SlideShare ist ein Scribd-Unternehmen logo

INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx

Als DOCX, PDF herunterladen
M
maoanderton

INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 Running head: INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 1 Initiatives to Enhance Critical Infrastructure Protection January 26, 2020 Abstract Critical Infrastructure Security is so critical to U.S. economic and social security along with public well-being and protection that disorder or disruption of any of the varied critical sectors will have a devastating outcome on the country. As reported by GAO, until the administrative agencies who are managing the Critical Infrastructure Security make attempts to have a complete understanding of the application of cyber security framework by the entities within these sectors, they would be restricted in their capacity to recognize the success of security efforts. This paper is intended to review the GAO (Government Accountability Office) report and describe the initiatives taken to enhance critical infrastructure protection followed by an appropriate conclusion. Introduction U.S. CIP (Critical Infrastructure Protection) necessitates the provision of protection from external and internal threats and restoration of physically ruined Critical Infrastructure that may disrupt services. This has been a major cause of concern due to the deteriorating U.S. infrastructure causing enough destruction and loss of life. On 22nd May 1998, President Bill Clinton has signed Presidential Decision Directive (PDD-63) which emphasized on critical infrastructure as a growing potential vulnerability and acknowledged that U.S. must view the U.S. national infrastructure from perspective of security due to its significance to national and financial security. CIP has to be tackled in a preventive manner. The 16 critical infrastructure sectors comprise of communication, chemical, defense industrial base, energy, emergency services, food and agriculture, financial, health, transportation, nuclear reactors and material waste, water and waste-water sector. Each of these sectors has its own security plan and exclusive manmade and natural threats, risks and deteriorations. Any attack or disaster on any of this vital infrastructure may cause severe damage to the security of the nation and probably may lead to the disintegration of the complete infrastructure (Hemme, 2015). National Infrastructure Protection Plan NIPP-2013 provides the basis for a collaborative and an integrated approach to attain a vision of a country where physical as well as cyber critical infrastructure stays secure and resilient. This policy has permitted CIP to be flexible and self sufficient to address threats by means of regular quadrennial assessments of CIP policies. However researches involving critical infrastructure have indicated that DHS and every Sector Specific Agency (SSA) have not paid attention to prior warnings concerning the potential results of depr.

