Free Essay

Critical Infrastructure Protection

In:

Submitted By pamelayork
Words 1329
Pages 6
Critical Infrastructure Protection
Pamela S. York
CIS502, Dr. Glenn Hines
2/14/15
Abstract
The explosion of the accessibility of information and data via the today’s Web has brought along the concern and need for cyber security. With these issues of cyber security has also come the need to protect national informational assets from hackers and such who utilize the Web as a means to attack information that can aid in cyber terrorism. Information professionals are now looking to measures of protection that will ensure private citizens are not put into danger by the threat of cyber espionage. This also has extended to the protection of critical infrastructure within the United States and abroad.
Critical Infrastructure Protection
With the ever evolving presence of cyber-attacks that threaten to put citizens’ privacy and Internet security at risk, the government has had to intervene in order to take measures to protect its’ citizens due to the alarming fact that cyber-attacks are replacing other modes of attacks by terrorists. The Department of Homeland Security, created in 2002, was developed to carry out broad missions such as preventing terrorist attacks within the United States. This was mainly in response to the terrorist attacks that occurred on U.S. soil on September 11, 2001. Since then the DHS has taken on the mission of developing security that extends to information security and developing plans to implement critical infrastructure. The Homeland Security Act of 2002 extends the mission of this department even further. According to Caldwell (2014), “the DHS is to, among other things, carry out comprehensive vulnerability assessments of CI; integrate relevant information, analyses, and assessments from within DHS and from CI partners; and use the information collected to identify priorities for protective and support measures works in collaboration with the private sector to enhance their own cyber security in an effort to make the private sector less vulnerable to the threat of attacks” (p. 2). This mission of the DHS also extends to protecting critical infrastructure that may be compromised as a result of natural as well as man-made disasters.
Critical Infrastructure Protection
The National Infrastructure Protection Plan of 2006 issued by the Department of Homeland Security attempted to combine the national efforts to protect the nation’s critical infrastructure into a centralized plan. The NIPP has been updated in 2009 and again in 2013 and focuses mainly on outlining the Department of Homeland’s security roles as it relates critical information protection and also provides a framework of how the department should carry out key risk management strategies (Caldwell, 2014). In 2008, the DHS identified 16 critical infrastructure sectors. These sectors include: chemical, communications, dams, emergency services, financial services, government facilities, information technology, transportation systems, commercial facilities, critical manufacturing, defense industrial base, energy, food and agriculture, healthcare and public health, nuclear reactors, materials and waste, and water and wastewater systems (Radvanosky & McDougall, 2013). Under the CIP plan, vulnerability assessments are performed at key critical infrastructure facilities within these sectors to identify areas that may be at risk of high vulnerability to attacks and/or disasters. A vulnerability assessment, as defined by the Department of Homeland Security, is “process for identifying physical features or operational attributes that render an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard that has the potential to harm life, information, operations, the environment, or property” (Caldwell, 2014, p.4). The type of tools used to carry out these assessments can vary by agencies within the Department of Homeland security. Some examples of the assessment tools used include Joint Vulnerability Assessment (JVA) and Baseline Assessment for Security Enhancements (BASE), which are utilized by the Transportation Security Administration; and Port Security Assessment which is used mainly by the Coast Guard (Caldwell, 2014).
Since the NIPP’s inception, there have been issues identified with how critical infrastructure protection has been carried out by these various Department of Homeland agencies and departments. There have been no advancements in ensuring consistency of how the vulnerability assessments are carried out causing some to feel that critical areas within information security are being left unprotected by the agency and its departments. Some of the areas assessed include vulnerabilities to intentional acts such as terrorism but do not include tests on how to protect critical infrastructure in the event of a natural disaster. Hurricane Katrina of 2005 and Hurricane Sandy of 2012 brought many of these issues to the forefront as these natural disasters were huge events that continued to shed light on information security vulnerabilities that can be exposed as a result of natural disasters. Furthermore, these disasters further brought to light the Department of Homeland Security’s need to address these vulnerabilities in their testing and to broaden their focus beyond intentional acts of terrorism (Caldwell, 2014). Determining how to close these gaps will be at the forefront of strategy development for information systems professionals who work to secure these critical systems.
Information Systems Professionals and Their Roles in CIP
The information systems professionals who work in these agencies and beyond to protect critical infrastructure have a daunting task as new vulnerabilities and cyber threats are constantly exposed and brought to the surface. Some of the cyber security threats and vulnerabilities that are an ever present danger to the U.S are the presence of malware attacks such viruses and worms that can be used to gain control of top secret national security information. With so much data so readily available on the Web, cyber espionage is the go to method many terrorists and other groups are using to expose vulnerabilities in order to launch attacks. These types of attacks as well as other denial of service attacks should be a major focus of many information security professionals who have to protect the U.S. critical infrastructure sectors. The most prevalent methods of protection being used and that will more than likely be most successful in these efforts are the installation of malware defenses such as anti-virus software, security training and awareness at the governmental as well as private sector, and controlled access based on a need to know basis at the governmental level (Harrop & Matteson, 2013).
The use of a malware defense strategy by information security professionals can be critical in the identification of threats that aid in cyber espionage. One such attack known as the Flame virus in 2012 had the ability to gain control and pass information from webcams and also remotely send screenshots from computers that had been infected with the virus. The Middle Eastern regions of Israel, Syria, and Iran were most susceptible to these Flame viruses which had been around for 2 years before its detection (Harrop & Matteson, 2013). Security training and awareness is also an effective method in that it would bring to surface and provide education to those within governmental agencies and the private sector who are not as familiar with these threats as information security professionals are. Education is the key to informing users of information systems threats so that any suspect activity can be detected quicker and escalated appropriately. Controlled based access to information systems is also important in that given users access to only the information they require will decrease the likelihood that security related information does not fall into the wrong hands. Developing these types of strategies as well as broadening the public’s mindset on how the Web can be used to the detriment of our society will hopefully increase the security of information systems for everyone involved.

