Critical Infrastructure and Cyber Security in the US

Critical Infrastructure and Cyber Security in the US
Critical Infrastructure and Cyber Security in the US

Critical Infrastructure and Cyber Security in the US

Order Instructions:

The purpose of this session long project is to provide you with the opportunity to prepare a paper or report on Critical Infrastructure Protection (CIP) that is of particular interest to your community (Philadelphia), state (Pennsylvania), or the United States in general. The following information is essential in ensuring your success with this course component.

The project is to include at least the following information:

Length: This Case Assignment should be at least 10 pages not counting the title page and references.

References: A total of 10 reference (at least four references should be included from academic sources listed below). Quoted material should not exceed 10% of the total paper (since the focus of these assignments is critical thinking). Use your own words and build on the ideas of others. When material is copied verbatim from external sources, it MUST be enclosed in quotes. The references should be cited within the text and also listed at the end of the assignment in the References section (preferably in APA format).

Organization: Subheadings should be used to organize your paper.
The following items will be assessed in particular:

• Relevance (e.g. all content is connected)
• Precision (e.g. specific question is addressed. Statements, facts, and statistics are specific and accurate).
• Depth of discussion (e.g. present and integrate points that lead to deeper issues)
• Breadth (e.g. multiple perspectives and references, multiple issues and factors considered)
• Evidence (e.g. points are well-supported with facts, statistics and references)
• Logic (e.g. presented discussion makes sense, conclusions are logically supported by premises, statements, or factual information)
• Objectivity (e.g. avoid use of first person and subjective bias)

Academic Sources, Required Readings:

A generic national framework for critical information infrastructure protection (CIIP) (2007). Manual Suter Center for Security Studies, ETH, Zurich. Retrieved November 17, 2012 from: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf

O’Connor, T. (2010) The safety and security of critical infrastructure. Retrieved November 16, 2012 from: http://drtomoconnor.com/3430/3430lect01a.htm

Student manual (2013), The National Infrastructure Protection Plan: An Introduction. FEMA. Retrieved from: https://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=IS-860.b

The National Cybersecurity and Communications Integration Center:
http://www.dhs.gov/about-national-cybersecurity-communications-integration-center

Digital Attack Map: Distributed Denial of Service (DDoS) Website: http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16066&view=map

The national strategy for homeland security (2007). U.S. Office of Homeland Security. Retrieved November 16, 2012 from: http://www.dhs.gov/national-strategy-homeland-security-october-2007

Parks, R. (2007). Guide to critical infrastructure protection ,CyberVulnerability Protection. Retrieved November 16, 2012 from: http://www.ymp.gov/oe/downloads/guide-critical-infrastructure-protection-cyber-vulnerability-assessment

The future of the electric grid (2011). MIT Energy Initiative. Retrieved ANovember 16, 2012 from: http://mitei.mit.edu/publications/reports-studies/future-electric-grid

Behr, P, (2011). Many U.S. nuclear plants ill-prepared to handle simultaneous threats. Scientific American. Retrieved November 18, 2012 from: http://www.scientificamerican.com/article.cfm?id=many-us-nuclear-plants-ill-prepared-to-handle-simultaneous-threats

Miller, R. (2007). Hurricane Katrina: Communications and Infrastructure Impacts. US Army War College. Retrieved November 18, 2012 from: http://www.carlisle.army.mil/DIME/documents/Hurricane%20Katrina%20Communications%20&%20Infrastructure%20Impacts.pdf

National infrastructure protection plan (2009). Retrieved November 18, 2012 from: http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

National infrastructure protection plan Website (2013). Retrieved from:
https://www.dhs.gov/national-infrastructure-protection-plan

Transportation infrastructure protection (2012). The National ITS Protection. Retrieved November 18, 2012 from: http://www.iteris.com/itsarch/html/mp/mpem05.htm

Disaster and Emergency Management on the Internet. http://www.keele.ac.uk/depts/por/disaster.htm

National infrastructure protection plan (2009). Retrieved November 18, 2012 from: http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

President Obama (2010). Presidential proclamation–Critical infrastructure protection month. The White House, November 30, 2010. Retrieved November 18, 2012 from: http://www.whitehouse.gov/the-press-office/2010/11/30/presidential-proclamation-critical-infrastructure-protection-month

