Since its inception in 2000, a primary component of the Department of the Navy Critical Infrastructure Protection (DON CIP) Program has been identifying vulnerabilities associated with DON critical assets that, if exploited, could jeopardize mission execution. The following article describes the current vulnerability assessment strategy being implemented by the DON CIO in his role as the DON Critical Infrastructure Assurance Officer (CIAO).
Enabling warfighter mission assurance has become an increasingly complex goal, with threats to our troops and facilities becoming more asymmetric, insidious — and ever-present.
As Department of Defense (DoD) guidance on critical infrastructure protection (CIP) has evolved to address the current environment, the DON CIP team's efforts in support of DoD have also evolved. In one key DON CIP area, vulnerability assessment, the DON CIP team now supports the Chief of Naval Operations Integrated Vulnerability Assessments (CNO IVAs) by conducting the relatively new "Defense Critical Infrastructure Program (DCIP) Assessment" as part of a CNO IVA.
In this role, the team assists CNO IVA teams in identifying any weaknesses in infrastructures and interdependencies that could potentially affect an installation's ability to complete its mission essential tasks.
Recognizing the role that supporting foundational infrastructure plays in an installation's ability to perform its mission essential tasks, the DCIP community sought to develop a consistent, "best practices" approach to assessing such infrastructure.
As a result of those efforts, in early 2006, the Assistant Secretary of Defense for Homeland Defense and America's Security Affairs (ASD (HD&ASA)) issued a comprehensive set of DCIP benchmarks and standards for use with existing IVA protocols.
DCIP benchmark areas include: energy (electric power, natural gas and petroleum); transportation (roads, rail, aviation, seaports and waterways); water systems (potable, industrial and firefighting); chemical storage and use; heating, ventilation and air conditioning (HVAC); communications; and wastewater.
The CNO IVA-DCIP Assessment focuses on DoD-owned, leased and managed assets but also examines commercial providers outside installation fence lines.
The DON CIP team's past experience in evaluating commercial dependency issues during Naval Integrated Vulnerability Assessments (NIVAs) prompted the Naval Criminal Investigative Service (NCIS) to request CIP team assistance for three CNO IVA-DCIP Assessments during the summer and fall of 2006. Those trial sites were: Naval Air Station (NAS) Oceana in Virginia Beach, Va.; NAS Whidbey Island, Wash., and NAS Sigonella, Italy.
The success of those trials led to a request for similar support for six CNO IVA-DCIP Assessments in fiscal year 2007. Sites selected for these efforts are: Naval Station Guantanamo Bay, Cuba; Naval Surface Warfare Center Dahlgren, Va.; Naval Station Great Lakes, Ill.; Construction Battalion Center Gulfport, Miss.; Naval Weapons Station Earl, N.J.; and Naval Base Ventura County, Calif.
In performing these assessments, the objective of the DON CIP team has been to determine whether vulnerabilities exist within supporting infrastructure networks, and if they do exist, whether their compromise would jeopardize mission execution.
The DON CIP Team's NIVA approach included three primary phases: pre-assessment research; on-site evaluation and collaboration; and post-assessment analysis/reporting.
This approach, which is complementary to current DCIP methodology, has evolved such that it now also incorporates specific guidance from the DCIP Training Program, implemented by the ASD (HD&ASA) in accordance with DoD Directive (DoDD) 3020.40.
How does the DON CIP Team add value to the CNO IVA? The team's approach includes th