Situational Awareness

From Projects
Jump to: navigation, search

Introduction

National Protection and Programs Directorate - Situational Awareness

The following sets out to provide a high-level overview of situational awareness (SA). This page describes SA both in general context, but primarily addresses as it applies to the Department of Homeland Security (DHS) to answer:

  • What is situational awareness?
  • What does it do?
  • Within DHS, how is SA staffed and budgeted?
  • Who leads those components?
  • Where was it before it was moved to DHS?
  • Interesting elements
  • Other: Improving DHS

What is Situational Awareness?

Situational awareness refers to the collection and analysis of environmental elements and events, to understand those critical elements of information to maintain a mission or operations. SA is commonly bridged to incident management, in that a key element of understanding those critical elements of information is to identify potential threats that may disrupt that mission or operations.

Situational awareness has broad application across different types of organizations. In government, SA is utilized in the Department of Homeland Security, in all branches of military command and control, air traffic control, police, fire & emergency services. In business settings, situational awareness is applied in areas such as telecom network operating centers, and corporate security management. On an individual level, we all leverage situational awareness in common day activities such as driving an automobile, or being aware of our personal security in our setting.

What Does Situational Awareness Do?

Situational awareness allows an informed decision maker(s) to monitor targeted information, understand risks to a mission or operation, weigh options, and take action. Situational awareness is enabled by data, communications, information sharing & collaboration, common user interfaces, visual analytics and correlation to push relevant information to the informed decision maker(s).

Situational awareness is a function that is inherent in almost every function across the DHS. While no single entity is solely responsible for situational awareness, the Office of Operations Coordination and Planning’s (OPS) mission is to integrate DHS and interagency planning and operations coordination in order to prevent, protect, respond to, and recover from terrorist threats/attacks and other man-made or natural disasters. Under what is referenced as the DHS Common Operating Picture (COP), OPS provides real-time situational awareness and monitoring of the homeland, coordinates incident response activities, issues advisories and bulletins concerning threats to homeland security and provides specific protective measures.

Situational awareness is commonly conducted through command centers, referenced as "Emergency Operation Centers" (EOCs) or "National Operations Centers" (NOCs).[1] The OPS National Operations Center (NOC) operates 24 hours a day, 365 days a year to coordinate information sharing to help deter, detect, and prevent terrorist acts and to manage domestic incidents. Information on domestic incident management is shared with other EOCs through the Homeland Security Information Network (HSIN).

Staffing and Budget

2017 Homeland Security Budget

While there is no single DHS line item for staff and budget identified specifically for situational awareness, many elements of the DHS budget reference expenses to support situational awareness. Key areas within the DHS that focus on situational awareness include the:

  • Office of Intelligence and Analysis (I&A)
  • Office of Operations Coordination (OPS)
  • National Protection and Programs Directorate

Below are excerpts from the 2017 Homeland Security Budget to describe areas where situational awareness is staffed and funded.

ANALYSIS AND OPERATIONS APPROPRIATION

The Office of Intelligence and Analysis (I&A) and the Office of Operations Coordination (OPS) are listed within the 2017 DHS budget under the Analysis and Operations Appropriation.

  • Budget Request: $265,719,000
  • Staffing (FTE): 801
  • Senior Leadership:
    • Francis X. Taylor, Under Secretary for Intelligence and Analysis
    • Richard M. Chávez, Director, Office of Operations Coordination
  • Established: 2006
  • Major Divisions: Office of Intelligence and Analysis; Office of Operations Coordination

Description

The Analysis and Operations appropriation provides resources to support the Office of Intelligence and Analysis (I&A) and the Office of Operations Coordination (OPS). This appropriation includes both National Intelligence Program (NIP) and non- NIP funds.

Responsibilities

While these two Components are distinct in their missions, they work closely together and collaborate with other DHS Components and federal agencies, as well as state, local, tribal, territorial (SLTT), foreign, and private-sector partners. Together these Components strive to improve intelligence analysis, information sharing, incident management support, and situational awareness.

I&A’s mission is to equip the homeland security enterprise (HSE) with the intelligence and information it needs to keep the Homeland safe, secure, and resilient. I&A has a unique role as a conduit for information sharing among the Intelligence Community (IC), federal entities, SLTT entities through the National Network of Fusion Centers, and private sector partners to support the goals of the Quadrennial Homeland Security Review. This includes promoting an understanding of threats to the Homeland through predictive intelligence analysis, coordinating the counterintelligence activities of the Department, collecting information and intelligence to support homeland security missions, managing intelligence for the HSE, and sharing information necessary for action while protecting the privacy, civil rights, and civil liberties of all Americans.

OPS’ mission is to provide operations coordination, information sharing, situational awareness, the common operating picture, and Department continuity, enabling the execution of the Secretary’s responsibilities across the homeland security enterprise. OPS has unique statutory and regulatory roles and responsibilities as the focal point for information sharing, decision support products, situational awareness and coordination among the DHS, Federal, SLTT, private sector, and international partners to include all Federal Operations Centers and National Fusion Centers. Additionally, OPS ensures the resilience of DHS’s overall mission through its leadership of the Department’s Continuity of Operations program.

NATIONAL PROTECTION AND PROGRAMS DIRECTORATE

National Cybersecurity and Communications Integration Center
  • Budget Request: $3,044,846,000
  • Staffing (FTE): 3,592
  • Senior Leadership: Suzanne Spaulding, Under Secretary
  • Established: 2007
  • Major Divisions: Cybersecurity and Communications, Infrastructure Protection, Federal Protective Service

Description

In 2015, the National Protection and Programs Directorate (NPPD) initiated planning to reorganize into an operational component and proposed to change its name to Cyber and Infrastructure Protection. NPPD submitted a transition plan to Congress outlining the details of this proposal on October 28, 2015. This organizational change will achieve greater unity of effort, enhance the effectiveness of operational activities, and improve the quality of mission support to programs. DHS looks forward to continued engagement with Congress on NPPD’s reorganization. NPPD executes the Department’s operational mission to secure and enhance the resilience of the Nation’s infrastructure against cyber and physical threats. Secure and resilient infrastructure safeguards national security, promotes economic vitality, and advances public health and safety. NPPD collaborates with Federal, State, local, tribal, territorial, international, and private-sector entities to maintain near real-time situational awareness of both physical and cyber events, share information about risks that may disrupt critical infrastructure, and build capabilities to reduce those risks.

Responsibilities

NPPD’s programs and activities ensure the timely sharing of information, analysis, and assessments that provide the situational awareness necessary to build resilience and mitigate risk from cyber and physical threats to infrastructure. Through established partnerships, NPPD leads the national unity of effort for infrastructure protection and builds infrastructure security and resilience by delivering security related technical assistance, training, analysis, and assessments to infrastructure owners and operators nationwide. NPPD also executes law enforcement authorities to protect Federal facilities, and those who work in and visit them, against physical and cyber threats.

NPPD’s cybersecurity operations are designed to detect, analyze, mitigate, and respond to cyber threats. NPPD, through its cyber protection programs housed in the National Cybersecurity and Communications Integration Center (NCCIC), shares cyber threat and mitigation information with government, private sector, and academic partners drawing on its world-class operators and analysts while ensuring continuity of national security and emergency preparedness communications. The cybersecurity program activities protect Federal networks by providing tools and services to Federal agencies and leading or assisting in the implementation of cross-government cybersecurity initiatives. NPPD is the center of gravity for cyber threat indicator collection and near real-time distribution to all partners. NPPD also improves private and public sectors’ capacity to assess and manage their own cyber and physical risk. The regionally-based field operations deliver training, technical assistance, and assessments directly to stakeholders to enable these owners and operators to increase their security and resilience. This includes working with public safety throughout the Nation to enable interoperable emergency communications. NPPD serves as the Sector Specific Agency for nine of the 16 critical infrastructure sectors and serves as the national coordinator for the remaining sectors. In addition, NPPD regulates the security of the Nation’s high-risk chemical facilities under the authority of the Chemical Facility Anti-Terrorism Standards Program.

NPPD, through the Federal Protective Service (FPS), delivers law enforcement and security services through approximately 1,000 law enforcement officers and Criminal Investigators and 13,000 Protective Security Officers to more than 9,300 General Services Administration (GSA)-owned, -leased, or -operated facilities. These services provide a comprehensive, risk-based approach to facility protection that allows NPPD to prioritize its operations to prevent, detect, assess, respond to, and disrupt criminal and other incidents that endanger the Federal facilities and persons on the property.

