This lesson provides an examination of the Protection core capabilities.

Upon completion of this lesson, you will be able to describe core capabilities for Protection and actions required to deliver those capabilities.

As discussed in the first lesson, preparedness is the responsibility of the entire nation. The way we can measure, describe, and implement our security and resilience techniques is through core capabilities. These core capabilities are listed in the National Preparedness Goal and classified under the five mission areas. They are highly interdependent and require us to use existing preparedness networks and activities, coordinate and unify efforts, improve training and exercise programs, promote innovation, and ensure that the administrative, finance, and logistics systems are in place to support these capabilities.

Before we take a closer look at the Protection core capabilities, let’s review the key characteristics of these capabilities.

The core capabilities:

• Are distinct critical elements necessary to meet the National Preparedness Goal
• Are essential for the execution of each mission area: Prevention, Protection, Mitigation, Response, and Recovery
• Provide a common language for preparedness across the whole community
• Are not exclusive to any single level of government or organization and encompass the whole community

Utilizing and implementing core capabilities is what we as a nation require in order to deal with the risks we face. As we look at the Protection core capabilities, you’ll notice that three core capabilities span all mission areas: Planning, Public Information and Warning, and Operational Coordination. These help to unify the mission areas and in many ways are necessary for the success of the remaining core capabilities. In addition, three of core capabilities overlap with the Prevention mission area.

Select this link to view the complete list of core capabilities.

As we begin to look at the core capabilities, it is important to understand that the National Preparedness Goal specifically defines each of the core capabilities. These definitions are used to determine the critical tasks for each capability.

As we examine each core capability, we will discuss those critical tasks that must be implemented to successfully deliver that core capability.

It should be noted that these critical tasks are not for any single jurisdiction or agency. Accomplishment of these critical tasks at all levels within whole community creates unity of effort and achieves national preparedness.

Let’s take a closer look at the three cross-cutting core capabilities, starting with Planning.

The Planning capability is described as conducting a systematic process engaging the whole community as appropriate in the development of executable strategic, operational, and/or tactical-level approaches to meet defined objectives.

In the context of Protection, planning includes the development, exercise, and maintenance of multidisciplinary plans that provide joint guidance across mission activities.

As discussed earlier, each capability has an associated set of critical tasks that are necessary for the delivery of the capability. Let’s take a look at the critical tasks that are needed for the planning capability in regard to Protection:

• Initiate a flexible planning process that builds on existing plans as part of the National Planning System.
• Establish partnerships that facilitate coordinated information sharing between partners to support the protection of critical infrastructure within single, and across multiple, jurisdictions and sectors.
• Identify and prioritize critical infrastructure and determine risk management priorities.
• Conduct vulnerability assessments, perform risk analyses, identify capability gaps, and coordinate protective measures on an ongoing basis in conjunction with the private and nonprofit sectors and local, regional/metropolitan, state, tribal, territorial, insular-area, and Federal organizations and agencies.
• Establish joint Protection objectives within and across mission-area activities.
• Implement security, protection, resilience, and continuity plans and programs, and training and exercises, and take corrective actions.
• Integrate Protection planning for the whole community and those with animals (including household pets and service and assistance animals); develop and document continuity plans and supporting procedures so that, when implemented, the plans and procedures provide for the continued performance of essential functions under all circumstances.
• Ensure that Protection planning and activities mutually support, and do not conflict with or adversely affect, other mission-area plans and activities, especially with analytic and risk management products and complementary concepts of operation.

The Public Information and Warning capability is described as the delivery of coordinated, prompt, reliable, and actionable information to the whole community through the use of clear, consistent, accessible, and culturally and linguistically appropriate methods to effectively relay information regarding any threat or hazard, as well as the actions being taken and the assistance being made available, as appropriate.

In the context of Protection, this is the capability to provide warning systems to communicate significant threats and hazards to involved operators, security officials, and the public.

The Operational Coordination capability is described as the establishment and maintenance of a unified and coordinated operational structure and process that appropriately integrates all critical stakeholders and supports the execution of core capabilities.

This is the capability that supports networking, planning, and coordination between protection partners.

Here are the critical operational coordination tasks in regard to Protection.