Sector-specific plans (SSPs) (2012), Department of Homeland Security. Retrieved November 18, 2012 from:http://www.dhs.gov/files/programs/gc_1179866197607.shtm#1

A framework for planning cost-effective rail security against a terrorist attack (2007). RAND Corporation. Retrieved November 18, 2012 from: http://www.rand.org/content/dam/rand/pubs/research_briefs/2007/RAND_RB9309.pdf

 

SAMPLE ANSWER

Critical Infrastructure and Cyber Security in the US

Introduction

As a matter of national safety, the aspect of critical infrastructure and cyber security happens to be a significant issue in the US. Critical infrastructure refers to any system, facility, or function that offers the foundation of national governance, security, reputation, economic vitality, and way of life. Whether virtual or physical CI systems are so significant to the US that there destruction can result into a debilitating effect on the nation’s security, national public safety or health and national economic security among others (O’Connor, 2010). Cyber systems and critical infrastructure (CI) always experience attacks on an industrial level. As a result, several businesses and organizations in the country are often affected negatively by such attacks. Attacks on critical infrastructure and cyber systems make organizations to suffer in terms of industrial surveillance and intellectual property theft, which lead to enormous losses to the economy of US. As such, identifying suitable methods that the local and state governments, private and public sectors and other agencies can employ in enhancing suitable critical infrastructure cyber security is vital in addressing the issues related to CI and cyber systems attacks. Some of the methods employed by these parties are information sharing and programs that are aimed at collecting information related to security.

Sharing of information has been noted as the principle method of ensuring the security of critical infrastructure and cyber systems. However, this process needs to be executed in a way that does not compromise or risk the safety or security of the source. Information sharing across the conventional boundaries of organizations is vital in ensuring the safety of both CI and cyber systems in the country (Brattberg, 2012).  Information sharing happens to be a crucial component of the significant mission of the DHS (Department of Homeland Security), which is aimed at creating a shared situational awareness about malicious cyber operations (The National Cybersecurity and Communications Integration Center). As such, the DHS ensures that both the state and local law enforcement have access to information, which is critical for the protection of the nation’s CI. Besides, the DHS ensures that information is made confidential with the aim of ensuring that the sources are protected.  This undertaking ensures that vital information continues to flow to authorities concerned with law enforcement.

Significance of Information Sharing in Relation to the Security of CI and Cyber Systems     

Availing information to the law enforcement authorities helps in ensuring that these parties have a vital tool for safeguarding American citizens. Achieving this goal requires that the law enforcement agencies monitor the core areas that have been noted to be vulnerable to attacks from internal and external sources. Information sharing among the officers offers suitable mechanisms of identifying threat pictures, vulnerabilities, and their effect on the citizens. Moreover, it enhances the collection, reception and evaluation of risk-related or threat-related information.

Information sharing also provides a suitable platform on which the national and local governments alongside the private and local sector partners can establish efficient methods of safeguarding the CI and cyber systems. Furthermore, it ensures that the processes identifying, tracking, accessing and communicating of risk-related information are achieved in a single process. This strategy is significant in enhancing the safety of civil liberties and confidentiality of Americans and businesses.

Sharing of information provides a suitable mechanism through which the public can report suspicious events or activities to law enforcement agencies (Headayetullah, 2010). The DHS ensures that this goal is accomplished using awareness interventions, which are aimed at enriching the public or citizens with skills and knowledge on indicators of terrorism and violent crime. In addition, this department is involved in international and federal partnerships with the aim availing resources and information to the local and state enforcement authorities. One of the programs that are employed in gathering information from the public is the C3 (Critical Infrastructure Cyber Community Voluntary Program).

Critical Infrastructure Cyber Community Voluntary Program

The US relies on CI every day to provide water, energy, financial services, transportation and other capabilities that support the needs of the American people and their way of living. Over the years, advancements in technology have led to the evolvement of these capabilities, which has enhanced their running. With the increased dependence cyber-reliant systems, issues of vulnerabilities and threats have also increased.

