Infrastructure Protection

Infrastructure ProtectionCritical Infrastructures are those systems that are necessary to the minimum operations of the economy and government, such as the water supply, food supply, transportation, oil and gas production, banking and finance, electrical generation, health and emergency services. Critical Infrastructure Protection refers to activities for protecting these systems and facilities. IIT offers a range of services to help protect the people, physical entities, and cyber systems essential to national security, public health, and economic stability against a host of natural and man-made threats.

IIT services and capabilities include:

Information Sharing and Analysis Centers (ISACs)
Homeland Security Presidential Directive 7 (HSPD-7) calls for the creation of private sector Information Sharing and Analysis Centers to protect United States critical infrastructures from attack, ninety-five percent of which are privately-owned. On a 24/7 basis, ISACs collect and analyze information pertinent to their industry and focus on those incidents, threats and activities that most affect that industry. ISACs help identify critical infrastructure and the impacts of its loss or degradation. Filtering information from the global information environment by the threats and infrastructure vulnerabilities permits ISAC analysts to focus their efforts and helps the industry to prioritize the application of limited security resources.

• Acquire Relevant Information
• Analyze Threat Indicators
• Monitor and Fuse Intelligence
• Alert and Warn
• Assess Risk
• Build Critical Infrastructure “Target Folders”
• Enhance Cyber Security
• Employ Red Teaming
• Reduce Decision Cycles

IIT currently operates three 24×7 ISACS:  the Public Transportation (PT-ISAC), the Over The Road Bus (OTRB-ISAC) and the Surface Transportation (ST-ISAC) ISACs.

Risk Management Planning and Implementation
Risk management is the continuous process of selecting, implementing, and monitoring countermeasures to maintain an acceptable level of risk at an acceptable cost. IIT begins the process with an assessment of an organization’s critical assets and the impact of their degradation, their vulnerability to exploitation, and the nature and likelihood of specific threats. This information is used to identify and evaluate risks and develop effective countermeasures to reduce that risk.

Threat and Vulnerability Analysis
With a unique focus on managing business and information related risk, IIT works with organizations to examine the threats they face and to analyze their unique vulnerabilities. The primary objectives of a vulnerability assessment (VA) are to provide information on the security and operational posture of a military unit or commercial enterprise to improve mission capability, and to protect proprietary technology/information by identifying Information Operations (IO) vulnerabilities in some or all of the following areas:

• Deficiencies in policy, programs, or personnel security resulting in Organizational vulnerabilities.
• Vulnerabilities resulting from Organizational structure and information flow.
• Vulnerability of computer networks, and the systems they support, to threats which could adversely impact the unit’s ability to accomplish critical mission functions.
• Vulnerability to enemy/adversary intelligence activities including SIGINT, IMINT and HUMINT. Vulnerabilities identified through counterintelligence activities.
• People, process or technology vulnerabilities identified via a SSE-CMM (ISO 21827) survey.
• Enforcement in areas of OPSEC, INFOSEC, or physical/personnel security.
After analyzing the current situation and risk from all perspectives (people, processes, technology), the IIT team will produce a detailed report, complete with recommendations to address all findings. Customers may then rely on IIT for all security process reengineering, infrastructure improvement, training and implementation needs.

24/7 Operations Center Design, Management, and Operation
IIT has a proven approach to the design, development, and operation of customized command and control and security centers effectively applying the most up to date communications, data management, and information visualization technologies.
• US Army Information Dominance Center
• Surface Transportation, Public Transportation, and Sharing Analysis Centers
• AAR Operations Center – IIT operates the 24/7 Railroad Security Operations Center. This Center coordinates information between the railroads, the ST-ISAC, and both Federal and State Governments.

Business Continuity and Disaster Recovery
IIT offers a comprehensive set of services designed to simulate, plan against, and ultimately survive potentially damaging situations. IIT goes beyond traditional disaster recovery planning to include Business Impact Analysis and take into account the reliance on an IT infrastructure for e-business and e-government operations. The resulting plan includes all critical business functions.

Information Assurance
IIT provides a host of services to protect and defend information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. IIT IA services include, but are not limited to, Threat and Vulnerability Assessments, Risk Analysis and Management, Incident Response and Recovery, and Systems Security Engineering.

National Incident Management System (NIMS)
National Incident Management Systems - Incident Command System 100 (NIMS-ICS 100)
The NIMS-ICS 100 is an introduction to the Incident Command System (ICS) and provides the foundation for a higher level of ICS training. This course describes the history, features and principles, and organizational structure of the Incident Command System. It also explains the relationship between ICS and the National Incident Management Systems. Upon successful completion of this course, the participant will understand the basic components for a successful means of managing an incident.
Recommended length – 8 hours
For more information, contact Gary Williams at 703.478.7634 or 
National Incident Management Systems - Incident Command System 200 (NIMS-ICS 200)
The NIMS-ICS 200 is designed to enable personnel to operate efficiently during an incident or planned event within the Incident Command System (ICS). This course focuses on the management of single resources. The NIMS-ICS 200 course provides training on and resources for personnel who are likely to assume a supervisory position within the ICS. Also, participants will learn the different positions within the ICS so that they will be able to assume any ICS position.
Recommended length – 12 hours
For more information, contact Gary Williams at 703.478.7634 or 
National Incident Management Systems - Incident Command System 300 (NIMS-ICS 300)
The ICS-300 course provides training on and resources for those personnel who require advanced applications of the Incident Command System. This course expands upon the ICS-100 and the ICS-200 courses. The prerequisites for the ICS-300 course is for each participate must successfully complete the ICS-100 and the ICS-200 courses. The main focus of this course is to those individuals who may assume a supervisory role in an expanding incident or a Type 3 Incident. A Type 3 event will require some or all Command and General Staff positions to be activated. Also, this Type 3 incident will/may activate Division/Group Supervisor and /or Unit Leader level positions. The incident or event could extend into multiple operational periods. Examples would be: tornadoes, floods, snow storms etc.
Recommended length – 24 hours
For more information, contact Gary Williams at 703.478.7634 or 
National Incident Management Systems - Incident Command System 400 (NIMS-ICS 400)
This course provides training on and resources for personnel who require advanced application of the Incident Command System. Those who are in senior positions in the organization and who would take any Command or General Staff position should consider this course. The audience that is targeted is those senior managers who are expected to perform in a management- Command or General Staff- in an Area Command or a Multiagency coordination entity. This course expands on the ICS-100, ICS-200 and the ICS-300. All three (3) courses shall be taken as prerequisite for the ICS-400.
Recommended length – 16 hours
For more information, contact Gary Williams at 703.478.7634 or 

Consequence Management
Analytical Laboratory System (ALS) Training
The 180 hour Analytical Laboratory System (ALS) Operator Course for new and/or alternate ALS Operators is taught at the Defense Consequence Management Support Center (DCoMSupCen) in Lexington, Kentucky. It prepares Civil Support Team analytical personnel for the ALS Critical Task List and includes:

• CST Overview and ALS Doctrine
• Vehicle Familiarization
• Filtration Theory
• Sample Preparation and Processing
• Advanced ALS HAPSITE Course (40 Hours)
• ALS RAPID Polymerase Chain Reaction (PCR) (16 Hours)
• Basic Microscope Operation and Analysis and PLM Basics (16 Hours)
• Basic IlluminatIR Operation and Analysis, with QualID and Grams familiarization (16 Hours)
• Radiological spectra assessment and Identifinder spectral interpretation (16 Hours)
• Two full days of scenario-based field training exercises (FTXs).

Each section includes evaluated, written checks on learning and evaluated practical exercises. References for evaluation are TM 3-6665-400-10, ST 20-652, the ALS Critical Tasks, and all analytical equipment manufacturer’s manuals and instruction materials. Instructors have years of experience instructing CST analytical personnel.
CBRNE Impacts and Effects Modeling Training
IIT delivers tailored, operationally focused chemical, biological, radiological, nuclear, and high-yield explosives (CBRNE) modeling training. This training includes an overview of weapons of mass destruction (WMD) modeling concepts, processes, and methods used to effectively provide a critical and timely assessment of current and projected consequences resulting from natural and man-made CBRNE hazards. It addresses the effective application of these capabilities during domestic incidents of suspected weapons WMDs. A primary course is designed for National Guard Civil Support Team Modelers, alternate Modelers, Information Systems staff, JFHQ-State and JTF-State staffs, and civil emergency response teams (first responders) and tailored to enhance the modeling capabilities of individual modelers and command interpretation of results.
Employing a National Guard WMD Civil Support Team
This eight-hour course is for National Guard Adjutant Generals, Joint Forces Headquarters staffs, Civil Support Teams (CSTs), emergency managers, and other state response units. The information-packed training overviews the CST structure, equipment, capabilities, operations, and state support requirements. It describes the unique CBRNE mission and capabilities, as well as the centralized and state support requirements for this non-traditional, full-time, forward deployed, force package one unit. It is an excellent introduction for new or prospective CST members.This executive-level course is delivered by an exceptionally experienced, National Guard Bureau approved mobile training team. Each attendee receives a complete course book that is an indispensable reference tool. 
Public Affairs and Crisis Communications
IIT presents this six-hour course for National Guard Joint Forces Headquarters staffs, Joint Task Force-State staffs, Civil Support Teams (CSTs), emergency managers, and other state response units. This crisis-focused training incorporates four case studies of media impact on major crises, helps response personnel understand the media requirements and interests, delineates the methodology to develop appropriate messages that have a positive impact on the outcome of events, and highlights the techniques for delivering those messages in various media formats. This executive-level course is delivered by an exceptionally experienced training team. Each attendee receives a complete course book that is an indispensable reference tool. Senior personnel receive on-camera interview training.

IIT Cyber and Physical Security and Enterprise Technology Recognition

2014 AFEI Enterprise Information Winner – Industry Category

2013 AFEI Enterprise Information Honorable Mention – Industry Category

2011 SANS Institute National Cyber Security Innovation Award

2009 NSA Rowlett Award for Organizational Achievement

Awards and Logos