Essay Example on Protecting Critical Information Infrastructures

Challenges of protecting critical information infrastructures

The complexity and number of cyber-threats have escalated in today's technologically advanced world. The primary concern of governments is the protection of their critical information infrastructure (CII) with some sought of a complex operational environment. The damage or disruption of a CII may have serious impacts on the economic well-being, security, safety and health of the entire economy and government. Though massive capital has invested in securing CII there has been a number of challenges. According to Mr. Gor, a director Singapore Technologies Ltd (ST), the primary problem is that the domains are operations-centric. He argues that in IT systems the main focus is availability, integrity, and confidentiality of information but availability is the main focus of operational technology. It means that if these systems are shut down, healthcare, financial and power all people will be affected, so there is need to keep the systems alive. To deal with the challenge of availability and safety, ST came up with a framework to look at the CII security. The model is abbreviated as SAM and has Maintainability, Availability, and Safety as its components. This engineering mindset is governed by a deep engineering expertise, systems assurance, and extensive domain knowledge expertise. Mr. Gor says that to make cybersecurity safe and upgrade the systems, engineers must ensure they do not affect operations and safety. The implementation process needs time and a good strategy. It is important also to consider people and processes as technology is not the only solution to CII protection.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

The United States public sector IT systems were cited as a stereotype and out-dated especially its public sector (Uhl, 2003). The federal government has always been criticized because of its reliance on out-dated standards, applications, and operating systems. Many machines on April 2017 were running on Windows XP while others saddled with Windows 95 and 98. Though they had a crucial caveat that they have not connected to the internet and that they were safe, the Pentagon is pushing for machines to have windows 10(Mo, 2012). Extensive internet connection of the devices has put these systems at risk example in mid-2017, the Wannacry ransomware infected many machines (Rinaldi et al, 2001). The malware was enabled by the failure to update to security systems that could have prevented infection.

Understanding the maintainability, availability, and safety of critical information

To solve CII threats, an approach called security by design is used for projects to continue running. It is achieved through failure analysis of the existing solutions implemented earlier. Then, mitigation controls are put to prevent further potential pitfalls. This approach enhances any shortcoming in the set-up and original designs. To improve the security of systems, architects and engineers need to design the systems with security in mind (Sebe, 2008). They should understand what the legacy problems and what is currently in the existing systems. These will help know how the legacy systems will be impacted and how to combat the outcomes.

According to CII research, older technology, in many cases are more secure than newer alternatives when not connected to the internet. However, it is less secure due to its lack of security features and standards (Hammerli & Renda, 2010). IT experts' advice that for effective cybersecurity postures, systems should constant attention should be focused on CII systems and up-to-date defenses should be constantly updated.

References

Hammerli, B. M., & Renda, A. (2010). Protecting critical infrastructure in the EU. Brussels: Centre for European Policy Studies.

Mo, Y., Kim, T. H. J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., & Sinopoli, B. (2012). Cyber-physical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1), 195-209.

Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems, 21(6), 11-25.

Sebe, F., Domingo-Ferrer, J., Martinez-Balleste, A., Deswarte, Y., & Quisquater, J. J. (2008). Efficient remote data possession checking in critical information infrastructures. IEEE Transactions on Knowledge and Data Engineering, 20(8), 1034-1038.

Uhl, K. E. (2003). Freedom of Information Act Post-9/11: Balancing the Public's Right to Know, Critical Infrastructure Protection, and Homeland Security. Am. UL Rev., 53, 261.