As the use of information technology continues to rise so does the need to protect its infrastructure. Western countries have developed an elaborate critical information infrastructure protection system that tries to reduce vulnerability, fight computer crime and cyber terrorism defence. The models are complicated and applicable to specific countries only and therefore cannot be transferred to other countries. Similarly, existing solutions are capital intensive and are out of reach of many countries around the world. States that try to develop their CIIP policy find it hard to identify the best practices or even good examples. The importance of critical infrastructure vulnerability and protection to the community, state or even the entire country cannot be overemphasized. Such infrastructure needs a structured approach to develop. The purpose of this proposal is to depict the plan for preparing a critical infrastructure and vulnerability protection program (Collier&Lakoff, 2008; Suter, 2007).
Objectives
This project aims to develop a critical infrastructure and vulnerability protection program for the US. The plan must be able to eliminate or reduce essential infrastructure vulnerabilities, counter computer crime and defend against cyber terrorism. The entire process will incorporate the critical stakeholders while using the resources efficiently. Some of the challenges expected in the process include high capital requirements for the project, different stakeholders that must be involved, continuous and unpredictable changes in the environment that affects the established system.
Delegate your assignment to our experts and they will do the rest.
Technical Approach
A thorough literature review will be conducted to identify best practices around the world and the existing systems that can be borrowed from. The design phase will then incorporate the various aspects identified in the literature review and vulnerability assessment which involves several elements including; identifying the existing processes, applications, and data, finding any hidden data, determining hardware that supports the application and data. The next step is to map the infrastructure connecting the identified equipment. Establish existing controls, running a vulnerability scan when everything else is well understood. The infrastructure context will enable the production of meaningful and actionable information on the vulnerability of the current system. The human resource aspect should also be analysed to determine its ability to deal with security and threat (Theocharidou& Giannopoulos, 2015).
Issues of cost-benefit analysis, solution concept, analysis of the performance of the solution and selecting alternatives will be dealt with at this stage. The project will, therefore, include a description of the design process at least three possible solutions i.e., reduce vulnerability, counter computer crime and dealing with cyber terrorism. The alternative will be selected based on their ability to satisfy the expectations. The solution process, advantages, and disadvantages will be ranked. The resource requirements will also be considered (Yusta, Correa &Lacal-Arántegui, 2011).
Managing the project
The project will involve the following phases; planning, concept development, designing the system, testing and refining, and production. Different duties will be assigned to the team members. Milestones and timelines will then be established and indicated in a Gantt chart (Meredith, Mantel, Mantel. & Shafer, 2015).
Deliverables
The completion and acceptance of the proposal will be one of the deliverables of the project. Others include the end of the design drawings, economic analysis, test procedures, a collection of data, development of user-friendly instructions that include training of the system administrators, employees and other support staff (Meredith, Mantel, Mantel. & Shafer, 2015).
Communication, Budgeting and Project Team
The proposal development stage will involve the direct connection with the supervisor for clarification and correction if necessary. Contact with other stakeholders must also be established, and a communication strategy developed to enable the sharing of information and ideas. The budget must cover proposal development design work, data collection system development and other expenditures that are not directly related to the project. The project team will be constituted and the qualifications of each member and their experience highlighted. Their roles and resumes will also be incorporated in the detailed project proposal (Meredith, Mantel, Mantel. & Shafer, 2015).
Roles and responsibilities
This is a very important part of the plan where current and expected roles and responsibilities of all the involved stakeholders are laid down. Specifically, decision-making bodies, Emergency Management advisory committee and infrastructure owners must be identified because the development of a critical infrastructure vulnerability and protection needs a strong foundation of qualified members (Obama, 2013 ) . Decision making bodies will ensure effective problem solving strategies are used in case of any crisis. On the other hand, the advisory committee will be needed to allocate funds for the project and infrastructure owners will be required to share best practices and improve communications during program development. Consequently, a team will be identified in this stage to review and approve Critical infrastructure vulnerability and protection strategies, which will be used by the project team. This stage will also involve identifying a team that will bring all the stakeholders together to improve communication and teamwork in order to increase efficiency and effectiveness of the entire project.
