Securing Critical Infrastructure: A Comprehensive Analysis of Digital and Physical Interplay - Free Report

Introduction

Amidst the changes the world is experiencing, the physical and digital systems are often converging. While the result is good news on other fronts such as globalization, the differences become part of a larger problem. Systems that were once relied upon to provide and manage critical infrastructure operations are becoming increasingly reliant on the Internet, and the connection results in the sharing of sensitive information. The increasing connectivity of crucial systems across the world has birthed new security problems.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Critical Infrastructure Protection (CIP) has become a need to protect vital infrastructure in a region such as food, agriculture, information systems, or transportation against existing and emerging threats. As such, every government in every country has stepped up to claim responsibility to protect the essential critical infrastructure against all threats such s terrorist activities, natural disasters, and emerging cyber threats. From transportation companies to energy organizations, it is paramount that security for any critical infrastructure attain the highest acceptable standard and that disaster preparation procedures, responses, and recovery remain treated as the leading priorities.

Due to recent findings of the seriousness of the problem, organizations dealing with critical infrastructures need to use a robust framework that anticipates and mitigates disasters in their operation areas. The CIP exists to enable government agencies and organizations in different sectors to prepare and respond to any mild or severe issues related to critical infrastructure environments and protect against unforeseen threats.

History Of CIP

The CIP became necessary due to the increasing risks that critical infrastructure faced amid the growing need for international business functions. As a result, President Bill Clinton signed the presidential directive PDD-63 in May 1998 (Slayton & ClarkGinsberg, 2018). The decree covered areas of national infrastructure that were documented as crucial to the US's national and economic security and outlined specific steps that were necessary to protect these areas. Following the directive, sixteen sectors were classified by the Department of Homeland Security (DHS) as critical infrastructure, and every government agency involved was made responsible for developing a detailed CIP plan to ensure protection in each area. An all-inclusive plan known as the National Infrastructure Assurance Plan was created to increase communication between the involved agencies. The plan went mainstream in 2006 after creating the National Infrastructure Protection Plan (NIPP), which provided guidelines on how government agencies and private entities could work side by side to manage risks and improve pertinent security outcomes. The classification of critical infrastructure sectors and dividing responsibilities among government agencies and organizations are still in place.

The Sixteen Critical Infrastructure Sectors

The Information and Technology (IT) sector is the most important in utilizing the best practices to ensure that all critical infrastructures are protected. Due to the increasing reliance on the internet, most threat analyses performed on the different sectors consider the likelihood of a particular group or categorization of cyber threats. Each sector has a unique set of tactics, techniques, and procedures that require protection (Lewis, 2019). Even after the risk is identified, the overall approach is to apply the best practices to eliminate the threat posed by any physical or digital element. Even so, the best way of dealing with the following issues is to ensure excellent cyber hygiene to protect the existing values, services, and industries.

Energy Sector

This sector is crucial to national and economic security because it has underlying operational requirements for the most crucial infrastructure. Currently, the US Department of Energy (DOE) is designated by the DS as a Sector-Specific Agency (SSA) for the energy sector. It is responsible for coordinating the preparation of an Energy Sector-Specific (SSP) that will be subordinate to the NIPP. Due to its centrality in many of a nation's operations, the industry carries specific risks and necessary controls by government agencies involved, and the private sector is needed to build resilience to cyber-attacks (Stergiopoulos et al., 2016). As a result, there is a growing need for cybersecurity to make professionals in energy-related fields understand the significance of building resilience. Industry professionals should contribute to ensuring the sector is well protected without interfering with their daily duties.

Emergency Service Sector

The increasing interconnectivity has paved the way for this sector, becoming increasingly important in daily lives. Society has shifted its focus to social media as the number one choice for emergency communications. As such, organizations and government agencies become accustomed to using social media as an outlet for alerts, updates, and emergency warnings. Despite the widespread use of social media, there is an increasing concern about the public's ability to utilize the technologies and updates judiciously (Tvaronaviciene, 2018). In this sector, CIP relies on social media's ability to guard their level of security because anything on the internet, even personal information, is public. Relevant government agencies and social media organizations often caution users about the dangers oversharing, which puts others in danger, even when sharing is at the liberty of individual social media users.

