Waiting for answer This question has not been answered yet. You can hire a professional tutor to get the answer.
Please respond to at least 2 other students. Responses should be a minimum of 150 words and include direct questions. /////////////////////////////////////////////////////////////////////////////Kenn
Please respond to at least 2 other students. Responses should be a minimum of 150 words and include direct questions.
/////////////////////////////////////////////////////////////////////////////
Kenneth Johnson
1. Offer your opinion as to the two critical infrastructure sectors you feel are currently most at risk. Offer sound reasoning as to why you hold this position (support your position with appropriate resource material), and highlight the role the private sector can play in decreasing this risk.
The two sectors that I feel are most at risk is based off of their dependency on each other and the dependency that our society has placed on them to function on a day to day basis. In turn, at least in my opinion, it makes them a high value target to anyone trying to cause harm to the nation. Not to mention the ease of being able to attack these sectors and actually get away with it. These two sectors are the Energy Sector and Information Technology Sector. Let me first say that in regards to being able to successfully attack either one of these sectors on a national level, I believe is impossible, meaning that I believe that it is impossible to disable either of these sectors completely on a national level. However, regionally, it is absolutely possible and such an attack can cause cascading effects that can potentially impact the nation.
First lets talk about the Energy Sector. I think that anyone can understand what this sector is responsible for producing for the nation, energy. It powers everything in the modern world and although humans have survived without energy in the past, quite frankly in the modern world I do not know if it is possible. Our society has created such a dependency on this resource that if it were to disappear our society would diminish rapidly. The Department of Homeland Security (DHS) states that there is a reliance of all critical infrastructure (CI) sectors on the Energy Sector (n.d., par 3). However, because of circumstance this sector is extremely vulnerable.
The vast expanse of the nation creates unique vulnerabilities for this sector that is hard to defeat or even mitigate. For example, power lines. Without these power lines the massive amounts of energy that is created to run our society would not be able to reach where it needs to go. Anybody can drive down the road and see power lines everywhere, including in places where there is no civilization. This is where the vulnerabilities lie. These power lines and towers that carry these power lines are not protected. Of course this is explainable considering the amount of money it would take to be able to secure these towers and power lines, something the private sector is not willing to do, considering their intent is to gain money.
It is easy to see how an individual can carry out a successful attack on one of these towers and knock out power to a particular region for days if not weeks depending on the location of the tower. Now if it were a coordinated attack that knocked out multiple towers, then multiply the consequence. I am not even getting into the realm of natural disasters and the capabilities of the natural world to accomplish the same end state. This is all apparent in the Energy Sector Specific Plan (SSP) where the DHS states the top identified threats to this sector are cyber and physical security threats and natural disasters (2015, p 5). Which brings us to our next sector, Information Technology.
The Information Technology (IT) Sector provides valuable resources to the nation and other critical infrastructure components such as virtual functions like hardware and software for computers and the most important thing to all humanity, the internet. In the world were interconnectedness is increasing and IT continues to control more and more of our networks it is becoming increasingly imperative that we protect this resource. However, that is not as easily done as said. The virtual world that is created by this asset is also a world that is easy for criminals to live in and be invisible.
This sector is not only vulnerable to criminal and terrorist organizations that can implement denial of service (DoS) to important infrastructure entities, but the IT sectors dependency on energy to continue operations also makes it vulnerable to natural disasters that can knock out operating systems and energy sources. The DHS IT SSP highlights the daily threats to this sector when it states that although the sector provides valuable resources that increase efficiency within a sector, they face a plethora of global man made and natural threats daily (2016, p 1). As already stated this makes it imperative for the private sector to implement security measures to ensure continuity of operations.
How does the private sector do this? Simple. Through coordination and collaborative efforts with the federal government to ensure the exchanging of valuable information. This can be accomplished through the Sector Coordinating Council (SCC) and the Government Coordinating Council (GCC) which help to focus building security and resiliency based off of the recommendations given through the National Infrastructure Protection Plan (NIPP). Although the driving force behind the private sector is and will always be money, realizing that an investment in resiliency will help sustain these sectors and the nation.
2. In reviewing these two documents, provide information as to the private sector's specific role in achieving the overall objectives of PPD 21 & EO 13636. Be sure to support your responses with information from the assigned and available readings.
Although the objectives of PPD 21 and EO 13636 are different, they both have the same overarching goal, critical infrastructure security and resiliency. As has been mentioned already this can only be accomplished through the coordination and collaborative efforts of the public and private sectors. However, given the unique role and position of the private sector in critical infrastructure, it is there specific responsibility to ensure proper risk assessments are conducted for their sectors specific needs and capabilities. This is made apparent by former president Barrack Obama when he states in PPD 21 that “Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient” (2013, p 1, par 3). Not only does this apply to the physical attributes of critical infrastructure, but also applies to the virtual world that incorporates multiple systems throughout the critical infrastructure.
References
Obama, B. (2013). Presidential Policy Directive on Critical Infrastructure Security and Resilience. Retrieved from https://edge.apus.edu/access/content/group/security-and-global-studies-common/Homeland%20Security/HLSS305/Week%202-Critical%20Infrastructure/PPD%2021%20Critical%20Infrastructure%20Security.pdf.
The Department of Homeland Security (n.d.). Energy Sector. Sector Overview. Retrieved from https://www.dhs.gov/energy-sector.
The Department of Homeland Security (2015). Energy Sector Specific Plan. Retrieved from https://www.dhs.gov/sites/default/files/publications/nipp-ssp-energy-2015-508.pdf.
The Department of Homeland Security (2016). Information Technology Sector Specific Plan. Retrieved from https://www.dhs.gov/sites/default/files/publications/nipp-ssp-information-technology-2016-508.pdf.
/////////////////////////////////////////////////////////////////////////////
Dwight Keen
Critical Infrastructure
1. Offer your opinion as to the two critical infrastructure sectors you feel are currently most at risk and highlight the role the private sector can play in decreasing this risk.
The two critical infrastructure sectors that possibly present the most vulnerability to an attack may be the energy and water and wastewater systems. The most significant risk to each sector are natural disasters, cyber attacks and aging infrastructure (Energy SSP, 2015; Water and Wastewater System SSP, 2015). Natural disasters have become a constant worry year-round making it very difficult to remain resilient due to the mounting cost of repairs from events like hurricanes, flooding, earthquakes and tornadoes (Energy SSP, 2015; Water and Wastewater System SSP, 2015). The aging infrastructure vulnerability is increased because such event aforementioned that can cause more structural damage which in turn keeps the cost of repair steadily increasing. Then there are the possibilities of cyber attacks that would cause a significant interruption in the operating systems of each sector (Energy SSP, 2015; Water and Wastewater System SSP, 2015). The possibility for such an attack could be a result of advanced technology within each sectors development of growth.
Investopedia (2018) states that the private sector has invested a good amount into each sector as they own a large portion of the critical infrastructure. Thus, they will take whatever measures necessary to ensure the resiliency of one of its many controlled infrastructures critical to America’s sustainability. For instance, one way in which the private sector intervenes on behalf of risk reduction to the vulnerabilities of critical infrastructures is through partnership structure (Department of Homeland Security NIPP,2013, p. 10). This is a collaboration between the private and public sector as well as the government to help recognize and eliminate possible threats toward the critical infrastructure. Also, by self-analyzing and managing the various risk as well as promoting the need for development, resiliency and planning the reduction of risk is a possibility.
2. In reviewing these two documents, provide information as to the private sector's specific role in achieving the overall objectives of PPD 21 & EO 13636.
The private sector as it pertains to the Presidential Policy Directive 21 (PPD 21) and Executive Order 13636 (EO 13636) is to maintain operational steadiness through efforts of continued partnership with the public sector and government. The role in which they play will be that of supporting the government as needed or as directed. PPD 21 explains that self-managing their vulnerabilities especially as it relates to cyber attacks will only increase the efforts of cybersecurity as a collective within the developed partnership. Another way in which the private sector can provide support is by implementing programs to counter the various threats, vulnerabilities and consequences to the various critical infrastructures cyber vulnerabilities in which they are responsible (Department of Homeland Security, NIPP, 2013, p. 18). Also, according to the EO 13636 (2013), the constant flow of information sharing between the collective involved helps by providing better protection and defensive measures against cyber attacks (p. 11739). The role of support is not easy but is very critical to attaining the objectives within the PPD 21 and EO 13636.
Reference(s)
Department of Homeland Security. (2013). National Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure Security and Resilience. Washington, D.C.: Government Printing Office.
Department of Homeland Security. (2015). Energy Sector-Specific Plan 2015. Washington, D.C.: Government Printing Office
Department of Homeland Security. (2015). Water and Wastewater Systems Sector-Specific Plan 2015.Washington, D.C.: Government Printing Office.
Exec. Order No. 13636, 3 C.F.R. 11737-11744 (2013). Improve Critical Infrastructure Cybersecurity
Investopedia. (2018). Private Sector. Retrieved September 11, 2018, fromhttps://www.investopedia.com/terms/p/private-sector.asp
Presidential Policy Directive -- Critical Infrastructure Security and Resilience. (2013). Retrieved September 11, 2018, from https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resilience