Critical Infrastructure

Similar documents
National Policy and Guiding Principles

CRITICAL INFRASTRUCTURE AND KEY RESOURCES

Energy Assurance Plans

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

Introduction to Homeland Security

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

California Cybersecurity Integration Center (Cal-CSIC)

The Office of Infrastructure Protection

National Cyber Incident Response - Architectural Concepts

Critical Infrastructure Resilience

COUNTERING IMPROVISED EXPLOSIVE DEVICES

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Intelligence Support to Critical Infrastructure Protection Table of Contents

South East Region THIRA

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Control System Security SCADA/DCS. By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited

Grid Security & NERC

Building A Disaster Resilient Quebec

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Smart Cities and Security. Security - 1

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

The Australian Government s Approach to Critical Infrastructure Resilience

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

Introduction to the National Response Plan and National Incident Management System

Community Resilience Innovation, Collaboration, Sustainability, Results. The Los Angeles Emergency Preparedness Foundation

Business Continuity: How to Keep City Departments in Business after a Disaster

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Critical Infrastructure Assessment

Office of Infrastructure Protection Overview

NIGERIA SECURITY AND CIVIL DEFENCE CORPS INSTITUTE OF SECURITY OF NIGERIA

Cybersecurity Overview

Chapter 1. Chapter 2. Chapter 3

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Public and Private Interdependencies Filling a Gap in Most Continuity Plans

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Critical Infrastructure Sectors and DHS ICS CERT Overview

Local Government Disaster Planning and what can be learned from it.

Appendix M. Lifeline Sector Coordination

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Countermeasures Assessment & Security Experts, LLC. 110 Quigley Boulevard Airport Park New Castle, DE

The Office of Infrastructure Protection

The Confluence of Physical and Cyber Security Management

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

The Value of Bipartisanship

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Summary of Cyber Security Issues in the Electric Power Sector

Port Facility Cyber Security

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

Critical Resilient Interdependent Infrastructure Systems and Processes

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

BCP At Bangkok Bank, Thailand

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Modelling & Simulation for National Security

Sharing of Information & Intelligence on the Importation & Transportation of Food

Alternative Fuel Vehicles in State Energy Assurance Planning

Department of Homeland Security Updates

Intro to the NERC/NIPC Indications, Analysis & Warnings Program

About Issues in Building the National Strategy for Cybersecurity in Vietnam

The Age of Heightened Security

Why you should adopt the NIST Cybersecurity Framework

Critical Information Infrastructure Protection Law

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Chemical Facility Anti- Terrorism Standards

Science & Technology Directorate: R&D Overview

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

EMP and Our Food Infrastructure

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Shared Responsibility: Roles and Responsibilities in Emergency Management Geoff Hay

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Control Systems Cyber Security Awareness

Department of Homeland Security Science and Technology Directorate

Internet of Things Toolkit for Small and Medium Businesses

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

MARYLAND S STRATEGIC GOALS AND OBJECTIVES FOR HOMELAND SECURITY

Principles for a National Space Industry Policy

Center for Infrastructure Assurance and Security (CIAS) Joe Sanchez AIA Liaison to CIAS

Electric Power Industry s Approach to Grid Security

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Homeland Security and Geographic Information Systems

Resilient Energy Solutions for Community Needs

Critical Infrastructure Protection (CIP)

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Working with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und

The Office of Infrastructure Protection

Resilience for Installations and Communities

Airport Security & Safety Thales, Your Trusted Hub Partner

June 5, 2018 Independence, Ohio

The NIS Directive and Cybersecurity in

FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

FLOOD VULNERABILITY ASSESSMENT FOR CRITICAL FACILITIES

Transcription:

Critical Infrastructure 1

Critical Infrastructure Can be defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and way of life. They are all connected together in a "system of systems" where a failure in one can cascade into a failure in others. 2

SECTORS Critical infrastructures are not static; rather, they evolve to reflect both changing threats and the nature of the economy. Every critical infrastructure sector complements and depends on others, creating economies of scale and the accumulation of human and material capital. Interconnectivity complicates critical infrastructure protection. Its consequence is the cascading effect, and occurs when an assault against one infrastructure negatively affects the ability of another sector to function. Currently 14 identified sectors 3

