Securing Critical Infrastructures and Cyber Systems
Lecturer: Affiliation: Due There has been an increase in the integration of ICT (Information and communications technology) into the everyday activities of governments, families, consumers and industries together with a corresponding growth in cyberspace. As much as the expansion of the cyberspace has offered numerous opportunities for economic growth, it has also brought about vast opportunities for bad actors. Cyber security is currently regarded as one of the most serious national security and economic challenges our nation faces. How the private and public sectors liaise in correspondence to securing our cyberspace will eventually affect how safe and secure we are as a country and the benefits our country will reap from this digital era.
Infrastructure control systems face risks because of system vulnerabilities, cyber threats and grave probable effect of attacks as displayed by reported incidents. Cyber threats can be targeted or untargeted, intentional or not and come from numerous places. Control systems are nowadays more vulnerable to cyber-attacks because of numerous reasons, counting the increased connectivity of systems through the internet. From evidences of past control attacks, it is clear that effect on critical infrastructure is vast. In 2003 for instance, a computer virus shut down the train signaling system all through the East Coast. In 2006, a foreign hacker planted malicious software that had the ability of affecting a water treatment plant’s operations.
Infrastructure owners face organizational and technical challenges to securing control systems. Technical challenges include restricted processing abilities, design constraints and real-time operations all of which deter the owner’s ability to implement information technology security processes. Organizational defies which include difficulty in coming up with convincing business case for capitalizing in security and contradictory priorities of information security personnel and engineers. Numerous private sector acts such as standard setting associations and trade associations are putting up efforts to aid in securing control systems. The efforts put forth by the private sector entities include, providing guidance to members, developing standards and hosting workshops on security of control systems. For instance, the electricity industry recently advanced standards for the cyber security of their control systems and a trade association (gas) is in the process of developing guidance to members to use encryption as a security measure to protect control systems.
Two areas of precise concern include protecting the country’s critical infrastructure (roughly 70-90% of which are privately owned) against cyber threats, together with addressing potential weaknesses in the universal nature of the ICT source chain. Both policymakers and the ICT industry share the collective objective of addressing these worries. Concerning critical infrastructure, the existing voluntary public-private partnership exemplary has offered private-sector proprietors and operatives with the flexibility they require to address bouts as they occur – principally as cyber-attacks have amplified in both sophistication and volume.
Important investments in security from operatives and ICT dealers, strong network organization, application of best practices and procedures, and intentional coordination are all vital constituents of the current ecology that has threatened critical infrastructure from substantial attacks. These mechanisms should continue to offer the basis for critical infrastructure policy moving forward.
Government agencies have also had numerous initiatives that are underway to aid in the security of infrastructure control systems. Despite all these efforts, more still remains to be done to manage these efforts and also to address specific deficits. In the recent years, federal agencies. the departments of energy, Homeland security and the (FERC) Federal Energy Regulation Commission has started efforts to advance the control systems’ security of critical infrastructure. However, there is still no common strategy to coordinate the numerous activities across government agencies and private sector. Additionally, DHS lacks procedures required to address exact weaknesses in information sharing on control systems weaknesses. Until private and public sector security exertions are synchronized by an all-encompassing plan and specific information sharing deficits are addressed, there is an upsurge risk that numerous organizations will conduct duplicative work and miss chances to achieve their critical missions.
Aradau, C. (2010). Security That Matters: Critical Infrastructure and Objects of Protection. Journal of Information Science, 491-514.
Interior, F. M. (17th June 2009). National Strategy for Critical Infrastructure Protection. Berlin: Federal Republic of Germany.
Kolasky, B. (2014). FY 2014 2016 Annual Performance Report: Mission 4: Safeguard and Secure Cyberspace . Washington: U.S. Department of Homeland Security .
Lewis, T. G. (2006). Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation Hardcover. New York: Wiley.