References
Harrop, W., & Matteson, A. (2013). Cyber resilience: A review of critical national infrastructure and cyber security protection measures applied in the UK and USA. Journal of business continuity and emergency planning, 7, 149-162. Retrieved from EBSCOhost database
Caldwell, S. L. (2014). Critical Infrastructure Protection. GAO Reports, 1-76. Retrieved from EBSCOhost database
Radvonosky, R., & McDougall, A. (2013). Critical infrastructure: Homeland security and emergency preparedness (3rd ed.). Retrieved from ESBSCOhost database

Similar Documents

Premium Essay

Critical Infrastructure Protection

...importance of Critical Infrastructure Protection (CIP) and the mythology behind this since the attacks of 9/11, as well as a brief history of Critical Infrastructure Protection pass to the present to include attacks from the cyber arena. These attacks are prone to come indirect or direct which will and could affect our need and use for resources for life as we know it based on living naturally on a daily bases, these threats maybe man made or by natural disaster. Problem statement Prior to the attacks of 9/11 there was no main concern with the protection of Critical Infrastructure within the United States from any avenue. As we moved on into the 21 century the threat has evolved from more than just protecting water source, and power plants. With the information age this issue has shown another form of crippling the United States economy with just the push of a button. How we to protect these infrastructures from threats that may not be seen or those from natural disasters is a question for now and the future. Purpose statement I have chosen this particular subject due to the nature of its importance to national security, economy, as well as the everyday needs of Americans to survive. The awareness for the protection of our critical infrastructure is a necessity for the present and future of America’s well fair. Research questions Q1. When did the United States began showing concern for critical infrastructure and why? Q2. Why is the protection of critical infrastructure...

Words: 786 - Pages: 4

Free Essay

Critical Infrastructure Protection

...The U.S. CIP is a national program to ensure the security of vulnerable and interconnected infrastructures of the United States The United States possesses both the world's strongest military and its largest national economy. Those two aspects of our power are mutually reinforcing and dependent. They are also increasingly reliant upon certain critical infrastructures and upon cyber-based information systems. Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private. Many of the nation's critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks. Addressing these vulnerabilities will necessarily require flexible, evolutionary approaches that span both the public and private sectors, and protect both domestic and international security. Because of our military strength, future enemies, whether nations, groups or individuals, may seek to harm us in non-...