Bildung
1 von 6
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 Running head: INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 1 Initiatives to Enhance Critical Infrastructure Protection January 26, 2020 Abstract Critical Infrastructure Security is so critical to U.S. economic and social security along with public well-being and protection that disorder or disruption of any of the varied
critical sectors will have a devastating outcome on the country. As reported by GAO, until the administrative agencies who are managing the Critical Infrastructure Security make attempts to have a complete understanding of the application of cyber security framework by the entities within these sectors, they would be restricted in their capacity to recognize the success of security efforts. This paper is intended to review the GAO (Government Accountability Office) report and describe the initiatives taken to enhance critical infrastructure protection followed by an appropriate conclusion. Introduction U.S. CIP (Critical Infrastructure Protection) necessitates the provision of protection from external and internal threats and restoration of physically ruined Critical Infrastructure that may disrupt services. This has been a major cause of concern due to the deteriorating U.S. infrastructure causing enough destruction and loss of life. On 22nd May 1998, President Bill Clinton has signed Presidential Decision Directive (PDD-63) which emphasized on critical infrastructure as a growing potential vulnerability and acknowledged that U.S. must view the U.S. national infrastructure from perspective of security due to its significance to national and financial security. CIP has to be tackled in a preventive manner. The 16 critical infrastructure
sectors comprise of communication, chemical, defense industrial base, energy, emergency services, food and agriculture, financial, health, transportation, nuclear reactors and material waste, water and waste-water sector. Each of these sectors has its own security plan and exclusive manmade and natural threats, risks and deteriorations. Any attack or disaster on any of this vital infrastructure may cause severe damage to the security of the nation and probably may lead to the disintegration of the complete infrastructure (Hemme, 2015). National Infrastructure Protection Plan NIPP-2013 provides the basis for a collaborative and an integrated approach to attain a vision of a country where physical as well as cyber critical infrastructure stays secure and resilient. This policy has permitted CIP to be flexible and self sufficient to address threats by means of regular quadrennial assessments of CIP policies. However researches involving critical infrastructure have indicated that DHS and every Sector Specific Agency (SSA) have not paid attention to prior warnings concerning the potential results of deprived maintenance. Instead they opted for aggressive efforts to prevent terrorist’s threats and the policy makers were mostly ignored calls for the resources that have to be spent for infrastructure maintenance. In 2013 February, there was no collective effort to secure the interconnected element of critical infrastructure as there was no interrelationship among sectors. In order to tackle this issue PPD 21 came into existence to foster the protection and resilience of critical infrastructure. An integrated task force was created by DHS to implement PPD 21. This move also called for association between the federal administration and its partners in private sector (Hemme, 2015). Initiatives to enhance CIP as per GAO report According to GAO-18-211 report, Executive Order 13636: In February of 2013, Executive Order 13636 presented an action plan to enhance security for critical cyber infrastructure. As per this, federal policy has directed various sector specific
agencies in consultation with DHS and diverse other agencies to examine the cyber security framework and establish implementation guidance or additional materials to tackle sector specific risk and operating atmosphere (GAO Report, 2018). NIST Framework: The National Institute of Standards and Technology has published a framework that is broadly acknowledged as a comprehensive touchstone for organizational cyber risk management. This framework has been broadly implemented by private sector, integrated across sectors and within organization and offers an initiating point to consider risks and best practices. NIST Framework for Enhancing Critical Infrastructure Security was developed in 2014 as a voluntary framework to be adopted by the industry for cyber security standards and methods. The core of this framework comprises of continuous and concurrent functions to identify, safeguard, recognize, respond and recover. These functions taken together provide a highly strategic view of the lifecycle of the cyber security risk management of an organization (GAO Report, 2018). Cyber Security Enhancement Act: The CEA of 2014 comprised of provisions for GAO to examine aspects of cyber security procedures and standards in NIST Framework. The objective of GAO was to evaluate regarding the degree to which critical infrastructure have implemented this framework. GAO examined the documentation like sector specific guidance and devices to help its implementation (GAO Report, 2018). Executive Order 18300: In 2017, this order was issued by the President which requires every federal agency to apply the cyber security framework to manage the cyber security risk of the agency (GAO Report, 2018). Draft Interagency Report 8170: In May 2017, this report was released by NIST in reply to
the previous order and this report is aimed at providing guidance on the use of framework by agencies to complement prevalent practices of risk management and enhance their cyber security risk management program. Several areas were identified by this report on the basis of implementation in nonfederal entities. They are as follows: · Manage the cyber security program. · Integrate enterprise and cyber security risk management. · Evaluate organizational cyber security. · Manage cyber security essentials. · Maintain a complete understanding of cyber security risk. · Incorporate and align cyber security and acquisition procedures. · Inform the tailoring procedure. · Report cyber security risks (GAO Report, 2018). Critical Infrastructure Cyber Community Voluntary Program: In February 2014, C3VP initiative was launched by DHS in accordance with EO 13636, with a mission to facilitate the improvement of critical infrastructure cyber security and to motivate the framework adoption. Additionally officials from every SSA stated that they have continuously conducted promotional activities of this framework using C3VP and NIST resources (GAO Report, 2018). GAO Recommendations to SSAs: GAO has made certain recommendations that appropriate methods have to be developed to determine the adoption of Framework by SSA across their corresponding sector in consultation with their section partners respectively, such as SCC, DHS and NIST. Conclusion Numerous sectors have taken measures to assist implementation of the NIST cyber security framework in their corresponding sectors. By establishing the adoption guidance, numerous SSAs have developed a sequence of tools that could be leveraged by entities for framework adoption. Without an exact evaluation in each sector, federal entities and SSA lack a complete knowledge of the present adoption level in Critical
Infrastructure sectors (GAO Report, 2018). However, certain challenges were identified by the federal authorities, NIST and SCCs, which may hamper cyber security framework implementation. The GAO recommendations were agreed upon by few agencies whereas some neither disagreed nor agreed to the recommendations (Maritalk.com, 2018). References GAO Report. (2018). Critical Infrastructure Protection: Additional Actions are Essential for Assessing Cyber Security Framework Adoption. Report to Congressional Committees. United States Government Accountability Office. GAO-18- 211(February, 2018). Retrieve online at: https://www.gao.gov/assets/700/690112.pdf GAO Snaps at Critical Infrastructure Protection Ambiguity. (2018, March 7). Retrieved online at: https://www.meritalk.com/articles/gao-snaps-at-critical- infrastructure-protectionambiguity/ Hemme, K. (2015). Critical Infrastructure Protection: Maintenance is National Security. Journal of Strategic Security. Vol.8, Issue.5, pp. 25-39 Retrieved online at: https://www.researchgate.net/publication/283280777_Critical_I nfrastructure_Protection Maintenance_is_National_Security/link/5ba3e83b299bf13e603f bc39/download

