Government Mission Survivability and ContinuityTypes of Systems and Facilities Assessed: * Command & control architectures and sites * Operations centers * Information technology architectures and sites * Telecommunications architectures and sites * Intelligence collection and fusion centers * Missile defense sites * Deployment sites * Depots and weapons storage sites * Logistics operations centers * Airfields * Naval Bases * Strategic ports * DoD manufacturing sites * Medical research facilities * Stockpile sites * Navigation, positioning, and timing sites * DamsDefense Threat Reduction AgencyDTRA_074053c2-eddf-11e7-80cb-c8afc7516356Gregory GilbertCBCP -- Emergency Operations and Continuity Specialist, Contractor Support for Defense Threat Reduction Agency (DTRA)William AustinChief, BSA Branch, DSN_074055ac-eddf-11e7-80cb-c8afc7516356To safeguard the United States and its Allies from weapons of mass destruction by providing capabilities to reduce, eliminate, and counter the threat and mitigate its effect_074056ec-eddf-11e7-80cb-c8afc7516356Survivability AssessmentsConduct integrated, multidisciplinary, mission-survivability assessments to identify vulnerabilities of critical national/theater mission systems and recommend mitigations_07405a0c-eddf-11e7-80cb-c8afc75163561Risk Management Process -- * Risk Assessments - Commander /Asset Owner -- * Threat/Hazard Assessments - Local/Unit, State, Federal, CI Staff, DIA/CIA, Etc. * Vulnerability Assessments - AT/FP, BSA, Red Team, Local VA * Criticality Assessments - Commander, Mission Essential Functions, and Tasks (MEFs/METs) SystemsUnderstand entire system (details to architecture)_07405b42-eddf-11e7-80cb-c8afc75163561.1MissionsEnsure mission survivability with an emphasis on identifying single point vulnerabilities (SPVs)_07405c64-eddf-11e7-80cb-c8afc75163561.2Single Point Vulnerability (SPV) -- Equipment, processes, procedures, infrastructures, and/or key positions that, if destroyed or denied, would result in the loss or severe degradation of mission.PerformanceAssess performance (not compliance)_07405d90-eddf-11e7-80cb-c8afc75163561.3Threats & HazardsConsider entire threat and hazard spectrum_07405ec6-eddf-11e7-80cb-c8afc75163561.4TeamsMatch teams to site needs_07405fde-eddf-11e7-80cb-c8afc75163561.5AnalysesConduct 2- to 3-week analyses onsite plus post-site analyses_0740610a-eddf-11e7-80cb-c8afc75163561.6ProductsConduct out-briefing and report identifying vulnerabilities, impacts, and recommended mitigations_0740622c-eddf-11e7-80cb-c8afc75163561.7CIP ProgramsLeverage the analyses to support CIP programs_07406358-eddf-11e7-80cb-c8afc75163561.8DistributionEmpower customers to control product distribution_07406632-eddf-11e7-80cb-c8afc75163561.9Recomendations_07406826-eddf-11e7-80cb-c8afc75163562Major BSA RecommendationsFacility DesignInclude mission survivability/resiliency in facility design_0740695c-eddf-11e7-80cb-c8afc75163562.1Open Source & InternetMonitor and limit open-source and Internet information_07406aba-eddf-11e7-80cb-c8afc75163562.2Counter-SurveillanceEstablish counter-surveillance programs and awareness_07406c68-eddf-11e7-80cb-c8afc75163562.3Security SystemsEnsure electronic and physical security systems are integrated and effective_07406dbc-eddf-11e7-80cb-c8afc75163562.4Threats & HazardsUnderstand threat/hazards, their probabilities, and impacts_07406f2e-eddf-11e7-80cb-c8afc75163562.5Operations & ProceduresAvoid predictable security routines; ensure randomness in procedures/operations_07407096-eddf-11e7-80cb-c8afc75163562.6Blast ProtectionEnsure standoff/construction provides survivable blast protection_07407208-eddf-11e7-80cb-c8afc75163562.7NetworksEnsure information networks are protected from insider and external threats_0740737a-eddf-11e7-80cb-c8afc75163562.8Wireless DevicesLimit and control of wireless devices (PEDs, RFIDs, etc.)