• Establish joint concepts of operation for delivering Protection capabilities.
• Collaborate with all relevant protection partners.
• Determine jurisdictional priorities, objectives, strategies, and resource allocations.
• Establish clear lines and modes of communication among participating organizations and jurisdictions.
• Define and communicate clear roles and responsibilities relative to courses of action.
• Integrate and synchronize the actions of participating organizations and jurisdictions to ensure unity of effort.
• Coordinate across and among all levels of government and with critical elements of the private and nonprofit sectors to protect against potential threats, conduct law enforcement investigations, or engage in enforcement and protective activities based on jurisdictional authorities.
• Build mechanisms to enable interoperable communications to enhance coordination around the Protection mission.

Let’s look at an example of the cross-cutting capabilities for Protection.

One example in which the Federal Government has acted to improve the cross-cutting capabilities for Protection involves violent extremism. In 2014, there were several incidents, including an attempted airport bombing and an attack on a Jewish Community Center. Based on these incidents, the Department of Homeland Security and the National Counterterrorism Center held six exercises in 2014 to improve communication between Federal law enforcement and local communities on countering violent extremism. Afterward, exercise facilitators helped each community develop a community action plan that local governments can use to identify and respond to incidents of violent extremism.

The example on the previous screen illustrates three critical tasks. For the planning capability, this meets the critical tasks of implementing security, protection, resilience, and continuity plans and programs, and training and exercises, and taking corrective actions. This is shown through development of a community action plan for local governments.

Also, exercises were conducted to improve communication between Federal law enforcement and local communities. For public information and warning, this meets the critical task of establishing accessible mechanisms and providing the full spectrum of support necessary for appropriate and ongoing information sharing among all levels of government, the private sector, faith-based organizations, NGOs, and the public.

Additionally, the plans that were developed provided information on how local governments are to respond to incidents of violent extremism. For operational coordination, this meets the critical task of coordinating across and among all levels of government and with critical elements of the private and nonprofit sectors to protect against potential threats, conduct law enforcement investigations, or engage in enforcement and protective activities based on jurisdictional authorities.

Now that we’ve discussed the cross-cutting core capabilities, we need to discuss the capabilities that belong to Prevention. As shown in the chart below, the first three of these capabilities are shared with the Protection mission area: Intelligence and Information Sharing; Interdiction and Disruption; and Screening, Search, and Detection.

Let’s begin with Intelligence and Information Sharing.

The Intelligence and Information-Sharing capability is described as:

• Providing timely, accurate, and actionable information
• resulting from the planning direction, collection, exploitation, processing, analysis, production, dissemination, evaluation, and feedback of available information
• Concerning:
• physical and cyber threats to the United States, its people, property, or interests
• the development, proliferation, or use of WMD
• or any other matter bearing on U.S. national or homeland security by local, state, tribal, territorial, Federal, and other stakeholders.

Information sharing is the ability to exchange intelligence, information, data, or knowledge among government or private sector entities, as appropriate.

In the context of Protection, Intelligence and Information-Sharing capabilities involve the effective execution of the intelligence cycle (monitoring, gathering, and analysis of information) by all involved partners in order to develop situational awareness of potential threats and hazards within the United States.

Here are the critical intelligence and information-sharing tasks in regard to Protection:

• Monitor, analyze, and assess the positive and negative impacts of changes in the operating environment as they pertain to threats and hazards to public safety, health, and security. Share analysis results through:
• Participation in public, local, regional, state, tribal, territorial, and national education and awareness programs;
• Participation in the routine exchange of security information—including threat assessments, alerts, attack indications and warnings, and advisories—among partners.
• Determine intelligence and information-sharing requirements for Protection stakeholder intelligence, information, and information sharing.
• Develop or identify and provide access to mechanisms and procedures for intelligence and information sharing among the public, private sector, faith-based organizations, and government Protection partners.
• Use intelligence processes to produce and deliver relevant, timely, accessible, and actionable intelligence and information products to others as applicable, to include partners in the other mission areas.
• Adhere to appropriate mechanisms for safeguarding sensitive and classified information and protecting privacy, civil rights, and civil liberties.

One example of Intelligence and Information Sharing can be seen in the strengthening of the relationship between government and chemical facility owners and operators. The EPA, the U.S. Department of Labor, and DHS developed several initiatives to improve information-sharing platforms. Specifically, they partnered to update online systems to help chemical facilities determine regulatory requirements and thereby enabled the Federal Government to compare a facility’s information across nearly 90 separate Federal and state systems.

This example illustrates the critical task of monitoring, analyzing, and assessing the positive and negative impacts of changes in the operating environment as they pertain to threats and hazards to public safety, health, and security. The comparisons provided help identify at-risk facilities by examining compliance history and chemical storage information.

