ASDSO Dam Safety Toolbox

Site Security

From ASDSO Dam Safety Toolbox
Jump to: navigation, search

Dams can fail for a number of reasons, including as a result of flooding, equipment malfunction, and operator error; but also deliberate action. Certain characteristics of dams make them an unusually difficult type of facility to protect, particularly against deliberate attack. While critical assets in many other sectors are small or concentrated and can be contained within buildings or protected by fences, dams are often large facilities whose components are not necessarily enclosed within buildings or fenced boundaries. Dams are often located in remote areas and can be approached via land, water, or air. Some are required to provide public access to certain portions of the facility, which can create difficulty in controlling access around critical components. [1]

Security is the condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. Security risk, then, is the potential for an adverse outcome assessed as a function of hazard/threats, assets and their vulnerabilities, and consequences. [2]

Dam security, like dam safety, attempts to reduce the overall risk of consequences occurring at a facility. These consequences, whether seen through the lens of dam security or dam safety, are the same. However, whereas dam safety focuses on reducing the internal risks of a facility by reducing the likelihood of occurrence of a load and the likelihood of an adverse structural response, dam security looks to reduce external risk due to threats, and the vulnerabilities of facility assets those threats attempt to exploit.

Security risk management is the process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level, considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to control risk. [2]

Certain risks that rise to national concern are common to entities within a particular sector. These risks include cyber threats from nation-state adversaries, criminal hacktivists and financially motivated cyber criminals; physical threats from Domestic Violent Extremists and Foreign Terrorist Organizations; and intelligence collection by nation-state adversaries looking to position themselves should conflict arise with the United States. Sector Risk Management Agencies (SRMAs) serve as day-to-day federal interfaces for their designated critical infrastructure sectors and conduct sector-specific risk management and resilience activities. SRMAs are responsible for day-to-day prioritization and coordination of efforts to mitigate risks within each sector, as part of the broader whole of-government effort coordinated by DHS to secure United States critical infrastructure. DHS is the SRMA for the Dams Sector, with the Cybersecurity and Infrastructure Security Agency (CISA) charged with executing the SRMA responsibilities. [3]

To learn more about dam security, see the resources below or reach out to the CISA Dams Sector Management Team at [email protected]

Best Practice Resources


HSIN-CI

The Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Dams Portal is an information-sharing network that provides situational awareness and allows sector partners to effectively access and disseminate sensitive but unclassified information among federal, state, and local agencies and the private sector. Many useful guides and handbooks are housed here for Dams Sector partners to access and utilize, including:

  • Dams Sector Security Awareness Handbook (FOUO)
  • Dams Sector Protective Measures Handbook (FOUO)
  • Roadmap to Secure Control Systems in the Dams Sector
  • Surveillance and Suspicious Activities Indicators Guide
  • Dams Sector Cybersecurity Framework Implementation Guide
  • Dams Sector Personnel Screening Guide for Owners and Operators
  • Dams Sector Waterside Barriers Guide
  • Dams Sector Cybersecurity Program Guidance
  • Dams Sector Security Guidelines
  • Worldwide Attacks Against Dams Vol. 1 and Vol. 2

To request access to the HSIN-CI Dams Portal, e-mail a completed access request form to [email protected].


Additional Resources

Learn more about site security at dams at DamFailures.org

Many Dam Security Resources available from the US Cybersecurity & Infrastructure Security Agency



Citations:


Revision ID: 8110
Revision Date: 11/22/2024