_074074f6-eddf-11e7-80cb-c8afc75163562.9Diversity & RedundancyEnsure communications, information, and utility systems are redundant and diverse_07407668-eddf-11e7-80cb-c8afc75163562.10Fire & HazardsEnsure fire and hazard protection is consistent with mission criticality_074077da-eddf-11e7-80cb-c8afc75163562.11LightningEnsure lightning protection and grounding systems are effective and maintained_0740794c-eddf-11e7-80cb-c8afc75163562.12Mail & ParcelsEnsure mail and parcel handling prevents the introduction and spread of contaminants_07407ab4-eddf-11e7-80cb-c8afc75163562.13Emergency Action & COOPImplement and exercise emergency action and COOP plans_07407c30-eddf-11e7-80cb-c8afc75163562.14Information SharingEnsure that information on critical vulnerabilities and best practices for mission survivability reaches decision makers._07407d98-eddf-11e7-80cb-c8afc75163563Sharing BSA Experience -- Transfer BSA results to the DoD (and Agency) communities in many waysOut-Briefs & ReportsProvide out-briefings and reports_07407f14-eddf-11e7-80cb-c8afc75163563.1Trends & Lessons LearnedShare lessons learned and issue trends products_0740809a-eddf-11e7-80cb-c8afc75163563.2GuidelinesProvide "Designing for Mission Survivability" guidelines_0740820c-eddf-11e7-80cb-c8afc75163563.3(~44 copies distributed to customers since August 2010)Special Reports & BriefingsSpecial reports and "roll-up" briefings to DoD leadership_07408392-eddf-11e7-80cb-c8afc75163563.4DoD LeadershipDesign ReviewsConduct design reviews_07408554-eddf-11e7-80cb-c8afc75163563.5(COCOMs, Agencies, etc.)Vulnerability TrackingSupport customers using databases to track vulnerabilities_074086f8-eddf-11e7-80cb-c8afc75163563.6Working GroupsParticipate in working groups_074088b0-eddf-11e7-80cb-c8afc75163563.7Policy ReviewsConduct policy document reviews_07408a7c-eddf-11e7-80cb-c8afc75163563.8Assessment Tool_07408dd8-eddf-11e7-80cb-c8afc75163564BSA Information Operations Assessment ToolCustomer FocusCustomer discretionary and tailored assessment of customer defined networks_07409080-eddf-11e7-80cb-c8afc75163564.1VulnerabilitiesPrecisely identify IO/IA vulnerabilities w/o impacting operations_0740931e-eddf-11e7-80cb-c8afc75163564.2Networks & IT SystemsProvides in-depth understanding of networks and IT systems security_07409562-eddf-11e7-80cb-c8afc75163564.3Penetration TestingNo penetration testing while connected_07409724-eddf-11e7-80cb-c8afc75163564.4Tools_0740990e-eddf-11e7-80cb-c8afc75163564.5Tools include:Best PracticesMethodology based on NSA, DoD, NIST, BSA and commercial best practices_07409b20-eddf-11e7-80cb-c8afc75163564.5.1VulnerabilitiesNSA developed Blue Team vulnerability tool suite_07409cc4-eddf-11e7-80cb-c8afc75163564.5.2ScanningCommercial and open-source modeling and vulnerability scanning tools_07409eb8-eddf-11e7-80cb-c8afc75163564.5.3ProcessBSA IA toolkit process_0740a07a-eddf-11e7-80cb-c8afc75163564.5.4Pre-CoordinationDetailed pre-coordination - formal agreement Letter/scoping worksheet_0740a20a-eddf-11e7-80cb-c8afc75163564.5.5SchedulingScan at "non-peak" times with strict schedule control_0740a3e0-eddf-11e7-80cb-c8afc75163564.5.6Data ProtectionEnd-to-end data protection_0740a57a-eddf-11e7-80cb-c8afc75163564.5.7Encryption & Air GapsEncrypted external drive/volume, secure GFE laptops, and DTRA air-gapped SCI LAN_0740a714-eddf-11e7-80cb-c8afc75163564.5.8ReportingCritical findings immediately reported to customer while