Articles/Minutes

This section will contain featured articles and minutes from our monthly and quarterly meetings; and any special events that members or officers may participate in and want to provide feedback.

To submit an article for this section, please send your document to:

 

February 3, 2010 IOMA Monthly Meeting

The meeting started with a brief introduction of Officers and Board members present, which was followed by introductions of the members present in OKC and Tulsa.

Following the introductions, a short summary of the IOMA Board Annual Planning meeting was discussed, including a review of the meeting schedule planned for the next 15 months.

Wednesday, March 03, 2010

Chemical/Emergency Services

Wednesday, April 07, 2010

April General Membership Meeting and Election of Officers and Board Members

Tuesday, April 27, 2010

Defense Industrial Base Sector

Wednesday, May 19, 2010

Joint Meeting with ISSA -- HD Moore scheduled to present, among others

Wednesday, June 02, 2010

Commercial Facilities

Wednesday, July 14, 2010

Transportation & Chemical Sector

Wednesday, August 04, 2010

Health Care & Privacy

Wednesday, September 01, 2010

National Monuments & Icons

Wednesday, October 06, 2010

Cybersecurity Month

Wednesday, November 03, 2010

Nuclear Facility

Wednesday, December 01, 2010

Banking & Finance

Wednesday, January 05, 2011

Year in Review

Wednesday, February 02, 2011

Education

Wednesday, March 02, 2011

Agriculture & Food

Wednesday, April 06, 2011

Annual Membership Meeting

 

The topic for our February monthly meeting was the "Critical Manufacturing" sector, one of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS).

Our speaker was Josha D. Jordan, from the U.S. Department of Homeland Security (DHS) Office of Infrastructure Protection (IP) at DHS Headquarters in Washington, DC.  Josha is in the newly formed Critical Manufacturing Sector-Specific Agency, where he serves as the main contact for intergovernmental programs within the sector.

He is responsible for coordinating sector site visits to Manufacturing partners, identifying information and assets within the sector for the DHS Critical Foreign Dependencies Initiative, Tiering of Level 1 and 2 Critical Manufacturing Sector facilities, and infrastructure information as it relates to sector taxonomy. Mr. Jordan also serves as the sector Protective Security Advisor liaison for vulnerability and risk assessments throughout the country.

Josha provided an introduction to the Critical Infrastructure/Key Resource (CI/KR) sectors, which was followed by a Critical Manufacturing sector specific presentation.

Josha Jordon 

Josha Jordan presenting overview of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors.

Feb Critical Manufacturing 

OKC InfraGard members during the February monthly meeting.

Josha Jordon QA 

Josha Jordan taking questions after his presentation.

January 6, 2010 IOMA Monthly Meeting

The topics for our January monthly meeting included a FBI Counterintelligence Presentation and a Review of Our 2009 Activities -- followed by a Discussion of Planned activities for 2010.

Our speaker was Supervisory Special Agent, Trey Resolute, the new supervisor of the Oklahoma City FBI Field Intelligence Group, Trey reviewed a series counterintelligence activities and several case histories.

Afterwards, Special Agent Martha Justice (our FBI InfraGard Coordinator) and Ken Ontko, IOMA Chapter President, provided an overview 2009 InfraGard activities and lead a discussion of future considerations for 2010.

This was followed by a request for comments and suggestions from the members present for ideas about future meetings, in preparation for our annual InfraGard Board planning session on scheduled for January 27th.

Special Agent Martha Justice, IOMA FBI Coordinator and Ken Ontko, Chapter President, reviewing 2009 events and activities.

Special Agent Trey Resolute, FBI Supervisor, Field Intelligence Group, reviewing counterintelligence activities -- our Tulsa Satellite organization connected via OneNet's video conferencing facilities can be seen in the screen on the left.

IOMA members listening during the review of 2009 chapter activities, from the Symposium Room of the Presbyterian Health Foundation Conference Center.

December 2, 2009 IOMA Monthly Meeting

Our December meeting was held at the new Presbyterian Health Foundation (PHF) location, at 655 Research Parkway, Oklahoma City, OK 73104, which is on Lincoln Boulevard between 10th and 8th Street. The PHF Conference Center is located on the first floor of the 655 Research Parkway facility (shown below with a red X). Short-term parking (less than 2 hours) is available in various locations around the Research Park area and longer-term parking is available on the upper level(s) of the parking garage.

 

The meeting began by recognizing our newest sponsors who are enabling us to implement and enjoy our new meeting format and venues. We can now reach more members statewide during our regular monthly meetings.

We broadcast the meeting from the PHF Conference Center to our first Satellite Organization at OSU Tulsa, 700 N. Greenwood Ave., Tulsa, OK 74108. The OKC and Tulsa locations were linked courtesy of the Oklahoma State Regents for Higher Education through the use of OneNet's video conferencing system. This will be our venue for the next four months and we have at least two and possibly three more Satellite locations that have expressed an interest in participating so far.

These meeting venues and the ability to reach out to other locations in Oklahoma during our monthly meetings have been made possible by the following new Sponsors:

Oklahoma State Regents for Higher Education and OneNet:

Platinum

Presbyterian Health Foundation:

Platinum

Oklahoma State University Tulsa:

Gold

Francis Tuttle Technology Center - Bruce Gray Center:

Gold

Following a round of brief introductions of our members present in OKC and Tulsa, we proceeded to introduce our speaker and turned the meeting over to him to tell us all about flood controls in Oklahoma.

The Critical Infrastructure theme for December was "Dams" and this month's presentation focused on Oklahoma's Small Watershed Flood Control Program.

Our speaker was Mr. Robert W. Toole, CPESC, CAE, Conservation Programs Division Director, Oklahoma Conservation Commission. Mr. Toole has 10 years of experience with the Oklahoma Conservation Commission, during which he served six years as the Assistant Director of the Oklahoma Conservation Commission. Prior to returning to the Oklahoma Conservation Commission, Mr. Toole worked 14 years for the National Association of Conservation Districts as a Regional Representative for Member Services and then as a Director of Leadership Services. Mr. Toole is a native Oklahoman, born and raised in Mangum, in southwest Oklahoma; and he graduated from Oklahoma State University with a Bachelor of Science degree in Zoology.

Mr. Toole provided a thorough and educational view of the Small watershed Flood Control Program throughout Oklahoma and he fielded several questions from the audience.

Following his presentation, Mr. Toole was awarded with a letter of appreciation from the FBI and InfraGard signed by James Finch, Special Agent in Charge of the Oklahoma City FBI regional office.

There were a few general topics discussed related to planning for future meetings, including the topic for January 6, 2010, which will be the year in review (2009) and planning for meetings and conferences in 2010.

Below are a few photos taken by Dan Biby, past InfraGard President and current Sector Chief for the Emergency Services sector.

Dec-09 Speaker Introduction

InfraGard chapter President Ken Ontko introducing guest speaker, Mr. Robert Toole, Conservation Programs Division Director, Oklahoma Conservation Commission.

Photo of PowerPoint slide on projection screen during presentation.

Dec-09 OKC Venue

Photo of OKC venue during lunch.

Dec-09 Tulsa Venue

Photo of the OSU Tulsa venue on the video conference screen during lunch.

Photo of award to guest speaker Mr. Robert Toole in appreciation for his presentation.

 

November 4, 2009 IOMA Monthly Meeting

The Critical Infrastructure theme for November was "Water Resources"; and our guest speaker was Ms. Monty Elder from the Department of Environmental Quality.

Presentation Synopsis: 3.5 million people are served by public water supply systems in Oklahoma. Providing water, which supports the health of citizens and enables communities to provide fire protection, are critical functions of water treatment plants. Ms. Elder discussed the requirements for physical security at water treatment plants, along with the methods and processes for treatment of water, prior to delivery as a barrier to dispersal of agents.

Bio: Ms. Elder worked in the field of chemical safety, preparedness, planning and response for over 18 years. She is currently the Chair of the Oklahoma Hazardous Materials Emergency Response Commission, coordinating the efforts of state agencies, industry and first responders to plan for response to chemical incidents in Oklahoma. She directs the emergency planning, training and exercising for all 77 Local Emergency Planning Committees in Oklahoma. Ms. Elder is also the emergency response coordinator for the Oklahoma Department of Environmental Quality. In that position, she directs the Department’s response to chemical accidents which impact public health and the environment. Her experience includes development of training materials for first responders, review of site security at chemical facilities, management of toxic chemical information, development of policy for remediation of chemical spills and preparation of county chemical hazard analysis. Ms. Elder also has wide experience with public outreach and risk communication involving hazardous chemicals. She served from 2003 through 2006 as the DEQ media spokesperson. Ms. Elder kept Oklahoma citizens informed about the impacts of hazardous chemicals in the community. She developed the risk communication strategy for the Department. During her service to DEQ, she has facilitated hundreds of public meetings covering a broad range of controversial issues surrounding hazardous chemicals including Superfund site clean-ups and chemical facility permitting. She has authored several professional articles on the process of public involvement and risk communication.

 

October 7, 2009 IOMA Quarterly Conference Summary

October is National Cyber Security Awareness Month

Brian TillettEnterprise Security Strategy View 2010+: An overview of the Internet Security Threat Report and Symantec’s Global Footprint to develop an Information Centric and Risk Based Security Strategy.  Focus will be on where the worst case security threats exist and how to filter down to the right tools to address those areas.

Mr. Tillett, Symantec National Security Strategist, joined Symantec in early 2008 as a Public Sector Security SE Specialist.  Prior to Symantec, he was the Federal Systems Engineer for Vericept Corporatio; becoming well versed in the Data Loss Prevention product space.  He spent 5 years with SecureLogix Corporation, as a Systems Engineer and Federal Technical Director for their suite of voice security products.  Brian’s career began in the USAF, including assignment to the AF Pentagon Communications Agency, working for HQ USAF, Joint Chiefs of Staff, Ballistic Missile Defense Organization, and Office of Secretary of Defense; and continues to maintain a DoD Top Secret Clearance.

Kevin Turner—Security in a Virtualized World: Virtualization is taking the computer industry by storm (again).  What is it and what can it do for you?  If it was so great, why did it go out of style the first time?  What can it do TO you and your environment?  Learn the truths about virtualization, the virtual layer, and what it takes to secure your virtual environment.

Mr. Tuner is the Information Technology Manager for American Bank Systems, Inc., with primary duties related to managing the technology infrastructure.  He has been an infrastructure technology architect for the last six years, with fifteen years of industry experience.  His education background includes more than a dozen IT related certifications from Microsoft, Cisco, (ISC)2, ISACA, EC-Council, and CompTIA.  He is a member of the Information Systems Audit and Control Association, a board member of InfraGard Oklahoma Members Alliance, and President of the OKC chapter of the Information Systems Security Association.

Tim Elrod—Fuzzing FTW: In today's world security researchers use many tools to discover security vulnerabilities—everything from static analysis of disassembled code to Arbitrary Use cases that look for logic flaws.  One of the more popular ways to find security vulnerabilities is by the use of a fuzzer.  In this talk we will discuss what a fuzzer is and more importantly what a fuzzer is not.  How to employee fuzzers to find security vulnerabilities and what advances have been made in fuzzer technology.

Tim "ri0t" Elrod , Founder, Ri0tnet Security;  Mr. Elrod has been an Information security professional for over 7 years but his passion for information security began when he first attached a 300 baud modem to a Commodore 64 and began this wild ride.  He is the founder of Ri0tnet Security an independent research company that focuses on vulnerability discovery, penetration testing, and reverse engineering.  He is also a member of the Bastard Labs Vulnerability Research Team as well as the OKC2600 and a regular speaker at the DC405.  He has found and exploited vulnerabilities in most major network operating systems including AIX, HPUX, Tru64, Linux, and Microsoft Windows as well as many enterprise software packages.  Mr. Elrod is an open source advocate and a contributor to the Open Source Vulnerability Database and the Metasploit Exploitation Framework as well as many other open source projects.  He was co creator of the DISE port scanner, as well as many other open source hacking tools.

Sean Satterlee—WIFI Insecurities: "Open WiFi? Don't be THAT stupid.  The dangers of using open WiFi and threat mitigation in the event you can’t avoid it."

Sean (0hm) Satterlee, DC405, okc2600, Vegas 2.0… Mr. Satterlee is an Open Source Vulnerability Database (OSVDB) contributor, Founding Member of the developer group DC405 focusing on creating software and web applications, Producer of Security Binge, Organizer for EFF Summit @ DEFCON, Panelist/Instructor for ISSA-OKC, and Information Security Professional in the OKC area.

 Jayson E. Street—Stratagems of Social Engineering: Practicing the Art of Deception…

Mr. Street has created and conducted security awareness training for a major Internet bank and has created security policies and procedures currently used by several companies.  He has also created and taught a three day training course on Intrusion Detection Systems for an undisclosed government agency in Washington D.C. He has consulted with the FBI on attempted network breaches which resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the WI-FI security posture at the White House.  He has also spoken at several colleges and organizations on a variety of Information Security subjects.  He has been interviewed by Forbes and Scientific American regarding research on the issue of cyber-warfare as it relates to China and their preparedness for an online war.  He was an expert witness in two cases involving the RIAA, the declaration was on Slashdot and other websites.  Mr. Street is on the SANS GIAC Advisory Board; a current member on the board of directors for the Oklahoma "InfraGard"; a member of the "OSVDB"; an officer for the Oklahoma City ISSA; a longtime member of the "SNOsoft" research team.  He has not only adapted to new and emerging technology, but has learned quickly to integrate security technologies into an existing infrastructure.

 Nathan Keltner—Review of a Data Breach—The Heartland Payment Systems Breach 10 Months Later: What we now know, and what we can learn to ensure security of high priority targets.  In this presentation, we will walk through the history of the breach, the arrests, the anatomy of the hack, and the defenses we should all have in place.

Mr. Keltner has more than five years of experience conducting vulnerability assessments, penetration tests, Web application assessments, IT audits, PCI readiness and remediation assessments, and exploit development on the Windows platform.  Leading engagements for Grant Thornton out of the Tulsa, OK office, his primary responsibilities relate to understanding risks associated with external and internal attackers.  He is familiar with various offensive and defensive strategies related to network security, and frequently speaks on such topics to local and international organizations. 

 Rick Dakin—Coalfire Systems, Inc.: A Review of the Common Compliance Strategies Related to Emerging Data Privacy Laws in the Critical Infrastructure Sectors

As President and Senior Security Strategist, Mr. Dakin provides strategic management IT security program guidance for Coalfire and its clients.  As Coalfire's Senior Security Strategist, he is actively involved in helping clients develop balanced approaches for effective IT governance and regulatory compliance programs.  Mr. Dakin's experience results from more than 25 years in senior management with leading IT firms.  Mr. Dakin combines an in-depth knowledge of IT controls with a comprehensive understanding of organizational needs and the rapidly emerging legislation affecting information technology.  He is recognized nationally as a leader in IT risk management and information security solutions for regulated market sectors. He presents regularly to regional and national audiences on IT security solutions meeting privacy and confidentiality requirements for legislation covering financial services, healthcare, government and public corporations.  Mr. Dakin currently serves as President of the FBI's InfraGard program, Denver chapter, and he is a member of a committee hosted by the U.S. Secret Service and organized by the Joint Council on Information Age Crime.  He is a graduate of the U.S. Military Academy at West Point, and he received an M.B.A from the University of Oklahoma.

 

September 2, 2009 IOMA Monthly Meeting Summary

Our Critical Infrastructure theme for September was the Postal and Shipping sector. our guest speakers for September were Mr. Paul Boyd and Mr. Charlie Thigpen, both of whom are Postal Inspectors. They represented the Postal and Shipping Critical Infrastructure sector, as they discussed topics related to mail fraud, business capabilities, white powder mailings and other important issues related to this sector. This was an excellent opportunity to hear first hand about what happens behind the scenes within the Postal Service.

August 5, 2009 IOMA Monthly Meeting Summary

Focus: Defense Industrial Base Sector

 The meeting opened with some announcements and discussions.

  • July quarterly conference: The “Courthouse Security” certificates of completion are available.

  • September monthly meeting: The sector focus is Postal and Shipping.

  • October quarterly conference: The conference theme is Cyber Security.

  • Meeting reservation system: The new system will undergo tests in September; planned to go live in October.

  • Sponsorship program: We are looking for sponsors. It was noted that sponsors are provided an IOMA website posting with a link to their company website; and are given the opportunity to present at an IOMA meeting.

  • Membership cards: The existing cards are still valid; the new cards will not have an expiration date.

  •  Meeting location: Members responded positively to the new venue (IBLP Oklahoma Training Center, OKC).

 Speaker:

 Tom Boyd is the Northrop Grumman Site Security Lead at Tinker Air Force Base (TAFB) in Oklahoma. Tom has a 23 year career in DoD Security; including priority resources protection, as well as physical, personnel, information, industrial, computer and special programs security disciplines.

 Topic:

 Tinker AFB: Mission Overview Briefing (Unclassified).

 Abstract:

Tinker AFB facilitates the defensive posture of the United States as the largest intermediate jet maintenance facility in the world and as host to the Oklahoma City Air Logistics Center (OC-ALC); the largest of three in use by the USAF today. Over 28 thousand active, retired, and civil service employees support the heavy maintenance functions of the B-1, B-52, KC-135, KC-10, E-3, and E-6 aircraft in a facility comprising 5020 acres, 732 buildings, and 15.5 million square feet of indoor and ramp space. This environment leverages shared location and defense missions to maximize resources and minimize costs while supporting the operational missions of the USAF, USN, and several DoD agencies. Further, Tinker AFB supports over 40 thousand retirees who rely upon its base services; including medical, commissary, and recreation.

 Discussion:

 Tinker AFB incorporates the missions and responsibilities of several organizations.

  • 72nd Air Base Wing

    • Host organization providing base operating support services

  • 76th Maintenance Wing

    • Aircraft maintenance, repair, and overhaul services

  • 327th Aircraft Sustainment Wing

    • Weapon Systems Life Cycle Management

  • 448th Supply Chain Management Wing

    • Plan procurements, contracts, transformation, and financing for materials, maintenance, and distribution at all three Air Logistics Centers

    • Manage foreign military sales (FMS) for friends and allies of the United States

  • 552nd Air Control Wing (Air Combat Command)

    • Global combat readiness and theater battle management under the direction of the Chairman, Joint Chiefs of Staff

    • Homeland defense operations; including counter-narcotics

  • Strategic Communications Wing One, USN

    • Take Charge and Move Out (TACAMO)

    • Strategic Communications, Command & Control for National Command Authority

  • 507th Air Refueling Wing, Air Force Reserve Command

    • Daily worldwide air refueling support for U.S. and NATO forces

  • 513th Air Control Group, Air Force Reserve Command

    • Air Reserve Component of AWACS

  • 3rd Combat Communications Group, Air Combat Command, AKA “The Third Herd”

    • Deployable communications, computer systems, networks, navigation aids, and air traffic control services

  • 38th Engineering Installation Group, Air Force Material Command

    • Integrated command and control, and information systems to increase combat readiness

  • 498th Missile Sustainment Group (AFMC)

    • System Program Management for Long Range Cruise Missiles

  • Defense Information Systems Agency (DISA) Oklahoma City

    • IT services for war fighters; including computer processing, system monitoring, communications, security, and software for 1.6 million users

  • Defense Logistics Agency, Defense Distribution Center Oklahoma (DDOO)

    • 24 hour distribution support to OC-ALC and other Tinker-based organizations, DoD, and FMS

  • Defense Reutilization and Marketing Service (DRMS)

    • Property disposal services; including inspection, receipt, surplus storage, scrap, reuse, transfer, and donation

Q&A:

Question: What is the likelihood of Tinker AFB closure?

Answer: There were five Air Logistics Centers; there are now three. Tinker AFB has acquired additional workloads and missions from other installations that have been closed or realigned from previous BRAC initiatives, bolstering its contributions to national defense.

Question: Who are eligible recipients for DRMS (Defense Reutilization and Marketing Service)?

Answer: DoD Service components, Federal, State and local Govt., Non profits and individuals at public auction.

 Question: What role does Northrop Grumman play at Tinker AFB?

 Answer: Northrop Grumman provides software development, software maintenance, hardware sustainment and Performance Based Logistics support for the B-2A Spirit, Stealth Bomber.

The meeting closed with a discussion of IOMA Sector Chiefs.

  • There are 18 Critical Infrastructure and Key Resources (CIKR) sectors that are deemed essential to the nation’s security, public health and safety, economic vitality, and way of life.

  • The IOMA Executive Board is working to identify and select members to serve as Sector Chiefs.

    • Objective: To provide leadership in their respective sectors; primarily to ensure a two-way dialogue between the public and private sectors that fosters the acquisition, sharing and education of sector-related issues.

  • Sector Chiefs are non-voting members of the IOMA Executive Board that function as a working group in conjunction with SA Martha Justice (FBI), Gary Jones (Oklahoma Fusion Center) and Glenn Moore (U.S. Department of Homeland Security). The current Sector Chiefs include:

    • Dan Biby (David Williams, Deputy) – Emergency Services

    • Dr. Leslie Cole – Agriculture and Food

    • Elaine Dodd – Banking and Finance

    • Van Schallenberg – Communications

  • There are plans to include a tab on the IOMA website for Sector Chiefs and CIKR information.

  • There was a membership recommendation to consider including a Department of Homeland Security feed on the IOMA website as well.

July 1, 2009 IOMA Quarterly Conference Summary

Our July quarterly conference on Physical Security was very successful, even though we were competing with the July 4th Holiday and other local events. Congratulations to our conference planning team for a job well done; and to our two speakers for delivering exceptional presentations.   Following opening comments by George Lewellyn, IOMA Vice President, Glenn Moore, Protective Security Advisor for the Oklahoma District, U.S. Department of Homeland Security, presented information about a DHS tool designed to help critical infrastructure owners to manage their risk.  We then proceeded with the primary programs.

Presentation #1: New Mexico Tech's "Prevention and Response to Suicide Bombing Incidents" (PRSBI)

A Homeland Security sanctioned course presented by John Clark of New Mexico Tech. This 4 hour course is CLEET accredited and provided participants with 4 hours CLEET credit. It addressed both the prevention of and response to suicide bombers; involving 9 steps from intelligence up to and including deadly force.

It was a powerful and direct presentation with serious instruction to deal with the "Not If, but When" of how to protect our school children and the public. There was a short pre-test and post-test administered to assess disseminated knowledge. This presentation was a FOUO (For Official Use Only) with no media or taping without New Mexico Tech and FBI permission. A book was provided as part of the instruction. The New Mexico Tech Web site provides additional information at <http://www.emrtc.nmt.edu/training/prsbi.php>.

Presentation #2: "Courthouse Security"

This Homeland Security course was presented by Gary Berryhill of the U.S. Marshals Service. The 4 hour course was open only to InfraGard members, Law Enforcement and qualified First Responders as a CLEET accredited sanctioned event. Gary addressed physical courthouse security with respect to handling different incident scenarios; appropriately adapted for this event to include all law enforcement and to address the nation's critical infrastructures.

SPEAKER BIOS

John Clark

John has an Associate Degree in Police Science, Bachelor's in Criminal Justice, and is working on a Master's in Emergency Management.  He was with Oklahoma City for 30 years. Culminating 27 years as an Oklahoma City Police officer, John retired a Lieutenant working out of the Chief's office as the Emergency Planner where he was the primary trainer and facilitator of the OCPD Emergency Response Team (ERT). Shortly thereafter, he accepted the Director of Emergency Management for Oklahoma City role where his duties included WMD coordinator and counterterrorism officer.

John has served as an adjunct instructor at LSU, University of Arkansas, OSU, and New Mexico Tech. He graduated from the FBI National Academy (161st session). John is now a Lead Instructor at New Mexico Tech and currently teaches two Homeland Security courses; one of which is the Prevention and Response to Suicide Bombing Incidents. John is married and has 5 children and his eleventh grandchild is due in September.

Gary Berryhill

Gary is a Senior Inspector with the United States Marshals Service, Western District of Oklahoma, and serves as the district's Judicial Security Inspector. In that role, he is responsible for the security and protection of the federal judiciary, while on and off the bench. He oversees all off-site protection details for the judiciary and coordinates physical and electronic security measures at the federal courthouses in Oklahoma City and Lawton. Gary is often called upon to conduct residential security surveys for the district judiciary, as well as other federal, state, and local government buildings. In 2005, he was asked to assess the security measures of the Oklahoma State Capitol Building.

Inspector Berryhill has served as the supervisor of the United States Marshals' General Operations Section, which is responsible for courtroom security, prisoner housing and movement in the Oklahoma City Federal Courthouse, as well as all prisoner movement involving the Western District of Oklahoma. A native of Duncan, Oklahoma, Mr. Berryhill served with the Duncan Police Department for 8 years, both as an officer and investigator. He joined the United States Marshals Service in 1990 and holds a Criminal Justice Degree from Cameron University.

 

June 3, 2009 IOMA Monthly Meeting Summary

Focus: Emergency Services Sector

Following opening remarks and a round of short introductions from those present at the start of the meeting, there were a few comments and brief discussions with members. We then began the program, which followed a Panel Discussion and Question and Answer format.

Panel:

Dan Biby (IOMA Emergency Services Sector Chief) President, Biby Associates

Mark Gower (IOMA Board) CISO, Oklahoma Department of Human Services

Kevin Turner (IOMA Board) IT Manager, American Bank Systems

Ken Ontko (IOMA President) ISO, Oklahoma Office of State Finance

Moderator: SA Martha Justice, FBI

Topic:

Keeping Your Business in Business: How to Apply Best Practices for Business Sustainability

Abstract:

Businesses must deal with many challenges in order to remain viable in the current economic, social and physical climate. Furthermore, the dynamics of this environment require one to work diligently and continuously to understand and mitigate risk. Whether the threat is a tornado, power outage or a perpetrated act, organizations must stand ready with well-defined and rehearsed plans to protect their mission critical resources.

A primary goal of the Emergency Services Sector (ESS) is to facilitate the linking of first-responder disciplines; including emergency management, emergency medical services, fire, hazardous material, law enforcement, bomb squads, tactical operations/special weapons assault teams, and search and rescue. The ESS seeks to support the first-responder community by serving as a platform for information sharing and interdisciplinary cooperation as they work to protect the lives, safety and security of Oklahomans and the nation with trained and tested personnel, plans, redundant systems, agreements and pacts.

Businesses, especially those serving as critical infrastructure owners, also play an integral role in protecting the lives, safety and security of Oklahomans and the nation. It is therefore equally important for them to have trained and tested personnel, plans, redundant systems, agreements and pacts supporting a Business Continuity Program.

Historically, business continuity programs were preceded by disaster recovery and business continuity plans. The term disaster recovery plan is now considered archaic in that it implies a focus on response and recovery mechanisms. On the other hand, a business continuity plan consists of documents and protocols that emphasize not only event recovery but preparedness and mitigation as well. The idea of a business continuity program builds upon both constructs as it represents an enterprise-wide, long-term program designed to sustain an organization by protecting its mission-critical resources; including people, information, systems and processes.

A business continuity program must deal with physical, technological, personnel and procedural concerns. Its plans should be reviewed and rehearsed regularly to maintain efficacy and currency. In this way the program can be adapted to address risks brought about by changes in the economic, social and physical environment. For example, a weakened economy may contribute to failures of key business partners, Internet connectivity may increase the risk of cyber espionage, or a new highway bridge may be located adjacent to a critical infrastructure.

The methodology of business continuity programs includes training, recovery and mitigation. Training involves walking personnel through defined response protocols, such as employee evacuation drills and IT viral infection drills. Drills serve to reinforce important concepts and processes. For example, it is imperative for staff to know the designated congregation areas and proper methods for checking in so as to avoid unnecessary rescue operations in the event of an evacuation.

Recovery involves response mechanisms designed to curtail the “hemorrhaging”; getting the people, systems and processes back online as soon as possible. The mechanisms may include the use of redundant systems and sites as well as joint support agreements with other organizations that guarantee the resources necessary for a successful recovery.

Mitigation endeavors to eliminate or reduce the propensity for an event to occur in the first place. To be successful, one must take into account and prioritize geographic and industry considerations. This will involve a Risk Assessment to identify the threats to and vulnerabilities of the organization. It will also include a Business Impact Analysis to determine both the impact and probability of various threats upon the operations of the business. This information may be based upon interviews and statistical analysis. In Oklahoma, organizations must consider the potential physical, financial and psychological impact of tornados, virulent diseases, shooters and cyber events upon their business and employees.

Q&A:

Question: What is the difference between a cold, warm and hot site?

Answer: A cold site is a backup processing facility that provides a basic operational environment, such as power and utilities, but lacks the systems and networks necessary for processing. A warm site is a backup processing facility that provides a basic operational environment along with limited systems and networking in standby. A hot site is a backup processing facility designed to provide a fully operational environment similar to the normal operating environment within a few hours.

Question: How can one prevent staff from experiencing “Chicken Little Fatigue?”

Answer: Chicken Little Fatigue refers to the loss of focus resulting from overexposure to an issue or concern. This may cause people to respond inappropriately or be distracted by inconsequential information. One may circumvent this process by monitoring the “grapevine” for rumors and filtering inaccurate information. One may also launch a communication and education initiative that cites factual information from credible sources and gives employees the tools to access such sources. For example, questions about the 2009 A-H1N1 “swine flu” influenza virus could be directed to the Health Department Web site.

Question: Is there a Business Continuity Program solution that is cheap, fast and good?

Answer: One can have any two of these characteristics but must necessarily sacrifice the third. In other words, if a solution is cheap and fast, it will not be good. If the solution is cheap and good, it will not be fast. If it is fast and good, it will not be cheap. Unfortunately there are no silver bullets; no one vendor. Although business continuity and disaster recovery software may be useful, one must understand that many are primarily inventory keepers with rudimentary risk measurement tools, forms, templates and spreadsheets. Remember the adage, “Garbage In, Garbage Out.” One must commit the time and resources to do it well.

A Business Continuity Program is a process, a living document that must be reviewed and updated regularly to reflect and incorporate changes in the business environment. A plan on paper is worthless on its own. It must be backed by a Business Impact Analysis and appropriate testing. This requires a clear understanding of critical business functions and processes, information technology processes, human capital, and one’s business partners. For example, a supplier or vendor’s weakness represents risk to an organization.

One must also consider intellectual capital. Technology and plans are important but one must have people with the necessary knowledge and skills. Identify backups for critical functions, recognize and resolve deficiencies introduced by exiting and retiring employees, and ensure the safety of all staff. Provide educational and safety materials. Identify education resources and organizations such as the FEMA Citizens Corps; a volunteer organization with emergency response training. Establish and rehearse appropriate event response procedures that create a safer working environment, such as shutting off the power and gas in the event of an evacuation or tornado. Provide personal preparedness kits and safety centers appropriate for a particular environment, such as eye wash centers in chemical usage areas.

Avoid treating a Business Continuity Program as an Information Technology disaster recovery project. Do not assign it to competing functions such as Information Technology and Security. The business leaders must own, be committed to, and fund the process. The focus should be on operational issues with the understanding that this is what will keep their numbers up.

Establish service level agreement (SLA) goals, tied to money, that cover different levels of recovery. Use sales and marketing techniques to communicate needs to management. Justify recommendations with numbers; how much liability, profit loss and risk is the business willing to accept? For example, one may support the purchase of a generator in terms of maintaining the ability to operate in the event of a power outage. A business may also identify employees who have resources which may be useful in an event response scenario, such as four wheel drive and recreational vehicles. Compensation may be given in exchange for volunteering such resources in the event of an emergency.

Finally, a business continuity program is worthless if its plans and procedures can not be accessed. Avoid situations that could deny access to plans, such as a power outage that takes down the business continuity server. Maintain a secure method of distributing such plans to individuals with a need to know.

May 6, 2009 IOMA Monthly Meeting Summary

Focus: Energy Sector

Speaker #1:

Brad Williams, Deputy Secretary of Energy, State of Oklahoma.

Topic:

Energy Security: Leveraging Historical Expertise to Grow and Diversify in the Future

Abstract:

In the interest of national security and ensuring the stability and growth of our economy, it is necessary to understand and leverage the historical economics of energy supply and demand in order to establish a successful and sustainable energy policy for the future.

Discussion:

OIL:

The U.S. is responsible for approximately 25% of the World's total oil consumption. Depending upon the market price of crude, this represents a cost to the U.S. of $300 billion to $1 trillion for imported oil.

After the major U.S. oil field discoveries peaked during the 1930s, the 1950s saw a rapid build-up of our transportation infrastructure and an increasing reliance upon foreign oil. For example, in 1970 the U.S. imported 30% of its oil; in 2007 this number rose to 65%.

U.S. energy policy and ultimately our national security and economic stability are at risk. The top 6 oil reserves are located in Saudi Arabia, Iraq, Abu Dhabi, Iran, Kuwait, and Venezuela. As a result, continued dependence on foreign sources of oil could mean that we find ourselves actually paying countries that are unstable or openly hostile to our nation. The outcome is an expensive and uncertain environment with respect to getting oil to our markets.

Oklahoma oil production peaked at 275 million barrels in 1925. However enhanced oil recovery systems, such as injecting captured CO2 into older fields, may allow us to produce more domestic oil and decrease our reliance on foreign oil.

NATURAL GAS:

In contrast to oil, the U.S. is one of the World's top producers of natural gas with more than 100 trillion cubic feet in reserves. This bodes well for meeting the demands of vehicle fuel and electricity generation. Further, natural gas emits 30% less CO2 than diesel and gasoline. As such, it represents a more flexible and cleaner energy resource that could serve as the best backup for renewable energy sources.

Like oil, the economics of natural gas play a pivotal role with respect to both national security and economic stability. For example, a major increase in the supply of natural gas has resulted from harvesting shale deposits and reinvesting cash flows. However, increased supply commonly translates to lower prices which may lead to decreased production. Given there has been a 50% decline in natural gas rigs since August 2008, one may argue increased supply as a contributing factor. Conversely, lower production levels generally lead to decreased supplies and a corresponding increase in prices.

Such an environment tends to have a destabilizing effect on the economy as increased prices impact both the industrial and electricity generating sectors. It should also be noted that Russia, with a significant natural gas reserve and production capacity of its own, will play an increasingly pivotal role in the worldwide natural gas market.

Oklahoma:

Oklahoma must secure other energy sources and create a diversified and balanced energy portfolio to maintain economic stability and security. At present this includes considerations of oil, natural gas, cellulosic biofuels, wind, demand-side management/efficiency, and a commitment to R&D.

Biofuels:

The Oklahoma BioEnergy Center, comprised of OSU, OU and the Noble Foundation, received a grant of $40 million over 4 years to develop the biofuels industry. The present focus is on the creation of cellulosic ethanol from plants such as sorghum and switchgrass. This effort extends from genetic and genomic research to breeding, production, harvest, collection and transport, feedstock handling, and final conversion. Success would mean the efficient creation of a commercial transportation fuel from biomass such that Oklahoma can rely upon its domestic production to meet its energy needs, and possibly eventually become an energy exporter. R&D.

Wind:

Wind has the potential to enhance our national security posture. Electricity generated from wind helps to free up natural gas resources for meeting the energy needs of transportation. Further, while current methods of generating electricity consume more water than does agriculture, wind-generated electricity consumes no water.

However, it is important to note that, at present, there is no available technology allowing wind to be stored as a raw energy source; rather wind must be harvested when present. So it may be seen as good news that wind represents 35% to 42% of all new U.S. generation capacity. Additionally, a 1000 MW wind development represents a potential economic benefit to Oklahoma of $1.6 billion.

Demand Side Management / Efficiency:

Electricity demand generally increases with technology. Supply side solutions are simply not enough. For example, a 1000 MW nuclear plant carries a price tag of $6 billion; a 1000 MW coal plant $2.5 billion. It is therefore important to educate people and optimize consumption as well as seek cheaper generation alternatives.

Research & Development:

A strong energy sector directly enhances our national security posture and enables economic stability and growth. Technology improvements from R&D – such as enhanced oil recovery through carbon sequestration and injection – that support deeper wells, deeper water, and non-conventional energy sources are vital for the future of Oklahoma and our nation. Oil and natural gas will supply the bridge to an energy future built upon a more diversified and balanced energy portfolio. Such a portfolio would reduce our reliance upon foreign energy sources and provide for long-term strength and stability.

Question & Answer:

A member of the audience pointed out that biofuels may not be the answer, especially if their creation results in more BTU consumption than BTU output, or CO2 emissions are prohibitive. Another participant stated that one must consider not only the factors of generation but also the logistics of transportation and storage when judging the merits of potential energy sources. It was also noted that politics play a significant role, such as when "NIMBY" (meaning Not in My Back Yard) interferes with the construction of utility grids.

A question was raised with respect to the feasibility of using CNG (compressed natural gas) for fueling automobiles, especially given that OKC currently has only 4 CNG distribution stations. In response, the speaker noted that the State of Oklahoma is considering the use of stimulus funds to convert its fleets to CNG, and this will lead to the construction of more points of distribution.

Speaker #2:

Dan Biby, Emergency Services Sector Chief, InfraGard Oklahoma Members Alliance.

Topic:

2009 A-H1N1 Influenza Virus

Abstract:

The emergency services sector is America’s first line of prevention and defense relative to a natural or perpetrated disaster such as a pandemic influenza outbreak or a terrorist attack. The first responder community, redundant systems, plans, agreements and pacts exist to protect the lives and safety of our citizens.

In any given emergency situation, one must first work to understand the scope and implications of the event at hand. Therefore this presentation begins by examining the 2009 A-H1N1 influenza virus and contrasts it against the Spanish Influenza outbreak of 1918. Such knowledge puts one in a better position to understand and implement a simple set of safeguards in order to protect themselves and others from an infection of the A-H1N1 or similar viruses.

No matter the outcome, the 2009 A-H1N1 should serve as a wakeup call; encouraging us all to review and ensure the readiness of our community’s reaction, mobilization, and crisis communications plans before the next “Big One.”

Discussion:

There are three types of influenza viruses: A, B, and C, based on the genetic code inside the nucleus. Influenza type A viruses are the most dangerous and are divided into subtypes.

Virologists name the subtypes according to two different proteins on their surface: Haemagglutinin (HA) and Neuraminidase (NA). For example, an “H1N1” virus has an HA 1 protein and an NA 1 protein. Many different combinations of HA and NA proteins are possible. Influenza A subtypes currently circulating among people worldwide include: H1N1, H1N2, and H3N2.

The genetic breakdown of the 2009 A-H1N1 influenza virus reveals a combination of four different flu viruses. Although primarily comprised of human flu, it also includes some Asian swine flu, North American swine flu, and North American avian flu. It is therefore misleading to refer to this virus as “swine flu.”

Similar to contracting a seasonal flu, humans are infected with the 2009 A-H1N1 when exposed to infected humans; either by inhalation or absorption of the viral material. It is important to note that as of this presentation, there were no documented cases indicating swine-to-human transmission of this virus. However, there is one confirmed case of a human infecting a swine.

The influenza material uses the pointed Haemagglutinin “spikes” like spears to pierce the wall of a healthy cell. The viral code then infects the healthy cell and hijacks its genetic replication mechanisms to manufacture more viral material. Once completed, the influenza uses it Neuraminidase “feet” to push away so it can infect another healthy cell.

As of this presentation, there have been a total of 1516 confirmed cases of the 2009 A-H1N1 influenza virus worldwide (403 in the U.S.). Of these, 31 people have died (29 in Mexico; 2 in Texas). Given the rapid spread of the 2009 A-H1N1 influenza virus and in order to facilitate crisis mobilization efforts, the WHO Director General, Margaret Chan, raised the official alert level to phase 5; the last step before a pandemic.

Although certainly to be taken seriously, the 2009 A-H1N1 influenza virus pales in comparison to the “big one.” The 1918 Spanish Influenza remains the deadliest known pandemic and was responsible for dropping life expectancy in the U.S. by 12 years. Also an Influenza A virus strain of subtype H1N1, it caused cytokine storms in the physically fit such that their immune systems overreacted to the infection and ravaged their own body. Circling the globe in 4 months during the spring of 1918, it mutated to a new strain that summer and once again in the spring of 1919. The death toll was 50-100 million worldwide (675 thousand in the U.S.).

To prevent the spread of the 2009 A-H1N1 influenza virus, one should stay at home if they are sick, their family is sick, or they come in contact with someone showing symptoms. Safeguards include “watching” your hands. This includes washing your hands (60% alcohol cleaners are more effective than soap), covering coughs, avoiding contact with symptomatic people, avoiding touching your hands to your mouth or rubbing your eyes, getting adequate sleep, avoiding stress, and using a paper towel or forearm to open doors (especially those of a public bathroom). Further, sanitize shared office equipment such as workstation keyboards, copier machines, and break room appliances. The virus can remain active for several hours on hard surfaces and up to an hour on porous fabric (especially if moist and not exposed to direct sunlight).

Regardless of the final outcome, the 2009 A-H1N1 influenza virus should serve as a wakeup call. Organizations should review their pandemic reaction plan; including both their own and those of their suppliers. Mobilization plans, including emergency protocols, personnel and supplies, ought to be identified and rehearsed. A crisis communications plan must be in place; complete with briefings, and public health and safety notifications. Employers should make provisions for teleworking; planning for the incapacitation of 25% to 45% of their workforce.

Question & Answer:

The speaker provided an InfraGard Oklahoma, Emergency Services Sector publication, “The Responder Bulletin.” This document consisted of a 2009 A-H1N1 Influenza Virus Resource Sheet; including information on the virus, terms and definitions, and reference resources.

Emergency Services Sector Bulletin A-H1N1 (DB 6May2009)
H1N1 Virus Update Presentation (DB 6May2009)

April 14, 2009 IOMA Annual Meeting

The IOMA annual meeting was held on April 14th, 2009, at the Oklahoma City University, Henry J. Freede Wellness and Activity Center. The meeting was moved from the original location at the Meinders School of Business to accommodate the overwhelming response to the White Collar Crime Summit, which was one of our highest attended events on record.

The annual meeting agenda included Officer Reports, Committee Updates, Sector Chief Comments and FBI Announcements. The election of Officers for the 2009/2010 period followed the normal chapter business. Joe Calvery, Nominating Committee Chairperson, conducted the elections. The nominees for the offices of President, Vice President, Treasurer and Secretary were announced and nominations from the floor were requested. None being received, the nominated Officers were elected by acclamation by the members present. The newly elected officers are:

President: Ken Ontko
Vice President: George Lewellyn
Treasurer: John Schlichting
Secretary: Paul Hauck

Reelected Board members returning for a two year term are Marian Millican, Joe Calvery and David Daniels. Three new Board members were also nominated and elected for two year terms; and they are Delpha Goodman, Kevin Turner and David Williams.

Following the election of Officers and Board members, our outgoing President, Dan Biby, gave a brief farewell. Following Dan’s comments, he was presented with a Commendation from Governor Brad Henry, recognizing him for his “dedication and commitment to excellence in helping protect the infrastructure of Oklahoma.” [See photo below – Ken Ontko (right) congratulating Dan Biby (left).]

 

White Collar Crime Summit

The IOMA Board commends Special Agents (SA) Martha Justice and Lee Pugh, Supervisory Special Agent (SSA) Julie Reid and Mr. George Lewellyn (IOMA Board and Program Committee member) for their outstanding efforts to make the White Collar Crime Summit one of the best events we've hosted. Ever! Though many others were heavily involved, this team was instrumental in making the event a resounding success. A very special “Thank You!” goes out to all of those involved from Oklahoma City University. Without their combined effort, flexibility and exceptional facilities, this event could not have been successful.

Just under 600 participants registered for the event. All the speakers did an excellent job, with a great conclusion by Mr. Frank W. Abagnale Jr., our featured speaker. Mr. Abagnale was a special guest of the FBI; and he captivated the audience with his knowledge and expertise of white collar criminal activities. If you had any doubt about the seriousness of these threats before his presentation, they were thoroughly and decisively eliminated.

As part of the welcoming ceremony, Special Agent in Charge (SAC) of the FBI Oklahoma City office, James E. Finch, presented IOMA President, Dan Biby, with a certificate of appreciation from the FBI for his service and dedication to InfraGard. [See photo below – James Finch (right) congratulating Dan Biby (left).]

 

Following the welcoming ceremonies, SSA Julie Reid (right) and Dan Biby (left) were MC’s for the remainder of the event.

 

Below is a shot of our featured speaker, Frank Abagnale Jr. (center), SAC James Finch (left) and Dan Biby (right).

 

On the right had frame of this page, in the Documents section, is a recognition letter from Special Agent in Charge, James E. Finch, from the Oklahoma City office of the Federal Bureau of Investigation. We are proud to say that our chapter is ranked number one nationwide in case enhancement. This great achievement was made possible due to the efforts of many of you. We would once again like to encourage every member to consider giving of their time and talent to the worthwhile cause of protecting our critical infrastructures and to making 2009 another banner year.

Below is list of our scheduled meeting dates and the Critical Infrastructures planned as the theme for each meeting. Please check the “Events” tab on this website for details about each meeting. We will confirm the location and announce speaker information as they are established.

Date Time Activities
Wednesday, May 06, 2009 11:30 - 13:00 Energy
Wednesday, June 03, 2009 11:30 - 13:00 Disaster Prep
Wednesday, July 01, 2009 8:00 - 17:00 Quarterly/Physical Security (July 1st date subject to change)
Wednesday, August 05, 2009 11:30 - 13:00 Defense Industrial
Wednesday, September 02, 2009 11:30 - 13:00 Postal/Shipping
Wednesday, October 07, 2009 8:00 - 17:00 Quarterly/Cyber Security
Wednesday, November 04, 2009 11:30 - 13:00 Water
Wednesday, December 02, 2009 11:30 - 13:00 Dams
Wednesday, January 06, 2010 11:30 - 13:00 Year in Review
Wednesday, February 03, 2010 11:30 - 13:00 Critical Manufacturing
Wednesday, March 03, 2010 11:30 - 13:00 Emergency Management/Chemical

Special Note: Please consider attending the Information System Security Association (ISSA) OKC Information Warfare Summit on May 20, 2009. This event will include Information Security Experts from ISSA-OKC, InfraGard and a combination of specialists from the FBI Cyber Crimes Unit, as well as respected participants from the private sector and vendor communities. For more information, go to the ISSA-OKC website at: www.issa-okc.org.