Words: 468 - Pages: 2

Premium Essay

Critical Infrastructure Protection

...The summary determines Critical Infrastructure Protection (CIP) is an important Cyber Security initiative that requires careful planning and coordination in protecting our infrastructure: 1. What is the Department of Homeland Security’s Mission, Operations, and Responsibilities? 2. What is the Critical Infrastructure Protection (CIP) initiatives are; what are protected, and the methods used to protect our assets? 3. What are the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure? 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Three methods to improve the protection of our critical infrastructure DHS’s Mission The Homeland Security Act of 2002 created the Department of Homeland Security (DHS) began operations in 2003 it assigned the department the following critical infrastructure protection responsibilities it’s goals and objectives are to prevent, to protect, to respond, and to recover, as well as to build in security, to ensure resilience, and to facilitate customs and exchange. DHS core mission consist of five homeland security missions “Prevent terrorism and enhancing security; Secure and manage our borders; Enforce and administer our immigration laws; Safeguard and secure cyberspace; Ensure resilience to disasters” (DHS.gov) Homeland security is a widely distributed and diverse refers to the collective efforts and shared responsibilities...

Words: 1936 - Pages: 8

Free Essay

Cis 502 Critical Infrastructure Protection

...CIS 502 Critical Infrastructure Protection Click Link Below To Buy: http://hwaid.com/shop/cis-502-critical-infrastructure-protection/ Due Week 6 and worth 50 points Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. The following documents titled, “National Infrastructure Protection Plan”, and “Critical Infrastructure Protection”, may be used to complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the Department of Homeland Security’s : a. mission b. operations c. responsibilities 2. Explain what Critical Infrastructure Protection (CIP) initiatives are, what are protected, and the methods used to protect our assets. 3. Describe the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure. 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Suggest three (3) methods to improve the protection of our critical infrastructure and justify each suggestion. 6. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times...

Words: 1288 - Pages: 6

Premium Essay

Assignment 2 Critical Infrastructure Protection

...Assignment 2: Critical Infrastructure Protection Strayer University Introduction In the wake of a terrorist attack, natural disaster, or emergency, the Department of Homeland Security (DHS) is prepared to respond.   DHS primary responsibilities are combatting terrorism, securing boarders, enforcing immigration laws, safeguarding cyberspace, and responding to natural disasters. Coordination with the federal response teams and partnerships with local, state, and private sectors, enhance the DHS response tactics in a national emergency. Department of Homeland Security Mission, Operations, and Responsibilities The Department of Homeland Security’s mission is to keep America safe, protected, and resilient from various elements that threaten the country.  As identified by (dhs.gov, 2013) DHS has three key concepts that strategies are based upon security, resilience, and customs and exchange.  The process that defines homeland security missions and incorporates the key concepts is the Quadrennial Homeland Security Review (QHSR). DHS missions are spread across the enterprise and do not only cover DHS.  The delegated missions define in detail how to prevent, protect, respond, recover, secure, ensure resilience, and facilitate customs and exchange as noted by (dhs.gov, 2013).     Department of Homeland Security operations encompass five core objectives.  The objectives covered under DHS are prevention of terrorism and enhancing security; secure and manage our boarders; enforce and administer...

Words: 1685 - Pages: 7

Free Essay

Assignment 2: Critical Infrastructure Protection

...Assignment 2: Critical Infrastructure Protection Benard Braxton, Jr. Dr. Bouaffo Kouame CIS 502 – Theories of Security Management May 17, 2015 The Department of Homeland Security’s vison is to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards (DHS, 2015). To achieve this vision there are three key concepts that creates the foundation of our national homeland security strategy. They are security, resilience, and customs and exchange (DHS, 2015). These key concepts drive wide-ranging areas of action that the Quadrennial Homeland Security Review process describes as homeland security missions. These missions are not restricted to the Department of Homeland Security. These objectives and goals says what it means to prevent, to protect, to respond, and to recover. They also shows how build in security, to ensure resilience, and to facilitate customs and exchange (DHS, 2015). There are thousands of people from across the all over the country who are responsible for executing these missions. These are the people who interact with the public, are responsible for security and public safety, operate our country’s critical services and infrastructures, develop technology, perform research, watch, prepare for, and respond to emerging disasters and threats (DHS, 2015). The five homeland security core missions are to prevent terrorism and enhancing security; secure and manage our borders; enforce and administer our immigration laws; safeguard...