on-site_0740a98a-eddf-11e7-80cb-c8afc75163564.5.9Accomplishments_0740ab38-eddf-11e7-80cb-c8afc75163564.5.10identified potential malware, unauthorized and non-secure network activities, and vulnerable configurations; 4 years with no adverse impacts/outagesTrends AnalysisCompile, statistically analyze, and report long-term survivability trends_0740acdc-eddf-11e7-80cb-c8afc75163565Compile, statistically analyze, and report long-term survivability trends in: Physical security, surveillance, structural protection, WMD/Hazmat, electromagnetics, utilities, telecommunications, information systems, emergency operations, COOP, and architecture resiliency. -- Aspects with highest historical ratings: * Utilities endurance and capacity * Architecture resiliency * Structural blast resistance * Utilities redundancy and diversity -- Aspects with lowest historical ratings: * Open source information * Lightning protection * External signatures/vulnerabilities * WMD detection, identification, warning * External electromagnetic protection * Information systems and dataPhysical Security_0740ae94-eddf-11e7-80cb-c8afc75163565.1Surveillance_0740b038-eddf-11e7-80cb-c8afc75163565.2Structural Protection_0740b344-eddf-11e7-80cb-c8afc75163565.3WMD/Hazmat_0740b51a-eddf-11e7-80cb-c8afc75163565.4Electromagnetics_0740b790-eddf-11e7-80cb-c8afc75163565.5Utilities_0740b934-eddf-11e7-80cb-c8afc75163565.6Telecommunications_0740baf6-eddf-11e7-80cb-c8afc75163565.7Information Systems_0740bcae-eddf-11e7-80cb-c8afc75163565.8Emergency Operations_0740be5c-eddf-11e7-80cb-c8afc75163565.9COOP_0740c046-eddf-11e7-80cb-c8afc75163565.10Architecture Resiliency_0740c21c-eddf-11e7-80cb-c8afc75163565.11Threats and Hazards_0740c3b6-eddf-11e7-80cb-c8afc75163566AnalysisConsolidate threats and hazards analysis_0740c622-eddf-11e7-80cb-c8afc75163566.1ensure it drives risk managementUnderstandingManagers and security personnel should understand threats/hazards, their probabilities, and impacts_0740c848-eddf-11e7-80cb-c8afc75163566.2ManagersSecurity Personnelstay currentRationalizationAvoid "rationalizing away" threat/hazard risk_0740c9e2-eddf-11e7-80cb-c8afc75163566.3RoutinesAvoid predictable security routines_0740cbcc-eddf-11e7-80cb-c8afc75163566.4ensure randomness in procedures/operationsMonitoringMonitor infrastructure hazards and cyber threats_0740cdb6-eddf-11e7-80cb-c8afc75163566.5MentalityAvoid an "all threats/hazards" mentally that overlooks risks_0740cf5a-eddf-11e7-80cb-c8afc75163566.6IncidentsAccidents, electromechanical failures, and human errors are the most likely incidents; include them_0740d13a-eddf-11e7-80cb-c8afc75163566.7DisruptionsEnsure contract and business disruptions risks are considered_0740d324-eddf-11e7-80cb-c8afc75163566.8Surveillance_0740d4d2-eddf-11e7-80cb-c8afc75163567InternetMonitor, control, and mitigate infrastructure and operational information available on the Internet_0740d6d0-eddf-11e7-80cb-c8afc75163567.1Imagery, organization websites, organization publications, acquisition documents, budget and program documents, resumes... on .mil, .com, .org, .net, .govOPSECEstablish OPSEC inside and outside the perimeter_0740da40-eddf-11e7-80cb-c8afc75163567.2Rules & CultureImplement and enforce rules to establish an OPSEC culture_0740dc0c-eddf-11e7-80cb-c8afc75163567.2.1Facilities & PerimetersControl and maintain outer perimeter and facility physical access_0740df18-eddf-11e7-80cb-c8afc75163567.3Communications LinesEnsure communications lines cannot be easily identified_0740e13e-eddf-11e7-80cb-c8afc75163567.4Surveillance DetectionImplement surveillance detection programs_0740e2ec-eddf-11e7-80cb-c8afc75163567.5External ActivitiesMonitor external activities_0740e4fe-eddf-11e7-80cb-c8afc75163567.5.1Awareness & ReportingPromote a culture of awareness and reporting_0740e6fc-eddf-11e7-80cb-c8afc75163567.5.2Physical Security_0740e8b4-eddf-11e7-80cb-c8afc75163568Integration & LayeringEnsure defense is layered and integrated to detect, assess,delay, deny, and respond_0740eac6-eddf-11e7-80cb-c8afc75163568.1Security SystemsEnsure physical and electronic security systems are properly installed, integrated, utilized and provide adequate coverage_0740ecd8-eddf-11e7-80cb-c8afc75163568.2Visual AssessmentImplement an immediate visual assessment capability_0740ee9a-eddf-11e7-80cb-c8afc75163568.3Insider ThreatsImplement internal circulation controls that account for insider threats and do not over-rely on employee "trust"_0740f0a2-eddf-11e7-80cb-c8afc75163568.4LightingEnsure external lighting coverage is effective_0740f2c8-eddf-11e7-80cb-c8afc75163568.5CirculationControl personnel and vehicle circulation in/around critical areas/resources_0740f48a-eddf-11e7-80cb-c8afc75163568.6PersonnelEnsure personnel managing electronic access control systems are properly vetted/cleared_0740f6a6-eddf-11e7-80cb-c8afc75163568.7Security Control CentersProtect security control centers; ensure alternates are adequate_0740f8ae-eddf-11e7-80cb-c8afc75163568.8AccessPrevent unauthorized vehicle and pedestrian access to installation and compound perimeters_0740fa66-eddf-11e7-80cb-c8afc75163568.9Active BarriersInstall and use active vehicle barriers, ensure they can be activated quickly enough to prevent access_0740fc78-eddf-11e7-80cb-c8afc75163568.9.1Passive BarriersInstall effective passive vehicle barriers_0740fe80-eddf-11e7-80cb-c8afc75163568.9.2ID CardsPhysically and electronically verify Identification cards_07410178-eddf-11e7-80cb-c8afc75163568.9.3VehiclesImplement effective vehicle vetting and inspections_074104a2-eddf-11e7-80cb-c8afc75163568.10Bills of LadingDo not grant commercial vehicle access using a printed bill of lading or similar document_074106f0-eddf-11e7-80cb-c8afc75163568.10.1DeliveriesVerify deliveries_074108d0-eddf-11e7-80cb-c8afc75163568.10.2ExplosivesImplement explosives detection capabilities_07410b8c-eddf-11e7-80cb-c8afc75163568.10.3Emergency Operations_07410dbc-eddf-11e7-80cb-c8afc75163569Emergency PlansDevelop and implement effective emergency plans_07410fb0-eddf-11e7-80cb-c8afc75163569.1Threats & HazardsAddress likely threats/hazards_0741121c-eddf-11e7-80cb-c8afc75163569.1.1CoordinationCoordinate with support organizations_0741146a-eddf-11e7-80cb-c8afc75163569.1.2Immediate ResponseLeverage immediate response actions available to organic personnel_07411654-eddf-11e7-80cb-c8afc75163569.1.3Monitoring & AssessmentContinuously monitor infrastructure hazards; ensure incident warnings/indications are properly assessed_074118ca-eddf-11e7-80cb-c8afc75163569.2Training & ExercisesTrain and exercise plans to ensure planning is effectively implemented_07411b0e-eddf-11e7-80cb-c8afc75163569.3Evacuation & ShelteringEnsure evacuation and shelter-in-place planning is integrated and tailored to threats/hazards_07411cee-eddf-11e7-80cb-c8afc75163569.4Safety & PreventionEnforce prevention and safety programs; do not allow a culture of acceptance(U) Battery Room lacking Hydrogen Detection Sensors, Exhaust Ventilation, and Early Warning Fire Detection(U) Moisture Detection Sensor Alarm Panel in an Unmanned Data Center_07411f5a-eddf-11e7-80cb-c8afc75163569.5Fire Protection_0741219e-eddf-11e7-80cb-c8afc7516356DesignEnsure protective design is commensurate with criticality and integrated with operations_0741237e-eddf-11e7-80cb-c8afc751635610.1Detection & SuppressionMaintain detection and suppression systems and configurations_074125fe-eddf-11e7-80cb-c8afc751635610.2Warning & MonitoringEnsure fire detection systems provide early warning and are continuously monitored locally_07412a0e-eddf-11e7-80cb-c8afc751635610.3ControlsControl fire loads and ignition sources_07412cca-eddf-11e7-80cb-c8afc751635610.4ExtinguishersEnsure fire extinguisher deployment is tailored to systems and fire risks_07412f86-eddf-11e7-80cb-c8afc751635610.5TrainingImplement effective immediate actions training_074131d4-eddf-11e7-80cb-c8afc751635610.6Structural Response_074133d2-eddf-11e7-80cb-c8afc751635611Common System/Facility Themes -- * Reliability (N+1, 2N, etc.) does not equal survivability - Does not account for threats, hazards, and accidents * Construction, upgrade, and renovation project requirements should consider survivability, resiliency, and integrate operationsParkingDo not allow vehicles to park under or too close to buildings_07413666-eddf-11e7-80cb-c8afc751635611.1WallsAvoid building designs that install glass curtain walls_07413922-eddf-11e7-80cb-c8afc751635611.2Greater risk of injuries (~80% of casualties from flying glass)Construction & Staging AreasEnsure construction and staging area security and inspections prevent exposing critical buildings_07413b20-eddf-11e7-80cb-c8afc751635611.3Critical StructuresEnsure critical structures have sufficient stand-off from public roads and perimeter fences_07413dbe-eddf-11e7-80cb-c8afc751635611.4Building DesignsEnsure building designs identify appropriate strength and threat standoff requirements_07414016-eddf-11e7-80cb-c8afc751635611.5CriteriaDo not accept minimum criteria_07414214-eddf-11e7-80cb-c8afc751635611.5.1MitigationsAvoid post-construction mitigations_074144c6-eddf-11e7-80cb-c8afc751635611.5.2Post-construction mitigations are extremely expensiveTelecommunications_07414728-eddf-11e7-80cb-c8afc751635612NetworksEnsure communication networks are resilient and survivable_074149d0-eddf-11e7-80cb-c8afc751635612.1RedundancyInclude redundant system components_07414cc8-eddf-11e7-80cb-c8afc751635612.1.1Points of FailureAvoid multiple series single points of failure_074150b0-eddf-11e7-80cb-c8afc751635612.1.2CollocationDo not collocate redundant systems and components_07415452-eddf-11e7-80cb-c8afc751635612.1.3CircuitsInclude physical diversity between primary and secondary circuits_07415736-eddf-11e7-80cb-c8afc751635612.1.4Physical DiversityRoute cabling through physically diverse manholes and building penetrations_07415a06-eddf-11e7-80cb-c8afc751635612.1.5DiagramsEnsure site internal and external fiber diagrams are accurate, identify physical locations, and are maintained_07415c68-eddf-11e7-80cb-c8afc751635612.2HardeningHardened communications_07415f56-eddf-11e7-80cb-c8afc751635612.3ensure supporting systems are also hardenedInformation Operations_0741621c-eddf-11e7-80cb-c8afc751635613Redundancy & DiversityEnsure system and network components have redundancy and physical diversity_0741646a-eddf-11e7-80cb-c8afc751635613.1Defense & IncidentsIntegrate coordinated computer network defense and incident handling response_0741676c-eddf-11e7-80cb-c8afc751635613.2Protections & MonitoringEnsure network security protections and monitored network security devices effectively protect systems_07416a3c-eddf-11e7-80cb-c8afc751635613.3Configuration ManagementManage configuration to avoid significant end-of-life hardware and software issues in Program of Record systems and customer-controlled networks_07416c8a-eddf-11e7-80cb-c8afc751635613.4Production NetworksProduction networks should not be connected to software development networks; avoid Internet connections_07416fdc-eddf-11e7-80cb-c8afc751635613.5Insider ProtectionImplement effective malicious insiders protection_074172d4-eddf-11e7-80cb-c8afc751635613.6Non-Traditional NetworksImplement effective IA measures on non-traditional networks_0741766c-eddf-11e7-80cb-c8afc751635613.7Utility control systems, electronic physical security systemsSCADA Systems_07417ae0-eddf-11e7-80cb-c8afc751635614SCADA = supervisory control and data acquisition (utility monitoring and control systems)Accreditation, Monitoring & ManagementProperly accredit, monitor, and manage SCADA_07417e46-eddf-11e7-80cb-c8afc751635614.1ConfigurationEnsure configuration provides defense-in-depth_074180bc-eddf-11e7-80cb-c8afc751635614.2External ConnectivityAvoid non-secure remote dial-up access modems; manage external connectivity_074183d2-eddf-11e7-80cb-c8afc751635614.3Vendor AccessControl vendor access; ensure his laptop, software, and data are scanned_074186ac-eddf-11e7-80cb-c8afc751635614.4RedundancyProvide SCADA system redundancy_07418922-eddf-11e7-80cb-c8afc751635614.5NetworksEnsure SCADA does not tie into site networks_07418c42-eddf-11e7-80cb-c8afc751635614.6PermissionsStrictly segregate control and monitoring permissions_07418f30-eddf-11e7-80cb-c8afc751635614.7Utilities_074191ba-eddf-11e7-80cb-c8afc751635615UtilitiesRedundancy & DiversityImplement redundant and diverse utility system designs_0741950c-eddf-11e7-80cb-c8afc751635615.1Distribution PathsAvoid single-threaded distribution paths between components_074197f0-eddf-11e7-80cb-c8afc751635615.1.1Components & PathsProtect collocated components and single threaded paths equal to supported operations_07419a5c-eddf-11e7-80cb-c8afc751635615.1.2External EquipmentProtect external equipment to include transformers, switchgear, and cooling towers_07419f0c-eddf-11e7-80cb-c8afc751635615.2GeneratorsEnsure emergency generators can be manually started and aligned to loads_0741a2f4-eddf-11e7-80cb-c8afc751635615.3ControllersEnsure programmable logic controllers do not prevent manual operations_0741a59c-eddf-11e7-80cb-c8afc751635615.3.1CapacitiesEnsure utility systems have the required capacities_0741a8bc-eddf-11e7-80cb-c8afc751635615.4Water SourcesTwo independent water sources to cooling towers_0741ab6e-eddf-11e7-80cb-c8afc751635615.5ThreatsProtect, control, and manage SCADA systems to mitigate insider and external threats_0741ada8-eddf-11e7-80cb-c8afc751635615.6MaintenanceEnsure preventive maintenance is identified and accomplished_0741b0a0-eddf-11e7-80cb-c8afc751635615.7ConfigurationsManage configurations ("as-built" drawings, technical documentation, etc.) to safely and efficiently operate/maintain systems, prevent compromising resiliency, and enhance recovery_0741b348-eddf-11e7-80cb-c8afc751635615.8SurvivabilityCurrent technology permits dual-power-cord input to electronic devices; redundant and diverse power supply inputs improve survivability_0741b596-eddf-11e7-80cb-c8afc751635615.9Dual-Power-Cord DevicesEnsure dual-power-cord electronic devices are not fed single-threaded power from the same power panel/power distribution unit_0741b924-eddf-11e7-80cb-c8afc751635615.10WMD_0741bbd6-eddf-11e7-80cb-c8afc751635616Air IntakesEnsure building make-up air intakes are elevated and protected_0741be1a-eddf-11e7-80cb-c8afc751635616.1Warning, Identification & AssessmentImplement an effective warning, identification, and assessment capability_0741c18a-eddf-11e7-80cb-c8afc751635616.2VentilationInstall a capability to quickly shut down facility ventilation_0741c5c2-eddf-11e7-80cb-c8afc751635616.3Emergency Response PlansEnsure emergency response plans address CB/hazmat threats and hazards_0741c8ce-eddf-11e7-80cb-c8afc751635616.4Shelter & EvacuationIntegrate into shelter-in-place and