Safeguarding the cyber security systems of the country’s CI happens to be matter of high concern for the national government. In relation to this, in February 2013, President Barrack Obama endorsed the executive order 13636, which was aimed at enhancing the critical infrastructure cyber security. In the same year, the president released the PPD-21 (Presidential Policy Directive), which was targeted at increasing the overall resilience of the nation’s CI (Harrop & Matterson, 2013) . One of the core elements of the executive order is the establishment of the cyber security model or the framework by the NIST (National Institute of Standards and Technology). This framework is meant to assist critical infrastructure organizations and sectors in managing and reducing their cyber threats.

Since there is a robust connection between physical security and cyber security, the DHS has established a partnership with the CI community with the aim of developing a voluntary intervention to encourage the application or use of the framework in strengthening critical infrastructure cyber security. The C3 program acts a coordination point or center within the Federal government for CI owners and operators who have interest in enhancing their cyber threat management activities. The C3 voluntary intervention has three objectives. This program aims at supporting the industry in enhancing its cyber resilience. Besides, the intervention focuses on increasing the use the framework and community’s awareness on this model. Lastly, the intervention aims at encouraging organizations to engage in the management of cyber security as a component of an all-hazards strategy to enterprise risk management.

In February 2014, the launch of the C3 voluntary program coincided with the release of the ultimate Framework (Vladimirovich, 2014). The first focus of this program is involvement with the SSAs (Sector Specific Agencies) and organizations by means of the Framework to establish a guideline on how to implement the Framework. The subsequent stages of the C3 voluntary intervention will widen the intervention’s coverage to every critical infrastructure and businesses or organizations of all sizes that have interest in using the Framework.

Activities of the C3 voluntary program                       

This intervention focuses on three principle activities.

Communications and Outreach

The C3 voluntary intervention acts as a center of contact and client relationship manager to help organizations or businesses with the use of the Framework. Besides, it provides guidance to interested sectors and organizations to the Department of Homeland security and other private and public sector resources (Vladimirovich, 2014). This guidance is provided with the aim of supporting the use of the framework for cybersecurity.

Feedback

The intervention promotes feedback from stakeholder businesses concerning their experiences with the help of its resources to execute the Framework (Vladimirovich, 2014). The programs operates with organizations to comprehend how these organizations use the Framework, and to obtain information on how the program and the Framework can be improved to serve organizations in a suitable way. Moreover, this intervention ensures that the feedback obtained from these organizations is availed to the NIST, to assist in guiding the establishment of the next edition of the Framework and related efforts.

Supporting Use

This program focuses on assisting stakeholders with the comprehension of the use of the Framework and other efforts that are associated with cyber risk management. Furthermore, it aims at supporting the establishment of sector-specific and general guidance for the implementation of the framework. The intervention also aims at working with the 16 sectors of critical infrastructure to establish a sector specific for using the framework in a suitable manner (Haynes, 2004). Some of these sectors include food, communications, healthcare, defense, information technology and argicluture.

Channels through which Organizations, Businesses, and the Public can engage in the Program

The C3 voluntary intervention interacts with organizations, businesses and the public through four channels. The program uses the regional DHS personnel from the CSA (Cyber Security Advisor) and PSA (Protective Security Advisor) programs in interacting with the target parties. These personnel engage in direct interaction with organizations or businesses in their regions concerning cybersecurity and CI protection. The second channel of interaction is the CIPAC (Critical Infrastructure Partnership Advisory Council) framework. This partnership takes into consideration the government, CI sector owners and operators (Geer, 2013). The partnership aims at ensuring the presence of a range of activities for the protection of the CI. The third channel is direct involvement with organizations, businesses and public. These parties may access the program’s website. The last interaction channel is the RFI (Request for Information) that offers a suitable platform on which the public can present their views on cybersecurity’s policies and solutions.
Private and Public Sectors’ Best Practices for Safeguarding the CI and Cyber Systems

Guaranteeing the protection and resilience the country’s cyber and CI systems is a shared responsibility among various stakeholders or parties. Currently, both the private and public sectors are engaged in several methods of safeguarding the CI and cyber systems via partnerships. In relation to this, the IP (Infrastructure Protection) office is dedicated to strengthening and expanding CI across all regions in the U.S. The IP is accomplishing this goal by engaging in activities that strengthen personnel at the regional level. Moreover, the IP is engaged in strengthening of interventions and potentials to offer support to regional partnerships.

