Securing the Nation’s critical infrastructures has rightly become an increasingly vital component of the Nation’s homeland security strategy since September 11th. The USA PATRIOT Act defines “critical infrastructure” as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
Resulting from the increased attention to several issues that have developed since September 11th, the federal government has recognized the importance of establishing a national strategy to protect and defend America’s critical infrastructure components while placing an increased reliance on the private sector to assist and guide this process. The release of the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets in February 2003 emphasized an important step in advancing the Nation’s mission, hopefully ensuring nationwide coordination and cooperation.
However, meeting this challenge will require cooperation and coordination across both government and commercial boundaries. The nature of threats requires a degree of decentralization since the task of homeland defense is too large, too complex, and far too expensive for any one isolated federal department to control. The private industrial sectors owns and operates approximately 85 percent of our critical infrastructures and key assets. Therefore, much of the expertise and many of the resources required for planning, outlining protective measures lie outside of the federal government. The new front line of defense for America’s critical infrastructures has become the communities and individual organizations making up our critical infrastructure sectors.
Infracritical is committed towards the realized goal of securing our Nation’s infrastructures through the proper alignment of education, training and awareness, regulatory creation and intervention, policy and management directed methodologies, and the implementation of sound systems risk profiling analysis management techniques.
The third mission is broken in three (3) subcategories, which outline strategically how and what Infracritical proposes insofar as to doing in ensuring the security and safety of our Nation’s infrastructures.
Step 1. Through the analysis of data and information gathered and collected, Infracritical can provide risk assessments through methodologies of securing critical infrastructure and protected systems. These systems may be computer and/or network connected devices, or they may simply be computer-related (such as control systems, or “SCADA”), providing valuable and critical services to just about each and every sector outlined as being a “critical infrastructure”. Or, these systems may be business or procedural systems, representing a process flow, a continuity of information, data and intellectual insights, providing ebb of secure, reliably integrated and accurate information to management, investors, and data owners.
Step 2. Infracritical can identify most known vulnerabilities, exploits and weaknesses in about every system encountered, whether automated, semi-automated, or completely manual. Our methods for analyzing and developing risk assessments are customized for each and every organization and business entity examined and reviewed. Data and information that is gathered and collected is carefully scrutinized for inconsistencies that would otherwise not be present or known through any given moment in their daily operations. Reviewing such data and information allows for consistency and accurate analysis, and provides for a more effective, more improved integrity of the overall business system data flow process that is both secure and accurate.
Step 3. Infracritical provides, through education, training and awareness programs, methods for enhancing system recovery and preparedness procedures, measurements as well as countermeasure methods for safeguarding the overall integrity of the organizational business system data flow process. The key to the success of any given critical infrastructure is the timeliness, availability, accuracy, and security of data and information, which is authorized to review the data and information, methods of access and elimination, archiving, storage and future retrieval, and other procedural methodologies often associated with such a given process.
In summary, Infracritical can provide functionalities for the following areas of CIP:
- Assess risk and vulnerabilities for any targeted critical infrastructure sector and its industry;
- Provide training for Critical Infrastructure Protection (CIP);
- Provide security awareness training (focusing primarily on informing the general public);
- Isolate and analyze incident intervention and consequence management;
- Formulation implementation of security policies for protection of critical infrastructure, and;
- Review and oversight recommendation (to anticipate and provide for resource requirements).
The private industrial sectors are all driven by “the bottom line”, consumer and shareholder confidence, and market forces, all of which provide strong incentives for increased security. As change in focus, however, is necessary for this process to succeed. National businesses should review government demands based on their expertise not by cost, but also as an opportunity for improving the overall system.
Government can assist to some degree with this process and, in fact, has the obligation to do so. However, the government should not inhibit any industrial efforts to simply protect itself; instead, it should ensure that businesses have the tools necessary to do so. It would be almost impossible for the government to pay for all the necessary security improvements at the level required based upon current threats that exist in the wild. The assessment of who will foot the bill must be performed and calculated on a case-by-case basis.
If industry fails to implement the appropriate levels of protection, then government will most likely have to intervene and enforce stricter regulations. The airline industry after 9/11 is a recent example of government intervention as the private industrial sector failed to respond to the threat in a timely manner. This should not be the case with America’s critical infrastructures and key assets.
We at Infracritical feel the importance of ensuring the safety and security of our Nation’s most valuable resources and assets: our Nation’s critical infrastructures. Without them, our Nation may not operate. Our third mission is to make every effort possible of ensuring the safety and continued operations of the United States of America.