Defense Industrial Base Sector

This sector directly affects national security and the level of threat affecting every nation. Due to the sector's nature, the level of control and security protocols in place are protected from any public influence. The main reason for this is that members of the public, civilians, are shielded from daily threats, and they do not have the necessary knowledge to assess threats. Nonetheless, when the sector is involved, there is a tendency to take a conservative, pessimistic approach to how world powers use technology (Shackelford & Bohm, 2016). Ensuring CIP in the sector depends on civilians becoming good cyber citizens, which requires vigilance from anyone using internet-connected technologies.

Dams Sector

The dam sector is crucial to national and economic security since it provides drinking water and irrigation water for millions. In the US, the situation is direr because US dams' private and public infrastructure is directly connected to water and energy concerns in the country. Since systems are interconnected in the country, CIP protocols ensure that systems are diversified for the specific purpose they are intended (Stergiopoulos et al., 2016). The CIP procedures recommend that access to government portals, passwords, and any underlying subsystem is sufficiently protected. It is the reason why cybersecurity specialists warn against using the same passwords for personal and business accounts, which gives an attacker the advantage of attacking a dam's controls.

Critical Manufacturing Sector

The sector is protected because it hosts many crucial trade secrets that count to prove fatal to governments' national security and economic interests. Besides, it is reliant on other sectors such as information technology, energy, and transportation. CIP's primary concern in the sector is the underlying risks and the ripple effects it would have on other infrastructure areas. Its security depends on using organizational resources for corporate business (Stergiopoulos et al., 2016). Connecting unknown devices in a corporate network can severely affect the organization and affiliated third-party networks connected to the infrastructure. Most organizations support CIP interests by forbidding the use of personal devices in the workplace. Government agencies provide support to corporations when handling a serious threat and identifying potential suspects.

Communications Sector

The communication sector is one of the most important sectors since it facilitates the survival of other sectors. Any type of communication connection, wired, wireless, and satellite, has become more than just an underpinning of modern life. The increasing reliance on technology has made the sector vulnerable to many attacks, hence its inclusion in the DHS's list of sensitive sectors. The sector is widely considered the "enabling function" in most other sectors (Spellman, 2018). The use of the latest security patches and updated anti-malware software contributes to the CIP of the sector to ensure that the crucial resource is not utilized to exhaustion.

Commercial Facilities Sector

Controlling this sector has proven to be difficult for organizations and government agencies due to its complexity. The critical infrastructure component is comprised of eight subsections and includes the media, retail, and hotels. Media is the most crucial subject and involves movies, music, and any form of electronic content. The CIP recommends detracting from piracy or illegal use of IP that is not supplied by authorized dealers. The warning is due to the malware-infested websites and programs that offer downloading services, which are a significant contributor to infected computers and the spread of illegal activities (Lewis, 2019). The sector has varying security issues that emanate from using electronic points of sale terminals, where credit information is illegally obtained from unsuspecting customers. The CIP recommends careful use of services in the sector to avoid falling victim to nefarious individuals.

Chemical Sector

The sector is highly regulated due to concerns about terrorist attacks and the mishandling of dangerous chemicals. As such, manufacturers and private owners are required to employ CIP best practices by applying cybersecurity control measures to industrial control systems and information systems (Tvaronaviciene, 2018). As such, the interdependency of necessary supply chains and awareness of the threat involved in the critical services supporting other critical services is crucial. The sector relies on professionals dealing with the chemicals to rely on their good judgment to report anything suspicious.

Financial Services Sector

The sector is considered an integral part of the CIP because it dictates financial stability. It is also a sector associated with extreme risk and volatility and requires every citizen to be wary of their cyber practices (White, 2019). Such practices dictate the level of threat posed by cybercriminals that contribute to the loss of billions of dollars every year. Most people who fall victim to the crooked schemes involving the sector lose their money and others have false tax returns filed against them. It remains a challenge to deal with the effects of cyber-criminal activities involved in the field.

Food and Agriculture Sector

This sector is especially sensitive because it is directly related to public health. As a consumer-based sector, there are serious risks when unsupported health claims are advertised in electronic media or through email (White, 2019). The sector is under CIP because the public can easily fall victim to the claims, making due diligence crucial (Stergiopoulos et al., 2016). The risk factor involved is critical because of the effectiveness of social engineering and consumable products. Such risks are not in the public's best interest from a physical health and cybersecurity perspective.