- Department of Homeland Security: Mission, Operations, and Responsibilities
- Critical Infrastructure Protection (CIP) Initiatives
- How CIP Has Advanced Between the Releases of the DHS and NIST
- Concerns for IS Professionals
- Three Methods to Protect US’ Critical Infrastructure
- Effectiveness of IS Professionals
- Reference List
Department of Homeland Security: Mission, Operations, and Responsibilities
The Department of Homeland Security’s mission is “to ensure the country is secure and safe against terrorism and other potential hazards” (DHS Critical Infrastructure Security, 2016, para. 3). That being the case, the department coordinates various activities and responses to ensure every critical asset is protected. The department brings together many players from tribal, governmental, and private sectors to achieve this mission.
These stakeholders play a significant role in developing the best security measures. As well, research is executed continuously to produce new technologies that can respond to various disasters and threats. The other responsibility is to secure and protect the country’s borders. Security measures are put in place to safeguard the country from terrorism. The organization “collaborates with different players to ensure resilient to every disaster in the country” (National Infrastructure Protection Plan, 2009, para. 4).
Critical Infrastructure Protection (CIP) Initiatives
Kim and Solomon (2013) define “Critical Infrastructure Protection (CIP) as a powerful concept aimed at improving preparedness and response to unexpected incidents that might affect the integrity of a nation’s critical infrastructure” (p. 24). Several CIP initiatives are therefore undertaken to support the integrity of every critical asset. Such initiatives are undertaken depending on the nature or stage of the incident. The first initiative is detection whereby possible vulnerabilities and threats are identified. The response becomes a critical CIP initiative, especially after the targeted disaster, occurs (Kim & Solomon, 2013). Recovery is also undertaken to restore the integrity of the affected infrastructure (Deshmukh & Qureshi, 2011). Planning and prevention are critical CIP initiatives undertaken to protect infrastructures from different forms of attack.
CIP initiatives protect critical assets that support a nation or a wider region. Such initiatives are undertaken because an incident affecting the infrastructure can have significant implications. For example, an attack on a nation’s electricity grid system will affect the lives of more people and economic activities (Deshmukh & Qureshi, 2011).
Several methods can be used to protect different assets. The most preferable protection method is usually dictated by the nature of the targeted asset. For instance, computer systems can be protected using physical security strategies as well as advanced anti-virus software. Remediation is the concept used to describe the major strategies used to protect assets from various risks (Kim & Solomon, 2013). Physical systems, barriers, surveillance systems, and security measures are also used to protect different assets.
How CIP Has Advanced Between the Releases of the DHS and NIST
The Executive Order 13636 of 2013 was aimed at “enhancing the resilience and security of the country critical infrastructure and maintain a cyber environment that promoted innovation, efficiency, security, civil liberties, and economic prosperity” (Framework for Improving Critical Infrastructure Cybersecurity, 2014, para. 2). The implementation of NIST’s Framework for Improving Infrastructure Cybersecurity was the product of this Executive Order. To achieve the most desirable goals, the releases of the NIST’s framework and DHS’ National Infrastructure Protection Plan (NIPP) have been advanced through the concept of CIP.
To begin with, the CIP approach offers specific functions that can be undertaken to support the integrity of different systems and critical infrastructures. That being the case, NIST and DHS always collaborate in an attempt to produce the best responses to the threats associated with cyber-security (Framework for Improving Critical Infrastructure Cybersecurity, 2014). The CIP functions have been used as a benchmark to describe the most appropriate detection, planning, response, protection, and recovery measures. By so doing, the issue of cyber-security has been taken seriously than ever before. This has been the case because cybercrime has become a major challenge that threatens the effectiveness and performance of different information technology systems.
The six CIP phases have played a significant role to advance between the releases of the NIST’s framework and DHS’ NIPP. The phases have been used “to create the most desirable framework for a comprehensive solution for critical IT infrastructures in the country” (Kim & Solomon, 2013, p. 42).
The phases are used to analyze, remediate, mitigate, respond, and reconstruct every vulnerable infrastructure. These attributes are embraced by these two agencies to produce an effective Cybersecurity Framework (Framework for Improving Critical Infrastructure Cybersecurity, 2014). The “Cybersecurity Framework should be treated as the most appropriate baseline for risk management and cyber-security improvements in the country” (Framework for Improving Critical Infrastructure Cybersecurity, 2014, para. 17). These two departments are always ready to work with different stakeholders such as owners of critical assets, operators, federal and state governments, private stakeholders, and technologists to deal with cybercrime.
Concerns for IS Professionals
Information Systems (IS) professionals required to protect the United States’ infrastructure should be concerned by specific vulnerabilities. The first group of threats is physical. Some threats such as fires, system breakdowns, human errors, and floods should be considered by these professionals. Malpractices such as vandalism, theft, and disruption should also be taken seriously. These professionals should ensure there are adequate physical control measures to protect such systems (Kim & Solomon, 2013).
Non-physical threats pose the greatest risk to these systems. For instance, loss of data or corruption is a major issue that can result in a system breakdown. Phishing and computer viruses can pose a major threat to every IS technology (Deshmukh & Qureshi, 2011). Spyware, worms, and adware should also be monitored using effective software systems.
Three Methods to Protect US’ Critical Infrastructure
Several methods can be used to protect the country’s critical infrastructure. To begin with, physical barriers and highly-trained personnel can improve the protection of every critical infrastructure in the country. The second important approach is tackling the problem of terrorism from a global perspective. The events of September 11 explain why many systems are threatened by global terrorism. This method will minimize the chances of terrorist attacks.
By so doing, more assets will be protected to support the welfare of more citizens. The third protection method revolves around the use of advanced software applications. Different professionals should embrace the use of “logical security measures to protect every critical infrastructure” (Kim & Solomon, 2013, p. 128). The method will result in the production superior of anti-viruses that can tackle the challenge of cybercrime.
Effectiveness of IS Professionals
From a personal perspective, I strongly believe that IS professionals are effective in protecting the United States’ infrastructure. This is the case because the country’s agencies have managed to tackle potential threats while at the same time safeguarding the integrity of different systems. The prosperity and economic performance of the country are therefore attributable to the timeless contributions of these professionals. However, these are professionals can collaborate with innovators and private programmers to come up with superior systems and CIP initiatives (Deshmukh & Qureshi, 2011). Such a move will produce superior response systems that can protect more critical assets.
Reference List
Deshmukh, A., & Qureshi, R. (2011). Transparent Data Encryption: Solution for Security of Database Contents. International Journal of Advanced Computer Science and Applications, 2(3), 25-28. Web.
DHS Critical Infrastructure Security. (2016). Web.
Framework for Improving Critical Infrastructure Cybersecurity. (2014). Web.
Kim, D., & Solomon, M. (2013). Fundamentals of Information Systems Security. Burlington, MA: Jones & Bartlett Learning. Web.
National Infrastructure Protection Plan. (2009). Web.