The Interdiction and Disruption capability is described as the delay, diversion, interception, halting, apprehension, or securing of threats and/or hazards.

In the context of Protection, this capability includes those interdiction and disruption activities that may be undertaken in response to elevated threats, or in order to focus capabilities during special events.

Let’s look at the critical interdiction and disruption tasks in regard to Protection.

• Deter movement and operation of terrorists into or within the United States and its territories.
• Ensure the capacity to detect CBRNE devices or resolve CBRNE threats.
• Interdict conveyances, cargo, and persons associated with a potential threat or act.
• Implement public health measures to mitigate the spread of disease threats abroad and prevent disease threats from crossing national borders.
• Disrupt terrorist financing or conduct counter-acquisition activities to prevent weapons, precursors, related technology, or other material support from reaching their target.
• Enhance the visible presence of law enforcement to deter or disrupt threats from reaching potential target(s).
• Intervene to protect against the spread of violent extremism within U.S. communities.
• Employ wide-area search and detection assets in targeted areas in concert with local, regional/metropolitan, state, tribal, territorial, insular-area, and Federal personnel or other Federal agencies (depending on the threat).

Let’s look at a best practice involving interdiction and disruption. The Federal Government requires businesses that engage in international trade to submit import/export data. This helps law enforcement interdict illicit goods before they enter the United States, while facilitating the flow of legitimate trade and travel.

Since 2006, some 48 agencies, led by Customs and Border Protection (CBP), have worked to build and implement the International Trade Data System, which establishes a single electronic platform for import/export data. By centralizing, automating, and integrating data-collection processes, the system allows for easier identification of items of concern, while reducing the reporting burden for industry.

At the same time, this system meets the critical task of interdicting conveyances, cargo, and persons associated with a potential threat or act.

The Screening, Search, and Detection capability is described as the identification, discovery, or location of threats and/or hazards through active and passive surveillance and search procedures. This may include the use of systematic examinations and assessments, biosurveillance, sensor technologies, or physical investigation and intelligence.

In terms of Protection, this capability includes the screening of cargo, conveyances, mail, baggage, and people, as well as the detection of WMD, traditional and emerging threats, and hazards of concern.

Here are the critical screening, search, and detection tasks in regard to Protection:

• Identify potential threats resulting from persons or networks.
• Develop and engage an observant nation (individuals, families, communities; local, state, tribal, and territorial governments; and private-sector partners).
• Screen persons, baggage, mail, cargo, and conveyances using technical, non-technical, intrusive, and non-intrusive means without unduly hampering the flow of legitimate commerce. Consider additional measures for high-risk persons, conveyances, or items:
• Conduct chemical, biological, radiological, nuclear, and explosives (CBRNE) search and detection operations.
• Conduct passive and active detection of CBRNE agents.
• Operate safely in a hazardous environment.
• Consider the deployment of Federal teams and capabilities to enhance local, regional/metropolitan, state, tribal, territorial, insular-area, and Federal efforts, including the use of incident assessment and awareness assets.
• Conduct biosurveillance of data relating to human health and animal, plant, food, water, and environmental domains.

One example in which the Screening, Search, and Detection capability was implemented occurred during the spread of the Ebola virus. In October 2014, U.S Customs and Border Protection (CBP) and the Centers for Disease Control and Protection (CDC) enhanced screening procedures at the five U.S. airports that received 94 percent of all inbound passengers from Guinea, Sierra Leone, and Liberia. At that time, the DHS Secretary announced that all passengers arriving in the United States from those three countries were required to fly into one of those five airports. When health officials identified cases of Ebola virus disease in Mali, CBP and CDC implemented enhanced screening in mid-November for travelers arriving from that country as well.

This example illustrates the critical task of screening persons, baggage, mail, cargo, and conveyances using technical, non-technical, intrusive, and non-intrusive means without unduly hampering the flow of legitimate commerce. In this case, additional measures were introduced for high-risk persons. In January 2015, after two incubation cycles for the Ebola virus disease, CDC removed Mali from the list of nations subject to enhanced screening.

There are five capabilities that belong solely to Protection: Access Control and Identity Verification, Cybersecurity, Physical Protective Measures, Risk Management for Protection Programs and Activities, and Supply Chain Integrity and Security.

The critical tasks associated with the Protection core capabilities are ambitious. They are not tasks for any single jurisdiction or agency; rather, achieving them requires a national effort involving the whole community. For the remainder of this lesson, we’ll take a closer look at these five Protection core capabilities and their critical tasks.

Here are the critical access control and identity verification tasks:

• Verify identity to authorize, grant, or deny physical and cyber access to physical and cyber assets, networks, applications, and systems that could be exploited to do harm.
• Control and limit access to critical locations and systems to authorized individuals carrying out legitimate activities.

Let’s look at a best practice for the Access Control and Identity Verification capability. The 2004 Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors requires all Federal agencies to issue and adopt smartcards to verify user identity for access to Federal facilities and information systems. These credentials allow access to Federal facilities and systems, using more than one means of authentication to create a high level of identity assurance.

This practice helps meet the critical task of verifying identity to authorize, grant, or deny physical and cyber access to physical and cyber assets, networks, applications, and systems that could be exploited to do harm.

The cybersecurity critical tasks are shown below.

• Implement countermeasures, technologies, and policies to protect physical and cyber assets, networks, applications, and systems that could be exploited to do harm.
• Secure, to the extent possible, public and private networks and critical infrastructure (e.g., communication, financial, power grid, water, and transportation systems), based on vulnerability results from risk assessment, mitigation, and incident response capabilities.
• Formalize partnerships with governmental and private-sector cyber incident or emergency response teams to accept, triage, and collaboratively respond to incidents in an efficient manner.
• Formalize partnerships between communities and disciplines responsible for cybersecurity and physical systems dependent on cybersecurity.
• Formalize relationships between information communications technology and information system vendors and their customers for ongoing product cybersecurity, business planning, and transition to response and recovery when necessary.
• Share actionable cyber threat information with domestic and international governments and the private sector to promote shared situational awareness.
• Implement risk-informed standards to ensure the security, reliability, integrity, and availability of critical information, records, and communications systems and services through collaborative cybersecurity initiatives and efforts.
• Detect and analyze malicious activity and support mitigation activities.
• Collaborate with partners to develop plans and processes to facilitate coordinated incident response activities.
• Leverage law enforcement and intelligence assets to identify, track, investigate, disrupt, and prosecute malicious actors threatening the security of the nation’s public and private information systems.
• Create resilient cyber systems that allow for the uninterrupted continuation of essential functions.

A best practice that was introduced for cybersecurity was the release of the Framework for Improving Critical Infrastructure Cybersecurity. This framework is intended to help organizations across the public and private sectors better manage cybersecurity risks. It provides a flexible set of cybersecurity standards and best practices, which allows stakeholders to adapt and adopt pieces of the framework as they see fit.

This best practice illustrates the critical task of implementing risk-informed standards to ensure the security, reliability, integrity, and availability of critical information, records, and communications systems and services through collaborative cybersecurity initiatives and efforts. After releasing the Framework for Improving Critical Infrastructure Cybersecurity, the National Institute of Standards and Technology (NIST) solicited feedback on the framework through targeted outreach. Stakeholders suggested that NIST publish “real-world” applications, lessons learned, and case studies to highlight examples of how organizations of varying sizes, types, and cybersecurity capabilities can use the framework to improve their security.

Let’s continue looking at the Protection core capabilities.

The Physical Protective Measures capability is described as the implementation and maintenance of risk-informed countermeasures and policies protecting people, borders, structures, materials, products, and systems associated with key operational activities and critical infrastructure sectors.

Let’s take a look at the critical Physical Protective Measures tasks.

• Identify and prioritize assets, systems, networks, and functions that need to be protected.
• Identify necessary physical protections, countermeasures (including medical and non-pharmaceutical countermeasures), and policies through a risk assessment of key operational activities and infrastructure.
• Protect critical lifeline functions, which include energy, communications, transportation, and water and wastewater management.
• Develop and implement security plans, including business continuity plans, that address identified security risks.
• Develop and implement risk-based physical security measures, countermeasures, policies, and procedures.
• Implement security training for workers focused on awareness and response.
• Develop and implement biosecurity and biosafety programs and practices.
• Leverage Federal acquisition programs, as appropriate, to ensure maximum cost efficiency, security, and interoperability of procurements.

Here is an example involving physical protective measures that occurred in the energy sector.

In April 2013, a sabotage incident damaged 17 transformers transmitting power to Silicon Valley. As a result of this incident, the Department of Energy (DOE) initiated and led a series of briefings in conjunction with DHS across 10 states to enhance physical security of electric substations. Additionally, FBI partnered with DOE to strengthen physical security at facilities that use radiological material. In fiscal year 2014, law enforcement and energy communities joined together to install security enhancements at 96 facilities, train 396 personnel, and conduct six tabletop exercises.