Empfohlen

· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
LynellBull52
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...
David Sweigert
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
Settapong_CyberSecurity
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636
David Sweigert
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 

Empfohlen

· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx· Per the e-Activity, analyze one (1) of the core tenets establish.docx
· Per the e-Activity, analyze one (1) of the core tenets establish.docx
LynellBull52
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...
David Sweigert
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
Settapong_CyberSecurity
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636Building on incident management metrics to support Executive Order 13636
Building on incident management metrics to support Executive Order 13636
David Sweigert
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best Practices
Dr Dev Kambhampati
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
charisellington63520
 
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECTEFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
IRJET Journal
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
David Sweigert
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
Josef Sulca Cueva
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
stilliegeorgiana
 
ASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection FrameworkASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection Framework
ETDAofficialRegist
 
NASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryNASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and Recovery
David Sweigert
 
TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)
JasonSchupp1
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
GovCloud Network
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
PYA, P.C.
 
2003-cost-report
2003-cost-report2003-cost-report
2003-cost-report
Matthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Maurice Dawson
 
2004-cost-report
2004-cost-report2004-cost-report
2004-cost-report
Matthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18
David Sweigert
 
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command SystemCybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
David Sweigert
 
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
IRJET Journal
 
InstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docxInstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docx
maoanderton
 
InstructionsFor this assignment, analyze the space race..docx
InstructionsFor this assignment, analyze the space race..docxInstructionsFor this assignment, analyze the space race..docx
InstructionsFor this assignment, analyze the space race..docx
maoanderton
 

Weitere ähnliche Inhalte

Ähnlich wie INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx

Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
charisellington63520
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
stilliegeorgiana
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
GovCloud Network
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Maurice Dawson
 

Ähnlich wie INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx (20)

NHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best PracticesNHTSA Cybersecurity Best Practices
NHTSA Cybersecurity Best Practices
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
 
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECTEFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
EFFECTIVE MANAGEMENT IN PUBLIC PRIVATE PARTNERSHIP PROJECT
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
 
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity Fr...
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
 
ASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection FrameworkASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection Framework
 
NASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryNASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and Recovery
 
TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)TRIA Cyber Risk Study (GAO)
TRIA Cyber Risk Study (GAO)
 
Staying Safe in Cyberspace
Staying Safe in CyberspaceStaying Safe in Cyberspace
Staying Safe in Cyberspace
 
The IT Analysis Paralysis
The IT Analysis Paralysis The IT Analysis Paralysis
The IT Analysis Paralysis
 
2003-cost-report
2003-cost-report2003-cost-report
2003-cost-report
 
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...
 
2004-cost-report
2004-cost-report2004-cost-report
2004-cost-report
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18
 
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command SystemCybersecurity Framework for Executive Order 13636 -- Incident Command System
Cybersecurity Framework for Executive Order 13636 -- Incident Command System
 
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
IRJET- Analysis of Risk Factors Affecting Management and Maintenance of Urban...
 

Mehr von maoanderton

InstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docxInstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docx
maoanderton
 
InstructionsFor the initial post, address one of the fol.docx
InstructionsFor the initial post, address one of the fol.docxInstructionsFor the initial post, address one of the fol.docx
InstructionsFor the initial post, address one of the fol.docx
maoanderton
 
InstructionsFollow paper format and Chicago Style to complete t.docx
InstructionsFollow paper format and Chicago Style to complete t.docxInstructionsFollow paper format and Chicago Style to complete t.docx
InstructionsFollow paper format and Chicago Style to complete t.docx
maoanderton
 
InstructionsFind a NEWS article that addresses a recent t.docx
InstructionsFind a NEWS article that addresses a recent t.docxInstructionsFind a NEWS article that addresses a recent t.docx
InstructionsFind a NEWS article that addresses a recent t.docx
maoanderton
 
InstructionsFind a NEWS article that addresses a current .docx
InstructionsFind a NEWS article that addresses a current .docxInstructionsFind a NEWS article that addresses a current .docx
InstructionsFind a NEWS article that addresses a current .docx
maoanderton
 
InstructionsFinancial challenges associated with changes.docx
InstructionsFinancial challenges associated with changes.docxInstructionsFinancial challenges associated with changes.docx
InstructionsFinancial challenges associated with changes.docx
maoanderton
 
InstructionsEvaluate Personality TestsEvaluation Title.docx
InstructionsEvaluate Personality TestsEvaluation Title.docxInstructionsEvaluate Personality TestsEvaluation Title.docx
InstructionsEvaluate Personality TestsEvaluation Title.docx
maoanderton
 
InstructionsEach of your responses will be graded not only for .docx
InstructionsEach of your responses will be graded not only for .docxInstructionsEach of your responses will be graded not only for .docx
InstructionsEach of your responses will be graded not only for .docx
maoanderton
 
InstructionsEffective communication skills can prevent many si.docx
InstructionsEffective communication skills can prevent many si.docxInstructionsEffective communication skills can prevent many si.docx
InstructionsEffective communication skills can prevent many si.docx
maoanderton
 
InstructionsDevelop an iconographic essay. Select a work fro.docx
InstructionsDevelop an iconographic essay. Select a work fro.docxInstructionsDevelop an iconographic essay. Select a work fro.docx
InstructionsDevelop an iconographic essay. Select a work fro.docx
maoanderton
 
InstructionsDEFINITION a brief definition of the key term fo.docx
InstructionsDEFINITION a brief definition of the key term fo.docxInstructionsDEFINITION a brief definition of the key term fo.docx
InstructionsDEFINITION a brief definition of the key term fo.docx
maoanderton
 
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docxInstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
maoanderton
 
InstructionsCookie Creations (Continued)Part INatalie is.docx
InstructionsCookie Creations (Continued)Part INatalie is.docxInstructionsCookie Creations (Continued)Part INatalie is.docx
InstructionsCookie Creations (Continued)Part INatalie is.docx
maoanderton
 
InstructionsCommunities do not exist in a bubble. Often changes .docx
InstructionsCommunities do not exist in a bubble. Often changes .docxInstructionsCommunities do not exist in a bubble. Often changes .docx
InstructionsCommunities do not exist in a bubble. Often changes .docx
maoanderton
 
InstructionsBeginning in the 1770s, an Age of Revolution swep.docx
InstructionsBeginning in the 1770s, an Age of Revolution swep.docxInstructionsBeginning in the 1770s, an Age of Revolution swep.docx
InstructionsBeginning in the 1770s, an Age of Revolution swep.docx
maoanderton
 