Financial Services ISAC (Information Sharing and Analysis Centers), which was established by security, banking and finance organizations in October 1999, happens to be among the organizations, which have been established to enhance the process of safeguarding the cyber systems and CI (Haynes, 2004). Both the public and private sectors are involved in the maintenance of databases to which their members are required to report information about security threats, vulnerabilities, events and solutions or opinions. This information in then evaluated by security experts who proceed to alert members depending on the urgency or seriousness of the matter. The information posted on the databases is kept private with the aim of protecting the sources.

Both the private and public sectors are associated with early or immediate notification of risks, sharing of anonymous or unspecified information and offering expertise on subject matter. Furthermore, these sectors contribute significantly to the provision of trending information and other benchmark date. The membership list is always kept private. These sectors also play a vital role in establishing standards that are used in initiating, executing and improving information security for cyber systems and CI. The benchmarks formed by these sectors address issues of security, reliability and safety in operations. Besides, the benchmarks help in addressing matters concerning the design of systems for securing cyber systems and CI. Some organizations have also established study groups, which are in charge of identifying and documenting vulnerabilities and threats. Furthermore, other private and public organizations are involved in the coordination and promotion of consensus-based standards.
Private and Public Sectors’ Best Practices for Safeguarding Cyber Systems and CI

Sharing of information is considered critical for attaining secured cyber systems and CI. Information sharing enhances the continuous flow of vital data concerning threat-related matter. Both the private and public play a significant role in ensuring that this goal is accomplished. The information obtained from the members is made private with the aim of ensuring their safety.

In many situations, the two sectors make information inaccessible or unreachable even to the national government. Therefore, people are always motivated to offer information without fear. However, this undertaking may create problems to matters involving research. One of the problems associated with this approach is that researchers may lack substantial or adequate data concerning securities threat matters as this information is often hidden. On the other side, the two sectors should ensure that that their communication systems are safeguarded even in times of disaster. This is approach is vital in avoiding the disruption of such systems as it was seen in the case of the communication capabilities of public agencies, which were eroded by the Hurricane Katrina’s disaster (Miller, 2007).

Coordinating and promoting of consensus-based benchmarks is significant in minimizing duplication and overlap, which are always associated with benchmark-related efforts (Haynes, 2004). These benchmarks also ensure that entities adhere to policies and regulations concerning cyber systems and CI security. Thus, the practices adopted by the public and private sectors are vital in safeguarding the CI and cyber systems.

Role of the Local Government, State Government, and Private Sector in Securing Cyber Systems and CI

Many interventions have been established to aid in securing cyber systems and the CI. The local government has developed community-based interventions that enhance awareness creation to the community. Under these programs, individuals are equipped with adequate knowledge on the indicators of terrorism and crime violence, which may impact negatively on cyber systems and CI. Knowledge on indicators of crime/terrorism is an indispensable element of protecting information related to CI (A generic national framework for critical information infrastructure protection, 2007). The local government also ensures that people are offered feedback mechanisms through which they can submit crime and terrorism-related issues. These feedback systems offer a suitable platform on which vital information is shared.

The state government has developed various agencies that assist helps in enhancing the safety of cyber systems and CI. This undertaking is facilitated by the Department of Homeland Security. These agencies engage in robust partnerships with public and private sectors with the aim of enhancing the safety of cyber systems and CI. Moreover, the agencies help in developing appropriate methods of recognizing vulnerabilities and threats, and their remedies.

Private and public sectorsalso contribute significantly to enhancing the safety of cyber systems and CI (Brattberg, 2012). These sectors have developed databases on which members can post information or opinions on issues related to security threats, and offer solutions to such matters via their security experts. The information posted on the databases is given to law enforcement agencies and the state government to enable necessary or corrective measures to be adopted. Besides, the two sectors have guidelines, which can be employed in facilitating the process of safeguarding cyber systems and CI.

Other Methods of Enhancing Critical Infrastructure Cyber security

NIST has established a crucial framework that can be employment in enhancing critical infrastructure cyber security in several ways. This model offers owners of CI and other parties with voluntary guidance on suitable methods of protecting assets and information from cyber crimes or attacks. The framework is divided into three principle elements that include core, tiers and profiles. NIST’s model establishes best practices that always employed in CI industries and sectors.

The Core is divided into five functions that include protect, identify, respond, detect and recover. Taking into consideration the fact that these functions are often used together, they can be employed in helping organizations comprehend and transform their cyber security programs into efficient and functional system (Geer, 2013). The tires enable organizations to evaluate the extent at which their systems meet goals established in the NIST’s framework. Consequently, profiles assist organizations in attaining a higher state of cyber security sophistication.

NIST’s model for improving critical infrastructure cyber security was developed as response or reaction to the executive order 13636 (Haynes, 2004). The president assigned the NIST with the task of developing a set of methodologies, standards and processes, which align business, policy and technological strategies to address or handle cyber threats to CI. In relation to this, the DHS has identified 16 different sectors that include food, information technology, defense, agriculture and healthcare among others.

Labeling its framework as Version 1.0, the NIST acknowledges the fact that its model need to be dynamic to enable it match the ever evolving technology and needs of cyber security. In addition, NIST has developed a roadmap, which is aimed at advancing the critical infrastructure cyber security (Geer, 2013). This roadmap offers the future path for adjusting/updating and improving version 1.0. As it continues to create new editions of its model, NIST anticipate remaining at the core of collaboration between government agencies and industry to assist owners of CI in comprehending, executing and improving the model.

Just as in the case of the C3 voluntary intervention, NIST framework is voluntary (Haynes, 2004). Currently, the departments of commerce, homeland security, and treasury are involved reviewing methods and mechanisms of creating incentives, which will motivate organizations and businesses to execute the guidance.

Conclusion

In conclusion, the safety of critical infrastructure and cyber systems relies on the aspect of sharing information. This goal is accomplished through the establishment of a broad network, which takes into consideration the local government, state government, private, and public sectors, and agencies such as NIST. Besides, this network includes the American citizens who are allowed to post information databases that have been developed by the mentioned parties. Sharing of information is significant in ensuring that the security levels of CI and cyber systems are achieved in an efficient manner. However, it is vital to note that the shared information needs to be kept private to safeguard the interests of the sources.

References

A generic national framework for critical information infrastructure protection (CIIP) (2007). Manual Suter Center for Security Studies, ETH, Zurich. Retrieved
October 10, 2014 from: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf

Brattberg, E. (2012). Coordinating for Contingencies Taking Stock of Post-9/11 Homeland Security Reforms. Journal of Contingencies & Crisis Management, 20(2) 77-89

Geer, D. (2013). Resolved: The Internet Is No Place for Critical Infrastructure. Communications of the ACM, 56(6) 48-53.

Harrop, W & Matterson, A. (2013). Cyber Resilience: A Review of Critical National Infrastructure and Cyber Security Protection Measures Applied in the UK and USA. Journal of Business Continuity & Emergency Planning, 7(2) 149-162.

Haynes, W. (2004) Seeing Around Corners: Crafting the New Department of Homeland Security. Review of Policy Research, 21(3) 365-395

Headayetullah, M; Pradhan, G. (2010). Efficient and Secure Information Sharing for Security Personnels:  A Role and Cooperation Based Approach. International Journal on Computer Science & Engineering, 2(3) 903-911

Miller, R. (2007). Hurricane Katrina: Communications and Infrastructure Impacts. US Army War College. Retrieved October 10, 2014 from:
http://www.carlisle.army.mil/DIME/documents/Hurricane%20Katrina%20Communications%20&%20Infrastructure%20Impacts.pdf

O’Connor, T. (2010) The safety and security of critical infrastructure. Retrieved October 10, 2014 from: http://drtomoconnor.com/3430/3430lect01a.htm

The National Cybersecurity and Communications Integration Center:
http://www.dhs.gov/about-national-cybersecurity-communications-integration-center

Vladimirovich, A. (2014). Concerning Approaches of the USA and China to Cyber Security. Politics, Economics, Law, 1(1) 1-5

We can write this or a similar paper for you! Simply fill the order form!

Unlike most other websites we deliver what we promise;

  • Our Support Staff are online 24/7
  • Our Writers are available 24/7
  • Most Urgent order is delivered with 6 Hrs
  • 100% Original Assignment Plagiarism report can be sent to you upon request.

GET 15 % DISCOUNT TODAY use the discount code PAPER15 at the order form.

Type of paper Academic level Subject area
Number of pages Paper urgency Cost per page:
 Total: