CIKR: INFORMATION TECHNOLOGY SECTOR
The U.S. Department of Homeland Security defines ‘Critical Infrastructure and Key Resources’ (CIKR) as all resources, regardless of whether they are natural or man-made upon which a country depends for proper functioning of economic activities, public health, and security systems (U.S. Department of Homeland Security, 2013). Accordingly, the incapacitation or destructions of such systems would have far-reaching implications on the economy, national security and the public. In the United States, there are sixteen CIKR sectors, including transport, agriculture, energy, information technology, and communications among others.
CIRK can only function where other systems and services protect or defend them such as the military, police, and intelligence agencies. The interdependence among various critical infrastructures, as well as the interconnection with other external elements, are planned, managed, and protected, so that a nation can support citizens and boost its domestic economy. Since the beginning of the 21st century, critical infrastructure security has been a matter of utmost concern for the federal, state and county governments (Sauter & Carafano, 2011). The attacks on the systems have increased in the recent past prompting the relevant agencies and organs to strengthen the security apparatus and reduce vulnerabilities.
Delegate your assignment to our experts and they will do the rest.
Four dominant CIKRs that exist in every American community include energy, food and agriculture, transportation, and information technology. The energy sector is one of the most vital sectors of the U.S. economy because nearly all other critical infrastructure sectors depend on it either directly or indirectly (U.S. Department of Homeland Security, 2013). The energy sector entails all the activities that lead to the generation and consumption of electricity as well as production of oil and natural gas. The energy sector is largely owned by the private sector with the federal government responsible for the regulation. The food and agriculture sector is comprised of farms, restaurants, and food manufacturing firms. The sector is primarily under private ownership and accounts for more than 20 percent of the nation’s economic activity. The transportation systems sector is responsible for the movement of people and goods in and out of the country. The Department of Transportation has the mandate of ensuring that the movement is quick, safe and secure at all times (Bullock & Haddow, 2006). Lastly, the information technology sector is essential for the nation’s security, public health, and economy. In the today’s world, the safety of the governments, businesses, and ordinary citizens depends on the information technology systems and services.
The information technology sector operates through a combination of the efforts from both the public and private entities. The owners and operators work within their respective associations to ensure that the networks are maintained and protected from threats or attacks. The IT sector has its own sector-specific partnership model that encourages both public and private entities to provide the necessary resources towards the protection of the infrastructure’s activities (U.S. Department of Homeland Security, 2013). The collaboration is facilitated and enhanced by the IT Sector Coordinating Councils (SCCs) as well as the Government Coordinating Councils (GCCs). IT SCCs is made up of the private-sector entities such as DNS operators, software companies, IT security associations, Internet service providers, among others (Bullock & Haddow, 2006).
On the other hand, the GCCs is comprised of the Federal, State, and local government entities tasked with policy formulation, implementation of strategies and coordination of the IT activities in line with the homeland security mission. The private and public partnership structure in the IT sector is tailored in a manner that all partners strive to accomplish the set goals without crippling the activities of the commercial entities with regards to profit generation and competition. The Office of Cyber Security and Communications is the Sector-Specific Agency that provides institutionalized knowledge and expertise to the players in the IT sector with the aim of improving the defensive position of the CIKR. The Agency ensures that all partner entities have the latest information on the imminent threats and vulnerabilities affecting the IT sector, government, as well as other CIKRs (Bullock & Haddow, 2006).
Since the advent of information technology, the sector has been facing many threats and vulnerabilities that keep on changing with the trends in technology. Over the past decade, there has been a rapid adoption of the cloud computing by the government agencies, individuals, as well as business enterprises. The global interconnection of the digital information has been facilitated by the cloud computing conducted through the highly interconnected IT systems in the country. Despite the fact that the improvement in transfer and storage of digital information has promoted the economy, public safety, and the overall national security, it has resulted in new threats to the IT sector. One of these threats is cyber-attack (Bullock & Haddow, 2006).
Cyber-attacks have become complex and varied in nature as a result of the sophistication of the methods used by cyber criminals, hackers, and terrorists. A 2003 directive on Critical Infrastructure Identification, Prioritization, and Protection by President George Bush’s administration, through an executive memo, sought to highlight the importance of safeguarding CIKRs. In the memo, Joshua Bolten, the Director of the Office of Management and Budget, says,
“ Terrorists seek to destroy, incapacitate, or exploit critical infrastructure and key resources across the United States to threaten national security, cause mass casualties, weaken our economy, and damage public morale and confidence ” (1816).
