Selected Projects:
- Global Nuclear Detection Architecture Capability Based Assessment
- Emerging Critical Infrastructure R&D Tasks
- Evaluating Assessment Methodologies
- Applying the Common Risk Model to the DAMS Sector
- Procedures for Implementing the SAFETY Act
Global Nuclear Detection Architecture Capability Based Assessment
A major mission of DHS’s Domestic Nuclear Detection Office (DNDO) is to deploy a global detection system to detect attempts to transport radiological or nuclear materials illicitly. DNDO used Capabilities Based Assessments (CBA) to evaluate and improve the effectiveness of the domestic portion of the Global Nuclear Detection Architecture (GNDA) in such detection. The domestic GNDA CBA provided summaries of capabilities gaps and recommendations to DNDO for identification of mission needs. It also indicated potential solutions to address important gaps. IDA provided a "quick look" towards development of a more complete and detailed CBA. It furnished a high level definition of the domestic and border architectures, threats, and scenarios of concern to DNDO, current capabilities for detection and encounter, and, finally, gaps and recommendations. The study also defined the DNDO CBA methodology, identified areas for further analysis, and suggested next steps.
Back to top
Emerging Critical Infrastructure R&D Task
The IDA Science and Technology Policy Institute (STPI) is supporting the DHS-led Federal interagency effort, through the White House National Science and Technology Council, to implement the 2015 National Critical Infrastructure Security and Resilience Research and Development Plan. This is in support of Presidential Policy Directive 21 –Critical Infrastructure Security and Resilience(February 12, 2015), which calls for the enhancement of efforts to strengthen and maintain secure, functioning, and resilient critical infrastructure; and identifies the need to strengthen against physical and cyber threats (including all hazards).
Back to top
Evaluating Assessment Methodologies
Building on years of expertise working with common risk models and methodologies for DOD, DHS, and others, IDA currently continues to apply that expertise in the evaluation of assessment methodologies. Across the federal government, various approaches are utilized to assess vulnerabilities to the nation’s critical infrastructure. So many different approaches exist that the Government Accountability Office identified opportunities for DHS to work with other federal entities to develop guidance as necessary to ensure greater consistency across vulnerability assessments (GAO Report 14-507 “DHS Action Needed to Enhance Coordination of Vulnerability Assessment Efforts,” September 2014). Specifically, the GAO recommended that DHS: Identify key critical infrastructure security-related assessment tools and methods used or offered by SSAs and other federal agencies; analyze the key critical infrastructure security-related assessment tools and methods offered by SSAs and other federal agencies to determine the areas they capture; develop and provide guidance for what areas should be included in vulnerability assessments of critical infrastructure that can be used by DHS, SSAs, and other critical infrastructure partners in an integrated and coordinated manner, among and across sectors, where appropriate. Given its background in developing and evaluating methods for vulnerability and risk assessment, IDA is working with DHS to address the GAO recommendations through surveying available methods and systematically evaluating several of them to develop recommendations for the federal government to consider.
Back to top
Applying the Common Risk Model to the DAMS Sector
Developed originally for the Department of Homeland Security and then tailored to the dams sector, the IDA-developed Common Risk Model for Dams (CRM-D) methodology estimates risk for specific attack scenarios, which are comprised by the combination of a representative set of attacks (“reference attack vectors”) against specific assets (targets). These estimates can then be aggregated in various ways to calculate, for example, what portion of portfolio risk is due to a particular attack vector or a particular dam project. Over the past year, IDA in collaboration with the U.S. Army Corps of Engineers (USACE) has further refined CRM-D and developed a training support package and attendant software to train users on conducting a risk assessment using CRM-D. Through this, IDA supports USACE efforts to further operationalize and implement the CRM-D methodology and to increase understanding of the methodology and the USACE implementation through training activities.
Back to top
Procedures for Implementing the SAFETY Act
As part of the Homeland Security Act of 2002, Public Law 107-296, codified at 6 U.S.C. §§ 441-444, Congress enacted the SAFETY Act to provide risk management and litigation management protections for Sellers of Qualified Anti-terrorism Technologies (QATTs). In 2003, the newly formed Department of Homeland Security requested IDA’s assistance in designing a process for the rapid assessment of innovative anti-terrorism products and services. Subsequently, DHS asked IDA to provide technical subject matter expertise in the implementation of this process and support DHS’s educational outreach.
Today, IDA researchers support DHS at all steps of the SAFETY Act process, from initial industry engagement to completion of technical and business analyses for the program. Over the past 13 years, members of every IDA division have brought their technical, economic, and operational expertise to the SAFETY Act task, with nearly 100 contributors per year. As of mid-Fiscal Year 2016, IDA has evaluated technologies ranging from advanced sensors, blast mitigation materials, and information and networking systems to private security officers, venue security programs, canine explosive detection teams, and integrated perimeter security systems. Most recently, IDA has started assisting DHS in the evaluation of cybersecurity technologies and programs. IDA’s work has contributed to the granting of SAFETY Act Protections to over 814 technologies deployed nationwide. In recognition of these efforts, IDA’s SAFETY Act team has won numerous awards, the most recent in June 2014 (the Under Secretary of Science and Technology’s Award for Program Support).
