1. The systems that run our water system, our electricity system and our gas system are all controlled from the internet. All these systems make up what we call critical infrastructure. Networking these systems and making use of the internet to operate them come with a lot of benefit. However, we are also confronted with major problems that can prevent us from having access to these infrastructures. Its therefore the responsibility of the government to make sure that access to these infrastructures is always guarantee and safety is taking into consideration.
In order to guarantee security to our critical infrastructure, the following steps should be taken by the government;
The government should make it a priority to increase the sharing of cyber threat information between the different stake holders. Public-private sharing of cyber threats is very important in keeping critical infrastructure safe (Barack Obama 2013) . This will provide timely notification to all government agencies as related to cyber threats to our critical infrastructure. This will also enable a promptly response to any cyber-attack.
Industry best practices and consensus standards should be part of a cybersecurity framework. This Framework should be able to reduce cyber security risks.
The framework should consider best practices from the public and private sector. Nothing should be imposed on any sector or actor of the society. It should be a consensus amongst stake holders. The frame work should promote collaboration in order to encourage innovation and also to recognize the different needs of critical infrastructures.
Privacy and Civil Liberties Protections:
The processes for sharing cyber threat and incident information between stakeholders should include civil liberties and privacy protection( Hugo Teufel III 2008)
Fair Information Practice Principles, and other applicable privacy and civil liberties frameworks and polices should be implemented.
Barack Obama (2013) Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity”.
Robert Gellman (2016) fair information practices, privacy and information policy.
Within the US critical Infrastructure is the essential services that lie behind American society, it is the backbone of the nation’s economy, security, and health. Critical infrastructure covers the power within people’s homes, the communication systems we use to stay in touch, and the water we drink (DHS, 2016). There are approximately 16 critical infrastructure sectors, some of these include; Chemical, Communications, Emergency services, Energy, Information Technology, and more (DHS, 2016). They all contribute to the assets, systems, and networks in different ways, these are so vital to the United States that anything which may interrupt them can have a debilitating effect on the security of running of the country. Within the Information Technology sector of critical infrastructure lies the function of cybersecurity infrastructure.
What is meant by “cybersecurity” for critical infrastructure?
When it comes to cybersecurity, it is the protections of technology systems and it “focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction” (UMUC, 2016). When you add this description of cybersecurity to that of critical infrastructure it is the protection against unauthorized users from gaining access to the essential services that makes the United States run efficiently. At any time that there is a breach in a critical infrastructure systems the running of that sector can be hugely compromised.
Almost every sector of critical infrastructure relies on some form of computer system and network. For example the cybersecurity on power grids: If at any time there is a breach in a power grid though its computer systems it can cause a domino effect to other critical areas of the area, including the loss of power at hospitals, “security and fault resilience of power as a utility must be a prime objective for power grids” (Bhattacharya, Mueller, & Zimmer, N.D.).
Where have past state government administrations supported or fallen short in promoting cybersecurity for critical infrastructures?
When it comes to the technical systems which build up the critical infrastructure has been targeted many times in the past. The main target on these systems came to the autonomous systems used in facilities. A closed autonomous system should allow for a decrease in user error and should reduce the amount of input from authorized users. However these systems did not turn out to be as secure as expected (Uchill, 2016). The system which is supposed to be isolated are not.
What is meant by “Threats”?
When it comes to cybersecurity there are many different types of threats. The most common threat is a hacker to the system. A hacker is a person who uses computer programming to gain unauthorized access to a target system for a reason. This reason could be monetary, vindictive, or for information retrieval (SecPoint, 2016). A hacker can be a person, a group or an enemy state run hack.
Another type of threat could be that of an internal threat. An internal threat could be a hacker, who uses the computer system to access more than they are authorized to with the intent to distrupt the system. Or an internal threat could pose a physical attack on the system and sector targeted. A physical attack could include a bomb on a damn with the intent to destroy the dam’s function.
Cybersecurity and critical infrastructure go hand in hand. With the amount of technical systems in the many different sectors of critical infrastructure it is highly important to secure the systems which make them run.
Bhattacharya, S., Mueller, F., & Zimmer, C. (N.D.), Cybersecurity for Power Grids, Rutgers, Retrieved from http://cimic.rutgers.edu/positionPapers/paper-FrankMueller.pdf
DHS (January 8, 2016), What is Critical Infrastructure?, The Department of Homeland Security, Retrieved from https://www.dhs.gov/what-critical-infrastructure
SecPoint (2016), Types of Hackers, SecPoint, Retrieved from https://www.secpoint.com/types-of-hacker.html
Uchill, J. (August 6, 2016), Research: Infrastructure systems easy to hack, a little slow to patch, The Hill, Retrieved fromhttp://thehill.com/policy/cybersecurity/290626-research-critical-infrastructure-easy-to-hack-a-little-slow-to-patch
UMUC (2016), Cybersecurity, University Maryland University Collage, Retrieved from http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm