Annex 14 - Critical Infrastructure and Key Resource Restoration (CIKR)

A. Situation

Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning and resilient critical infrastructure — including assets, networks and systems — that are vital to public confidence and the college's safety, prosperity and well-being.

This annex addresses integration of the Critical Infrastructure and Key Resource Restoration (CIKR) protection and restoration mission as a vital component of the Comprehensive Emergency Management Plan (CEMP).

Critical infrastructure includes those assets, systems, networks and functions (physical or virtual) so vital to that their incapacitation or destruction would have a debilitating impact on security, economic stability, public health or safety, or a combination of those matters.

B. Concept of Operations

The concept of operations describes specific organizational approaches, processes, coordinating structures and incident-related actions required for the protection and restoration of CIKR assets, systems, networks or functions.

Specifically, the concept of operations focuses on processes and actions for CIKR-related:

  • Situation awareness
  • Impact assessments and analysis
  • Information sharing
  • Requests for assistance or information from CIKR operators

Addressing CIKR-related prevention, protection, preparedness, response and recovery requires cooperation and collaboration between and among CIKR entities. A primary objective of this collaborative effort is to ensure that resources are applied where they offer the most benefit for mitigating risk, deterring threats and minimizing the consequences of incidents.

shall be responsible for evaluating and identifying CIKR resources. Once identified, shall then be responsible for risk and incident management planning, security and preparedness investments of CIKR. Other activities that form part of the business and continuity of operations planning activities include:

  • Developing and revising business continuity and emergency management plans to address direct effects of incidents and critical dependencies and interdependencies at institution and facility levels
  • Building increased resiliency, backup capabilities, and redundancy into business processes and systems
  • Maintaining coordination with incident management, information-sharing and CIKR protection programs
  • Developing and coordinating CIKR protective and emergency-response actions, plans and programs
  • Guarding against insider threats
  • Identifying CIKR and prioritizing related protection and restoration activities

C. CIKR Support for Incident Management Actions

The CIKR support function is structured to produce prioritized recommendations for CIKR protection and restoration in the context of incident management. University shall continuously conduct situational awareness, assessments, analyses and information-sharing activities, and facilitate requests for information and assistance to better prepare for response, recovery and restoration actions during an incident.

Key elements of the CIKR support mission include:

Situational Awareness

  • Monitoring information flow and threats to become aware of an incident or potential incident
  • Reviewing CIKR data and data inventories
  • Identifying opportunities for mitigation
  • Identifying appropriate response posture for CIKR elements and resources

Assessments and Analyses

  • Leveraging institutional knowledge and partner relationships to collect data and assess CIKR needs and vulnerabilities
  • Collaborating in preparation for more in-depth assessments and analyses during an incident
  • Reviewing plans to assess projected impacts on CIKR within a potential incident area
  • Developing projected consequences by applying risk management practices and procedures

Information Sharing

  • Participating in multidirectional information flow between internal and external partners
  • Developing and providing a comprehensive common operating picture of threats and hazards to CIKR
  • Providing security partners with a robust communications network, including a common set of communications, coordination and information-sharing capabilities
  • Providing a means for external partners to be integrated, as appropriate, into the intelligence cycle

Requests for Information/Assistance

  • Facilitating real-time transmission of requests and status
  • Maintaining a comprehensive log and retrievable database of all requests
  • As appropriate, sharing/disseminating all threat-related and other all-hazards information with internal and external partners

D. Pre-response/Initial Actions

Assessing ’s Infrastructure

Prior to a critical incident, University officials shall identify all critical infrastructure and key resources owned and/or operated by . This may include, but not be limited to, the following CIKR:

  • Transportation systems
  • Energy
  • Communications
  • Water
  • Emergency Services
  • Information Technology (IT) systems

officials shall develop a comprehensive list of all CIKR, which shall be continuously evaluated and updated as necessary. This list shall be confidential and shall be maintained by the director of emergency management.

Prioritizing ’s Infrastructure

Critical infrastructure and protective measures should be prioritized based on a hazard/risk analysis to ensure that resources are applied where they contribute most to the mitigation of risk. Criteria for prioritization should include:

  • Risk
  • Consequence
  • Threat
  • Impacted population

This information shall be determined through collaborative efforts of the CIKR managers/operators, security officials, administrators and external partners.

Protecting ’s Infrastructure

The prioritized CIKR list shall be used to assist University officials as they determine where to assign preparedness and mitigation resources.

Protective efforts will need to be individually developed for each CIKR based upon need and availability of resources. officials shall work with internal and external partners to develop effective protection plans that will increase the likelihood of the CIKR surviving a critical incident.

Transition from Preparedness to Pre-Response

Transition to pre-response incident-related activities begins with warning of a potential incident or the notification of an incident.

Information, assessments and analytical products may come from a wide variety of sources, including internal, local, county, state and/or federal partners. This information may be presented in a variety of ways and may include:

  • Incident Reports: Evaluate information received initially through news media, the internet, CIKR operators and other sources (i.e. severe weather bulletins, notices of criminal activity, etc.).
  • Spot Reports: Provide current situation status and operational snapshot assessment of operational CIKR effects from emerging incidents (i.e. severe weather bulletins, intelligence briefing reports, etc.).
  • Threat Warnings: Fuse all source information to provide analysis of emergent threats on a timely basis, including information on natural hazards, criminal activity and any other potential threat.
  • Criminal Threat Intelligence:
    • Terrorist Target Selection Matrix: Identifies sectors prone to different terrorist attack modalities
    • Attack-Specific Threat Scenarios: Provide planning and exercise phases for possible attacks with inputs from campus level security officers
    • Sector-Specific Threat Assessment: Provides specific and general terrorist threat information for each sector, as well as relevant background information, such as terrorist objectives and motives as they apply to that sector.

E. Response Actions

CIKR situational awareness and reporting are essential to providing a consolidated common operating picture during an incident. To facilitate the collecting and sharing of information and to maintain a common operating picture, shall utilize an Emergency Operations Center (EOC) during critical incidents. The EOC shall provide a focus on CIKR-related impacts on the campus. It provides mechanisms to integrate and cross-reference CIKR-related information from various official sources to minimize duplicative reporting and information collection.

In support of incident response, the EOC performs the following:

  • Collects current status/damage assessments
  • Is abreast of all key issues and concerns
  • Provides tailored situation assessments regarding the CIKR
  • Facilitates communication between internal and external partners
  • Reconciles CIKR information and reporting, as necessary
  • Consolidates intelligence integration into institutional-level reporting, including the common operating picture.
  • Maintains awareness of restoration activities

When an incident occurs, assessments of impacts are coordinated by the University EOC. The assessments are supported by the integration of multiple data sets, to inform decision makers at all levels as they develop action recommendations. Assessments shall be used to determine:

  • Risk (consequence, vulnerability and threat)
  • Interdependencies
  • Cascading or secondary effects on critical systems or infrastructure
  • Impact analyses inside and outside the affected area

Damage assessments are conducted by various teams that survey and assess impacts to CIKR. The teams may include, but are not limited to:

  • Preliminary damage assessment teams (provide initial estimate of damages)
  • Engineering teams (assess impacts to specific CIKR)
  • Building process engineering teams (analyze structural vulnerability and potential mitigation recommendations)
  • Environmental impact assessment teams

 F. Post-response Actions

As an incident is brought to closure, incident-related activities transition back from response to a “normal” mode of operation.

Restoring CIKR

To allow to return to its educational mission, it is essential to return CIKR to normal operations as quickly as possible. Following a critical incident, the information gathered by the university’s EOC (i.e. assessments of impacts, damage assessments, etc.) shall be used to determine the scale and scope of CIKR restoration. A prioritized restoration plan shall be developed to facilitate an organized and deliberate recovery process.

If necessary, University officials will work with state and federal partners to identify resources that may be used to assist in the restoration of CIKR. Loaned equipment, financial loans and/or grants may be available to assist in the restoration of all services.

Demobilization

CIKR-related coordination and information sharing activities continue as required and continue at a level consistent with ongoing efforts and needs. Demobilization actions may include:

  • Conducting “hotwashes” to identify critical CIKR-related issues
  • Evaluating CIKR support staffing requirements and making recommendations for redeployment of staff members, as necessary
  • Determining structure and process of long-term recovery efforts
  • Informing leadership of the overall demobilization strategy

After-action reports may be developed following an incident to detail operational successes, problems, and key issues affecting management of the incident. After-action reports include appropriate feedback from all partners participating in the incident.