Mehr von maoanderton (20)

InstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docxInstructionsFor this assignment, select one of the following.docx
InstructionsFor this assignment, select one of the following.docx
 
InstructionsFor this assignment, analyze the space race..docx
InstructionsFor this assignment, analyze the space race..docxInstructionsFor this assignment, analyze the space race..docx
InstructionsFor this assignment, analyze the space race..docx
 
InstructionsFor the initial post, address one of the fol.docx
InstructionsFor the initial post, address one of the fol.docxInstructionsFor the initial post, address one of the fol.docx
InstructionsFor the initial post, address one of the fol.docx
 
InstructionsFollow paper format and Chicago Style to complete t.docx
InstructionsFollow paper format and Chicago Style to complete t.docxInstructionsFollow paper format and Chicago Style to complete t.docx
InstructionsFollow paper format and Chicago Style to complete t.docx
 
InstructionsFind a NEWS article that addresses a recent t.docx
InstructionsFind a NEWS article that addresses a recent t.docxInstructionsFind a NEWS article that addresses a recent t.docx
InstructionsFind a NEWS article that addresses a recent t.docx
 
InstructionsFind a NEWS article that addresses a current .docx
InstructionsFind a NEWS article that addresses a current .docxInstructionsFind a NEWS article that addresses a current .docx
InstructionsFind a NEWS article that addresses a current .docx
 
InstructionsFinancial challenges associated with changes.docx
InstructionsFinancial challenges associated with changes.docxInstructionsFinancial challenges associated with changes.docx
InstructionsFinancial challenges associated with changes.docx
 
InstructionsExplain the role of the U.S. Office of Personnel.docx
InstructionsExplain the role of the U.S. Office of Personnel.docxInstructionsExplain the role of the U.S. Office of Personnel.docx
InstructionsExplain the role of the U.S. Office of Personnel.docx
 
InstructionsEvaluate Personality TestsEvaluation Title.docx
InstructionsEvaluate Personality TestsEvaluation Title.docxInstructionsEvaluate Personality TestsEvaluation Title.docx
InstructionsEvaluate Personality TestsEvaluation Title.docx
 
InstructionsEach of your responses will be graded not only for .docx
InstructionsEach of your responses will be graded not only for .docxInstructionsEach of your responses will be graded not only for .docx
InstructionsEach of your responses will be graded not only for .docx
 
InstructionsEffective communication skills can prevent many si.docx
InstructionsEffective communication skills can prevent many si.docxInstructionsEffective communication skills can prevent many si.docx
InstructionsEffective communication skills can prevent many si.docx
 
InstructionsEcologyTo complete this assignment, complete the.docx
InstructionsEcologyTo complete this assignment, complete the.docxInstructionsEcologyTo complete this assignment, complete the.docx
InstructionsEcologyTo complete this assignment, complete the.docx
 
InstructionsDevelop an iconographic essay. Select a work fro.docx
InstructionsDevelop an iconographic essay. Select a work fro.docxInstructionsDevelop an iconographic essay. Select a work fro.docx
InstructionsDevelop an iconographic essay. Select a work fro.docx
 
InstructionsDEFINITION a brief definition of the key term fo.docx
InstructionsDEFINITION a brief definition of the key term fo.docxInstructionsDEFINITION a brief definition of the key term fo.docx
InstructionsDEFINITION a brief definition of the key term fo.docx
 
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docxInstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
InstructionsCreate a PowerPoint presentation of 15 slides (not c.docx
 
InstructionsCookie Creations (Continued)Part INatalie is.docx
InstructionsCookie Creations (Continued)Part INatalie is.docxInstructionsCookie Creations (Continued)Part INatalie is.docx
InstructionsCookie Creations (Continued)Part INatalie is.docx
 
InstructionsCommunities do not exist in a bubble. Often changes .docx
InstructionsCommunities do not exist in a bubble. Often changes .docxInstructionsCommunities do not exist in a bubble. Often changes .docx
InstructionsCommunities do not exist in a bubble. Often changes .docx
 
InstructionsChoose only ONE of the following options and wri.docx
InstructionsChoose only ONE of the following options and wri.docxInstructionsChoose only ONE of the following options and wri.docx
InstructionsChoose only ONE of the following options and wri.docx
 
InstructionsChoose only ONE of the following options and.docx
InstructionsChoose only ONE of the following options and.docxInstructionsChoose only ONE of the following options and.docx
InstructionsChoose only ONE of the following options and.docx
 
InstructionsBeginning in the 1770s, an Age of Revolution swep.docx
InstructionsBeginning in the 1770s, an Age of Revolution swep.docxInstructionsBeginning in the 1770s, an Age of Revolution swep.docx
InstructionsBeginning in the 1770s, an Age of Revolution swep.docx
 

Kürzlich hochgeladen

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Kürzlich hochgeladen (20)

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 

INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx

  • 1. INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 Running head: INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 1 Initiatives to Enhance Critical Infrastructure Protection January 26, 2020 Abstract Critical Infrastructure Security is so critical to U.S. economic and social security along with public well-being and protection that disorder or disruption of any of the varied
  • 2. critical sectors will have a devastating outcome on the country. As reported by GAO, until the administrative agencies who are managing the Critical Infrastructure Security make attempts to have a complete understanding of the application of cyber security framework by the entities within these sectors, they would be restricted in their capacity to recognize the success of security efforts. This paper is intended to review the GAO (Government Accountability Office) report and describe the initiatives taken to enhance critical infrastructure protection followed by an appropriate conclusion. Introduction U.S. CIP (Critical Infrastructure Protection) necessitates the provision of protection from external and internal threats and restoration of physically ruined Critical Infrastructure that may disrupt services. This has been a major cause of concern due to the deteriorating U.S. infrastructure causing enough destruction and loss of life. On 22nd May 1998, President Bill Clinton has signed Presidential Decision Directive (PDD-63) which emphasized on critical infrastructure as a growing potential vulnerability and acknowledged that U.S. must view the U.S. national infrastructure from perspective of security due to its significance to national and financial security. CIP has to be tackled in a preventive manner. The 16 critical infrastructure
  • 3. sectors comprise of communication, chemical, defense industrial base, energy, emergency services, food and agriculture, financial, health, transportation, nuclear reactors and material waste, water and waste-water sector. Each of these sectors has its own security plan and exclusive manmade and natural threats, risks and deteriorations. Any attack or disaster on any of this vital infrastructure may cause severe damage to the security of the nation and probably may lead to the disintegration of the complete infrastructure (Hemme, 2015). National Infrastructure Protection Plan NIPP-2013 provides the basis for a collaborative and an integrated approach to attain a vision of a country where physical as well as cyber critical infrastructure stays secure and resilient. This policy has permitted CIP to be flexible and self sufficient to address threats by means of regular quadrennial assessments of CIP policies. However researches involving critical infrastructure have indicated that DHS and every Sector Specific Agency (SSA) have not paid attention to prior warnings concerning the potential results of deprived maintenance. Instead they opted for aggressive efforts to prevent terrorist’s threats and the policy makers were mostly ignored calls for the resources that have to be spent for infrastructure maintenance. In 2013 February, there was no collective effort to secure the interconnected element of critical infrastructure as there was no interrelationship among sectors. In order to tackle this issue PPD 21 came into existence to foster the protection and resilience of critical infrastructure. An integrated task force was created by DHS to implement PPD 21. This move also called for association between the federal administration and its partners in private sector (Hemme, 2015). Initiatives to enhance CIP as per GAO report According to GAO-18-211 report, Executive Order 13636: In February of 2013, Executive Order 13636 presented an action plan to enhance security for critical cyber infrastructure. As per this, federal policy has directed various sector specific
