Core Capabilities that Align with National CIP Strategy and Plans
We made a conscience decision when starting our business to make Critical Infrastructure Protection (CIP), given all of its unique and varied characteristics, its own service offering instead of aligning it under one of our other services. Some of the more recognizable factors that differentiate CIP from traditional risk and security management include:
- Sixteen different CIP sectors that differ significantly in purpose and functions. For example Water & Waste Systems sector purpose and functions are very different than those of the Defense Industrial Base (DIB) or Transportation Systems sectors.
- The complex and blended web of ownership. Although the majority of the Nation’s CIP assets are owned and operated by the private sector, many assets are also owned and operated by Federal, state, local, tribal, and territorial (SLTT) government agencies, as well as foreign entities and companies.
- Cascading system failures (such as a rolling black-out on a portion of the power grid) that can result in catastrophic impact and loss consequence well beyond that of the initial fault, incident or security event within a particular region or jurisdiction.
- Complex interdependencies with other CIP sectors that can cripple capability, such Defense Industrial Base (DIB) dependence on the Energy and Transportation Systems sectors.
- Global and national expanse and reach of critical infrastructure systems, networks and nodes that stretch across international, national, state, and local borders, boundaries and jurisdictions.
Cornerstone’s core capabilities align well with established and most recently updated National level CIP policy, strategy, and lessons learned. NIPP 2013: Partnering for Critical Infrastructure Security and Resilience, replaced the 2009 NIPP version and highlighted, among other document purposes, the following:
“Elevates security and resilience as the primary aim of critical infrastructure homeland security planning efforts…” and
“Updates the critical infrastructure risk management framework and addresses alignment to the National Preparedness System, across the prevention, protection, mitigation, response, and recovery mission areas…”
Security, resilience, utilization of the critical infrastructure risk management framework, and alignment of efforts to the National Preparedness System are all core capabilities residing directly within Cornerstone’s wheel-house. We have deep expertise in the four areas bolded above that are called out in the updated NIPP, and have applied that expertise in several past programs and projects.
Critical Infrastructure Protection Service Offerings
Cornerstone is intimately familiar with a number of different risk management frameworks and methodologies, to include the Critical Infrastructure Risk Management Framework identified in the NIPP. We also use several different industry-leading qualitative and quantitative tools and techniques that aid in identifying, addressing, and mitigating CIP risks in an effective and efficient manner.
Cornerstone’s Critical Infrastructure Protection (CIP) offerings include:
- CIP-Related Risk Assessments – Our expertise in the areas of risk, security and continuity position us well to effectively identify, assess/analyze, mitigate, and monitor risk to critical infrastructure assets, systems, nodes, facilities, dependency links, or other CIP risk elements and/or aspects.
- Develop CIP Strategy, Policy, Plans, and Procedures (SOP) Documents – Working in close coordination with our customers, we strive to develop products that are highly functional and sustainable over time. As with other documents and plans we develop, Cornerstone advocates the “living-breathing” planning model for purposes of ensuring long-term relevance and continuous improvement.
- CIP Metrics Development – We help our clients develop sound, useable CIP-related metrics and measures of performance tailored to best meet customer needs and requirements.
- Development of Internal CIP Program Self- Assessments – Cornerstone members can work with customers and develop tailored internal CIP program self-assessments that allow managers and leaders to self-inspect specific areas within their operations.
- General CIP Consulting – We offer general risk-based security and continuity consulting services addressing a wide range of CIP-related issues customers may have that are not otherwise identified in our service offerings. We will work closely with each customer to develop tailored methodologies, processes, and deliverable outputs that best meet their specific requirements.
We want to help resolve your unique and most concerning issues, so give us a call and let’s talk about what CIP-related concerns or requirements you have and see if we can together find a way to resolve your issues. The phone call costs you nothing, but the price of doing nothing and having to deal with CIP issues in the future is certainly much higher.