NPPD Situational Awareness Investments

Within the NPPD budget for 2017, a specific investment is outlined for the development of situational awareness and infrastructure analysis:

  • Develop Situational Awareness & Infrastructure Analysis ........... $283.7M (545 FTE)

An additional $17.7M and 5 FTE to provide enhanced, integrated, actionable information about emerging trends, imminent threats, and the status of incidents that may impact critical infrastructure. This includes additional advanced training courses and onsite assessments by the Industrial Control Systems Cyber Emergency Response Team, identification of authoritative data feeds for an enhanced situational awareness capability for the National Infrastructure Coordinating Center, sustainment of National Coordinating Center for Communications Operations, heightened geospatial analytics, additional capability for production management and training, and technical subject matter experts to support the Automated Indicator Sharing initiative for “near-real-time” cyber threat indicator sharing capability.

Other Situational Awareness Functions

While the Office of Intelligence and Analysis (I&A), the Office of Operations Coordination (OPS), and the National Protection and Programs Directorate all leverage situational awareness as key to their responsibilities, other departments invest in functions that rely on situational awareness. Two such examples include:

U.S. Customs and Border Protection (CBP)

The CBP leverages both human resources and technology for situational awareness. An example from the 2017 DHS budget includes Tactical Aerostats, $33.5M (0 FTE):

The budget requests an increase of $25.7M (for a total of $33.5M) to support the Tactical Aerostats and Re-locatable Towers program. This funding increase will allow CBP to operate an additional four (for a total of five) tactical aerostat systems along the Southwest border. The program uses a mix of aerostats, towers, cameras, and radars in order to enhance USBP situational awareness in the operational environment through strategically located aerostats and towers in the well-known high traffic areas.

Science and Technology Directorate

The Science and Technology (S&T) Directorate’s mission is to improve homeland security by working with partners to provide state-of-the-art technology and solutions that help them to achieve their missions. S&T's responsibilities include:

Enable the Decision Maker: Actionable Information at the Speed of Thought - An informed decision maker has improved situational awareness and is better able to understand risks, weigh options, and take action.

Before DHS?

Where were these agencies prior to the DHS:

  • Office of Intelligence and Analysis (OIA): was created using intelligence analysts from the Information Analysis Division.
  • Office of Operations Coordination (OPS): did not exist before DHS (needs verification)
  • National Protection and Programs Directorate
    • Federal Protective Service (FPS) was formerly a part of the Immigration and Customs Enforcement until October 2009, when it was transferred to the National Protection and Programs Directorate.
    • Office of Biometric Identity Management (OBIM) was created in March, 2013, replacing the United States Visitor and Immigration Status Indicator Technology (US-VISIT) Program.
    • Office of Cybersecurity and Communications (CS&C) - (needs verification)
    • Office of Cyber and Infrastructure Analysis (OCIA) was formerly the Infrastructure Analysis and Strategy Division (IASD) within the Office of Infrastructure Protection (IP). The OCIA was established as an office of the National Protection and Programs Directorate (NPPD) in 2014.

Interesting Elements

2017 DHS budget percent by organization

We indicated there is no single DHS line item for staff and budget identified specifically for situational awareness, and that most all DHS organizations leverage situational awareness as part their core function. Even so, it is the Office of Operations Coordination and Planning’s (OPS) mission to integrate DHS and interagency planning and operations coordination to prevent, protect, respond to, and recover from terrorist threats/attacks and other man-made or natural disasters. For OPS, situational awareness is key to their mission.

When we examine the budget resources allocated to OPS, under Analysis and Operations (A&O), we find only 0.4% of the DHS total budget allocated or $265M out of a $66B budget. For a department tasked with such a critical function to support the core mission of the DHS, I find it interesting that so few dollars are spent in the organization that plays a central role situational awareness. While eyes and ears across all DHS employees and technological resources act as collectors of information that feeds the function of situational awareness, it might be worth investing more in O&A to strength data collaboration, analysis, and correlation to better support each of the DHS missions:

  • Preventing Terrorism and Improving Security
  • Securing and Managing Our Borders
  • Enforcing and Administering Our Immigration Laws
  • Safeguarding and Securing Cyberspace
  • Strengthening National Preparedness and Resilience

Notes

  1. The term NOC also refers to a "Network Operation Center", another type of command center that is leveraged for managing network monitoring and control in telecommunications and computer networks.