This example illustrates several critical tasks, including:

• Protecting critical lifeline functions, including energy
• Identifying necessary physical protections, countermeasures, and policies through a risk assessment
• Developing and implementing risk-based physical security measures, countermeasures, policies, and procedures
• Implementing security training for workers

Here are the critical tasks in surrounding Risk Management for Protection Programs and Activities:

• Gather required data in a timely and accurate manner to effectively identify risks.
• Develop and use appropriate tools to identify and assess threats, vulnerabilities, and consequences.
• Build the capability within communities to analyze and assess risk and resilience.
• Identify, implement, and monitor risk management plans.
• Update risk assessments to reassess risk based on changes in the following areas: the physical environment (including climate change impacts), aging infrastructure, new development, new mitigation projects and initiatives, post-event verification/validation, new technologies or improved methodologies, and better or more up-to-date data.
• Validate, calibrate, and enhance risk assessments by relying on experience, lessons learned, and knowledge beyond raw data or models.
• Use risk assessments to design exercises and determine the feasibility of mitigation projects and initiatives.
• Develop a unified approach to make investments in secure and resilient infrastructure in order to enable communities to withstand the effects of a disaster, respond effectively, recover quickly, adapt to changing conditions, and manage future disaster risk.

Let’s look at an example where private-sector partners used sector-specific tools and programs to analyze risk and protect against hazards.

In 2014, the Dams Sector Analysis Tool—a web-based platform of analysis tools and data-collection mechanisms to protect the Nation’s dams—helped stakeholders run more than 1,300 dam-break, flood-inundation simulations to test for screening, prioritization, characterization, and analysis of critical assets, and update plans and policies accordingly. The U.S. Bureau of Reclamation also helped improve dam preparedness by conducting 34 dam inspections and risk assessments to determine potential means of failure and resulting consequences. Moreover, DHS began a series of resilience webinars to address risks from cross-sector interdependencies for commercial stakeholders.

This example illustrates the critical task of developing and using appropriate tools to identify and assess threats, vulnerabilities, and consequences.

Let’s look at the critical tasks involved with the Supply Chain Integrity and Security capability.

• Integrate security processes into supply chain operations to identify items of concern and resolve them as early in the process as possible.
• Analyze key dependencies and interdependencies related to supply chain operations.
• Use risk management principles to identify, mitigate the vulnerabilities of, and protect key assets, infrastructure, and support systems.
• Implement physical protections, countermeasures, and policies to secure and make resilient key nodes, methods of transport between nodes, and materials in transit.
• Use verification and detection capabilities to identify goods that are not what they are represented to be, are contaminated, are not declared, or are prohibited; and to prevent cargo from being compromised or misdirected as it moves through the system.
• Use layers of defense to protect against a diverse range of traditional and asymmetric threats. These layers include intelligence and information analysis; appropriate use of technology; effective laws, regulations, and policies; properly trained and equipped personnel; and effective partnerships.

One example of the Supply Chain Integrity and Security capability occurred in October 2014, when the CDC issued revised guidance for use of personal protective equipment (PPE) when caring for patients with Ebola virus disease. The guidance created a surge in demand by U.S. hospitals for PPE and led to delays in filling some equipment orders. In response, manufacturers increased production of PPE and distributors began identifying ways to provide the requested quantities and meet the delivery timelines. Additionally, the Department of Health and Human Services (HHS) has been working with manufacturers to better understand the demand for and availability of products, as well as the actions taken to address any shortages in additional orders.

This example illustrates the critical task of analyzing key dependencies and interdependencies related to supply chain operations. Based on this analysis, the CDC provided additional guidance that links the amount of PPE a hospital needs to its degree of potential involvement in identifying, isolating, evaluating, and treating patients with Ebola virus disease.

We have reached the end of this lesson. In this lesson, we described the core capabilities for protection and actions required to deliver those capabilities. Specifically, we discussed:

• Cross-Cutting Core Capabilities
• Planning
• Public Information and Warning
• Operational Coordination
• Prevention and Protection Core Capabilities
• Intelligence and Information Sharing
• Interdiction and Disruption
• Screening, Search, and Detection
• Protection Core Capabilities
• Access Control and Identity Verification
• Cybersecurity
• Physical Protective Measures
• Risk Management for Protection Programs and Activities
• Supply Chain Integrity and Security

In the next lesson, we will take a closer look at the coordinating structures and operational planning used to support the Protection mission area.