The infrastructure security has always been on the highest level for the US government. Still, the September 11, 2001 was the breaking point which is considered to be the start for heightened interest in critical infrastructure protection, both in public and in private sectors. To understand the main purpose of the research, it is crucial to check the main notions which are going to be considered, critical infrastructure in private sector.
Critical infrastructure is the notion which identifies physical and computer-based systems, like telecommunications, banking, transportation, water and energy resources, etc. The private sector of the country’s economy is characterized by the organizations which are not controlled by the state, like private firms, companies, banks and other private non-government organizations (Radvanovsky and McDougall 5).
Thus, the main purpose of the research is to consider the main security strategies the private sector uses in the relation to the protection of critical infrastructures. The USA has a Department of Homeland Security which helps the private sector to cope with the problems it may face.
Critical Infrastructure Protection Challenges for Private Sector
There are a number of different challenges a private sector should cope with the purpose to organize critical infrastructure protection properly. There are a number of different normative laws which are aimed at analyzing those challenges and offering some decisions to solve them. Considering the challenges in addressing
cybersecurity, the following key ones may be identified: the organizational stability should be achieved, the roles and capacities of the cybersecurity should be considered and the awareness should be increased, the efficient partnership with stakeholders should be considered, the information exchange should be on the high level (Powner 12).
Private sector also faces other challenges, like securing control systems. One the one hand, technological innovations are involved in the sphere and allow specialists to control the process by means of different facilities.
On the other hand, the specialized security technologies for control systems are not invented yet due to a number of reasons. Moreover, there are some ideas that securing control systems are not justified economically that create some problems. Finally, the security control systems may become the issue for conflicts on the basis of the priority notion (Dacey 18).
There are a number of challenges private sector faces in the informational sphere. National Infrastructure Protection Center is the organization that helps the private sector cope with those challenges as the establishment of the correct information-sharing relations with the state is the first step for dealing with the problem.
These challenges should be faced both by the private sector and by the Department of Homeland Security, even though it is the state institution, the security is going to be on the highest level in the private sector only when the government supports it.
Introduction to Threat and Risk Analysis Models
To conduct the critical infrastructure protection properly and on the highest level, the risk assessment in the sphere should be provided. Risk management and critical infrastructure protection in the private sector should be conducted on the basis of the assessment, integration, and management of such facilities as threats, vulnerabilities, and consequences.
To conduct the risk assessment in the private sector, the following steps should be considered in this succession:
- The identification of the most critical infrastructures,
- Identification, evaluation and assessment of the threats,
- Consideration of the vulnerability of those critical assets,
- Specification of expected risks along with the expected consequences,
The next stages should be followed to prioritize risk reduction activities. That is, the specialists should state and evaluate the ways aimed at reducing the risks which have already been highlighted and prioritize risk reduction by means of the risk reductions strategy.
The private sector should collaborate with the government with the purpose to be aware of the innovations in the critical infrastructure protection field and to count on the state and its help. The role of the government in the security of the private sector is crucial. The Homeland Security Act of 2002 and other administration documents are directed at helping the private sector to cope with the threats and minimize the risks to minimum.
Basic Principles for Critical Infrastructure Protection
The fundamental principles for critical infrastructure protection may be based on the CARVER method. This method is based on six factors which influence the efficiency of the procedure. CARVER method is a military strategy which is used for identifying the targets for the attacks. It is reasonable to consider these principles for identifying the threats in the private sector directed at critical infrastructure.
This method should be used to prioritize the targets which are considered to be the most vulnerable. Thus, the CARVER method is based on the following components, Criticality, Assessibility, Return, Vulnerability, Effect, and Recognizability. The main principle of this method is to identify the infrastructure with the highest value and to try to protect it by much attempt.
The main idea of the criticality is to identify the target which plays crucial role in the achieving the goal and the elimination of which will put a private company much behind. The accessibility means that the company should consider whether the target easily reached or not.
The critical infrastructure protection means high level of security and low level of accessibility. The company should check the return capacity of all the critical infrastructures and pay more attention to those which capacity to return is lower. The vulnerability of the target is really essential. The company should try to organize the work in such a way that all objects and targets which may be considered as vulnerable should be protected better.
