides the tools and information needed to develop or assess an existing school bomb incident response plan. The course has numerous resources, which include full-text documents concerning school emergency management plans, the threat assessment process, planning a functional school training program, and links to FEMA online training for school administrators. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency medical services, fire service, and law enforcement Course Provider: New Mexico Institute of Mining and Technology


Cost/Funding Source: Federally funded-FEMA

Prerequisites: None


To Schedule: http://www.emrtc.nmt.edu/training/upsbi.php


Designed to raise awareness for retail employees by highlighting the indicators of suspicious activity, this video provides information on identifying and reporting suspicious activity and threats at shopping centers and retail establishments. Mission Area: Prevention; Protection Core Capability: Public Information and Warning






Prerequisites: None



Workplace Security Awareness

This course provides guidance to individuals and organizations on how to improve the security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats that endanger the confidentiality, integrity, and security of your workplace, as well as your virtual workplace and computer systems. Employees are often the target of these threats as well as the organization's first line of defense against them. This course presents information on how employees can contribute to your organization's security. Upon completing this course, the participant will be able to: 1) Identify potential risks to workplace security; 2) Describe measures for improving workplace security; and 3) Determine the actions to take in response to a security situation.

Mission Area: Protection Core Capability: Screening, Search, and Detection






Prerequisites: None



http://www.emrtc.nmt.edu/training/upsbi.php





6


Bomb Threat Management Workshop

This workshop improves the ability of critical infrastructure owners, operators, and security personnel to manage IED threats by highlighting specific safety precautions associated with explosive incidents and bomb threats. The workshop reinforces an integrated approach that combines training, planning, and equipment acquisition to maximize available resources for bomb threat management. Public and private sector representatives knowledgeable in regional emergency management procedures are encouraged to attend. Mission Area: Prevention

Core Capability: Interdiction and Disruption

Course Level: Performance

Targeted Audience: Public and private sector critical infrastructure owners, operators, and security personnel




Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Bomb Threat To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

Bombings: Injury Patterns and Care

Bombings: Injury Patterns and Care is designed to provide the latest clinical information regarding blast-related injuries.

Mission Area: Response Core Capability: Mass Care Services






Prerequisites: None


To Schedule: http://emergency.cdc.gov/masscasualties/bombings_injurycare.asp Course Provider: FEMA/CDP

IED Protective Measures Course

This course builds awareness and understanding of the IED threat, terrorist planning cycle, and indicators of suspicious activity. Participants learn about facility vulnerability analysis, counter-IED protective measures, and strategies which can be utilized to mitigate risk and reduce vulnerabilities within their unique sectors. Mission Area: Protection

Core Capability: Physical Protective Measures






Prerequisites: None

Course Length: 16 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Protective Measures To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

http://www.dhs.gov/bombing-prevention-training-courses#Bomb Threat

http://www.dhs.gov/bombing-prevention-training-courses#Bomb Threat




http://emergency.cdc.gov/masscasualties/bombings_injurycare.asp

http://emergency.cdc.gov/masscasualties/bombings_injurycare.asp

http://www.dhs.gov/bombing-prevention-training-courses%23Protective%20Measures





7

IED Search Procedures Workshop

This workshop is designed to increase IED awareness and educate participants on bombing prevention measures and planning protocols to detect IEDs by reviewing specific search techniques. This workshop builds knowledge of counter-IED principles and techniques among first responders and public and private sector security partners tasked with IED search and response protocols.

Mission Area: Protection

Core Capability: Screening, Search, and Detection


Targeted Audience: SLTT first responders and public and private sector security partners




Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#IED Search Procedures To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].


The LTATP is unique in its design, recognizing that security at most land transportation systems is accomplished by a cooperative effort of Federal, State, local, and contract personnel. This program was designed to protect the land transportation infrastructure to include rail, mass transit and bus operations, and, most importantly, passengers and employees. It will address the needs of all personnel charged with security responsibilities. Mission Area: Protection Core Capability: Operational Coordination; Physical Protective Measures


Targeted Audience: Federal, State, and local law enforcement; public and private security personnel; and military personnel involved in transportation

Course Provider: FLETC

Delivery Mechanism: Residential

Cost/Funding Source: Homeland Security grant Program for Attendees Prerequisites: Applicants must be assigned to duties directly related to security and contingency planning of a land transportation system. Course Length: 40 hours To Schedule: https://www.fletc.gov/training-program/land-transportation-antiterrorism-training-program

Medical Management of CBRNE Events

Participants completing this program will be able to properly perform patient triage, decontamination, treatment, and transportation in the event of exposure to chemical, biological, radiological, nuclear, and explosive (CBRNE) weapons. The course consists of facilitated discussions, small group exercises, hands-on activities, and task-oriented practical applications. Course participants will use both state-of-the-art adult and pediatric human patient simulators to promote critical thinking skills while utilizing the RAPID – Care concept. Mission Area: Response Core Capability: Mass Care Services


Targeted Audience: Emergency medical services, health care providers, and law enforcement Course Provider: Texas A&M Engineering Extension Service



Prerequisites: None


To Schedule: https://teex.org/documentsresources/PER-211-Med-Management-of-CBRNE-Events.pdf

http://www.dhs.gov/bombing-prevention-training-courses%23IED%20Search%20Procedures





https://www.fletc.gov/training-program/land-transportation-antiterrorism-training-program



https://teex.org/documentsresources/PER-211-Med-Management-of-CBRNE-Events.pdf

https://teex.org/documentsresources/PER-211-Med-Management-of-CBRNE-Events.pdf

8


The goal of this course is to build relationships that result in effective multidisciplinary integration of emergency response assets, equipment, plans, and procedures during a chemical, biological, radiological, nuclear or explosive (CBRNE) incident or event. Using a whole community approach, the course provides an opportunity for participants to cross-train and recognize the capabilities of responder organizations in their jurisdiction. Using a realistic response scenario, participants will exercise and assess their ability to effectively integrate with other disciplines in their community. Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Emergency management agency, emergency medical services, hazardous materials personnel, health care providers, and law enforcement Course Provider: Louisiana State University (LSU)



Prerequisites: None


To Schedule: http://www.ncbrt.lsu.edu/catalog/performance/integratedresponse.aspx


A joint DHS-private sector document that provides suggestions for developing and implementing bag search procedures at public assembly venues hosting major events. The bag search procedures delineated in this guide are for guidance purposes only; they are not a requirement under any regulation or legislation. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection




Delivery Mechanism: Document


Prerequisites: None

Course Length: N/A To Access: To obtain this document, visit the Homeland Security Information Network (HSIN) page (https://hsin.dhs.gov). Non-HSIN users should contact [email protected] for an electronic PDF copy.


This course provides the participant instruction on how to detect hostile surveillance by exploring surveillance techniques, tactics, and procedures from a hostile perspective. These skills enhance counter-IED capabilities of law enforcement and security professionals to detect, prevent, protect against, and respond to IED threats. Mission Area: Response

Core Capability: Situational Assessment


Targeted Audience: Public and private sector security personnel




Prerequisites: FEMA EMI IS-914, Surveillance Awareness Course Length: 24 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Surveillance Detection To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].


This course improves the participant’s ability to successfully inspect for, detect, identify, and respond to a VBIED. Instruction covers the VBIED threat, explosive effects, IEDs, and vehicle inspections, enabling participants to

http://www.ncbrt.lsu.edu/catalog/performance/integratedresponse.aspx


https://hsin.dhs.gov/


http://www.dhs.gov/bombing-prevention-training-courses%23Surveillance%20Detection





9

detect, deter, and protect against the illicit use of explosives. The course is designed for first responders and public/private security staff tasked with inspecting vehicles for explosives, dangerous goods, or any contraband.

Mission Area: Response

Core Capability: Environmental Response/ Health and Safety


Targeted Audience: SLTT first responders and public and private sector security personnel conducting vehicle inspections




Prerequisites: None

Course Length: 8 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#VBIED Detection To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].



The Protective Measures Guides provide an overview of possible threats, vulnerabilities, and protective measures designed to assist facility owners and operators in planning and managing security specific to their venue to maintain a safer environment for guests and employees. Mission Area: Protection Core Capability: Physical Protective Measures

Course Level: Management





Prerequisites: None

Course Length: N/A

For More Information: [email protected] To obtain these For Official Use Only (FOUO)-designated documents, please visit the Commercial Facilities Publications Webpage (http://www.dhs.gov/commercial-facilities-publications) and follow the instructions to gain access to the Commercial Facilities site on the Homeland Security Information Network - Critical Infrastructure.








Prerequisites: None

Course Length: N/A


http://www.dhs.gov/bombing-prevention-training-courses%23VBIED%20Detection






http://www.dhs.gov/commercial-facilities-publications





10








Prerequisites: None

Course Length: N/A









Prerequisites: None

Course Length: N/A








11

Acronym Appendix Acronym Definition

ACEP American College of Emergency Physicians

CBRNE Chemical, Biological, Radiological, Nuclear, Explosive

CDC Centers for Disease Control and Prevention

CDP Center for Domestic Preparedness

C-IED Counter Improvised Explosive Device

DHS/IP U.S. Department of Homeland Security, Office of Infrastructure Protection

DHS/IP/OBP U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

FBI Federal Bureau of Investigations

FEMA Federal Emergency Management Agency

FEMA EMI Federal Emergency Management Agency Emergency Management Institute

FLETC Federal Law Enforcement Training Centers

FOUO For Official Use Only

HAZMAT Hazardous Materials

HSIN Homeland Security Information Network

ICS Incident Command System

IED Improvised Explosive Device

JPO Joint Program Office

LSU Louisiana State University

LTATP Land Transportation Antiterrorism Training Program

NIMS National Incident Management System

NRF National Response Framework

NTED National Training and Education Division

OBP Office for Bombing Prevention

PSA Protective Security Advisor

SLTT State, Local, Tribal, and Territorial

TIIDE Terrorism Injuries: Information, Dissemination and Exchange

UPSBI Understanding and Planning for School Bomb Incidents

VBIED Vehicle-Borne Improvised Explosive Device

Catalog of Federally Sponsored

Counter-IED Training and Education

Resources for State, Local, Tribal, &

Territorial Partners National Protection and Programs Directorate (NPPD)

Office of Infrastructure Protection (IP)

Office for Bombing Prevention (OBP)

October 2015

Homeland

Security

http://www.dhs.gov/

This product was developed in coordination with the Joint Program Office for Countering

Improvised Explosive Devices (JPO C-IEDs)

I

Introduction

The Catalog of Federally Sponsored Counter-IED Training and Education Resources for State,

Local, Tribal, and Territorial (SLTT) Partners list explosives and IED-related Federal resources of

value to SLTT partners. The Catalog was developed by the Department of Homeland Security

(DHS) Office for Bombing Prevention (OBP) in collaboration with Federal interagency partners

through the Joint Program Office for Countering Improvised Explosive Devices (JPO C-IED). The

JPO C-IED is responsible for coordinating the implementation of the recently updated U.S. Policy

for Countering IEDs. The resources in this Catalog support goals and capabilities outlined in the

revised policy and are intended to enhance the effectiveness of U.S. counter-IED efforts,

including:

Enhancing the ability to deter, detect, and prevent IEDs before threats become imminent.

Ensuring that protection and response efforts effectively neutralize or mitigate the consequences of attacks that do occur.

Leveraging and integrating a “whole-of-government” approach across law enforcement, diplomatic, homeland security, and military disciplines.

Promoting and enhancing information sharing and cooperation between all levels of the Federal government and SLTT partners.

The Catalog identifies training and education resources that are provided directly by the Federal

Government or are federally sponsored but delivered by a partner organization, such as the

National Domestic Preparedness Consortium. These resources may also be listed in other

catalogs maintained by individual Federal agencies or partner organizations. Courses included

within this Catalog will be periodically updated to ensure accuracy and applicability.

Organization

The resources in this Catalog are organized by course level, following the format of Federal

Emergency Management Agency (FEMA) National Training and Education Division (NTED)

course catalogs. Courses are listed at the awareness, performance, and management levels to

accommodate different job functions within the stakeholder community.

Awareness-level courses are designed for stakeholders who require the skills to recognize and report a potential IED incident or who are likely to witness or investigate an event involving the use of hazardous and/or explosive devices.

Performance-level courses are designed for stakeholders who perform tasks during the initial response to an IED event.

Management-level courses are designed for resource managers and/or decision-makers who develop plans and coordinate the prevention of, or response to, an IED event.

Within each course level, the resources are organized alphabetically.







II

Core Capabilities

The Catalog’s holdings align with the five mission areas and corresponding core capabilities

outlined within the National Preparedness Goal. The chart below illustrates the mission areas and

core capabilities, including the three core capabilities common to all mission areas.

Prevention Protection Mitigation Response Recovery

Planning

Public

Information and

Warning

Operational

Coordination

Intelligence and

Information

Sharing

Interdiction and

Disruption

Screening,

Search, and

Detection

Forensics and

Attribution

Planning

Public Information

and Warning

Operational

Coordination

Intelligence and

Information

Sharing

Interdiction and

Disruption

Screening, Search,

and Detection

Access Control

and Identity

Verification

Cybersecurity

Physical Protective

Measures

Risk Management

for Protection

Programs and

Activities

Supply Chain

Integrity and

Security

Planning

Public

Information and

Warning

Operational

Coordination

Community

Resilience

Long-term

Vulnerability

Reduction

Risk and Disaster

Resilience

Assessment

Threat and

Hazard

Identification

Planning

Public Information and

Warning

Operational

Coordination

Critical Transportation

Environmental

Response/ Health and

Safety

Fatality Management

Services

Infrastructure Systems

Mass Care Services

Mass Search and

Rescue Operations

On-scene Security and

Protection

Operational

Communications

Public and Private

Services and

Resources

Public Health and

Medical Services

Situational

Assessment

Planning

Public Information

and Warning

Operational

Coordination

Economic

Recovery

Health and Social

Services

Housing

Infrastructure

Systems

Natural and

Cultural

Resources

Training and Resource Delivery

Method of delivery for the training and resources identified in the Catalog follow a model adapted

from the FEMA NTED course catalogs. Training is delivered to qualified participants in four ways:

http://www.fema.gov/national-preparedness-goal

III

1. Document: Training and/or guidance is provided in a document resource.

2. Residential: Training and/or guidance occurs at the training provider's facility. 3. Mobile: Training and/or guidance occurs at or near the location of the agency that

requests the training. 4. Web-Based: Training and/or guidance is self-paced and delivered via computer and

Internet connection.

Cost/Funding Source for Resources

There are three options for paying for resources:

1. Federally Funded: There is no cost to the requesting organization; providers pay all costs.

2. Homeland Security Grant Program: The requesting organization must pay for its

participants’ costs, but costs are allowable using Homeland Security Grants. 3. Participant Fee: The requesting organization pays for its participants’ costs.

Participants should contact the training or resource provider with any questions about funding.

Catalog Updates or Questions

Please contact U.S. Department of Homeland Security (DHS) Office for Bombing Prevention

(OBP) at [email protected] should you have any questions, revisions, or course updates related

to this catalog.


IV

Course Listings

Course Name Course Provider Page


Blast Injury Fact Sheets Centers for Disease Control and Prevention 1

Bomb-Making Materials Awareness Program (BMAP)


1

Level 1: CBRNE Awareness State of New Jersey 1

Level 2: CBRNE Operations State of New Jersey 2

"Check It!" U.S. Department of Homeland Security, Office of Infrastructure Protection

2

Fundamentals of Explosives DHS Center of Excellence in Explosives, University of Rhode Island

2

IED Counterterrorism Workshop U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

3



3


State of New Jersey 3

Incident Response to Terrorist Bombings, Customized


Law Enforcement Prevention and Deterrence of Terrorist Acts



U.S. Department of Homeland Security, Office of Infrastructure Protection

5

Prevention of and Response to Suicide Bombing Incidents




5



6

Standardized Awareness Authorized Training Program, Train-the-Trainer (SAAT TtT)

Center for Domestic Preparedness 6

V

Standardized Awareness Training, Nonresident and Indirect Delivery




7



7

Terrorism Awareness for Emergency First Responders, AWR-160, Web-Based

Texas A&M Engineering Extension Service 7



8





8

Workplace Security Awareness Federal Emergency Management Agency, Emergency Management Institute

9


Advanced Electronics Federal Bureau of Investigation - Hazardous Devices School 9

Advanced Explosive Trace Detection State of New York 9

Advanced Explosive Disposal Techniques

Bureau of Alcohol, Tobacco, Firearms and Explosives - National Center for Explosives Training and Research

10

Advanced Manual Techniques Course

Federal Bureau of Investigation - Hazardous Devices School 10

Bomb Squad/SWAT Interoperability State of California 11

Bomb Technician Certification Course


Bomb Technician Recertification Course




12

Bombings: Injury Patterns and Care Centers for Disease Control and Prevention 12

VI

Chemical Biological Response for Bomb Technicians Course


Commercial Vehicle Counterterrorism Training Program (CVCTP)


Electronic Countermeasures (ECM) Course


Emergency Medical Operations for CBRNE Incidents (EMO)


Emergency Responder Hazardous Materials Technician for CBRNE Incidents (ERHM)


Fire/Arson Origin-and-Cause Investigations

Federal Emergency Management Agency, U.S. Fire Administration

14

Hands-On Training for CBRNE Incidents (HOT)


Hazard Assessment and Response Management for CBRNE Incidents (HARM)


Hazardous Materials Technician for CBRNE Incidents (HT)


Highway Emergency Response Specialist

Security and Emergency Response Training Center 16

Home-made Explosives Identification and Disposal

Bureau of Alcohol, Tobacco, Firearms and Explosives - National Center for Explosives Training and Research

17

IED Awareness State of Texas 17

IED Protective Meausres Course U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

18

IED Response on Mass Transit and Passenger Rail Systems – DOD-007-RESP

Department of Defense, Department of the Army, Joint Interagency Training and Education Center

18

IED Search Procedures Workshop U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

18

IED/WMD Electronics Course State of California 19

Incident Response to Terrorist Bombings-Operations


Initial Law Enforcement Response to Suicide Bomb Attacks (ILERSBA)


VII

Initial Law Enforcement Response to Suicide Bombing Attacks (ILERSBA), Customized




Large Vehicle Bomb Render Safe Procedures Course


Law Enforcement Protective Measures for CBRNE Incidents (LEPM)


Law Enforcement Protective Measures for CBRNE Incidents, Train-the-Trainer (LEPM TtT)


Leadership and Management of Surface Transportation Incidents (LMSTI)

Security and Emergency Response Training Center 22


Texas A&M Engineering Extension Service 22

Piers and Sea Walls Search/Recovery

State of New York 22

Physical Security Training Program (PSTP)


Post-Blast Investigation Federal Bureau of Investigation 23

Post-Blast Investigative Techniques I Bureau of Alcohol, Tobacco, Firearms and Explosives - National Center for Explosives Training and Research

23



Prevention of and Response to Suicide Bombing Incidents, Train the Trainer


24



25



25

Technical Emergency Response Training for CBRNE Incidents (TERT)


Transit Terrorist Tools and Tactics Louisiana State University 26

Underwater Hazardous Device Search Course

State of California 26

VIII

Underwater Post Blast Investigation Federal Bureau of Investigation Los Angeles Field Division 26



27

Vehicle-Borne Improvised Explosive Device Security Checkpoint

State of New York 27


Bomb Squad Commanders Course Federal Bureau of Investigation - Hazardous Devices School 27

Bomb Squad Executive Management Course


Identifying IED Threats to Public Transit

Department of Transportation, Federal Transit Administration, Transportation Safety Institute

28

Incident Command: Capabilities, Planning and Response Actions for All Hazards




29



29



29



29

1


Blast Injury Fact Sheets

Centers for Disease Control and Prevention (CDC), in collaboration with the Terrorism Injuries: Information, Dissemination and Exchange (TIIDE) partners and with leadership from America Trauma Society, has developed 17 topic-specific fact sheets on the treatment of blast injuries. Fact sheet topics range from blast lung and blast abdomen to the treatment of pediatric and older adult populations. The fact sheets have been disseminated both nationally and internationally as part of mass casualty response efforts. Mission Area: Response Core Capability: Mass Care Services






Prerequisites: None

Course Length: N/A

To Schedule: http://emergency.cdc.gov/masscasualties/blastinjuryfacts.asp

Bomb-Making Materials Awareness Program (BMAP)

BMAP is an outreach initiative, developed in partnership with the FBI, to increase public and private sector awareness of home-made explosives (HME) by promoting private sector point-of-sale awareness and suspicious activity reporting to prevent misuse of explosive precursor chemicals, powders, and components commonly used in IEDs. BMAP training is designed for first responders responsible for counterterrorism outreach to build knowledge of IED threats, HMEs, and bomb-making materials. The course also provides guidance and materials to help participants conduct outreach to industries and businesses within

their jurisdiction in order to strengthen prevention opportunities by building a network of vigilant and informed private sector partners who serve as the Nation’s counter-IED “eyes-and-ears.” Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: SLTT first responders




Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#BMAP Training To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

Level 1: CBRNE Awareness

Chemical, Biological, Radiological, Nuclear and Explosive (CBRNE) training is for all levels of emergency response personnel, Office of Emergency Manufacturer (OEM) staff, police, fire, and emergency medical services (EMS) and municipal officials. This course is entry level and is considered an add-on to the Hazardous Materials (HM) Awareness program. Individuals who do not have the HM Awareness would benefit from the program. Mission Area: Response Core Capability: Situational Assessment


Targeted Audience: Emergency management agency, emergency medical services, fire service, health care providers, law enforcement, and public works



Course Details

http://emergency.cdc.gov/masscasualties/blastinjuryfacts.asp

http://emergency.cdc.gov/masscasualties/blastinjuryfacts.asp

http://www.dhs.gov/bombing-prevention-training-courses%23BMAP%20Training

http://www.dhs.gov/bombing-prevention-training-courses%23BMAP%20Training




2

Cost/Funding Source: Homeland Security Grant Program

Prerequisites: None

Course Length: N/A

To Schedule: Contact: Michael Smith Phone: 609.584.4000 Ext. 4 Email: [email protected]

Level 2: CBRNE Operations

Training for those persons who, in the course of their duties, will take appropriate defensive actions at a HAZMAT/CBRNE scene in order to identify, confine and contain materials, and perform initial site assessment. Recognition of problems and advanced defensive actions that will require personal protective clothing is addressed. Terminology, reference sources, protective clothing and equipment, and basic decontamination are taught. In addition, the course includes training for measures that can be taken to assist the hazardous material response team prior to their arrival. Mission Area: Response Core Capability: Environmental Response/ Health and Safety


Targeted Audience: Emergency management agency, emergency medical services, fire service, health care providers, law enforcement, and public works




Prerequisites: None

Course Length: N/A To Schedule: Contact: Michael Smith Phone: 609.584.4000 Ext. 4 Email: [email protected]

"Check It!"

Designed to raise the level of awareness for front-line facility employees by highlighting the indicators of suspicious activity, this video provides information to help employees properly

search bags in order to protect venues and patrons across the country.

Mission Area: Prevention; Protection Core Capability: Public Information and Warning; Screening, Search, and Detection






Prerequisites: None

Course Length: 8 minutes To View: http://www.dhs.gov/xlibrary/videos/nppd_bag_check_042810.wmv

Fundamentals of Explosives

This course examines the chemistry of explosives, the physics of detonation waves and their initiation, and the issues involved in safe handling and characterizing explosives. Explosive output and coupling to surroundings, with specific application to structural response, will be discussed. We will address terrorist bombings; the gathering, analysis, and interpretation of evidence; improvised explosives; and explosive detection. Lecturers are internationally known experts. Mission Area: Prevention Core Capability: Forensics and Attribution


Targeted Audience: Academics, SLTT, Federal law enforcement, private sector, and bomb technicians Course Provider: DHS Center of Excellence in Explosives, University of Rhode Island



Prerequisites: None

Course Length: 24 hours To Schedule: http://energetics.chm.uri.edu/node/14





http://energetics.chm.uri.edu/node/14

3

IED Counterterrorism Workshop

This workshop enhances the participant’s understanding of the IED threat, surveillance detection methods, and soft target awareness. The workshop also covers awareness and prevention measures, as well as collaborative information-sharing resources to enable first responders and critical infrastructure owners, operators, and security staff to deter, prevent, detect, and protect against the illicit and terrorist use of explosives in the United States. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: SLTT first responders and public and private sector critical infrastructure owners and operators and security personnel




Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#IED Counterterrorism To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].


This course focuses on identifying improvised explosive devices (IEDs). The training provides awareness-level information for staff, management, and security to recognize, report, and react to unusual activities and threats in a timely manner. Mission Area: Prevention; Protection Core Capability: Public Information and Warning




Delivery Mechanism: Virtual (instructor-led)


Prerequisites: None


To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].


This course was designed to be delivered in four configurations and can be delivered in a one-, two-, or three-day course based upon the needs of the course participant. Section one can also be a standalone course delivered in one day. The first section provides Emergency Responders and Private Sector Security Professionals with a basic knowledge of explosives, IEDs, and booby traps; how to recognize them; and what to do when they encounter them. In addition, responders and Security Professionals are taught how to recognize suspicious packages, package and mail handling procedures, and what to do when they encounter a suspicious package. Lastly, they are taught about bomb threats, from receipt, to clearing the bomb threat. Section one is a prerequisite to section two and section three. The second section of the course focuses on Vehicle-Borne Improvised Explosive Devices and relies upon the basic concepts taught during the first section of the course. This section provides case studies of VBIEDs, including the attack on the Alfred P. Murrah Building in Oklahoma City; VBIED construction and indicators; vehicle search techniques and procedures; and a practical exercise. The third section of the course, also reliant upon the concepts taught during the first section, focuses on using x-ray technology to recognize suspicious items and improvised explosive devices. This section provides an overview of x-ray technology; images produced by x-ray;









4

recognition of typical construction of items that will commonly be x-rayed, such as laptop computers, cell phones, cameras, GPS, and music players; and images that suggest indicators of an IED. Several practical exercises using the participant's x-ray technology, when the course is held onsite, or slides, when held in a facility that does not have access to x-ray technology, are also included. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency management agency, emergency medical services, fire service, governmental administrative, hazardous material, health care, law enforcement, public health, public safety communications, public works, and other state, local, tribal, and territorial representatives




Prerequisites: None

Course Length: 8-24 hours

To Schedule: http://www.ndpci.us/training/ied-training.php

Incident Response to Terrorist Bombings, Customized

This course is designed to train personnel to identify and take appropriate action in the event of a potential or realized weapon of mass destruction (WMD) explosive incident.

Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Emergency management agency, fire service, governmental administrative, hazardous materials, health care providers, law enforcement, public health, public safety communications, and public works

Course Provider: New Mexico Institute of Mining and Technology



Prerequisites: None

Course Length: 1.5 hours

To Schedule: http://www.emrtc.nmt.edu/training/irtb.php

Law Enforcement Prevention and Deterrence of Terrorist Acts

This course trains law enforcement personnel on actions they can take to prevent, deter, and respond to terrorist acts. The law enforcement officer is part of the front-line defense in preventing and deterring WMD terrorist incidents where the release of WMD agents is likely to occur because of criminal actions. The nature of law enforcement officers’ daily work environment provides them with an enhanced understanding of the community, providing law enforcement officers with a unique opportunity to prevent or deter potential WMD terrorist incidents. The course addresses awareness-level functions associated with WMD recognition, prevention, and deterrence applications for law enforcement officers. Subject areas covered in the course include intelligence gathering; threat recognition; community oriented policing; counterfeit identification detection; information sharing among agencies; and chemical, biological, radiological, nuclear, and explosive (CBRNE) agents or materials that can be procured either legitimately or illegally to produce a WMD. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Law Enforcement

Course Provider: Louisiana State University (LSU)



Prerequisites: None


To Schedule: http://www.ncbrt.lsu.edu/catalog/awareness/pd.aspx



http://www.emrtc.nmt.edu/training/irtb.php

http://www.ncbrt.lsu.edu/catalog/awareness/pd.aspx

http://www.ncbrt.lsu.edu/catalog/awareness/pd.aspx

5


Designed to raise the level of awareness for hotel employees by highlighting the indicators of suspicious activity, this video provides information to help employees identify and report suspicious activities and threats in a timely manner. Also available in Spanish. Mission Area: Prevention; Protection Core Capability: Public Information and Warning






Prerequisites: None



Prevention of and Response to Suicide Bombing Incidents

This four-hour course addresses some of the major issues a jurisdiction is required to answer when creating plans, procedures, and tactics to prevent and respond to suicide bombing incidents. Upon completion of this course, participants will understand the suicide bombing threat, their role in community situational awareness, use of deadly force, and personal protection issues. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency medical services, fire service, law enforcement, and public safety communications




Prerequisites: None


To Schedule: http://www.emrtc.nmt.edu/training/prsbi.php


The purpose of this course is to make persons involved in commercial retail operations aware of the actions they can take to identify and report suspicious purchases or thefts of products that actors could use in terrorist or other criminal activities. To achieve this goal, the course provides an overview of prevention steps aimed at identifying and monitoring high-risk inventory products and reporting suspicious activities to law enforcement agencies. At the end of this course, the participants will be able to: 1) Identify steps they can take to help prevent their inventory from being used to manufacture or deploy home-made explosives; 2) Describe the importance of identifying and reporting suspicious purchases and activities in the retail sector; and 3) Specify additional actions they can take to protect their inventory from misuse or theft.

Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: This course is designed for retail managers, loss prevention specialists, risk management specialists, product managers, sales associates, and others involved in retail operations.




Prerequisites: None





http://www.emrtc.nmt.edu/training/prsbi.php



6


Developed in collaboration with the American Hotel & Lodging Association, this training provides information on key terrorism topics with reference to actual events. The Webinar includes a high-level briefing on the threat climate for the hotel industry and specific protective measures focusing on observing and reporting suspicious activity and items. The Webinar focuses on terrorism topics including, but not limited to, lessons learned from Mumbai-style attacks, IED awareness and response, and active shooter scenarios. Mission Area: Prevention; Protection Core Capability: Public Information and Warning; Physical Protective Measures






Prerequisites: None



Standardized Awareness Authorized Training Program, Train-the-Trainer (SAAT TtT)

This course prepares graduates to provide instruction on suspected CBRNE events using the recognition, avoidance, isolation, and notification (RAIN) technique. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency management, emergency medical services, fire service, governmental administrative, hazardous materials, health care providers, law enforcement, public health, public safety communications, and public works

Course Provider: FEMA/CDP



Prerequisites:

IS-100 Introduction to the Incident Command System or any of the available ICS-100 series (http://training.fema.gov/emiweb/is/is100b.asp)

IS-700 National Incident Management System (NIMS), An Introduction (http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-700.a)

Course Length: 24 hours To Schedule: https://cdp.dhs.gov/training/courses/saat

Standardized Awareness Training, Nonresident and Indirect Delivery

The Standardized Awareness Training (SAT) is supported by a parallel course, the Standardized Awareness Authorized Training, Train-the Trainer (SAAT TtT) course, the purpose of which is to provide supervisors and trainers with the information and skills required to instruct the Standardized Awareness Training at their local jurisdictions. The Standardized Awareness Training covers the essentials of Chemical, Biological, Radiological, Nuclear, or Explosive (CBRNE) hazards and materials; prevention and deterrence methods; and the Emergency Response Guidebook (ERG). SAT also includes facilitated discussions, activities, and case studies. Topics in this course include Prevention and Deterrence, Identification of Hazardous Materials and the ERG, Chemical Agents, Biological Agents, Radiological Materials and Nuclear Weapons, and Explosive Devices. Mission Area: Prevention Core Capability: Screening, Search, and Detection




Delivery Mechanism: Non-residential, Mobile, and Indirect Delivery


http://training.fema.gov/emiweb/is/is100b.asp


http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-700.a


https://cdp.dhs.gov/training/courses/saat

7

Cost/Funding Source: Federally funded-FEMA Prerequisites:

IS-100 Introduction to the Incident Command System or any of the available ICS-100 series (http://training.fema.gov/emiweb/is/is100b.asp)

IS-700 National Incident Management System (NIMS), An Introduction (http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-700.a)


To Schedule: https://cdp.dhs.gov/training/courses/sat-2


The purpose of this course is to make critical infrastructure employees and service providers aware of actions they can take to detect and report suspicious activities associated with adversarial surveillance. To achieve this goal, the course provides an overview of surveillance activities and the indicators associated with them, as well as the actions that employees and service providers can take to report potential surveillance incidents. At the end of this course, the participants will be able to identify potential targets of adversarial surveillance, describe the information obtained by surveillance that is of interest to adversaries, recognize indicators of surveillance within the everyday environment, identify actions that you can take to detect potential adversarial surveillance incidents, describe the importance of identifying and reporting suspicious activities associated with adversarial surveillance, and specify actions you can take to report potential incidents of adversarial surveillance. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: The course is designed for critical infrastructure owners and operators, employees, and service providers, as well as those with critical infrastructure protection duties and responsibilities at the State, local, tribal, and territorial levels.




Prerequisites: None


To Schedule: http://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=is-914


Part of the Department’s "If You See Something, Say Something™" campaign to raise public awareness of potential indicators of terrorism, crime, and other threats and to emphasize the importance of reporting suspicious activity to law enforcement authorities. This free, online interactive session of video scenarios, commentary by a panel of experts, and questions and comments will better prepare participants to guard against surveillance activities. Mission Area: Prevention; Protection Core Capability: Public Information and Warning






Prerequisites: None


To View: https://share.dhs.gov/sdaware-roundtable/

Terrorism Awareness for Emergency First Responders, AWR-160, Web-Based

This course was developed to provide a web-based, cost effective alternative to previous awareness-level courses delivered in residence. This course focuses on training responders online to meet the requirements established in National Fire Protection Association (NFPA) 472, “Competencies for Awareness Level Personnel,” (chapter 4) and the Occupational Safety and Health Administration (OSHA) 29 Code of Federal Regulations (CFR) 1910.120 (q) (6) (i) (a–f) “First Responder Awareness





https://cdp.dhs.gov/training/courses/sat-2





8

Level” competencies. The course encompasses an all-hazards approach to Hazardous Materials (HAZMAT) incidents, including acts of terrorism where WMD materials may have been used. This course provides the participants the knowledge to recognize the hazardous material, protect themselves, notify others, and secure the scene. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency management agency, emergency medical services, fire service, hazardous material, health care providers, law enforcement, public health, public safety, communications, and public works Course Provider: Texas A&M Engineering Extension Service



Prerequisites: None


To Schedule: https://teex.org/Pages/Class.aspx?course=AWR160&courseTitle=WMD/Terrorism+Awareness+for+Emergency+Responders


This course uses case studies and best practices to explain suspicious behavior and packages, how to reduce the vulnerability to an active shooter threat, and the appropriate actions to take if employees notice suspicious activity. Mission Area: Prevention; Protection Core Capability: Public Information and Warning


Targeted Audience: This presentation is intended for point-of-sale staff, but is applicable to all employees of a shopping center, mall, or retail facility.




Prerequisites: None




UPSBI addresses the issues involved in school bomb threats and designing safe and effective response plans for school bomb incidents. In addition, UPSBI provides the tools and information needed to develop or assess an existing school bomb incident response plan. The course has numerous resources which include full text documents concerning school emergency management plans, the threat assessment process, planning a functional school training program, and links to FEMA online training for school administrators. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection


Targeted Audience: Emergency medical services, fire service, and law enforcement Course Provider: New Mexico Institute of Mining and Technology



Prerequisites: None


To Schedule: http://www.emrtc.nmt.edu/training/upsbi.php


Designed to raise awareness for retail employees by highlighting the indicators of suspicious activity, this video provides information on identifying and reporting suspicious activity and threats at shopping centers and retail establishments. Mission Area: Prevention; Protection Core Capability: Public Information and Warning




https://teex.org/Pages/Class.aspx?course=AWR160&courseTitle=WMD/Terrorism+Awareness+for+Emergency+Responders




http://www.emrtc.nmt.edu/training/upsbi.php

9



Prerequisites: None

Course Length: 9 minutes To View: http://www.dhs.gov/video/commercial-facilities-sector-training-and-resources-33

Workplace Security Awareness

This course provides guidance to individuals and organizations on how to improve the security in your workplace. No workplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats that endanger the confidentiality, integrity, and security of your workplace, as well as your virtual workplace and computer systems. Employees are often the target of these threats as well as the organization's first line of defense against them. This course presents information on how employees can contribute to your organization's security. Upon completing this course, the participant will be able to: 1) Identify potential risks to workplace security; 2) Describe measures for improving workplace security; and 3) Determine the actions to take in response to a security situation.

Mission Area: Protection Core Capability: Screening, Search, and Detection






Prerequisites: None




Advanced Electronics

This course includes practical applications of advanced electronic theory and techniques for detonator diagnostics. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Hazardous Devices School (HDS)-certified bomb technicians Course Provider: FBI Hazardous Devices School


Cost/Funding Source: DOJ/FBI

Prerequisites: Bomb Technician Certification Course


For More Information: Contact the Special Agent Bomb Technician Coordinator in the nearest FBI Field Office http://www.fbi.gov/contact-us/field

Advanced Explosive Trace Detection

At the conclusion of this course, participants will gain the skills they need to identify, detect, disrupt, and prevent a potential terrorist attack orchestrated by and/or involving an individual who is attempting to directly deliver an improvised explosive device into or onto a "target-rich" environment. This instruction will elevate the participant's awareness regarding possible targets within their geographic area of employment for the purpose of identifying or disrupting hostile surveillance against the individual, the facility, or the event, as well as train participants to interact effectively with individuals within a "target-rich" environment to ensure the greatest level of safety and security for all persons involved. The participants will be better equipped to elicit information within these settings as well as adhere to established policies and procedures related to the identification and dissemination of information within the organization and local, State, and Federal law enforcement agencies,





http://www.fbi.gov/contact-us/field

10

when appropriate. Participants will be able to independently establish safe, efficient, and legally-defensible gross screening checkpoints and demonstrate the ability to deploy, utilize, and maintain explosive trace detection devices. Participants will develop plans for training and communicating with these resources, as well as establish protocols to validate information they provide and attempt to supplement the information being obtained by establishing asset networks. Participants will also develop plans for the effective, efficient, and tactical deployment of personnel to perform surveillance and counter-surveillance operations while also elevating their awareness regarding possible targets within the region for the purpose of identifying or disrupting hostile surveillance against the individual, the facility, or the event. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Law enforcement

Course Provider: State of New York



Prerequisites: None

Course Length: N/A

To Schedule: Contact: Mary Wrobel Phone: 518.242.5003 Email: [email protected]

Advanced Explosive Disposal Techniques

Bomb technicians in the United States are more likely to be killed or injured while conducting an explosives disposal operation than any other mission. In response to this need, the ATF Office of Training and Professional Development, in cooperation with the ATF Explosives Technology Branch, developed the Advanced Explosives Disposal Techniques (AEDT) training program for bomb technicians and explosives specialists. AEDT provides in depth classroom and range instruction in virtually every aspect of explosives disposal. ATF provides travel and lodging in addition to training, classroom materials, and range tools. Students are also reimbursed a daily per diem

rate as determined by GSA. The course is delivered at the National Center for Explosives Training and Research (NCETR) located at Redstone Arsenal, AL.

Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: SLTT bomb techs, explosives detection canine handlers, unit commanders, and incident commanders Course Provider: ATF/National Center for Explosives Training and Research


Cost/Funding Source: DOJ/ATF

Prerequisites: Applicant must be a full-time public safety official trained as a bomb technician whose mission includes destruction/disposal of explosive materials.


To Schedule: http://www.atf.gov/content/explosives/explosives-enforcement/advanced-explosives-disposal-techniques-course-id-expl-cs-0001

Advanced Manual Techniques Course

This course teaches specialized manual skills for addressing IED threats that are assessed to be a life-threatening IED event. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Course is only available to full-time, sworn, salaried employees of a law enforcement or public safety agency who are assigned to an accredited bomb squad.

Course Provider: FBI Hazardous Devices School

Delivery Mechanism: Residential Cost/Funding Source: DOJ/FBI


Course Length: 40 hours For More Information: Contact the Special Agent Bomb Technician Coordinator in the nearest FBI Field Office http://www.fbi.gov/contact-us/field


http://www.atf.gov/content/explosives/explosives-enforcement/advanced-explosives-disposal-techniques-course-id-expl-cs-0001




11

Bomb Squad/SWAT Interoperability

The Bomb Squad/Special Weapons and Tactics (SWAT) Interoperability Course is a 10-day/80-hour course. The course covers some basic skills, tools, and situational awareness techniques that are required by a bomb tech to support a SWAT team. These skills are then brought together in a series of practical training tasks that have been designed to reinforce all previous modules. Modules covered are Basic Electronics, Threat Assessment, Manual Access and Stabilization, Detonator and Switch Diagnostics, Sensor Technology, Countering Light and Dark Sensors, Advanced X-Ray Safety Techniques, and Hostage Handling Techniques. The instruction concludes with a series of exercises with several SWAT teams that have been designed to showcase the bomb squads’ capabilities. Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Fire service, hazardous materials, law enforcement, and bomb technicians

Course Provider: State of California


Cost/Funding Source: Homeland Security Grant Prerequisites:

Participants must be certified bomb technicians;

IS-100 Introduction to the Incident Command System or any of the available ICS-100 series (http://training.fema.gov/emiweb/is/is100b.asp); and

IS-700 National Incident Management System (NIMS), An Introduction (http://training.fema.gov/emiweb/is/is700a.asp).


To Schedule: Contact: Alex Cabassa Phone: 916.845.8752 Email: [email protected]

Bomb Technician Certification Course

The Bomb Technician Certification Course is a comprehensive program designed to meet the needs of civilian public safety organizations that have bomb squad responsibilities. The six-week Certification Course is offered between six and eight times per year and contains 24 students per class. Upon graduation, students are awarded a certificate of completion, along with a certification card, which identifies them as a certified bomb technician for a period of three years, after which graduates must return to the Hazardous Devices School (HDS) for recertification training. There is no fee for the course, but travel and per diem costs must be paid by the employing agency. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Course is only available to full-time, sworn, salaried employees of a law enforcement or public safety agency who are assigned to an accredited bomb squad. Course Provider: FBI Hazardous Devices School



Prerequisites: Hazardous Materials Technician training that meets the requirements set forth in 29 C.F.R. 1910.120(q)(6)(iii). Physical health and fitness standards are set forth in the National Guidelines for Bomb Technicians.



Bomb Technician Recertification Course

The Bomb Technician Recertification Course is designed to test proficiency on basic bomb technician skills and knowledge, provide information and training on new technology and threats, and award an official certification based on standards set by the National Bomb Squad Commanders Advisory Board (NBSCAB).



http://training.fema.gov/emiweb/is/is700a.asp




12

Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Course is only available to full-time, sworn, salaried employees of a law enforcement or public safety agency who are assigned to an accredited bomb squad. Course Provider: FBI Hazardous Devices School



Prerequisites: Must be a graduate of the Bomb Technician Certification Course near the end of the 3-year certification status. Physical health and fitness standards are set forth in the National Guidelines for Bomb Technicians.




This workshop improves the ability of critical infrastructure owners, operators, and security personnel to manage IED threats by highlighting specific safety precautions associated with explosive incidents and bomb threats. The workshop reinforces an integrated approach that combines training, planning, and equipment acquisition to maximize available resources for bomb threat management. Public and private sector representatives knowledgeable in regional emergency management procedures are encouraged to attend. Mission Area: Prevention

Core Capability: Interdiction and Disruption


Targeted Audience: Public and private sector critical infrastructure owners, operators, and security personnel




Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Bomb Threat To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

Bombings: Injury Patterns and Care

Bombings: Injury Patterns and Care is designed to provide the latest clinical information regarding blast-related injuries from terrorism.

Mission Area: Response Core Capability: Mass Care Services






Prerequisites: None


To Schedule: http://www.acep.org/blastinjury/

Chemical Biological Response for Bomb Technicians Course

This course teaches proper protocols and use of special equipment for a bomb technician operating in a chemical or biological threat environment. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Course is only available to full-time, sworn, salaried employees of a law enforcement or public safety agency who are assigned to an accredited bomb squad. Course Provider: FBI Hazardous Devices School personnel at the Edgewood Chemical Biological Center Delivery Mechanism: Residential Cost/Funding Source: DOJ/FBI

Prerequisites: Bomb Technician Certification


http://www.dhs.gov/bombing-prevention-training-courses%23Bomb%20Threat

http://www.dhs.gov/bombing-prevention-training-courses%23Bomb%20Threat




http://www.acep.org/blastinjury/

13

Course



Commercial Vehicle Counterterrorism Training Program (CVCTP)

The program is designed to train law enforcement officers of the terrorist trends as it relates to commercial vehicles traveling on the Nation’s highways and local jurisdictions and how these vehicles are used to commit acts of terrorism, either as a weapon of mass destruction or through transportation of materials to further the cause of terrorist organizations.



Targeted Audience: Federal, State, and local law enforcement



Cost/Funding Source: Homeland Security Grant Program Prerequisites: Attendance is open to Federal, State, and local law enforcement officers and agents who are assigned duties related to the enforcement of commercial motor vehicles.


To Schedule: https://www.fletc.gov/training-program/commercial-vehicle-counterterrorism-training-program

Electronic Countermeasures (ECM) Course

This course focuses on electronics, radio wave theory, and specific countermeasures.



Targeted Audience: HDS-certified bomb technicians with SECRET clearance and assigned to an accredited bomb squad where countermeasures equipment is located or used

as a regional asset.

Course Provider: FBI Hazardous Devices School Delivery Mechanism: Residential and Web-based


Prerequisites: Bomb Technician Certification Course Course Length: 80 hours—40 hours of computer-based training, followed by 40 hours of in-residence training For More Information: Contact the Special Agent Bomb Technician Coordinator in the nearest FBI Field Office http://www.fbi.gov/contact-us/field

Emergency Medical Operations for CBRNE Incidents (EMO)

The Emergency Medical Operations for CBRNE Incidents (EMO) is a four-day course that prepares responders to effectively respond to a CBRNE or Mass Casualty Incident (MCI). The EMO course provides classroom lectures and extensive hands-on training, culminating in a hands-on practical exercise that allows responders to implement the emergency response knowledge and skills learned during the course. Mission Area: Response Core Capability: Environmental Response/ Health and Safety


Targeted Audience: Emergency medical services, health care providers, and public health




Prerequisites: Responders must be a State-licensed paramedic, emergency medical technician (EMT), or emergency care provider (emergency room physician or nurse).


To Schedule: https://cdp.dhs.gov/training/courses/emo


https://www.fletc.gov/training-program/commercial-vehicle-counterterrorism-training-program




https://cdp.dhs.gov/training/courses/emo

14

Emergency Responder Hazardous Materials Technician for CBRNE Incidents (ERHM)

Emergency Responder Hazardous Materials Technician for CBRNE Incidents (ERHM) is a five-day course that provides training based on Occupational Safety and Health Administration (OSHA) standards for hazardous materials (HAZMAT) training. Participants receive hands-on training in identifying HAZMAT, using advanced surveying and monitoring equipment, selecting and using the appropriate level of personal protective equipment (PPE), and performing decontamination procedures. As an added benefit, graduates of the ERHM class are afforded the opportunity to take the Alabama Pro-Board certification exam for HAZMAT Technician certification. Also aids preparation for the International Fire Service Accreditation Congress (IFSAC) certification. Mission Area: Response Core Capability: Environmental Response/ Health and Safety


Targeted Audience: Emergency management, emergency medical services, fire service, health care providers, law enforcement, and public works. This course is required for responders scheduled to attend the Hazardous Devices School in Huntsville, AL.




Prerequisites:

IS-100 Introduction to the Incident Command System or any of the available ICS-100 series (http://training.fema.gov/emiweb/is/is100b.asp);

IS-700 National Incident Management System (NIMS), An Introduction (http://training.fema.gov/emiweb/is/is700a.asp);

AWR-160 Standardized Awareness Training or another certified awareness training course;

Training equivalent to HAZWOPER, 29 C.F.R. § 1910.120 (q)(6)(i) (2010) First Responder Awareness Level or NFPA 472, Chapter 4 Competencies for Awareness Level Personnel (NFPA, 2007; 2008 edition); and

Training equivalent to HAZWOPER, 29 C.F.R. § 1910.120 (q)(6)(ii) (2010) First Responder Operations Level or NFPA 472, Chapter 5 Core Competencies for Operations Level Responders (NFPA, 2007; 2008 edition)

Course Length: 40 hours To Schedule: https://cdp.dhs.gov/training/program/h

Fire/Arson Origin-and-Cause Investigations

This 10-day course, based on NFPA 921, addresses the technical and scientific knowledge and skills needed to conduct successful fire/arson investigations. Using a combination of classroom and practical exercises, successful methods are demonstrated for conducting science-based fire investigations that culminate, when appropriate, in prosecution for arson. Upon completion of the course, the students will be equipped to identify the origin and cause of a fire, conduct a technically and legally sound investigation, and pursue the case through the judicial system. Subjects covered include health and safety, scientific method, fire dynamics, myths and legends, investigative resources, electrical fire investigations, origin and cause, evidence collection and preservation, documenting the scene, report writing, injury and fatal fire investigation, vehicle fires, case solvability, legal considerations, and motivation, interviewing, and interrogation. The course is designed to meet or exceed the applicable sections of NFPA 1033, "Standard for Professional Qualifications for Fire Investigator." Mission Area: Prevention Core Capability: Forensics and Attribution


Targeted Audience: Priority will be reserved for Federal, State, and local fire service, law enforcement personnel, and prosecutors with full-time fire/arson and explosion investigation responsibility and/or prosecution. These personnel include fire/arson investigators, State fire marshals, law enforcement personnel, criminal investigators, district/State attorney's staff, and members of arson task forces. Course Provider: DHS/FEMA, U.S. Fire Administration





https://cdp.dhs.gov/training/program/h

15



Prerequisites: ICS-100-level and ICS-200-level training. Preferred courses are Q0462 and Q0463, available through NFA Online at http://www.usfa.fema.gov/nfa/nfaonline. Chief's signature attests that the applicant has completed this required training. Successful completion of the following CFI Trainer modules: "Fire Investigator Scene Safety," "The Scientific Method for Fire and Explosion Investigation," "Introduction to Evidence," "Documenting the Event," "Physical Evidence at the Fire Scene," "Investigating Motor Vehicle Fires," "Introduction to Fire Dynamics and Modeling," "Investigating Fatal Fires," "Fundamentals of Residential Building Construction," and "Search and Seizure." Access to CFI Trainer is via website at www.CFITrainer.net. There are no costs or membership requirements to access these modules. Applicants must provide a copy of their CFI Trainer transcript along with their admissions application verifying that they have successfully completed the requisite training modules listed above. Course Length: 80 hours To Schedule: http://apps.usfa.fema.gov/nfacourses/catalog/details/38

Hands-On Training for CBRNE Incidents (HOT)

Hands-On Training for CBRNE Incidents (HOT) is a two-day course which affords participants the opportunity to develop and apply CBRNE incident response practices in a realistic training environment. HOT provides responders the unique opportunity to practice their knowledge and skills in the world’s only toxic chemical, biological, radiological training facility dedicated solely to emergency responders—the Chemical, Ordnance, Biological, and Radiological Training Facility (COBRATF). Mission Area: Response Core Capability: Environmental Response/ Health and Safety


Targeted Audience: Emergency management, emergency medical services, fire service,

governmental administrative, health care providers, law enforcement, public health, public safety communications, and public works. HOT is not designed for HAZMAT technicians.




Prerequisites: AWR-160 Standardized Awareness Training


To Schedule: https://cdp.dhs.gov/training/program/d

Hazard Assessment and Response Management for CBRNE Incidents (HARM)

Hazard Assessment and Response Management for CBRNE Incidents (HARM) is a unique course within the Center for Domestic Preparedness (CDP) curriculum in that it replicates the activation and deployment of a hazardous materials (HAZMAT) team into an active operational incident. This course challenges individuals assembled from different disciplines and geographic areas to apply their operational knowledge in support of a HAZMAT team responding to a chemical, biological, radiological, nuclear, or explosive (CBRNE) incident. Participants will arrive at the CDP in the 36th operational hour of a simulated incident and form into HAZMAT teams who will then be assigned daily rotational periods over a three-day period. All HAZMAT team members will conduct exercises in a toxic agent environment at the world’s only toxic chemical/biological training facility dedicated solely to emergency responders—the Chemical, Ordnance, Biological, and Radiological Training Facility (COBRATF). Mission Area: Response Core Capability: Environmental Response/ Health and Safety





http://www.usfa.fema.gov/nfa/nfaonline

http://www.cfitrainer.net/

http://apps.usfa.fema.gov/nfacourses/catalog/details/38

http://apps.usfa.fema.gov/nfacourses/catalog/details/38

https://cdp.dhs.gov/training/program/d

16


Prerequisites:

IS-100.b Introduction to ICS (https://training.fema.gov/is/courseoverview.aspx?code=IS-100.b);

IS-200.b ICS for Single Resources and Initial Action Incidents (http://training.fema.gov/is/courseoverview.aspx?code=IS-200.b); and

At least one of the following within the prior 36 months: o PER-260 Technical Emergency

Response Training for CBRNE Incidents (TERT),

o PER-261, Hazardous Materials Technician for CBRNE Incidents (HT),

o PER-900, Intermediate Hands-On Training for CBRNE Incidents (HOT-I), or

o PER-262, Hands-On Training for CBRNE Incidents (HOT).


To Schedule: https://cdp.dhs.gov/training/courses/harm

Hazardous Materials Technician for CBRNE Incidents (HT)

This course provides hazardous materials technical training to include the composition, action, identification, and decontamination of agents; preservation of crime scene evidence; and techniques for operating in an all-hazards environment. Culminates in a training exercise at the COBRATF. Mission Area: Response Core Capability: Environmental Response/ Health and Safety


Targeted Audience: Emergency management, emergency medical services, fire service, governmental administrative, hazardous materials, health care providers, law enforcement, public health, public safety communications, and public works. This course is also open to HAZMAT technicians within private industries on a space available, tuition basis.




Prerequisites:

HAZMAT training that meets or exceeds standards for technician-level training as outlined in 29 Code of Federal Regulations (C.F.R.) § 1910.120(q)(6)(iii);

Currently serve as a HAZMAT technician;

IS-100.a, Introduction to the Incident Command System or any of the other ICS-100 series courses (https://training.fema.gov/is/courseoverview.aspx?code=IS-100.b);

IS-200.a, Incident Command System for Single Resources and Initial Action Incidents or any of the other ICS-200 series courses (http://training.fema.gov/is/courseoverview.aspx?code=IS-200.b);

IS-700.a, An Introduction to the National Incident Management System (NIMS) (http://training.fema.gov/is/courseoverview.aspx?code=IS-700.a); and

IS-800.b, An Introduction to the National Response Framework (NRF) (https://training.fema.gov/is/courseoverview.aspx?code=IS-800.b).


To Schedule: https://cdp.dhs.gov/training/program/z

Highway Emergency Response Specialist

Participants are provided with the knowledge and practical skills required to respond properly to emergency incidents involving various modes of highway transportation, including cargo tanks, intermodal (IM) containers, and freight vans. They will also gain knowledge in the design and construction of these highway containers and in intermediate bulk containers, cylinders, and other non-bulk packages used to transport HAZMAT. Participants are provided technical information and will participate in incident analyses of HAZMAT releases, damage assessments of highway containers, and movement and/or up righting of damaged cargo tanks. They will also perform container drilling, transfers and flaring of product, and activities to mitigate releases of HAZMAT from the various containers used in highway transportation. After receiving the curriculum and participating in the

https://training.fema.gov/is/courseoverview.aspx?code=IS-100.b


http://training.fema.gov/is/courseoverview.aspx?code=IS-200.b


https://cdp.dhs.gov/training/courses/harm









https://cdp.dhs.gov/training/program/z

17

scenario-based incidents, successful participants will be capable of overseeing and performing highway specialist activities in an emergency response to a highway incident involving HAZMAT/WMD. Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: SLTT law enforcement and HAZMAT personnel

Course Provider: SERTC


Cost/Funding Source: Federally funded - FEMA

Prerequisites: None

Course Length: 40 hours To Schedule: http://sertc.org/courses/hers/

Home-made Explosives Identification and Disposal

The objectives of the course are to expose personnel to the precursors used in the manufacture of home-made explosives (HME), the hazards of mixed or partially mixed precursor chemicals, identification for sampling of suspected chemicals, evidentiary collection, scene processing, remote methods of removing, and the safe disposal of such HME hazards. Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: Military EOD, State and local bomb technicians, ATF certified explosives specialists, and explosives enforcement officers Course Provider: ATF/National Center for Explosives Training and Research



Prerequisites: Successful completion of Hazardous Device School and ATF’s AEDT. Prerequisites are waived for all military EOD.


To Schedule: https://www.atf.gov/explosives/home-made-

explosives-identification-process-disposal-course-id-expl-cs-0018

IED Awareness

This awareness level course teaches emergency responders (primarily law enforcement) the basic knowledge needed to identify possible person-borne and vehicle-borne explosive situations and the skills to safely and effectively address the threat. In order to accomplish this task, the participants are first taught about the properties of explosives and how these properties are harnessed into a weapon. From this point, methodologies of terrorism are discussed and how the explosive devices are used to accomplish the terrorists' goals. Law enforcement defensive and offensive measures meant to contain and resolve the threat are also brought up. How State law and department policies apply in a terrorist response are examined. Participants are taken to the bomb range where they are able to see and handle live explosives as covered in class. A demonstration of the explosive properties is conducted which reinforces the weapon potential of high and low explosives. This includes the initiation of explosives ranging from a small letter bomb to a suicide vest to emphasize the requirement for distance and shielding when dealing with a PBIED threat. This course does not cover device render safe operations. Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: Emergency management agency, emergency medical services, fire service, governmental administrative, hazardous materials, health care providers, law enforcement, public health, public safety communications, and public works

Course Provider: State of Texas



Prerequisites: None


http://sertc.org/courses/hers/

https://www.atf.gov/explosives/home-made-explosives-identification-process-disposal-course-id-expl-cs-0018



18

To Schedule: Contact: Paul Hahn Jr. Phone: 512.424.2039 Email: [email protected]

IED Protective Measures Course

This course builds awareness and understanding of the IED threat, terrorist planning cycle, and indicators of suspicious activity. Participants learn about facility vulnerability analysis, counter-IED protective measures, and strategies which can be utilized to mitigate risk and reduce vulnerabilities within their unique sectors. Mission Area: Protection

Core Capability: Physical Protective Measures






Prerequisites: None

Course Length: 16 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Protective Measures To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

IED Response on Mass Transit and Passenger Rail Systems – DOD-007-RESP

This course provides an environment for first responders to perform tactical operations in a scenario-driven exercise under realistic incident conditions involving a post-blast IED incident on a mass transit or passenger rail system. Scenarios are based on the most current threat assessment available for mass transit and passenger rail systems. Training addresses the technical aspects of planning and implementing an Incident Command System to provide

command and control over a post-IED incident utilizing classroom presentations, hands-on performance based training, and a full-scale exercise in a realistic environment located at the Center for National Response (CNR) Memorial Tunnel Complex, Gallagher, West Virginia. The Transportation Security Administration, West Virginia National Guard, JITEC, and West Virginia University are collaborative partners in this training. Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Emergency management agency, emergency medical services, fire service, governmental administrative, hazardous material, health care providers, law enforcement, public health, public safety communications, public works, and others Course Provider: DoD/Dept. of the Army/JITEC



Prerequisites: None


To Schedule: http://www.hsp.wvu.edu/course_calendar

IED Search Procedures Workshop

This workshop is designed to increase IED awareness and educate participants on bombing prevention measures and planning protocols to detect IEDs by reviewing specific search techniques. This workshop builds knowledge of counter-IED principles and techniques among first responders and public/private sector security partners tasked with IED search and response protocols.

Mission Area: Protection

Core Capability: Screening, Search, and Detection


Targeted Audience: SLTT first responders and public and private sector security partners









http://www.hsp.wvu.edu/course_calendar

19


Prerequisites: None


For More Information: http://www.dhs.gov/bombing-prevention-training-courses#IED Search Procedures To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

IED/WMD Electronics Course

This course is intended to introduce certified bomb technicians to current terrorist tactics, techniques, and procedures (TTPs) and some of the procedures being employed by international bomb squads to counter the terrorist threat. The course has been designed in eight modular segments to give the host bomb squad the option of tailoring the course to meet their specific requirements. The course can be delivered in one of four possible formats that emphasize different skills and techniques: (1) Threat Assessment and IED Electronic Circuits, (2) Threat Assessment: IED Electronic Circuits and Disrupter Practical Exercise, (3) Threat Assessment and Practical Scenario Led Exercises, and (4) IED Electronic Circuits. Upon completion of this course, participants will be able to discuss current terrorist TTPs and identify some of the additional considerations and countermeasures required to successfully deal with them given an IED response/scenario. Mission Area: Protection Core Capability: Interdiction and Disruption


Targeted Audience: Emergency management agency, emergency medical services, fire service, and law enforcement




Prerequisites: None



Incident Response to Terrorist Bombings-Operations

This is a performance-level (operations) course designed to prepare emergency responders to perform effectively and safely during bombing incidents, principally in support roles within the warm and cold zones of the incident scene. The course includes a familiarization with improvised explosive devices (IEDs) and explosive materials and detailed training on critical response actions during pre- and post-detonation operations. In addition, the course addresses actions that emergency responders can take to prevent and/or deter bombing attacks against targets in their communities. Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: Emergency medical services, fire service, law enforcement, public safety communications, and public works Course Provider: New Mexico Institute of Mining and Technology



Prerequisites: None


To Schedule: http://www.emrtc.nmt.edu/training/irtb.php

Initial Law Enforcement Response to Suicide Bomb Attacks (ILERSBA)

Initial Law Enforcement Response to Suicide Bombing Attacks (ILERSBA) was developed with support and cooperation from the Department of Homeland Security, National Bomb Squad Commanders Advisory Board, and New Mexico Tech. It is designed to provide front-line law enforcement officers with the skills and knowledge to effectively interdict and respond to an imminent suicide bombing attack—whether person-borne or vehicle-borne—or a non-suicide attack involving a







http://www.emrtc.nmt.edu/training/irtb.php

20

vehicle-borne device. Additionally, this course addresses the training gap of first-line officers in making immediate decisions when faced with improvised explosive device (IED) attacks. ILERSBA offers a blend of classroom presentations and practical exercises designed to familiarize participants with procedures for safe and effective responses to suicide bombing attacks.



Targeted Audience: Law enforcement and first responders




Prerequisites:

Completed basic law enforcement training and, where applicable, on-the-job training under the supervision of a departmental training officer.

Demonstrated successful performance as a patrol officer in a U.S. State or local law enforcement agency.

Sufficient tenure remaining in their current or future position to allow for the application of course material upon their return.


To Schedule: https://cdp.dhs.gov/training/courses/ilersba

Initial Law Enforcement Response to Suicide Bombing Attacks (ILERSBA), Customized

The ILERSBA Customized Course is a 90-minute training course designed for State, local, and tribal first responders and other individuals in the community that are responsible for responding to and planning for a suicide bombing threat or event. It is designed to be presented in a workshop or conference environment attended by the target audience. It addresses some of the major considerations a jurisdiction is required to answer when creating plans, procedures, and tactics to prevent and respond to suicide bombing incidents. Discipline-specific modifications for specialized audiences may be prepared as warranted. This course uses a blend of classroom presentations and performance exercises designed to help participants develop a greater understanding of

the complex demands a suicide bombing threat presents.

Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Law Enforcement




Prerequisites: Actively employed or auxiliary member of a State, local, tribal, or Federal law enforcement agency with sufficient tenure remaining in their current or future position to allow for the application of course material upon their return


To Schedule: http://www.emrtc.nmt.edu/training/ilersba.php


The LTATP is unique in its design, recognizing that security at most land transportation systems is accomplished by a cooperative effort of Federal, State, local, and contract personnel. This program was designed to protect the land transportation infrastructure to include rail, mass transit, bus operations, and, most importantly, passengers and employees. It will address the needs of all personnel charged with security responsibilities. Mission Area: Protection Core Capability: Operational Coordination; Physical Protective Measures


Targeted Audience: Federal, State, and local law enforcement, public and private security personnel, and military personnel involved in transportation



Cost/Funding Source: Homeland Security Grant Program Prerequisites: Applicants must be assigned to duties directly related to security and contingency planning of a land transportation system.

https://cdp.dhs.gov/training/courses/ilersba

http://www.emrtc.nmt.edu/training/ilersba.php

21


To Schedule: https://www.fletc.gov/training-program/land-transportation-antiterrorism-training-program

Large Vehicle Bomb Render Safe Procedures Course

This course primarily focuses on Render Safe Procedures in VBIED events that are deemed life threatening, requiring immediate action. Mission Area: Prevention Core Capability: Interdiction and Disruption Course Level: Performance Targeted Audience: Course is only available to full-time, sworn, salaried employees of a law enforcement or public safety agency who are assigned to an accredited bomb squad. Course Provider: FBI Hazardous Devices School






Law Enforcement Protective Measures for CBRNE Incidents (LEPM)

Law Enforcement Protective Measures for CBRNE Incidents (LEPM) is a one-day course that provides law enforcement responders the opportunity to develop skills to deal with chemical, biological, radiological, nuclear, and explosive (CBRNE) emergencies. This not only reinforces their ability to identify suspicious activity that could lead to a CBRNE event, but also arms them with the knowledge, skills, and attitudes necessary to respond effectively. LEPM is designed to produce law enforcement responders who understand the immediate protective actions to safely and appropriately respond to a CBRNE incident at the performance defensive level. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: SLTT first responders


Delivery Mechanism: Residential, mobile, and indirect


Prerequisites:

AWR-160 Standardized Awareness Training

Currently serving as a certified law enforcement officer with a law enforcement agency or department.

Course Length: 8 hours To Schedule: https://cdp.dhs.gov/training/courses/lepm

Law Enforcement Protective Measures for CBRNE Incidents, Train-the-Trainer (LEPM TtT)

The Law Enforcement Protective Measures for CBRNE Incidents, Train-the-Trainer course focuses on terrorist tactics and targeting, related hazards, indicators of terrorism, and protective measures when responding to a terrorist event, and prepares graduates to train the LEPM course in their home jurisdictions. Mission Area: Response Core Capability: Environmental Response/ Health and Safety






Prerequisites:

AWR-160 Standardized Awareness Training (AWR-160)

Currently serving in a supervisory position with a law enforcement agency or department

Certified/authorized trainer within a law enforcement agency or department


To Schedule: https://cdp.dhs.gov/training/courses/lepm%20ttt





https://cdp.dhs.gov/training/courses/lepm

https://cdp.dhs.gov/training/courses/lepm%20ttt

22

Leadership and Management of Surface Transportation Incidents (LMSTI)

This course utilized NIMS/ICS guidelines and is designed to prepare participants in leadership and management of HazMat/WMD Hazardous Materials incidents involving surface transportation. The course integrates with the HAZMAT/WMD Technician for Surface Transportation (HWMDTST), Tank Car Specialist (TCS), and/or Highway Emergency Response Specialist (HERS) courses and requires participants to lead and manage incidents under NIMS/ICS guidelines and structures. Participants will be expected to complete proficiency requirements, all necessary NIMS/ICS documentation, and produce Incident Action Plans (IAPs) incorporating hands-on, scenario-based activities. Challenging, in-depth planning and decision-making processes are involved that will prepare participants in managing and documenting responses to real-world emergencies involving surface transportation incidents in their communities. Training Location: TTCI - SERTC, 55500 Dot Rd., Pueblo, CO 81001 Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Emergency management agency, emergency medical services, fire service, hazardous material, law enforcement, public safety communications, and public works

Course Provider: SERTC


Cost/Funding Source:

Prerequisites:

NIMS/IC IS-100b, IS-200b, IS-700a, IS-300, and

Successful completion of HazMat/WMD Operations level or higher training, Title 29, 1910.120(q).


To Schedule: http://sertc.org/courses/lmsti/


Participants completing this program will be able to properly perform patient triage, decontamination, treatment, and transportation in the event of exposure to chemical, biological, radiological, nuclear, and explosive (CBRNE) weapons. The course consists of facilitated discussions, small group exercises, hands-on activities, and task-oriented practical applications. Course participants will use both state-of-the-art adult and pediatric human patient simulators to promote critical thinking skills while utilizing the RAPID – Care concept. Mission Area: Response Core Capability: Mass Care Services


Targeted Audience: Emergency medical services, health care providers, and law enforcement Course Provider: Texas A&M Engineering Extension Service



Prerequisites: None


To Schedule: https://teex.org/Pages/Class.aspx?course=PER211&courseTitle=Medical+Management+of+CBRNE+Events

Piers and Sea Walls Search/Recovery

This course provides certified, public safety divers with the skills, knowledge, and ability to safely perform Jack-Stay Pattern Line and Necklace searches, as it pertains to pre- and post-terrorism scenes, as well as evidence and victim recoveries. Divers will also become familiar with the nomenclature and the differing applications of the Jack-Stay Pattern Line and Necklace. This course will demonstrate screening, searching, and detection through specific mission activities. These activities will display various protective measures of the Nation against acts of terrorism or manmade disaster. This course provides instruction for certified public safety divers in the mission area of urban search and rescue for victims and

http://sertc.org/courses/lmsti/

https://teex.org/Pages/Class.aspx?course=PER211&courseTitle=Medical+Management+of+CBRNE+Events



23

evidence at pre- and post-underwater-terrorism scenes. During this course, the divers will be tasked to perform a dive operation in response to a simulated pre- and post-terrorism scene.

Mission Area: Response Core Capability: Situational Assessment





Cost/Funding Source: Homeland Security Grant Program Prerequisites:

Certified "Open Water SCUBA Diver" by Professional Association of Diving Instructors (PADI), National Association of Underwater Instructors (NAUI), or equal

Successful completion of Basic Divers Skills Exam administered by course instructors



Physical Security Training Program (PSTP)

The Physical Security Training Program (PSTP) is an introductory physical security training program designed to provide baseline knowledge of physical security systems and procedures as defined by the Interagency Security Committee (ISC) Risk Management Process for Federal Facilities (RMP) and the Design Base Threat (DBT). The physical security survey/assessment process is the common thread used in teaching this program. The PSTP includes conceptual security considerations, vulnerabilities assessments, and familiarization with hardware and procedures. A comprehensive practical exercise is followed by a formal presentation of the survey results by each of the survey groups. Mission Area: Prevention Core Capability: Screening, Search, and Detection


Targeted Audience: Federal, State, and local law enforcement, physical security specialists,

military personnel, and other government personnel with physical security responsibilities



Cost/Funding Source: Participant fee

Prerequisites: None

Course Length: 80 hours To Schedule: https://www.fletc.gov/training-program/physical-security-training-program

Post-Blast Investigation

This is a basic post-blast course designed to teach a systematic method of investigating an explosion scene. The course provides instruction in explosives identification and applications, explosives effects, IED component recognition, and evidence collection. Mission Area: Prevention Core Capability: Forensics and Attribution


Targeted Audience: Law enforcement officers who investigate explosives incidents

Course Provider: FBI

Delivery Mechanism: Residential and mobile


Prerequisites: None



Post-Blast Investigative Techniques I

This is a basic post-blast course designed to teach a systematic method of investigating an explosion scene. The course provides instruction in explosives identification and applications, explosives effects, IED component recognition, and evidence collection. The course is delivered at a variety of locations throughout the United States based on requests from ATF Field Divisions. The course is comprised of classroom participation, an explosives demonstration, and actual investigation of a post-blast scene. Students must provide their



https://www.fletc.gov/training-program/physical-security-training-program

https://www.fletc.gov/training-program/physical-security-training-program


24

own transportation, lodging, and meals. ATF provides instructors, classroom supplies, training materials, and range tools. Student selection is conducted by the ATF Field Office hosting the training. Mission Area: Prevention Core Capability: Forensics and Attribution


Targeted Audience: SLTT bomb techs, explosives detection canine handlers, unit commanders, and incident commanders Course Provider: ATF/National Center for Explosives Training and Research



Prerequisites: Applicant must be a full-time, public safety official whose primary mission is to investigate bombing incidents and other explosions. Selections are intended to facilitate coordination of agencies in the area of operation where the training is being conducted.


To Schedule: https://www.atf.gov/explosives/post-blast-investigative-techniques-i-course-id-expl-cs-0013


The goal of this course is to build relationships that result in effective multidisciplinary integration of emergency response assets, equipment, plans, and procedures during a CBRNE incident or event. Using a whole community approach, the course provides an opportunity for participants to cross-train and recognize the capabilities of responder organizations in their jurisdiction. Using a realistic response scenario, participants will exercise and assess their ability to effectively integrate with other disciplines in their community. Mission Area: Response Core Capability: Operational Coordination


Targeted Audience: Emergency management agency, emergency medical services, hazardous materials personnel, health care

providers, and law enforcement

Course Provider: Louisiana State University (LSU)



Prerequisites: None


To Schedule: http://www.ncbrt.lsu.edu/catalog/performance/integratedresponse.aspx

Prevention of and Response to Suicide Bombing Incidents, Train the Trainer

This is a performance/operations-level resident course designed to provide training necessary to develop plans, policies, and procedures to prevent and respond to suicide bombing incidents in participants’ jurisdictions. The course offers a unique blend of classroom presentations, field laboratories, case studies, and performance exercises. It addresses, in detail, the issues required to be addressed in a jurisdiction’s plans to deal with the suicide bombing threat. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Emergency medical services, fire service, law enforcement, and public safety communications

Course Provider: FEMA



Prerequisites:

Actively employed or volunteer member of a first responder or emergency management agency.

Assignment or identification for assignment to a position responsible for conducting WMD training; developing plans, policies, procedures and tactics to govern response; providing specialized response support during WMD incidents; or coordinating initial response to a WMD incident.

For personnel who desire trainer certification, completion of an instructor training program and/or documented experience as a trainer.

Required prerequisites must be verified by

https://www.atf.gov/explosives/post-blast-investigative-techniques-i-course-id-expl-cs-0013





25

the participant's department at the time of application.


To Schedule: http://www.emrtc.nmt.edu/training/pdf/prsbitechapp.pdf


A joint DHS-private sector document that provides suggestions for developing and implementing bag search procedures at public assembly venues hosting major events. The bag search procedures delineated in this guide are for guidance purposes only; they are not a requirement under any regulation or legislation. Mission Area: Prevention; Protection Core Capability: Screening, Search, and Detection






Prerequisites: None

Course Length: N/A To Access: To obtain this document, visit the Homeland Security Information Network (HSIN) (https://hsin.dhs.gov) page. Non-HSIN users should contact [email protected] for an electronic PDF copy.


