Monday, November 11, 2019
Critical Infrastructure Protection Essay
The mission of the Department of Homeland Security is stop acts of terrorist within the United States, not have the United States be vulnerable to terrorist attacks, and reduce the damage to the United States if there would be a terrorist attack. Since this department inception in 2003, the Department of Homeland Security has a component in place to support its mission and has been a member of the U.S. Intelligence Community. In July of 2005, the DHS was reorganized and called the Second Stage Review or ââ¬Å"2SRâ⬠. The former Secretary of DHS, Michael Chertoff, began a strengthened office of Intelligence and Analysis (I&A) and made the Assistant Secretary for Information Analysis the Chief Executive Officer for that department. He also tasked I&A with ensuring that intelligence is coordinated, fused, and analyzed within the Department to provide a common operational picture; provide a primary connection between DHS and the IC as a whole; and to act as a primary source of infor mation for state, local and private sector partners. The Homeland Security Act of 2002, assigned the original DHS intelligence componentââ¬âthe Directorate of Information Analysis and Infrastructure Protectionââ¬âwith responsibility to receive, analyze, and integrate law enforcement and intelligence information in order toââ¬â ââ¬Å"(A) identify and assess the nature and scope of terrorist threats to the homeland; (B) detect and identify threats of terrorism against the United States; and (C) understand such threats in light of actual and potential vulnerabilities of the homeland.â⬠Congress also made information sharing a top priority of the new DHS intelligence organization, requiring it ââ¬Å"to disseminate, as appropriate, information analyzed by the Department within the Department, to other agencies of the Federal government with responsibilities related to homeland security, and to agencies of State and local government and private sector entities, with such responsibilities inà order to assist in the deterr ence, prevention, preemption of, or response to, terrorist attacks against the United States (Randol, 2010)â⬠. A critical infrastructure is defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and way of life. In short, critical infrastructure is by definition essential for the survival of the nation. The US Patriot Act defines it as ââ¬Å"systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.â⬠FEMA defines critical infrastructure as ââ¬Å"personnel, physical assets, and communication (cyber) systems that must be intact and operational 24x7x365 in order to ensure survivability, continuity of operations, and mission success, or in other words, the essential people, equipment, and systems needed to deter or mitigate the catastrophic results of disasters.â⬠Critical Infrastructure Protection (CIP) consists of all proactive activities to protect indispensable people, physical assets, and systems (especially communications or cyber systems) which are guided by a systematic and reliable decision making process which assists leaders to determine exactly what needs protection, where, and how. It is proactive in the same sense that mitigation in emergency management is proactive and goes beyond normal security, defensive postures. The basic steps of CIP consist of: identifying the critical infrastructures, determining the threats against those infrastructures, analyzing the vulnerabilities of threatened infrastructures, assessing the risks of degradation or loss of a critical infrastructure, and applying countermeasures where risk is unacceptable (ââ¬Å"The Safetyâ⬠, 2014). Within the Department of Defense, a streamlined command and control structure and growth of the cyber force in size and skills, including offensive capabilities, are required to effectively operate as well as to provide some deterrent to attack. Meanwhile, legal code for cybersecurity has not kept pace with technological developments. Comprehensive cybersecurity legislation is requiredââ¬âbeginning with mandatory participation of critical infrastructure owners and operators in federal information-sharing programs in a way that incorporates appropriate safeguards for industry liability and citizen privacyââ¬âin order to completelyà bridge the current public-private division of responsibilities for collective defense. Cybersecurity has grown to be a key issue for the administration and indeed for the nation in the last several years even though concern for the integrity of Critical Infrastructure (CI) functions was evident in the 1990s. For CI, which includes a range of sensitive data and performs valuable functions that support the health, safety, and economic vitality of our modern nation, the growth of networked connections in cyberspace has meant the introduction of new threat vectors to systems that were not des igned to securely connect to todayââ¬â¢s Internet. Because improving the cybersecurity of CI encompasses such a large body of work, widely distributed across government and private sector entities, unity of effort is difficult to achieve. President Obama admits that ââ¬Å"when it comes to cybersecurity, federal agencies have overlapping missions and donââ¬â¢t coordinate and communicate nearly as well as they should ââ¬â with each other or with the private sector (La Bash and Landis, 2013)â⬠The vulnerabilities that should concern IS professionals who protect the U.S.ââ¬â¢s critical infrastructure is not having a system that would advise them of current, present, and future vulnerabilities. A system of this would be able to advise you of early indicators of vulnerability In order to accomplish this task, a survey of all operations should be undertaken. The survey should include: General Administrative Information, Management Awareness and Control Programs, Identification of Hazards/Potential rises; and Business Characterization. The ultimate benefits to be gained from this type of survey are in terms of identifying areas in need of attention, establishing a list of potential crisis situations, determining what commitments your organization is comfortable with and documenting current efforts. Once the survey program has been developed and implemented, it must be evaluated and kept up-to-date. This can be accomplished by reviewing actual responses and by conducting a detailed audit of each element of the business. The survey program is the initial step, toward reducing vulnerability. Next, you must organize the operation. The management chain is critical to this process. You must ensure that all levels of management become part of the program. (Sikich, 1998). Make a senior manager directly responsible to top management and the board of directors. The formal assignment of a senior manager to the position of ââ¬Å"Crisis Management Programs, Director,â⬠or some other appropriate title, can accomplish the initial portion of this item. Set aside specific time for reports on crisis management preparedness issues. This can be accomplished by preparing an agenda for senior staff and board of director meetings that includes a discussion of crisis management preparedness as a mandatory item. You have to give it more than lip service though. Also, you must make the discussion substantive. Provide more than the dull and tiring statistics on reportable accidents, etc. Communicate compliance through all levels of the organization through company policy and procedures. This can be accomplished through formal adoption of policy at the highest levels of the company. The Protecting Cyberspace as a National Asset Act, was introduced last June by Sen. Joseph Lieberman (I-Conn.) and revised in December by the Senate Committee on Homeland Security and Governmental Affairs. It calls for the formation of a National Center for Cybersecurity and Communications (NCCC) within the U.S. Department of Homeland Security (DHS) that would be responsible for protecting both federal computer networks and critical infrastructure owned by the private sector against cyber attacks. Although the White House already has broad wartime powers, making aspects of the proposed act redundant, opposition to the bill has centered on its provision to give the federal government the authority to define what is meant by ââ¬Å"critical infrastructure.â⬠According to the bill the government can ââ¬Å"take measures to protect any computer system whose destruction or disruption of reliable operation would cause national or regional catastrophic effects.â⬠This could include cutting off the system from the Internet. Owners of facilities labeled as critical infrastructure would be notified as soon as this designation is made. An owner could appeal this designation but, as the bill is currently written, the government would make the final decision to disconnect, which is not subject to judicial review (Greenemeier, 2011). References Greenemeier, L. (2011). What is the Best Way to Protect U.S. Critical Infrastructure from a Cyber Attack? Retrieved from http://www.scientificamerican.com La Bash, M. and Landis, C. (2013, August). Legal, Policy, and Organizational Impedients to the Protection of Critical Infrastructure from Cyber Threats. Retrieved from http://www.cmu.edu/mits/files/mits2-paths.com Randol, M. (2010, March). The Department of Homeland Security Intelligence Enterprise: Oper- Rational Overview and Oversight Challenges for Congress. Retrieved from http://fas.org/sgp/crs/homesec/R40602.pdf Sikich, G. (1998). Critical InfrastructureVulnerability. Retrieved from http://www.disaster-resource.com The Safety and Security of Critical Infrastructure. (2014, January). Retrieved from http://www.drtomoconnor.com/3430/3430lecto1a.htm
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.