The effects should always be predicted. It is important for the private company to understand the outcomes of the threat in order to prevent those in case of any problems. It is also important to understand that the recognizability of the critical infrastructure is also essential. The private sector should protect its points with the purpose to reduce the risk for the target to be recognized by the competitor and either copied or destroyed (Pavlina n/p).
Vulnerability Analysis Models
Using the vulnerability analysis model, the company should follow the next steps to make sure that the competing agents are not going to reach the critical infrastructure and are not able to violate the company security. It may be concluded that the main purpose of the vulnerability analysis is to check and reduce the systems which may be available for natural and man-made damages.
Thus, the steps one should follow to complete this method are: a) to identify the gaps and research needs in the sector, b) to check the competitors which may be suspected in organizing the attack, and c) to develop the strategies aimed at reducing the threat.
The main purpose of this model is to encourage businessmen and entrepreneurs to protect their strategic objects better or, vice versa, to find faults in the critical infrastructure protection of the competitors and to use the information to combat them on the business arena (Catlin and Kautter 3).
Introduction to CI/KR Dependencies and Interdependencies
The Department of Homeland Security has identified the Critical Infrastructure and Key Resources (CI/KR) which are protected by the government no matter whether public or private sector is involved in the affair. It is obvious that DHS cannot cope with all the CI/KR, so there are a number of other departments which help.
To provide an effective protection of the CI/KR, the public and private sectors should establish good relationships based on the ideas and information exchanges, security planning with sharing the best practices, the coordinating structures should be perfectly established, the collaboration with the international community is important as well as the building of public awareness.
The DHS identifies the following CI/KR: agriculture and food, commercial facilities, dams, energy, information technology, postal and shipping, banking and finance, communication, defense industrial base, transportation systems, chemical, critical manufacturing, emergency services, healthcare, nuclear reactions, materials and wastes, and water (“Critical Infrastructure and Key Resources”). If any of those CI/KR are involved into private sector, the company managers should care greatly of its security.
Concepts of Continuity Of Operations (COOP) Plans and Continuity Of Government (COG)
Continuity of operations is the notion which may be defined as a government effort to make sure that Primary Mission Essential Functions are going to work in spite of any incidents, including natural disasters, technological attacks and other accidents. The main purpose of COOP is to make the private sector, which deals with CI/KR, continue its work no matter what is happening in the country. The Continuity of Operations (COOP) Plan is a map for implementing the program designed by the Continuity Program (FEMA n/p).
The Continuity of Government (COG) is defined as the necessity for the government and all its structures and operations to function without paying attention to any of the incidents which happen in the country. The main purpose of the COG is to provide the constitutional protection to the citizens of the country and the constitutional form of the government (FEMA n/p).
In conclusion it should be stated that the proper functioning of the government is possible only in case if the private and public sectors work together and are able to collaborate with each others. It is crucial to understand that the critical infrastructure of the company should be properly protected.
This means that the CARVER method should be applied to make sure that the cyber systems as well as other engineering systems are properly protected. The vulnerability analysis is really helpful for maintaining security in the critical infrastructure. The Continuity of Operations (COOP) and the Continuity of Government (COG) are the document which state that all systems and projects essential for the state should function, no matter what is happening in the country.
Works Cited
Catlin, Michelle and Donald Kautter. “An Overview of the Carver Plus Shock Method for Food Sector Vulnerability Assessments.” Federal state department of agriculture 18 July 2007. Print.
“Critical Infrastructure and Key Resources.” Department of Homeland Security. 2010. Web.
Dacey, Robert F. “Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems.” United States Government Accountability Office 30 March 2004. Print.
FEMA. 2010. Web.
Pavlina, Steve. “How to Prioritize.” Pavlina LLC May 22, 2007. Web.
Powner, David A. “Critical Infrastructure Protection: Challenges in Addressing Cybersecurity.” United States Government Accountability Office 19 July 2005. Print.
Radvanovsky, Robert and Allan McDougall. Critical Infrastructure: Homeland Security and Emergency Preparedness. New York: Taylor and Francis, 2010. Print.