Presentations, Articles, Publications:
PRESENTATION: The Accidental Career: Finding Balance When Your Wrong Turns Turn Out Right Keynote Speech at the 3rd Annual Women in Security 2016 Leadership Forum, June 21, 2016, St. Paul, Minnesota, by IDA’s Dr. Deena Disraelly.
PRESENTATIONS: The Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act) of 2002 was enacted by Congress to encourage development of anti-terrorism technologies. IDA staff support the Department of Homeland Security’s Office of SAFETY Act Implementation (OSAI) in industry engagement and outreach in furtherance of the Act. Efforts include webinars designed to educate and inform industry on the SAFETY Act evaluation process and to develop stronger industrial test programs. A selection of SAFETY Act outreach videos can be found below:(Open external link)(Open external link)(Open external link)(Open external link)(Open external link)(Open external link)
PRESENTATION: A Modification of the Expected Loss Metric for Choosing Effective Sets of Security Upgrades at Dams(Open external link)(Open external link)(Open external link)(Open external link)(Open external link)(Open external link) presented at the United States Society on Dams Annual Meeting and Conference, April 13-17, 2015, Louisville, Kentucky, by IDA’s Kevin Burns, Darrell Morgeson, and Jason Dechant and Yazmin Seda-Sanabria (USACE) and Enrique Matheu (DHS).
PRESENTATION: A Consistent Approach for Security Risk Assessments of Dams and Related Critical Infrastructure presented at the 5th Annual International Disaster and Risk Conference, August 24-28, 2014, Davos, Switzerland, by IDA’s James D. Morgeson, Yevgeniy Kirpichevsky, and Jason Dechant and Yazmin Seda-Sanabria (USACE) and Enrique Matheu (DHS).
PRESENTATION: A Consistent Approach for Security Risk Assessments of Dams and Related Critical Infrastructure, June 2014, by IDA’s J. Darrell Morgeson, Jason A. Dechant, and Yev Kirpichevsk and Yazmin Seda-Sanabria (USACE) and Enrique E. Matheu (DHS).
PRESENTATION: The Common Risk Model for Dams: A Portfolio Approach to Security Risk Assessments presented at the International Conference on Large Dams, June 2013, Seattle, Washington, by IDA’s Yev Kirpichevsky, Jason A. Dechant, M. Anthony Fainberg, J. Darrell Morgeson, and Vic Utgoff and Yazmin Seda-Sanabria (USACE) and Enrique E. Matheu (DHS).
PRESENTATION: Incorporating Uncertainties in the Estimation of Vulnerabilities for Security Risk Assessments presented at the United States Society on Dams Annual Conference, February 11-15, 2013, Phoenix, Arizona, by IDA’s Darrell Morgeson and Michael Keleher and Yazmin Seda-Sanabria (USACE) and Enrique Matheu (DHS).
ARTICLE: Assessing Security Risks Using the Common Risk Model for Dams published in "IDA Research Notes," Spring 2015, by IDA’s J. Darrell Morgeson, Yev Kirpichevsky, Jason A. Dechant, and Victor A. Utgoff and Yazmin Seda-Sanabria (USACE) and Enrique E. Matheu (DHS).
ARTICLE: A Portfolio Approach to Security Risk Assessments published in the "International Journal of Hydropower and Dams," Issue #4, 2013, by IDA’s J. Darrell Morgeson, Yev Kirpichevsky, M. Anthony Fainberg, Jason A. Dechant, and Vic Utgoff and Yazmin Seda-Sanabria (USACE) and Enrique E. Matheu (DHS).
PRESENTATION: Modeling Adaptive Threats: Incorporating a Terrorist Decision Model into Security Risk Assessments presented at the United States Society on Dams Annual Conference, April 23-27, 2012, New Orleans, Louisiana, by IDA’s Yevgeniy Kirpichevsky and Enrique Matheu (DHS), and Yazmin Seda-Sanabria (USACE).
PRESENTATION: Security Assessments Using the Common Risk Model for Dams: Portfolio Analysis Incorporating Threat Modeling presented at the Association of State Dam Safety Officials Annual Conference, 2012, by IDA’s Yev Kirpichevsky, J. Darrell Morgeson, M. Anthony Fainberg, Jason A. Dechant, and Vic Utgoff and Yazmin Seda-Sanabria (USACE) and Enrique E. Matheu (DHS).
PRESENTATION: Implementation of the Common Risk Model for Dams for Security Assessments of USACE Critical Infrastructure presented at the Association of State Dam Safety Officials Annual Conference, 2011, by IDA’s Anthony Fainberg and Yazmin Seda-Sanabria (USACE), Enrique Matheu (DHS), Jack Tressler (USACE), and Michael Bowen (DHS).