SECTORS Agriculture, including feed, animals, animal products, crop production, and the post-harvesting components of the food supply chain. Food, including retail food distribution and consumption. Water, including fresh water supply and wastewater collection and treatment. 4

SECTORS Public Health, including hospitals, nursing homes, pharmaceutical stockpiles, and the national blood supply. Emergency Services, including police, fire, and emergency medical/rescue services. Government Services, including programs such as Social Security and Medicare. 5

SECTORS Defense Industrial Base, including the production and distribution of military hardware as well as the goods and services critical to military readiness. Information and Tele-communications, including voice and data services as well as Internet access and wireless capabilities. 6

SECTORS Energy, including electricity, oil, and natural gas. Transportation, including air, rail, maritime, pipeline, highway, truck, bus, and public mass transit. Banking and Finance, including banking operations, financial markets, and financial utilities, such as electronic payment systems. 7

SECTORS Chemicals and Hazardous Materials, including substances used for agricultural, industrial, and commercial use. Postal and Shipping, including the movement and handling of letters, packages, and cargo. 8

Critical Infrastructure Protection (CIP) The basic steps of CIP consist of: Identifying the critical infrastructures Determining the threats against those infrastructures Analyzing the vulnerabilities of threatened infrastructures Assessing the risks of degradation or loss of a critical infrastructure Applying countermeasures where risk is unacceptable 9

THE HISTORY OF CRITICAL INFRASTRUCTURE PROTECTION In 1996, the position of national coordinator for security, infrastructure protection, and counter-terrorism (sometimes called the position of "cyber-czar") was created as part of the White House's National Security Council to oversee national policy development and implementation for CIP. Another organization, the Critical Infrastructure Assurance Office (CIAO) existed to coordinate the federal government's initiatives on CIP, to assist agencies in identifying their dependencies and vulnerabilities, and to coordinate awareness programs. 10

THE HISTORY OF CRITICAL INFRASTRUCTURE PROTECTION The National Infrastructure Protection Center (NIPC) served as a threat assessment center and included members of the FBI, DoD, Secret Service, and CIA. Out of NIPC, the InfraGard program was established to provide a mechanism for two-way information sharing about intrusion incidents and system vulnerabilities, and to further provide a channel for the NIPC to disseminate analytical threat products to the private sector. 11

THE HISTORY OF CRITICAL INFRASTRUCTURE PROTECTION Information Sharing and Analysis Centers (ISACs) are part of the private sector's responses to the call for action made in May 1998 by Presidential Decision Directive 63. The purpose of an ISAC is to gather and analyze information about information security threats, vulnerabilities, incidents, countermeasures, and best practices. An ISAC typically consists of a secure database, analytic tools, and information gathering and distribution facilities designed to allow authorized individuals to submit either anonymous or attributed reports about information security threats, vulnerabilities, incidents and solutions. ISAC members also have access to analytic products produced by other members and obtained from other sources. 12

Critical Infrastructure Protection One of the basic goals of infrastructure protection is Continuity -- continuity of government, continuity of private sector, and continuity of public services. 13

RELIANCE UPON INDUSTRY AND PRIVATE SECTOR Most of America's critical infrastructure is owned or operated by the private sector. Industry as a whole faces a greater threat than the government. However, the private sector is driven by bottom lines, consumer and shareholder confidence, and market forces. If industry fails to implement the necessary security measures which protect more than their "bottom line," then the government must step in, and in fact, probably has an obligation to do so. Part of this obligation is to assist industry by making sure they have the tools they need to do the job. 14

Geographic Diversity Approximately 66,000 chemical plants 104 nuclear power plants 5,000 public airports 2 billion miles of telecommunication cable 5,800 registered hospitals Critical infrastructures are plentiful and geographically dispersed. Every city and town has critical. With pipelines, power lines, and communications networks distributed across the landscape, even remote areas now constitute target-rich environments. An absence of classic terrorist targets no longer provides immunity from attack or reason for inaction. 15

Vulnerabilities to Critical Infrastructures Critical infrastructure protection is challenging because vulnerabilities are diverse and omnipresent. Diversity is reflected by a dual method of attack, namely cyber exploitation and physical exploitation. 16

17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback