NISAC Performers and Projects


NISAC works with National Laboratories, Federally Funded Research and Development Centers (FFRDC), and others to develop innovative analytical capabilities that provide quantitative and actionable information that help prioritize and manage risk to critical infrastructure and the National Critical Functions (NCFs). Below are NISAC’s active projects.

The content on this webpage is provided for information purposes only and is current as of March 2022.

Current NISAC Performers 

Active Projects  

Argonne National Laboratory (ANL)

Project Name

Description

Defense Critical Electric Infrastructure (DCEI) / High Value Civilian Infrastructure (HVCI) Support

Identify civilian infrastructure assets in the communications, energy, transportation, healthcare and public health, and water and wastewater sectors that have significant electric power dependencies and would potentially cause the most significant disruption to high-density civilian populations, high-value civilian assets, and National Critical Functions if affected by a long-duration power outage.

National Critical Function Decomposition

Accelerate the understanding of cross-sector risk to National Critical Functions (NCF) by breaking each NCF into its constituent sub-functions and capturing those in a standardized data structure.

National Critical Function Stakeholder Profiles

Develop stakeholder linkage profiles to capture all stakeholders associated with a National Critical Function (NCF) and organize them into sub-categories with similar characteristics. This organizational scheme will facilitate the development of tailored engagement strategies and the development of metrics related to NCFs.

Risk Architecture Laboratory Performer Council (RALPC) Support

Provide strategic and analytic support to the NRMC in the development of the Risk Architecture around such topic areas as interdependency analysis, further National Critical Function decomposition and stakeholder analysis efforts, electrical outage consequence modeling, and other technical architecture workflow integration approaches.

Secure Tomorrow Series

Develop a process to identify emerging and evolving risks to critical infrastructure and analyze the key indicators, trends, accelerators and derailers of those risks in order to direct mitigation activities.

 

Idaho National Laboratory (INL)

Project Name

Description

Cascade / All Hazards Analysis (AHA) and Data Build Out

Develop a dependency analysis tool that displays highly complex, cross-NCF relationships associated with the nationwide critical infrastructure network. Cascade leverages INL’s All-Hazards Analysis (AHA) framework to intuitively convey infrastructure interdependencies in a user-friendly and highly responsive format. The capability relies on a national data set of lifeline critical infrastructure dependencies built leveraging a repeatable methodology that uses multi-source, semi-automated techniques that extract and characterize critical infrastructure dependencies.

ICT Supply Chain Tool

Develop a web-based application that implements the Company/Information and Communications Technology (ICT) Element Scorecard (“Scorecard”) methodology, developed by Sandia National Laboratories (SNL).

Water Security

Finalize a complete and validated set of cyber planning scenarios for the water-specific National Critical Functions to support Sector Risk Reporting, development of Industrial Control System-focused cybersecurity performance goals, and NRMC’s Risk Architecture, Cyber Risk Framework and Risk Register.

 

FFRDC Systems and Analyses Center operated by the Institute for Defense Analyses (IDA) 

Project Name

Description

Developing Critical Foreign Dependency Data and Analytics to support DHS Decisions

Characterize the senior leadership decision-making environment that relies upon information on the risks to National Critical Functions, and their supply chains, associated with critical foreign dependencies on imports, the data and analysis that currently supports such decisions, and approaches to better underpin the decision-making needs of senior leadership.

Futures Planning for the National Risk Management Center

 

Develop an understanding of future strategic risk to the Nation and approaches to reduce this risk. Develop strategic concepts about the current state of the Nation’s ability to recognize, prevent, respond to, and be resilient in the face of adversarial actions via cyber operations, information operations, hostile commercial operations, and other means towards a goal of blending the Department of Defense’s conflict and engagement strategy with CISA’s responsibilities for leading civilian public-private collaboration in such a way as to reduce obstacles to confident, agile defense.

 

Lawrence Livermore National Laboratory (LLNL)

Project Name

Description

Multi-Target Critical Failure Analysis for Infrastructure

Develop a user-friendly, end-to-end Squirrel interface which will enable users to set up, execute, and analyze a Squirrel experiment without the Squirrel Development team in the loop. Users will set up experiments using a web interface which will, on the back-end, submit jobs to high performing resources, the Squirrel results will then be automatically loaded into the Visualization Engine for the user to explore and analyze – all without the direct participation of the Squirrel Development team or any coding on the part of the user. This user interface will enable analysts to use Squirrel in an end-to-end fashion on their own, and to acquire results in hours or days rather than weeks.

Pipeline Cyber Design Basis Threat (DBT) Feasibility Study

Develop a risk assessment tool for DHS that allows users to identify relevant cyber-attack scenarios for a given asset based on the assessed capabilities of a design basis threat (DBT) actor, and assess the effectiveness of mitigation and system hardening approaches for the given threat.

 

Risk Architecture Laboratory Performer Council (RALPC) Support

Work with NRMC lead to provide technical input and advice on analytical challenges, needs, and next steps for developing the Risk Architecture, the National Critical Functions (NCFs) decomposition data set, analytical methods leveraging existing and future data sets. We will also work with other National Laboratory performers to develop standard definitions, methods, and processes for creating, handling, and analyzing NCF data and serve as point of contact to coordinate Risk Architecture development efforts across NRMC lab performers through regular working sessions.

Risk Architecture Support

Build upon taxonomy, internal and external cascading consequences, multi-target critical failure analysis, and Python Simulator for Cyber Event Scenarios projects to build a suite of tools for prioritization, critical component identification, and system impact analysis for a set of water security related National Critical Functions (NCFs). This will include building out and operationalizing frameworks for both internal and external cascading consequences to allow for a holistic assessment of potential consequences for a subset of NCFs.

Software Assurance

Provide a framework for performing software assurance across the full supply chain lifecycle for government, industry, and individual developers responsible for the software that goes into critical information systems. This will enable stakeholders to identify and assess software vulnerabilities that pose a threat to National Critical Functions and will inform decisions about what software can be trusted in those applications.

 

FFRDC Homeland Security Systems Engineering and Development Institute (HSSEDI) operated by MITRE Corporation 

Project Name

Description

ICT Supply Chain System of Trust (SOT)

Develop an improved community-driven supply chain security and trustworthiness assessment capability that provides a consistent, scalable, tailorable approach for discussing, measuring, and managing supply chain security risks for organizations across government and critical infrastructure owners and operators.

Space Risk Assessment

This project will identify trends, emerging threats, and vulnerabilities within the space industry that create safety, security, or resiliency concerns for critical infrastructure and National Critical Functions. The project will help determine which space systems (e.g., space vehicles, ground stations, and user terminals) could be compromised, and the current U.S. government and industry standards or guidance that address these concerns. The project will also develop recommendations that are actionable, economically feasible, scalable, and risk based to address critical infrastructure risks associated with space systems and their services.

 

Pacific Northwest National Laboratory (PNNL)

Project Name

Description

End-to-End Infrastructure Impacts

Facilitate the simulation of interdependent modules representing National Critical Functions to allow a broad array of data sources, subject matter expertise, and scientific methods to be integrated into a single platform feeding multiple analytic and visualization capabilities.

Hazard Impact Assessment Capability for Regional Transportation

Develop the capability to rapidly assess risks to National Critical Functions from disruptions in transportation systems that can easily be integrated with other infrastructure sector models.

Multigraph Analysis Theory

Develop an analytic framework to apply stochastic multi-graph analysis to the National Critical Functions (NCFs) set. Following NCF functional decomposition, the NCFs can be visualized as an interdependent network. Utilizing all identified sub-functions in dependency analysis will yield a multi-graph network where NCF nodes may contain one-to-many relationships.

NCF Decomposition

Accelerate the understanding of cross-sector risk to National Critical Functions (NCFs) by breaking each NCF into its constituent sub-functions and capturing those in a standardized data structure.

Operational Flood Hazard Modeling

Enhance NRMC’s ability to evaluate flood impacts to critical infrastructure through defining the accuracy of FastFlood simulations for improved crisis action support, deploying dam/levee flooding capabilities for analyst access, and developing techniques to model extreme rainfall events in urban areas where infrastructure is the densest. NISAC will continue to coordinate with U.S. Army Corps of Engineers and FEMA to determine the future state of this capability.

Proximity Analysis

Continue development of algorithms and visualization approaches and data build-out for its legacy product line (including the ‘Infrastructure of Concern’ (IOC) list that is produced during real-world events such as hurricanes, flooding events, and wildfires) and for its expected future National Critical Function-driven analytical products.

Risk Architecture Requirements Elicitation (Innovation Foundry)

Utilize the Pacific Northwest National Laboratory’s (PNNL) Innovation Foundry to assist with analytic and technical requirements development for the Risk Architecture. PNNL will conduct four elicitation sessions each with distinct topics/objectives, audiences, and outcomes.

Water System Resilience Analyses for Regional Stakeholders

Conduct prototype study to assess resilience of water systems relative to the National Critical Functions they support.

 

FFRDC Homeland Security Operational Analysis Center (HSOAC) operated by RAND Corporation 

Project Name

Description

Assessing Risk to the National Critical Functions as a Result of Climate Change

Develop a framework for integrating climate driven changes to the strategic operating environment, both current and anticipated, into the NRMC’s risk management processes. The framework shall address the need to identify, understand, and manage climate driven impacts to the National Critical Functions.

Identifying Systemically Important Critical Infrastructure (SICI)

Organize and design a program to identify Systemically Important Critical Infrastructure (SICI) entities, develop a methodology to identify Systemically Important Entities (SIE), and support validation of SIE data with internal and external stakeholders.

 

Sandia National Laboratories (SNL)

Project Name

Description

Cyber Risk Framework

Develop a risk analytic methodology to understand the potential impact of cyber-attacks on federal networks and critical infrastructure. The primary focus of the methodology will be a system for the evaluation of the consequences portion of the risk equation.

Information and Communications Technology Executive Order Methodology Support

Maintain and enhance the FASC Scorecard Methodology, which decomposes and assesses criticalities within the Information and Communications Technology supply chain, and provides support to DHS’s annual response to Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain.”

Risk Architecture Framework

Further develop a systems-level concept for the Risk Architecture that identifies necessary components, interconnections, and integration approaches. The project will develop analytic use cases that would utilize the Risk Architecture, and the requisite capabilities for development and integration. These results will inform NRMC requirements development and planning, as well help align and operationalize existing capabilities in the context of the Risk Architecture.

Senior Risk Advisor

Provide strategic advisement to the NRMC in stewardship of the design and methodological development of the Risk Architecture, as well as general support on other risk related topics within NRMC on an as needed basis.

 

Systems Planning and Analysis, Inc. (SPA) 

Project Name

Description

Data Analytics and Risk Architecture Support

Provide data analytics support through the development of lightweight tools, use cases, and data management pilots. Provide technical expertise and project management support for the development of the Risk Architecture.

 

Was this webpage helpful?  Yes  |  Somewhat  |  No