INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2
Running head: INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE
PROTECTION 1
Initiatives to Enhance Critical Infrastructure Protection
January 26, 2020
Abstract
Critical Infrastructure Security is so critical to U.S. economic and social security along with public well-being and protection that disorder or disruption of any of the varied critical sectors will have a devastating outcome on the country. As reported by GAO, until the administrative agencies who are managing the Critical Infrastructure Security make attempts to have a complete understanding of the application of cyber security framework by the entities within these sectors, they would be restricted in their capacity to recognize the success of security efforts. This paper is intended to review the GAO (Government Accountability Office) report and describe the initiatives taken to enhance critical infrastructure protection followed by an appropriate conclusion.
Introduction
U.S. CIP (Critical Infrastructure Protection) necessitates the provision of protection from external and internal threats and restoration of physically ruined Critical Infrastructure that may disrupt services. This has been a major cause of concern due to the deteriorating U.S.
infrastructure causing enough destruction and loss of life. On 22nd May 1998, President Bill Clinton has signed Presidential Decision Directive (PDD-63) which emphasized on critical infrastructure as a growing potential vulnerability and acknowledged that U.S. must view the U.S. national infrastructure from perspective of security due to its significance to national and financial security. CIP has to be tackled in a preventive manner. The 16 critical infrastructure sectors comprise of communication, chemical, defense industrial base, energy, emergency services, food and agriculture, financial, health, transportation, nuclear reactors and material waste, water and waste-water sector. Each of these sectors has its own security plan and exclusive manmade and natural threats, risks and deteriorations. Any attack or disaster on any of this vital infrastructure may cause severe damage to the security of the nation and probably may lead to the disintegration of the complete infrastructure (Hemme, 2015). National Infrastructure Protection Plan
NIPP-2013 provides the basis for a collaborative and an integrated approach to attain a vision of a country where physical as well as cyber critical infrastructure stays secure and resilient. This policy has permitted CIP to be flexible and self sufficient to address threats by means of regular quadrennial assessments of CIP policies. However researches involving critical infrastructure have indicated that DHS and every Sector Specific Agency (SSA) have not paid attention to prior warnings concerning the potential results of depr.
On National Teacher Day, meet the 2024-25 Kenan Fellows
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docx
1. INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE
PROTECTION 2
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE
PROTECTION 2
Running head: INITIATIVES TO ENHANCE CRITICAL
INFRASTRUCTURE
PROTECTION 1
Initiatives to Enhance Critical Infrastructure Protection
January 26, 2020
Abstract
Critical Infrastructure Security is so critical to U.S.
economic and social security along with public well-being and
protection that disorder or disruption of any of the varied
2. critical sectors will have a devastating outcome on the country.
As reported by GAO, until the administrative agencies who are
managing the Critical Infrastructure Security make attempts to
have a complete understanding of the application of cyber
security framework by the entities within these sectors, they
would be restricted in their capacity to recognize the success of
security efforts. This paper is intended to review the GAO
(Government Accountability Office) report and describe the
initiatives taken to enhance critical infrastructure protection
followed by an appropriate conclusion.
Introduction
U.S. CIP (Critical Infrastructure Protection) necessitates the
provision of protection from external and internal threats and
restoration of physically ruined Critical Infrastructure that may
disrupt services. This has been a major cause of concern due to
the deteriorating U.S.
infrastructure causing enough destruction and loss of life. On
22nd May 1998, President Bill Clinton has signed Presidential
Decision Directive (PDD-63) which emphasized on critical
infrastructure as a growing potential vulnerability and
acknowledged that U.S. must view the U.S. national
infrastructure from perspective of security due to its
significance to national and financial security. CIP has to be
tackled in a preventive manner. The 16 critical infrastructure
3. sectors comprise of communication, chemical, defense
industrial base, energy, emergency services, food and
agriculture, financial, health, transportation, nuclear reactors
and material waste, water and waste-water sector. Each of these
sectors has its own security plan and exclusive manmade and
natural threats, risks and deteriorations. Any attack or disaster
on any of this vital infrastructure may cause severe damage to
the security of the nation and probably may lead to the
disintegration of the complete infrastructure (Hemme, 2015).
National Infrastructure Protection Plan
NIPP-2013 provides the basis for a collaborative and an
integrated approach to attain a vision of a country where
physical as well as cyber critical infrastructure stays secure and
resilient. This policy has permitted CIP to be flexible and self
sufficient to address threats by means of regular quadrennial
assessments of CIP policies. However researches involving
critical infrastructure have indicated that DHS and every Sector
Specific Agency (SSA) have not paid attention to prior
warnings concerning the potential results of deprived
maintenance. Instead they opted for aggressive efforts to
prevent terrorist’s threats and the policy makers were mostly
ignored calls for the resources that have to be spent for
infrastructure maintenance. In 2013 February, there was no
collective effort to secure the interconnected element of critical
infrastructure as there was no interrelationship among sectors.
In order to tackle this issue PPD 21 came into existence to
foster the protection and resilience of critical infrastructure. An
integrated task force was created by DHS to implement PPD 21.
This move also called for association between the federal
administration and its partners in private sector (Hemme, 2015).
Initiatives to enhance CIP as per GAO report According to
GAO-18-211 report,
Executive Order 13636:
In February of 2013, Executive Order 13636 presented an
action plan to enhance security for critical cyber infrastructure.
As per this, federal policy has directed various sector specific
4. agencies in consultation with DHS and diverse other agencies to
examine the cyber security framework and establish
implementation guidance or additional materials to tackle sector
specific risk and operating atmosphere (GAO Report, 2018).
NIST Framework:
The National Institute of Standards and Technology has
published a framework that is broadly acknowledged as a
comprehensive touchstone for organizational cyber risk
management. This framework has been broadly implemented by
private sector, integrated across sectors and within organization
and offers an initiating point to consider risks and best
practices. NIST Framework for Enhancing Critical
Infrastructure Security was developed in 2014 as a voluntary
framework to be adopted by the industry for cyber security
standards and methods. The core of this framework comprises of
continuous and concurrent functions to identify, safeguard,
recognize, respond and recover. These functions taken together
provide a highly strategic view of the lifecycle of the cyber
security risk management of an organization (GAO Report,
2018).
Cyber Security Enhancement Act:
The CEA of 2014 comprised of provisions for GAO to examine
aspects of cyber security procedures and standards in NIST
Framework. The objective of GAO was to evaluate regarding
the degree to which critical infrastructure have implemented
this framework. GAO examined the documentation like sector
specific guidance and devices to help its implementation (GAO
Report, 2018).
Executive Order 18300:
In 2017, this order was issued by the President which
requires every federal agency to apply the cyber security
framework to manage the cyber security risk of the agency
(GAO
Report, 2018).
Draft Interagency Report 8170:
In May 2017, this report was released by NIST in reply to
5. the previous order and this report is aimed at providing
guidance on the use of framework by agencies to complement
prevalent practices of risk management and enhance their cyber
security risk management program. Several areas were
identified by this report on the basis of implementation in
nonfederal entities. They are as follows:
· Manage the cyber security program.
· Integrate enterprise and cyber security risk management.
· Evaluate organizational cyber security.
· Manage cyber security essentials.
· Maintain a complete understanding of cyber security risk.
· Incorporate and align cyber security and acquisition
procedures.
· Inform the tailoring procedure.
· Report cyber security risks (GAO Report, 2018).
Critical Infrastructure Cyber Community Voluntary Program:
In February 2014, C3VP initiative was launched by DHS in
accordance with EO 13636, with a mission to facilitate the
improvement of critical infrastructure cyber security and to
motivate the framework adoption. Additionally officials from
every SSA stated that they have continuously conducted
promotional activities of this framework using C3VP and NIST
resources (GAO Report, 2018).
GAO Recommendations to SSAs:
GAO has made certain recommendations that appropriate
methods have to be developed to determine the adoption of
Framework by SSA across their corresponding sector in
consultation with their section partners respectively, such as
SCC, DHS and NIST. Conclusion
Numerous sectors have taken measures to assist
implementation of the NIST cyber security framework in their
corresponding sectors. By establishing the adoption guidance,
numerous SSAs have developed a sequence of tools that could
be leveraged by entities for framework adoption. Without an
exact evaluation in each sector, federal entities and SSA lack a
complete knowledge of the present adoption level in Critical
6. Infrastructure sectors (GAO Report, 2018). However, certain
challenges were identified by the federal authorities, NIST and
SCCs, which may hamper cyber security framework
implementation. The GAO recommendations were agreed upon
by few agencies whereas some neither disagreed nor agreed to
the recommendations
(Maritalk.com, 2018).
References
GAO Report. (2018). Critical Infrastructure Protection:
Additional Actions are Essential for Assessing Cyber Security
Framework Adoption. Report to Congressional Committees.
United States Government Accountability Office. GAO-18-
211(February, 2018).
Retrieve online at:
https://www.gao.gov/assets/700/690112.pdf
GAO Snaps at Critical Infrastructure Protection Ambiguity.
(2018, March 7). Retrieved online at:
https://www.meritalk.com/articles/gao-snaps-at-critical-
infrastructure-protectionambiguity/
Hemme, K. (2015). Critical Infrastructure Protection:
Maintenance is National Security. Journal of Strategic Security.
Vol.8, Issue.5, pp. 25-39 Retrieved online at:
https://www.researchgate.net/publication/283280777_Critical_I
nfrastructure_Protection
Maintenance_is_National_Security/link/5ba3e83b299bf13e603f
bc39/download