evacuation plans_0741cc02-eddf-11e7-80cb-c8afc751635616.4.1Force ProtectionEnsure response is linked to force protection conditions_0741cec8-eddf-11e7-80cb-c8afc751635616.4.2Hazards & ThreatsIdentify hazards and threat vectors; plan to these_0741d134-eddf-11e7-80cb-c8afc751635616.4.3Equipment & SuppliesStock and deploy sufficient CB/hazmat protection equipment and medical supplies_0741d454-eddf-11e7-80cb-c8afc751635616.5Mail and Package Delivery_0741d742-eddf-11e7-80cb-c8afc751635617DeliveryAccept and process all delivery (USPS, FedEx, UPS, etc.) externally from facilities supporting operations or containing large populations_0741d99a-eddf-11e7-80cb-c8afc751635617.1delivery facility/room design should include:VentilationNegative pressure ventilation_0741dcba-eddf-11e7-80cb-c8afc751635617.1.1WallsFrangible exterior wall_0741df8a-eddf-11e7-80cb-c8afc751635617.1.2HVAC IndependenceIndependent HVAC system_0741e1d8-eddf-11e7-80cb-c8afc751635617.1.3HVAC = heating, ventilation, and air conditioningEquipment & SuppliesProtective/decontamination equipment/supplies_0741e52a-eddf-11e7-80cb-c8afc751635617.1.4Detection EquipmentX-ray, radiation, and explosives detection equipment_0741e7f0-eddf-11e7-80cb-c8afc751635617.1.5MailProcedures to safely examine or open mail_0741eb60-eddf-11e7-80cb-c8afc751635617.1.6Suspicious PackagesImplement suspicious package handling procedures and training_0741ef98-eddf-11e7-80cb-c8afc751635617.2HVAC ShutdownInstall a capability to rapidly shutdown HVAC to contain releases_0741f2a4-eddf-11e7-80cb-c8afc751635617.3Electromagnetic Protection_0741f506-eddf-11e7-80cb-c8afc751635618GroundingInstall and maintain effective facility, systems, and component grounding_0741f8c6-eddf-11e7-80cb-c8afc751635618.1Lives & SystemsMust address life safety and protect systems_0741fc0e-eddf-11e7-80cb-c8afc751635618.1.1Lightning ProtectionInstall, maintain, and test effective lightning protection systems_0741ff88-eddf-11e7-80cb-c8afc751635618.2Risk AssessmentAssess lightning risk_07420316-eddf-11e7-80cb-c8afc751635618.2.1Lives & SystemsMust address life safety and protect systems_074205f0-eddf-11e7-80cb-c8afc751635618.2.2Electromagnetic PulseContact DTRA POC if an EMP requirement is known or perceived_07420870-eddf-11e7-80cb-c8afc751635618.3Defense Industrial Base_07420bfe-eddf-11e7-80cb-c8afc751635619SuppliersAvoid single-source and foreign-source suppliers_07420f14-eddf-11e7-80cb-c8afc751635619.1JITMitigate the risks associated with Just-in-time delivery_074212de-eddf-11e7-80cb-c8afc751635619.2Just-in-time delivery introduces potential risksInventoryHave more than a few days supply of parts on hand_0742177a-eddf-11e7-80cb-c8afc751635619.2.1PenaltiesAvoid penalties for early shipping to downstream customers_07421a9a-eddf-11e7-80cb-c8afc751635619.2.2Manufacturing EquipmentEnsure replacing specialized manufacturing equipment have acceptable lead times_07421d1a-eddf-11e7-80cb-c8afc751635619.3SubcontractorsEnsure government has insight into and monitors subcontractors_0742209e-eddf-11e7-80cb-c8afc751635619.4SubcontractorsMission Restoral_0742238c-eddf-11e7-80cb-c8afc751635620Damage AssessmentEnsure planning addresses damage assessment procedures and is coordinated with supporting organizations_0742268e-eddf-11e7-80cb-c8afc751635620.1Personnel, Equipment, Services, Software, Documentation & SuppliesEnsure personnel, equipment, services, software, documentation, and supplies required to restore a mission are understood and available_07422b0c-eddf-11e7-80cb-c8afc751635620.2Lead TimeUnderstand lead time required to obtain major items and critical supplies_07422efe-eddf-11e7-80cb-c8afc751635620.3Alternative SourcesExplore