Set and prioritize goals
After the proposal development stage, specific project goals will be set and prioritized based on stakeholder needs. This stage will involve laying down project objectives including the benefits that will be accomplished by developing a critical infrastructure and vulnerability protection program. The project team is supposed to write down the project goals covering stakeholder needs to make sure they are easily shared and communicated in the project plan. In this stage, the objectives will be set based on the ability of the project team to achieve them. This means that the projects objectives will be aligned with the team’s personal goals to make them realistic. However, they will be time bound to ensure there specific time set for completion. This will make sure that every involved stakeholder is time conscious.
Risk assessment
A thorough risk assessment will be conducted to identify security gaps that might expose the critical infrastructure vulnerability protection program to both internal and external threats. The risk assessment will also support project management and security operation planning thus helping formulate effective countermeasures to accrued risks. In short, a risk assessment will help the project team point out correct estimates of levels of exposure to loss. A risk assessment will play a pivotal role in helping project managers to make informed decisions by either accepting the risk or by mitigating it (Theocharidou & Giannopoulos, 2015). In this stage, risks will be identified, analyzed, evaluated and treated. This whole process will help invest in efficient protective measures that are capable of lowering the probability of potential losses. The main rationale behind conducting a risk assessment for the project will be to spot security gaps in order to make a decision on what measures to undertake in order to improve security.
The first step will be to identify risk. In this step, experts will identify threats as well as the accrued risks that may have a negative impact on the critical infrastructure vulnerability and protection program will identify potential threats. The second step will involve analyzing these risks. Experts from different backgrounds including technical department, operations department, security department among others will do this analysis (Matsika,. Et al , 2016).other stakeholders will also be present this stage to enhance efficiency. The next step will be risk evaluation where results from the risk analysis will be obtained and analyzed further. These results will guide the risk assessment team towards defining the accrued threats. Finally, the team will mitigate or treat the risk by reviewing and monitoring the entire process.
Issues of interdependencies of networked infrastructures will be dealt with in this stage. They will be identified by assessing the physical interdependence of the infrastructures based on material input, cyber interdependency, geographic interdependence and logical interdependence (Matsika,. Et al , 2016). Identifying these interdependencies will help project management team to identify the best risk assessment methodology to use for the critical infrastructure vulnerability and protection program.
Critical Failure Factors (CFF’s)
The next important stage after analyzing risk will be to identify factors that might lead to project failure. The project team can either make or break the success of the project when they work without a vision or decision tools needed for project efficiency. This is because they will apply energy to wrong activities of the project. Therefore, in this stage, activities that are important in supporting project goals and objectives are identified ((Meredith, Mantel, Mantel & Shafer, 2015).This will make sure that the entire team knows where to direct their energy. More so, communication policies are revisited in this stage to ensure they comply with all the needs of the project. Consequently, the scope of the project is also revised to avoid poor interpretation. This is because a poorly defined project scope may mislead team members. This makes project teams and sponsors to put energy where it is not required and leave the most important elements of the project mishandled. In short, all the factors that may lead to either failure or success of the project are revisited and analyzed in this stage to avoid leaving anything to chance (Yusta, Correa & Lacal-Arántegui, 2011). The entire team is also evaluated to make sure they share the same vision.
Creation of the Project Schedule
In this stage, project deliverables will be revisited which in this case include completion and acceptance of the proposal, economic analysis, test analysis and development of user friend instructions among others. Each deliverable will be critically analyzed and a series of tasks that need to be completed to accomplish each of them will be outlined. In the analysis, the amount of time, resources and the task force that will be responsible for each take completion will be determined. After this analysis, dependencies in the project will be identified to know which tasks need to be completed before the others, which tasks need more input and which one require more resources. In this stage, all the team members will be involved in the planning process because the people who will be put in charge of developing the program have important insights of how task get done, the amount of time they take and the best personnel to undertake the most important tasks among others.