Bolten acknowledge the dangers posed by these ill-intentioned people and organizations have exposed business enterprises and all levels of government to economic stagnation and security problems. The reality has dwelt on the IT sector entities on the need to mitigate such risks since the attackers have demonstrated their capabilities in interfering with critical IT sector activities and systems.
Cyber-attacks have evolved from the physical destruction of the IT hardware by use of simple worms and viruses. Today, attackers use sophisticated software that not only steals or manipulates information in the cloud computing platforms, but also exploits all the vulnerabilities in the IT environments. The traditional security apparatus and approaches have been rendered obsolete, as they are incapable of handling modern malware (Sauter & Carafano, 2011). As a consequence, owners and operators of IT, government agencies, and businesses have continued to lose data hence counting heavy losses. The Federal government began the collaboration with the relevant stakeholders in the IT sectors by sharing information and implementing approaches meant to reduce or eliminate cyber security.
The risk management plans collaboratively drafted by the IT stakeholders in public and private sector outlines various existing mitigation strategies, being enhanced and for future use. For instance, processes that improve quality assurance have been developed. In addition, there is continuous monitoring of the DNS infrastructure to prevent subsequent risks (Sauter & Carafano, 2011). The federal government has been organizing cybersecurity training for users and businesses in order to empower them with skills of detecting and eliminating threats and vulnerabilities. Companies and institutions have also strengthened their incidence response activities through adequate contingency planning and investment to allow the IT experts to monitor networks constantly and respond to anomalies appropriately.
The effectiveness of the risk management activities in the IT sector is evaluated by the extent to which private, and public sector stakeholders are able to engage and find practical solutions. When the critical infrastructure owners and operators collaborate with different levels of government in the improvement of cyber security, it is a confirmation of the successes made in the implementation of the risk management processes. Additionally, the individual users would begin taking advantage of the IT resources provided by the government in combating threats to the information breaches. Business enterprises would be equally interested in supporting the practical application of the risk management framework that has been put in place through private-public partnerships.
Easy access to free technical assistance is one of the instruments that will indicate the owners and operators of IT infrastructure and resources have been empowered to manage cyber risk (Sauter & Carafano, 2011). The resilience of the cyber security is an important tool for determining the effectiveness of the policies and applications. Each player of the IT sector is tasked with the responsibility of ensuring that all the IT-related activities are aligned with the set framework of managing and mitigating cyber risks (Murray & Grubesic, 2012). Sharing the security-related information is key in the fight against cyber crimes. The information about threats and vulnerabilities should be made available to the interested companies, sector partners, and the public to encourage strategic responses.
Natural disasters like floods, fires, earthquakes and hurricanes pose physical infrastructure risks to the IT sector. The consequences are dire ranging from exposure of people to physical vulnerabilities to the exploitation of IT resources by criminals. Sharing the information can be performed through various activities such as organizing seminars and conferences in which GCCs and SCC's members can deliberate on topical issues, like security software development. Given the interconnectivity between the physical and cyber security, the IT sector needs to have a proper information flow (Murray & Grubesic, 2012). This will promote the integration of physical and cyber security measures for the benefit of all stakeholders. Both the federal and state governments should come up with activities and programs, like the Cyber Storm Exercise Series where the participants identify potential effects of cyber attacks. From these programs, useful information can be generated to apply in risk management. Sharing information also builds good relationships among IT sector players, particularly on the cyber incident situational awareness.
References
Bolten, J. B. (2004, June 17). Development of Homeland Security Presidential Directive (HSPD) - 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources. Memorandum for the Heads of Executive Departments and Agencies from the Executive Office of the President, Office of Management and Budget, Washington, D.C. 20503
Bullock, J., & Haddow, G. (2006). Introduction to homeland security . New York, NY: Butterworth-Heinemann.
Murray, A. T., & Grubesic, T. H. (2012). Critical infrastructure protection: The vulnerability conundrum. Telematics and Informatics , 29 (1), 56-65.
Sauter, M., & Carafano, J. (2011). Homeland Security: a complete guide 2/E . New York, NY: McGraw Hill Professional.
U.S. Department of Homeland Security. (2013). NI PP 2013: Partnering for Critical Infrastructure Security and Resilience
