The critical infrastructure protection was launched with the concept of acting on time to critical incidents. It involves the critical infrastructure of a region, a country or a nation. The program was launched after the presidential directive of May 1998 (Department of Homeland Security, 2015). The presidential directive further developed a nationwide policy that was aimed at ensuring the nation’s critical infrastructure safety, prosperity, security and resilience under the name National Infrastructure Protection Plan. The protection plan is supposed to be orchestrated and implemented by the municipality, but due to the current constraints and economic factors, the responsibility has been directed to the county critical infrastructure protection department where the CIP Officer is supposed to oversee the implementation of the plan.
According to the Department of Homeland Security (2015), the current NIPP was created to represent the concept of streamlining risk, strategic environment, and policy to achieve its “vision of a nation in which physical and cyber critical infrastructure remain secure and resilient, with vulnerabilities reduced, consequences minimized, threats identified and disrupted and response and recovery hastened.” The NIPP goals are to ensure resilience while at the same time protecting the critical infrastructure alongside the key resources.
The NIPP is aimed at ensuring that its stipulated objectives are achieved. These objectives, and how they are implemented are as discussed below.
Ensure that the CIKR is protected to ensure that the management of cyber and physical risk is strengthened.
Strengthening the management is a national priority, and it promotes an approach that increases reliance on important systems and networks that are necessary for information and communication technology. The idea of physical protection from risk is somehow outdated as most systems are linked to the cyberspace. The risks that are associated with the convergence of the cyber are considered as critical infrastructure in all areas of a department, be it agriculture or the energy department (Department of Homeland Security, 2014). Some of the strategies that can be applied in effort to meet this objective are:
Building effective partnership that determines group action by collaborating with critical infrastructure owners. In return, essential functions and services are delivered in line with one of the NIPP policies which is to partner for security and resilience.
A framework that encourages the improvement of the critical infrastructure cyber security should be adopted within any institution in the county, to be used by every sector and the stakeholders.
A further approach can involve exploring technological, organizational and behavioral strategies that can offer a solution when one is aiming at managing the cyber and any physical risks related to the critical infrastructure.
It is important to ensure that exchange of information on risks should be encouraged which in return enhances machine and human interpretation to cyber threats. The county government, as well as the private sector, should be urged to share their intelligence and information regarding cyber threats. This in return will encourage good cyber-security practices and consequently foster development of authentic products and services.
Resources needed
Cyber insurance that ensures that those that are negatively affected by cyber insecurity are compensated.
A reliable workforce that is inclusive of trainers. They are responsible for improving awareness on cyberspace and its insecurities. Those trained will then have more knowledge on the matter and in return offer authentic services and products.
Dispute resolution and policy coordination should be provided through an integrity progress that reviews the programs and functions assigned to the NIPP document (Department of Homeland Security, 2014). The strategies applied to ensure this objective is achieved include:
Relevant information should always be shared in a timely manner among the critical infrastructure partners in the county who are responsible for preparing and maintaining cyber responses.
Implementation and tracking of incidents that inform future planning and intervention.
Resources needed
Able leadership that will coordinate the critical infrastructure partners.
A record of previous incidences that involve recovery.
Ensure leveraging of the national and international relations. This will strengthen the national capacity.
Resources needed
An adequate infrastructure protection (IP) that coordinates both the private and public sector.
An agency for each sector created.
It is very necessary to provide lifeline functions when one is trying to get a broad recognition from the critical infrastructure community. Lifeline features increase the ability of the decision-making in an environment that involves a lot of evolving conditions (Department of Homeland Security, 2014). Some of the strategies to be used in achieving this objective are:
Evaluation of trends that are considered long term, and affect infrastructure risk. They are comprised of climate change and overdependence on the information and technology systems (Department of Homeland Security, 2015).
An infrastructure lifecycle should be put in place which will ensure resilience at each stage of the supply chain.
Innovative financing mechanisms should be explored and encouraged and this in return will promote investments whose primary objective is to enhance resilience that is all-hazard.
Resources needed
An infrastructure lifecycle
Excellent leadership skills among the management to ensure that the decisions are well coordinated.
Improve protection, mitigation, prevention, recovery and response activities through sharing information
Knowledge about something helps reduce threats and hazard and promotes awareness. In government or any other form of industry, a focus on determining the collaborative efforts should be analyzed all in the context of a critical infrastructure environment (Department of Homeland Security, 2014). Some strategies to be considered in this case include:
Using the right methods of dissemination within and across various sectors
Feedback concerning the information on prevention, protection, response, recovery and migration should be given for the purpose of ensuring continuous improvement.
Those involved in attaining this objective should have a culture that emphasizes the importance of sharing and enforces the responsibility to provide.
Resources needed
An up to date technology that will ensure efficient protection and prevention of any losses and also recovery in case the loss takes place.
The reason the system should remain safe is because the citizens mainly rely on the services provided by the federal government (Department of Homeland Security, 2014). To ensure that the government stays secure, the following strategies should be implemented:
Networks relating to the county government should be equipped with cyber security tools and protections.
Adequate measure and implementation of policies that are wide and have high standards are to be adopted.
Cost-effectiveness can be achieved through purchasing cyber-security.
Resources needed
Cyber insurance
Trainers and a reliable workforce that will keep people informed of the risks of cyber insecurities
An up to date technology system that detects any form of threats and one that can recover from any losses.
In conclusion, the NIPP objectives can be achieved with ease if the strategies listed are implemented. The materials that involve physical infrastructure and human workforce should come in handy to ensure that the county is successful in making the NIPP program a success. Implementation at the county level and not the municipality level should be encouraged, as this will ensure that more people on the ground become enlightened on what may seem like rocket science.
References