Present the project plan to stakeholders
Finally, the last stage will involve analyzing the plan to understand how it addresses every single stakeholder’s expectation then formulate solution for each conflict that may arise. In this stage, the supervisor will be involved in order to correct or add on to the developed proposal. After this, the proposal will be presented to all major stakeholders for discussion. The presentation will not be one sided because input from all stakeholders is important so that the best conclusions can be derived without bias. In this stage, each stakeholder will be given a role deperding on his or her capacity or take of the project. This includes decision-making as the project is being implemented, report assessment and security among others. This stage will also include clear communication for each stakeholder to understand what he/ she is expected to do (Meredith, Mantel, Mantel. & Shafer, 2015). Consequently, this stage will involve many discussions in order to avoid nasty surprises down the line. The project team will then explain to stakeholders the amount of time, resources and manpower needed for the project to be completed and then let them decide if they should dedicate more resources to the project or not.
Reference list
Critical Infrastructure Security . (2018). Department of Homeland Security . Retrieved 13 January 2018, from https://www.dhs.gov/topic/critical-infrastructure-security
Collier, S., &Lakoff, A. (2008). The Vulnerability of Vital Systems: How “Critical Infrastructure” Became a Security Problem.
The Authors describe the historical development of critical infrastructure since the formation of the Commission of the Critical Infrastructure Protection. The authors identify the importance of a secure infrastructure in the creation of the wealth of a nation. They establish an approach to identify, assess and manage security threat.
F EMA - Emergency Management Institute (EMI) Course | IS-860.C: The National Infrastructure Protection Plan, An Introduction . (2018). Training.fema.gov . Retrieved 13 January 2018, from https://training.fema.gov/EMIWeb/IS/courseOverview.aspx?code=IS-860.b
Matsika, E., O’Neill, C., Battista, U., Khosravi, M., Laporte, A., & Munoz, E. (2016). Development of Risk Assessment Specifications for Analysing Terrorist Attacks Vulnerability on Metro and Light Rail Systems. Transportation Research Procedia , 14 , 1345-1354. http://dx.doi.org/10.1016/j.trpro.2016.05.207
The article reviews international policy frameworks and risk assessment methodologies to develop a risk assessment methodology for light rail systems based on nine parameters.
Meredith, J., Mantel, S., Mantel.,& Shafer, S. (2015). Project Management: A Managerial Approach, Ninth Edition International Stud . John Wiley & Sons.
The book discusses projects and project management in depth while describing their importance to the organization. The authors have vast experience writing project management books which have gained widespread acceptance in the academic fraternity.
National Cybersecurity & Communications Integration Center . (2018). Department of Homeland Security . Retrieved 13 January 2018, from http://www.dhs.gov/about-national-cybersecurity-communications-integration-center
Obama, B. (2013). Presidential Policy Directive: Critical infrastructure security and resilience, White House. Retrieved from: https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
Suter M., (2007). A generic national framework for critical information infrastructure protection (CIIP). Manual Suter Center for Security Studies, ETH, Zurich. Retrieved from: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf
The study outlines a simple framework that can be used by developing countries to establish a Critical Information Infrastructure Protection program. The author of the article is from the Crisis and Risk Network and Center for Security Studies which have previously produced reliable publications on National protection policies and cybersecurity initiatives.
Theocharidou, M., & Giannopoulos, G. (2015). Risk assessment methodologies for critical infrastructure protection. Part II: A new approach. JRC Science And Policy Report . Retrieved from http://publications.jrc.ec.europa.eu/repository/bitstream/JRC96623/lbna27332enn.pdf
The article gives a detailed explanation of risk assessment methodology for critical infrastructure. The article is based on two documents, i.e., risk assessment and mapping guidelines for disaster management and another titled a new approach to the European Program for critical infrastructure protection. The authors of the report indicate that there exist gaps that need to be identified to deal with significant infrastructure vulnerability and protection efficiently.
Yusta, J., Correa, G., &Lacal-Arántegui, R. (2011). Methodologies and applications for critical infrastructure protection: State-of-the-art. Energy Policy , 39 (10), 6100-6119. http://dx.doi.org/10.1016/j.enpol.2011.07.010
The authors provide a state of the art update on the protection of the energy sector critical infrastructure. They define energy security, the critical infrastructure, and the essential resources while demonstrating some of the best practices in selected countries around the world. The authors identify two trends in methodologies and modeling. In the first pattern, methods, tools, techniques, and diagrams that describe the current state are determined. The second direction establishes a dynamic behavior of the system by simulating.
Importance of the five references
The selected Literature will be useful in the completion of the project as they relate to the subject matter and incorporate relevant material for the project.