This course provides the participant instruction on how to detect hostile surveillance by exploring surveillance techniques, tactics, and procedures from an adversary perspective. These skills enhance counter-IED capabilities of law enforcement and security professionals to detect, prevent, protect against, and respond to IED threats. Mission Area: Response

Core Capability: Situational Assessment


Targeted Audience: Public and private sector

security personnel




Prerequisites: FEMA EMI IS-914, Surveillance Awareness Course Length: 24 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#Surveillance Detection To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

Technical Emergency Response Training for CBRNE Incidents (TERT)

All-hazards training that features an overview of the terrorist threat, potential targets, and chemical, biological, radiological, and explosive hazards that may be used in all emergency incidents. Includes hands-on exercises in decontamination, mass casualty triage, survey, and monitoring. Culminates in a training exercise at the Chemical, Ordnance, Biological and Radiological Training Facility. Mission Area: Response Core Capability: Environmental Response/ Health and Safety






Prerequisites:

AWR-160 Standardized Awareness Training or another equivalent certified awareness training program;

IS-100.a Introduction to the Incident Command System or any of the ICS-100 series (https://training.fema.gov/is/courseoverview.

http://www.emrtc.nmt.edu/training/pdf/prsbitechapp.pdf

http://www.emrtc.nmt.edu/training/pdf/prsbitechapp.pdf

https://hsin.dhs.gov/








26

aspx?code=IS-100.b);

IS-200.a ICS for Single Resources and Initial Action Incidents or any of the ICS-200 series (http://training.fema.gov/is/courseoverview.aspx?code=IS-200.b);

IS-700.a National Incident Management System (NIMS), An Introduction (http://training.fema.gov/is/courseoverview.aspx?code=IS-700.a); and

IS-800.b National Response Framework, An Introduction (https://training.fema.gov/is/courseoverview.aspx?code=IS-800.b).


To Schedule: https://cdp.dhs.gov/training/program/b

Transit Terrorist Tools and Tactics

This course addresses the technical aspects of detecting, deterring, preventing, mitigating, and responding to a potential CBRNE attack directed against a transit system facility. As such, it provides detailed information through presentations and practical exercises requiring participants to demonstrate skills obtained during the course. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Transit security staff, regional law enforcement personnel, multi-agency emergency responders, and specialized response teams Course Provider: Louisiana State University (LSU)



Prerequisites: None


To Schedule: http://www.ncbrt.lsu.edu/catalog/performance/transit.aspx

Underwater Hazardous Device Search Course

This course (previously referred to as the Anti-Terrorism Diver Course) is intended to train public safety divers on the safest possible methods to search, locate, and mark for underwater terrorists devices. At the completion of this course, the attendees should possess the skills to perform proficient maritime underwater searches thus providing a “force multiplier” capability in response to terrorist threats on waterborne targets. This course is not designed, nor intended to teach bomb disposal “hands-on” techniques or procedures. Mission Area: Response Core Capability: Situational Assessment


Targeted Audience: Fire service and law enforcement




Prerequisites: None



Underwater Post Blast Investigation

This course focuses on specialized techniques to document and collect evidence in bomb scenes in underwater environments. Participants must provide dive equipment. Mission Area: Prevention Core Capability: Forensics and Attribution


Targeted Audience: Law enforcement officers who investigate explosives incidents Course Provider: FBI Los Angeles Field Division



Prerequisites: Attendees must be certified open water divers









https://cdp.dhs.gov/training/program/b

http://www.ncbrt.lsu.edu/catalog/performance/transit.aspx

http://www.ncbrt.lsu.edu/catalog/performance/transit.aspx


27

For More Information: Contact the Special Agent Bomb Technician in the Los Angeles FBI Field Office http://www.fbi.gov/contact-us/field


This course improves the participant’s ability to successfully inspect for, detect, identify, and respond to a VBIED. Instruction covers the VBIED threat, explosive effects, IEDs, and vehicle inspections, enabling participants to detect, deter, and protect against the illicit use of explosives. The course is designed for first responders and public/private security staff tasked with inspecting vehicles for explosives, dangerous goods, or any contraband.

Mission Area: Response

Core Capability: Environmental Response/ Health and Safety


Targeted Audience: SLTT first responders and public and private sector security personnel conducting vehicle inspections




Prerequisites: None

Course Length: 8 hours For More Information: http://www.dhs.gov/bombing-prevention-training-courses#VBIED Detection To Schedule: Contact local Protective Security Advisor (PSA) (http://www.dhs.gov/protective-security-advisors) or send an email to [email protected].

Vehicle-Borne Improvised Explosive Device Security Checkpoint

This course is designed to provide key members of the law enforcement community with the skill sets required to successfully establish and operate a VBIED Checkpoint that will assist in identifying, disrupting, and preventing a potential terrorist attack at special events and critical infrastructure. The course is designed to provide the participants with both

classroom lecture followed by intensive hands-on field exercises and role-play scenarios. Mission Area: Response Core Capability: Situational Assessment






Prerequisites: None




Bomb Squad Commanders Course

The Bomb Squad Commanders Course addresses management, safety, personnel, and other topics involved in the day-to-day operation of a professional bomb squad. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: HDS-certified bomb technicians newly designated as Bomb Squad Commander Course Provider: FBI/Counter-IED Unit/Hazardous Devices School















28

Bomb Squad Executive Management Course

The Bomb Squad Executive Management Course provides a background in operating procedures, equipment, personnel, and finance needed to administer a public safety bomb squad. Mission Area: Prevention Core Capability: Interdiction and Disruption


Targeted Audience: Public safety professionals with operational or financial oversight responsibilities for bomb squads Course Provider: FBI/Counter-IED Unit/Hazardous Devices School



Prerequisites: None



Identifying IED Threats to Public Transit

This seminar demonstrates how to prepare for and initially respond to acts of terrorism involving explosives, how to implement a plan and procedures to respond to an explosive incident, and how to manage an incident in a transit environment. Participants are trained in general security awareness in the transit environment and how to identify flaws in facility or vehicle design and discourage criminal activity. Mission Area: Response Core Capability: On-scene Security and Protection


Targeted Audience: Emergency management agency, emergency medical services, fire service, law enforcement, and others

Course Provider: DOT/FTA/TSI



Prerequisites: None Course Length: 4 hours To Schedule: Contact: Radonna Snider Phone: 405.954.4799 Email: [email protected]

Incident Command: Capabilities, Planning and Response Actions for All Hazards

The importance of planning and training for a CBRNE incident response is stressed to participants; thus, the course incorporates preparedness planning considerations and incident management concepts to train participants to serve as members of an incident management team. Participants are immersed in a curriculum that will promote development of their abilities to evaluate the threat, identify and prioritize probable targets, measure required capabilities, and discuss the Incident Response Plan (IRP) and Incident Action Plan (IAP) processes. The course culminates with a real-time, scenario-driven tabletop exercise that requires participants to apply concepts learned during the course to plan for and manage emergency response resources. Mission Area: Response Core Capability: Environmental Response/ Health and Safety






Prerequisites: To be eligible to attend IC, candidates must have also successfully completed the IS-700.a, IS-100.b, and IS-200.b courses offered by the Federal Emergency Management Agency (FEMA).


To Schedule: https://cdp.dhs.gov/training/courses/ic



https://cdp.dhs.gov/training/courses/ic

29








Prerequisites: None

Course Length: N/A

For More Information: [email protected] To obtain these For Official Use Only (FOUO)-designated documents please visit the Commercial Facilities Publications Webpage (http://www.dhs.gov/commercial-facilities-publications) and follow the instructions to gain access to the Commercial Facilities site on the Homeland Security Information Network - Critical Infrastructure.








Prerequisites: None

Course Length: N/A









Prerequisites: None

Course Length: N/A



The Protective Measures Guides provide an overview of possible threats, vulnerabilities, and protective measures designed to assist facility owners and operators in planning and managing security specific to their venue to maintain a safer environment for guests and employees.










30

Mission Area: Protection Core Capability: Physical Protective Measures






Prerequisites: None

Course Length: N/A





31

Acronym Appendix

Acronym Definition

ACEP American College of Emergency Physicians

AEDT Advanced Explosives Disposal Techniques

ATF Bureau of Alcohol, Tobacco, Firearms and Explosives

BMAP Bomb-Making Materials Awareness Program

CBRNE Chemical, Biological, Radiological, Nuclear, and Explosive

CDC Centers for Disease Control and Prevention

CDP Center for Domestic Preparedness

CFR Code of Federal Regulations

C-IED Counter Improvised Explosive Device

CNR Center for National Response

COBRATF Chemical, Ordnance, Biological, and Radiological Training Facility

CVCTP Commercial Vehicle Counterterrorism Training Program

DBT Design Base Threat

DHS/IP U.S. Department of Homeland Security, Office of Infrastructure Protection

DHS/IP/OBP U.S. Department of Homeland Security, Office of Infrastructure Protection, Office for Bombing Prevention

DOJ Department of Justice

DOT/FTA/TSI U.S. Department of Transportation, Federal transit Administration, Transportation Safety Institute

EMO Emergency Medical Operations

EMS Emergency Medical Services

EMT Emergency Medical Technician

EOD Explosives Ordnance Disposal

ERG Emergency Response Guidebook

ERHM Emergency Responder Hazardous Materials

FBI Federal Bureau of Investigations

FEMA Federal Emergency Management Agency

FEMA EMI Federal Emergency Management Agency Emergency Management Institute

FLETC Federal Law Enforcement Training Centers

FOUO For Official Use Only

HARM Hazard Assessment and Response Management

HAZMAT Hazardous Materials

HDS Hazardous Devices School

HERS Highway Emergency Response Specialist

HME Home-made Explosives

HOT Hands-On Training

32

HSIN Homeland Security Information Network

HSIN-CI Homeland Security Information Network-Critical Infrastructure

HT Hazardous Materials Technician

HWMDTST HazMat/WMD Technician for Surface Transportation

IAP Incident Action Plan

ICE Integrated Capstone Event

ICS Incident Command System

IED Improvised Explosive Device

IFSAC International Fire Service Accreditation Congress

ILERSBA Initial Law Enforcement Response to Suicide Bomb Attacks

IM Intermodal

IRP Incident Response Plan

ISC Interagency Security Committee

JIEDDO Joint IED Defeat Organization

JITEC Joint Interagency Training and Education Center

JPO Joint Program Office

LEPM Law Enforcement Protective Measures

LMSTI Leadership and Management of Surface Transportation Incidents

LSU Louisiana State University

LTATP Land Transportation Antiterrorism Training Program

MCI Mass Casualty Incident

NAUI National Association of Underwater Instructors

NBSCAB National Bomb Squad Commanders Advisory Board

NCETR National Center for Explosives Training and Research

NFPA National Fire Protection Association

NIMS National Incident Management System

NRF National Response Framework

NTED National Training and Education Division

OBP Office for Bombing Prevention

OEM Office of Emergency Management

OSHA Occupational Safety and Health Administration

PADI Professional Association of Diving Instructors

PBIED Personnel-Bourne IED

PPE Personal Protective Equipment

PSA Protective Security Advisor

PSTP Physical Security Training Program

RAIN Recognition, avoidance, isolation and notification

33

RMP Risk Management Process

SAAT Standardized Awareness Authorized Training

SAT Standardized Awareness Training

SERTC Security and Emergency Response Training Center

SLTT State, Local, Tribal, and Territorial

TERT Technical Emergency Response Training

TIIDE Terrorism Injuries: Information, Dissemination and Exchange

TTP Tactics, techniques, and procedures

TtT Train the Trainer

UPSBI Understanding and Planning for School Bomb Incidents

VBIED Vehicle-Borne Improvised Explosive Device

WMD Weapons of Mass Destruction