  • 4. agencies in consultation with DHS and diverse other agencies to examine the cyber security framework and establish implementation guidance or additional materials to tackle sector specific risk and operating atmosphere (GAO Report, 2018). NIST Framework: The National Institute of Standards and Technology has published a framework that is broadly acknowledged as a comprehensive touchstone for organizational cyber risk management. This framework has been broadly implemented by private sector, integrated across sectors and within organization and offers an initiating point to consider risks and best practices. NIST Framework for Enhancing Critical Infrastructure Security was developed in 2014 as a voluntary framework to be adopted by the industry for cyber security standards and methods. The core of this framework comprises of continuous and concurrent functions to identify, safeguard, recognize, respond and recover. These functions taken together provide a highly strategic view of the lifecycle of the cyber security risk management of an organization (GAO Report, 2018). Cyber Security Enhancement Act: The CEA of 2014 comprised of provisions for GAO to examine aspects of cyber security procedures and standards in NIST Framework. The objective of GAO was to evaluate regarding the degree to which critical infrastructure have implemented this framework. GAO examined the documentation like sector specific guidance and devices to help its implementation (GAO Report, 2018). Executive Order 18300: In 2017, this order was issued by the President which requires every federal agency to apply the cyber security framework to manage the cyber security risk of the agency (GAO Report, 2018). Draft Interagency Report 8170: In May 2017, this report was released by NIST in reply to
  • 5. the previous order and this report is aimed at providing guidance on the use of framework by agencies to complement prevalent practices of risk management and enhance their cyber security risk management program. Several areas were identified by this report on the basis of implementation in nonfederal entities. They are as follows: · Manage the cyber security program. · Integrate enterprise and cyber security risk management. · Evaluate organizational cyber security. · Manage cyber security essentials. · Maintain a complete understanding of cyber security risk. · Incorporate and align cyber security and acquisition procedures. · Inform the tailoring procedure. · Report cyber security risks (GAO Report, 2018). Critical Infrastructure Cyber Community Voluntary Program: In February 2014, C3VP initiative was launched by DHS in accordance with EO 13636, with a mission to facilitate the improvement of critical infrastructure cyber security and to motivate the framework adoption. Additionally officials from every SSA stated that they have continuously conducted promotional activities of this framework using C3VP and NIST resources (GAO Report, 2018). GAO Recommendations to SSAs: GAO has made certain recommendations that appropriate methods have to be developed to determine the adoption of Framework by SSA across their corresponding sector in consultation with their section partners respectively, such as SCC, DHS and NIST. Conclusion Numerous sectors have taken measures to assist implementation of the NIST cyber security framework in their corresponding sectors. By establishing the adoption guidance, numerous SSAs have developed a sequence of tools that could be leveraged by entities for framework adoption. Without an exact evaluation in each sector, federal entities and SSA lack a complete knowledge of the present adoption level in Critical
  • 6. Infrastructure sectors (GAO Report, 2018). However, certain challenges were identified by the federal authorities, NIST and SCCs, which may hamper cyber security framework implementation. The GAO recommendations were agreed upon by few agencies whereas some neither disagreed nor agreed to the recommendations (Maritalk.com, 2018). References GAO Report. (2018). Critical Infrastructure Protection: Additional Actions are Essential for Assessing Cyber Security Framework Adoption. Report to Congressional Committees. United States Government Accountability Office. GAO-18- 211(February, 2018). Retrieve online at: https://www.gao.gov/assets/700/690112.pdf GAO Snaps at Critical Infrastructure Protection Ambiguity. (2018, March 7). Retrieved online at: https://www.meritalk.com/articles/gao-snaps-at-critical- infrastructure-protectionambiguity/ Hemme, K. (2015). Critical Infrastructure Protection: Maintenance is National Security. Journal of Strategic Security. Vol.8, Issue.5, pp. 25-39 Retrieved online at: https://www.researchgate.net/publication/283280777_Critical_I nfrastructure_Protection Maintenance_is_National_Security/link/5ba3e83b299bf13e603f bc39/download