Words: 1124 - Pages: 5

Free Essay

Week 3 Case Study 2 Submission

...Study 2 Submission Asa J Opie Sec 310 Professor Nerove Strayer 7-20-2014 Week 3 Case Study 2 Submission A critical infrastructure is defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and way of life. (http://www.dhs.gov/xlibrary/assets/NIPP_InfoSharing.pdf)In short, critical infrastructure is by definition essential for the survival of the nation. The USA PATRIOT Act specifically defines critical infrastructure as "systems and assets, whether physical or virtual, (Jena Baker McNeill and Richard Weitz, 2010) so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." FEMA defines critical infrastructure as "personnel, physical assets, and communication (cyber) systems that must be intact and operational 24x7x365 in order to ensure survivability, continuity of operations, and mission success, or in other words, the essential people, equipment, and systems needed to deter or mitigate the catastrophic results of disasters." (http://www.dhs.gov/xlibrary/assets/NIPP_InfoSharing.pdf) The DHS Daily Open Source Infrastructure Reports specify the following sectors as part of critical infrastructure: Energy, Chemicals, Nuclear Reactors, Materials and Waste, Defense Industrial Base, Dams; Banking and Finance, Transportation...

Words: 1253 - Pages: 6

Free Essay

Sectors and Partnerships

...Introduction There are many different resource infrastructures throughout the United States, each one designated a purpose that must be fulfilled. Of these sectors however, a few are critical in the upkeep of this country, so critical that if one were to fail it would cause widespread panic. The following paragraphs will detail a small part of one of these Critical Infrastructures. Making no mistake though, as it is only a small cog in the entire system, without it would put strain on the entire economy. Government Partner The partner that I currently work for is the Tribal Nation. The Tribal nation is becoming a very important part of food and agriculture. Recently gaining a $625 million donation from the United States Drug Administration (USDA) in order to boost economic growth in Indian Country. Working with the Tribal Nations will not only increase food and agriculture production but also extend the list of collaborative partners within the Food and Agriculture Sector. ("Expanding Opportunity In Indian Country", 2014) Position Title and Responsibilities The position title that I currently work for is known as the Intertribal Agriculture Council (IAC). The IAC has grown in prominence in Indian Country from there founding in 1987. Since there founding they have grown to grow the support of the federal government agencies, particularly the agricultural field. There job responsibilities are to work directly with outside governments in the United States on behalf of the individual...

Words: 869 - Pages: 4

Premium Essay

Critical Infrastructure Analysis

...Chapter 1: About (inter)national critical infrastructures 1.1 Defining critical infrastructures A country’s critical infrastructures are the specific facilities, services and informational systems that are vital to its national security, economy, public health, and for the security and well functioning of the Government itself. The failure or destruction of such critical infrastructures could heavily weaken or threaten the latter. As such, both the management and protection of critical infrastructures go hand in hand. Each country is responsible for identifying the national infrastructures that are critical for its security and stability. However, there are certain infrastructures deemed critical by most states. Which are Romania’s critical...

Words: 2254 - Pages: 10

Premium Essay

Cjus254 Unit 5 Ip

...that shows her why these relationships are important, as well as how the DHS uses these companies as a tool for the protection of critical infrastructure and key resources. To: Director, Executive Secretariat of the Office of the Secretary, DHS From: Action Officer, Executive Secretariat of the Office of the Secretary, DHS Ma’am, Cooperation with all levels and forms of security entities is of paramount importance. We cannot profess to be the best at what we do if we are blind to this fact. There are hundreds of security firms that specialize in all different types, as well as local, state, tribal, and territorial governments and law enforcement agencies that just know the area, the terrain, and the local customs and day to day operations better than any federal agencies ever could. This is why it is important for us to work with these agencies on the ground when we are tasked with preventing or reacting to any security emergencies. This is important because the private sector actually owns and controls the grand majority of the infrastructure that we are sworn to protect. This makes it slightly more complicated for us to control the safety of anything, if we aren’t in direct control. Rather than create a fascist state that dictates laws that may not be the best for the security of a particular field, we have established Critical Infrastructure Advisory Partnerships. In doing so, we have allowed and encouraged private sector companies controlling the commodities...

Words: 1338 - Pages: 6

Premium Essay

Infrastructure Protection Plan

...Security Director DATE: Monday, April 23, 2018. SUBJECT: NATIONAL INFRASTRUCTURE PROTECTION PLAN It has come to the attention of the Chief Information Officer and other stakeholders of this company that there is a need to evaluate our Infrastructure Protection Plan. As such, in my capacity as the Information Systems Security director, I have reviewed the National Infrastructure Protection Plan as provided for by the Department of Homeland Security. Regarding this company, we need to focus more on ensuring that we develop and implement effective and efficient long-term...

Words: 909 - Pages: 4

Premium Essay

Cyber Security Act

...security and cyber defense 2.3.2 Cyber intelligence and cyber defense 2.4 Priorities for action 2.5 Partnership and collaborative efforts 3.0 Enabling processes 3.1 Security threat and vulnerability management 3.2 Security threat early warning and response 3.3 Security best practices - compliance and assurance 3.4 Security crisis management plan for countering cyber attacks and cyber terrorism 3.5 Security legal framework and law enforcement 3.6 Security information sharing and cooperation 4.0 Enabling technologies – Deployment and R&D 4.1 Deployment of technical measures 4.2 Security research and development 5.0 Enabling people 5.1 Security education and awareness 5.2 Security skills training and certification 5.3 Security training infrastructure 6.0 Responsible actions by user...

Words: 7888 - Pages: 32

Premium Essay

Corrections

...Critical Infrastructure and National Planning Paper Austin Hastings BSS/482 Securing Critical Infrastructure and Cyberspace Ray Gagne September 14, 2015 This paper will discuss many topics to include describing one of the national planning approaches covered in the annual report. Also explaining how prevention, protection, mitigation, response, and recovery were integrated into the approach. Moving into describing the presence of the public or private sector in the annual public meeting. The annual plenary report for 2013 discussed many topics such as the critical infrastructure to include the technology sector. It also discusses on how to improve the infrastructure of cyber security. The plan is to strengthen the partnership in order to share critical information. The report moves to improving the communication path through the necessary communities to ensure security is being up held for cyberspace. Moving in to the transportation sector of the report. In this section of the report the panel focused mainly on the public and private sectors and looked out the partnership they share. Detecting and preventing possible threats is the key to securing this infrastructure. “Ensuring that this sector upholds a specific focus for analysis, and constantly collaborating and communicating with the partners.” (Critical Infrastructure Partnership Advisory Council.) In the fourth panel on the report it discusses about the housing market and how to function with coordinating councils...

Words: 423 - Pages: 2

Free Essay

The Nature Conservancy

...In the wake of Hurricane Sandy, New York City asked The Nature Conservancy to prepare a conceptual study on how a mix of natural and built defenses could be implemented in a dense urban area. Now, the results of that study, Integrating Natural Infrastructure into Urban Coastal Resilience, are in. What is the Integrating Natural Infrastructure into Urban Coastal Resilience Case Study all about? The Nature Conservancy prepared the report by request from the New York City Special Initiative for Rebuilding to evaluate the role of nature and natural infrastructure in protecting coastal communities in New York City from some of the impacts of climate change. The community of Howard Beach, Queens, an area that was hard hit during Hurricane Sandy, was selected as a representative neighborhood for conceptually addressing the use of natural systems as part of a resilience strategy in the face of a changing climate and future storm events. Why was Howard Beach picked for the study? Howard Beach is low-lying and very flat, leaving it vulnerable to storm events and flooding. The 10-foot storm surge that flooded Howard Beach during Sandy left it under water and caused significant damage. Given its profile and how badly it was impacted by Hurricane Sandy, Howard Beach was a good model of a vulnerable coastal community that could be applied to other New York City and national communities. Although Howard Beach was used in the analysis, the study methodology is applicable to coastal communities...

Words: 876 - Pages: 4

Free Essay

Security Functions

...faces many critical obstacles, such as an imbalance of focus between levels of security such as homeland security, FBI and the CIA and including private and public sector security and natural disaster management, the challenge of involving the public in preparedness planning, the lack of an effective partnership with the business community, cuts to funding, and questions surrounding the evolving organizational structure of the nation’s emergency management system. Such obstacles need to be overcome if emergency management activities are to be successful in the years ahead. It takes the help from government and private and sectors such as federal, local, state, Department of Homeland Security, National Infrastructure Protection Plan to share analysis, alerts and threats with security related infrastructure. Government and private sectors to share information and to develop and establish protective actions before a disaster and to prevent a disaster most importantly to have a plan after the disaster. Critical infrastructure is the physical and cyber systems and assets so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. Instituting effective cooperation with international security partners, as well as high-priority cross-border protective programs such as the North Atlantic Treaty Organization (NATO). The United States has developed a homeland Infrastructure threat risk...

Words: 412 - Pages: 2