Study Document
Critical Infrastructure Security Information Technology Essay
Pages:5 (1351 words)
Sources:5
Document Type:Essay
Document:#77085336
Synopsis
Because the majority of critical infrastructure components in the United States are privately owned, compliance with Department of Homeland Security risk assessment methods remains voluntary. Risk assessments of critical infrastructure focus on threat, vulnerability, and consequences, with all types of assessments integral to helping improve resilience and mitigate problems (GAO, 2017). A vulnerability analysis of the nation’s information technology critical infrastructure reveals several points of weakness and security gaps. The Department of Homeland Security (2018) infrastructure survey tool can be used alongside the systems dynamics approach to vulnerability assessment. These tools reveal the inherent strengths of complex, interdependent information technology systems, while also revealing the potential weaknesses in a decentralized approach.
Executive Summary
Two of the most salient methods of conducting vulnerability assessments on critical infrastructure include the opt-in survey offered by the Department of Homeland Security, which targets the physical facilities, and the systems dynamics approach. Information technology is a unique critical infrastructure in that it includes both a physical, concrete component (such as hardware) and an abstract, information-based core content. Therefore, combining a systems dynamics approach with the DHS survey tool reveals the particular vulnerabilities evident in the information technology critical infrastructure. Strengths include the prevalence of some open systems and dynamic communications methodologies, plus advanced physical security defense mechanisms. Identifiable weaknesses include inconsistent risk assessment and mitigation methods, and the risks with private sector knowledge leakage. Cyber threats remain a major vulnerability. More information would be needed before a more thorough risk assessment could be conducted.
Introduction
Information technology is one of the nearly twenty critical infrastructure component the Department of Homeland Security recognizes. The DHS offers specific strategic planning interventions for these sectors, with voluntary compliance expected and counted upon to preserve national security interests. Hardware manufacturers and the members of their supply chains, software developers, and service providers all fall under the general rubric of information technology critical infrastructure (GAO, 2017). Various vulnerability assessment methods can be used to evaluate the nation’s information technology critical infrastructure. One assessment tool is the Infrastructure Survey Tool offered by the Department of Homeland Security. This tool is a web-based security survey that focuses mainly on physical facilities and is therefore limited in scope. A systems dynamics approach uses “stocks, flows, and feedback loops” to account for the complexities of information architecture (Deng, Song, Zhou, et al., 2017, p. 1). Rather than viewing systems dynamics and the Infrastructure Survey Tool as being discreet, mutually exclusive entities, combined they offer the opportunity to identify security threats before they morph into crises, and the chance to make necessary changes to institutional structure, policy, leadership, and practice.
Details
Infrastructure Survey Tool
The Department of Homeland Security offers the Infrastructure Survey Tool for chief security officers, facility managers and operators. As a web-based survey, the tool is accessible and cost-effective. The Department of Homeland Security (2018) recommends that the Infrastructure Survey tool be used regularly and in conjunction with Assist Visits to identify vulnerabilities and address them accordingly. Focusing on physical vulnerabilities in a facility, the survey addresses issues like perimeter and property security but also channels of information sharing and communication, threat response protocols, and recovery plans (Department of Homeland Security, 2018). Because of the fragmented nature of the nation’s information technology infrastructure, each individual enterprise needs to voluntarily conduct the Infrastructure Survey Tool. Applying the tool broadly across all components of the critical infrastructure reveals several vulnerabilities, particularly with regards to inconsistent communication plans and protocols.
Hardware manufacturers present some of the clearest security vulnerabilities, when viewed through the lens of the DHS survey. One of the reasons for the vulnerability is the lack of vertical integration of many companies, and the heavy reliance on foreign manufacturing for various parts and components. Unless manufacturing processes are…
Sample Source(s) Used
References
De Bruijne, M. & Van Eeten, M. (2007). Systems that should have failed. Journal of Contingencies and Crisis Management 15(1): 18-29.
Deng, Y., Song, L., Zhou, Z., et al. (2017). Complexity and vulnerability analysis of critical infrastructures. Mathematical Problems in Engineering 2017(Article ID 8673143), https://doi.org/10.1155/2017/8673143
Department of Homeland Security (2018). Infrastructure Survey Tool. https://www.dhs.gov/infrastructure-survey-tool
Stamp, J., Dillinger, J. & Young, W. (2003). Common vulnerabilities in critical infrastructure control systems. NISA/Sandia. https://energy.sandia.gov/wp-content/gallery/uploads/031172C.pdf
Related Documents
Study Document
Critical Infrastructure Protection Using Computers in Modern Society...
Critical Infrastructure Protection
Nowadays, computers have become very ubiquitous in the American society. Computers and related technologies are used at every level of government in the United States. Computer technologies are also used by all sorts of professionals, and private citizens to access information, store information, communicate, and/ or transform acquired information. Right now, there are also computer-dependent technologies that are used to monitor and control, critical transportation systems, water
Study Document
Information Systems & Information Technology
The company's consistent top line revenue growth also illustrates it has been successful in transforming its supplier network into one that operates more on knowledge, less on purely price or product decisions. As a result the company is capable of competing more at the process level and less at the purely price-driven one (Reese, 2007). In terms of the company's factors for success, the greater opportunities is to move into
Study Document
Information Technology Summary and Critique
End Notes 1) Given the recent tardy but well-meaning responses by the federal, state and local officials in the Gulf Coast, it can be assumed that the nation remains relatively unprepared for a terrorist attack of September 11-proportions. The U.S. is struggling to negotiate a nuclear arms treaty with Iran and North Korea (the latter having recently agreed to forego additional nuclear weapons testing in exchange for light-water nuclear reactors, a
Study Document
Information Technology Customization and Standardization: A View
Information Technology Customization and Standardization: A View of Cloud and Grid Computing Sequencing a genome, storing vast video libraries, or utilizing a non-essential application for occasional use are all functions performed within the realm of information technology. Meeting a particular task need was once the challenge of the end user or organization to ascertain their current and future use to guide their technology purchases. In the not so distant past, limitations of
Study Document
Information Technology Amazon.com Situation Analysis
Hence the development of the Open Systems Interconnect (OSI) Model which lead to the development of the Internet and the Ethernet standard and the TCP/IP protocol, both of which nearly the entire Internet runs on today. #9, in what way have phones and computers converged? Why is this convergence occurring? The personal productivity tasks of communication as it relates to the use of telephones and computer systems has long been an
Study Document
Security Information Is the Power. The Importance
Security Information is the Power. The importance of collecting, storing, processing and communicating the relevant information presently is viewed as crucial in order to achieve success in almost all the fields be it business firms, individuals or organizations. An integrated set of components assisting collection, store, process and communication of information is termed as information system. Increasing dependence on information systems is noticed in order to excel in the respective fields