alternate sources for critical equipment and spares_07423232-eddf-11e7-80cb-c8afc751635620.4Configuration DataMaintain systems and software configuration data to avoid hampering restoral efforts_0742364c-eddf-11e7-80cb-c8afc751635620.5Population Protection_07423b42-eddf-11e7-80cb-c8afc751635621People & MovementsUnderstand numbers and locations of people in buildings and movement patterns _07423f20-eddf-11e7-80cb-c8afc751635621.1MovementImplement planning that avoids movement into or through threats and hazards_07424358-eddf-11e7-80cb-c8afc751635621.1.1Response EffortsAvoids hampering response efforts_074246d2-eddf-11e7-80cb-c8afc751635621.1.2Community FacilitiesEnsure community facilities (clubs, athletic fields, malls) are not forgotten_074249ca-eddf-11e7-80cb-c8afc751635621.2EventsLimit special-event information and distribution_07424df8-eddf-11e7-80cb-c8afc751635621.3RationalizationAvoid "rationalizing away" threat/hazard risk_07425168-eddf-11e7-80cb-c8afc751635621.4High-Occupancy BuildingsAvoid siting high-occupancy buildings sited near public roads and installation perimeters_07425456-eddf-11e7-80cb-c8afc751635621.5Planning & TrainingImplement and coordinate effective emergency planning and training_07425884-eddf-11e7-80cb-c8afc751635621.6Detect, assess, warn, direct, respond, shelter, evacuateContinuity of Operations_07425bfe-eddf-11e7-80cb-c8afc751635622Inadequate business process and impact analyses will not yield effective planningRequirements & RisksCOOP planning should be driven by critical mission requirements (recovery time and point objectives) and risk_07425f00-eddf-11e7-80cb-c8afc751635622.1ImplementationCOOP planning should implement what needs to be done not what can be done_074265e0-eddf-11e7-80cb-c8afc751635622.2Hazards, Threats & ImpactsCOOP planning should address likely hazards/threats and impacts_074269d2-eddf-11e7-80cb-c8afc751635622.3an "all threats/hazards" approach creates gaps and inefficienciesResiliency & ResponseCOOP planning should balance resiliency and leverage response_07426cd4-eddf-11e7-80cb-c8afc751635622.4avoids inefficienciesStaffing, Resources, Exercise & SupportCOOP planning should be properly staffed, resourced, exercised and supported by leadership_07427116-eddf-11e7-80cb-c8afc751635622.5TrainingCOOP planning should train COOP planners/leadership_074274ae-eddf-11e7-80cb-c8afc751635622.6COOP PlannersCOOP LeadersCoordination & IntegrationCOOP programs must be coordinated and integrated within communities_074277ba-eddf-11e7-80cb-c8afc751635622.7CommunitiesDependencies & InterdependenciesDependencies and interdependencies need to be mapped_07427bf2-eddf-11e7-80cb-c8afc751635622.7.1Requirements DevelopmentConduct business process and impact analyses_07427fc6-eddf-11e7-80cb-c8afc751635623Government COOP Requirements Development Resources & StructureModel enterprise structure and resources to link systems, architecture, and infrastructure to essential functions and tasks (BPA)_074282f0-eddf-11e7-80cb-c8afc751635623.1Threats & HazardsDetermine resource threats/hazards and probabilities (threat/hazard analysis)_074287c8-eddf-11e7-80cb-c8afc751635623.2VulnerabilitiesDetermine resource impacts (vulnerability assessment)_07428bc4-eddf-11e7-80cb-c8afc751635623.3RisksDetermine risk_07428e80-eddf-11e7-80cb-c8afc751635623.4Risk = f(threat/hazard probability & impact) (risk assessment)CriticalityDetermine criticality measures (time, impact, etc.) that drive COOP planning requirements, mitigation alternatives, and strategies_07429240-eddf-11e7-80cb-c8afc751635623.52014-04-302017-12-30https://slideblast.com/a7-greg-gilbert_595570f21723ddc2b014f404.htmlOwenAmburOwen.Ambur@verizon.net