Services
The cornerstone of NCIKRG services is its ability to identify, assess and mitigate risk and threats to critical infrastructure and key resources.
Risk is generally defined as the combination of the frequency of occurrence, vulnerability, and the consequence of a specified hazardous event. Risk is the expected magnitude of loss (e.g., deaths, injuries, economic damage, loss of public confidence, or government capability) due to a terrorist attack, natural disaster, or technological incident, along with the likelihood of such an event occurring and causing that loss.
The NCIKRG risk management framework includes the following activities:
• Set critical infrastructure key resource goals: Define specific outcomes, conditions, end points, and performance targets that collectively constitute an effective protective posture.
• Identify assets, systems, networks and functions: Develop an inventory of the assets, systems, and networks that make up the NIPP CIKR or contribute to the critical functionality therein, and collect information pertinent to risk management that takes into account the fundamental characteristics of each sector.
• Assess risks: Determine risk by using best practices NIPP risk assessment methodology, combining potential direct and indirect consequences from an all-hazards approach, seasonal changes in consequences, dependencies and interdependencies associated with each identified asset, system, or network, known vulnerabilities to various potential attack vectors and general and specific threat information.
• Prioritize: Aggregate and analyze risk assessment results to develop a comprehensive picture of asset, system, and network risk; establish priorities based on risk; and determine protection and business continuity initiatives that provide the greatest mitigation of risk.
• Implement CIKR and system protective programs and improvements: Select sector appropriate protective actions or programs to reduce and manage the risk identified; secure the resources needed to address priorities; improve resiliency, system efficiency and cost/benefit ratios.
• Measure effectiveness: Use metrics and other CIKR evaluation procedures at the state and sector levels to measure progress and assess the effectiveness of the CIKR protection program in improving protection, managing risk, and increasing resiliency.
• Provide training and education: Provide training and education in CIKR, critical incident response and emergency management, processes and procedures to private and public sector CIKR entities and functions.
• Provide CIKR system integration: Integrate and make interoperable national, state, regional and local CIKR systems.