Abstract
The United States was called to rethink its security strategies since the September 11, 2001 terrorist attack. Immediately after this catastrophe, the various stakeholders failed to come up with an explanation of why the attack succeeded. Therefore, few months later the Department of Homeland Security (DHS) was established in order to ensure a safer country that was protected from terrorism and other disaster. Since then the DHS made stride in meeting its mandate. One of those mandates is the protection of critical infrastructure since it is vulnerable as a target to attacks or disaster and such would cause immeasurable harm to Americans. The National Protection Plan was developed to help spearhead the implementation of this role. This essay will therefore, assess the role of DHS in critical infrastructure protection as well as the challenges encountered.
Mission and Responsibilities of the Department of Homeland Security
First, DHS has the responsibility of protection of Americans from terrorism threats. This was the founding principle of DHS and it is given high priority. The Department looks upon the various stakeholders including communities and the private sector to ensure a successful implementation of the role. International allies are also involved in order to mobilize information and resources relevant to combat terrorism. Second, the DHS is tasked with securing the American borders. This includes prevention on illegal immigrants and smuggling of dangerous weapons. Closely related to the second role, is the facilitation of legal immigration and taking measures to deal with people who flout immigration laws. Another role is to secure the cyberspace and lastly, to ensure disaster resilience.
Critical Infrastructure Protection Initiatives
Critical infrastructure is the combination of systems, networks and assets, whether virtual or physical, that is so vital to the United States such that their deterioration or attack would have a devastating effect on the security, economy, health and safety to Americans. The DHS is tasked with the main responsibility of protecting the federal state against terrorist threats and other disasters. In carrying out this mandate, it is paramount to incorporate the protection of the critical infrastructure since they are more vulnerable to attack and can have a debilitating effect to people.
The National Infrastructure Protection Plan (NIPP) is the main reference document that identifies and prioritizes the critical infrastructure and also provides resources and initiatives of protection of the critical structures. First, the Plan takes the initiative to unify the infrastructure protection through DHS. Second, it provides for the building and maintains a complete assessment of the United States critical infrastructure and assets. Third, provides for securing the cyber space and gathering the best analytic tools to enhance protection. Lastly, guarding the infrastructure and partnering with the international community in the protection of transnational infrastructure.
The Department has identified sixteen critical infrastructure sectors. The aim is to use collaboration among the different sector, governments, communities and private sector to protect critical infrastructure. It is realized that most of the critical infrastructure is in the hands of the private sector and therefore, the initiation of sector-specific plans to cover the sixteen sectors so as to develop protection strategies that are in tandem with the landscape of the sector. Business in respective sectors can use the plans to develop their own path towards resilience and addressing security problems so as to well manage risks in their unique sector.
The NIST Framework for improving critical infrastructure cyber security is also part of the DHS protection of critical infrastructure; it seeks to provide a framework for the private sector to incorporate measures in their risk management systems that will protect the cyber space (Cybersecurity, 2014). However, since the initiation of the NIST Framework very little development to the CIP has been noted. This is because the DHS still lacks the relevant tools to assess and manage critical infrastructure problems and risks.
Vulnerabilities that Concern IS Professionals and Suggested Reforms
Firstly, there is a challenge in information flow since the entire CIP initiatives depend on public-private-partnership. Information sharing is a critical aspect of the success of the protection of critical infrastructure since the infrastructure is controlled by the private sector. However, the private sector expresses great reservation in sharing company information to the DHS and giving out trade secret might be hard. It is not clear the legal implications of sharing such information and as such companies shy away from releasing its critical information, as such the entire system is vulnerable since it is compromised as the core (McNeil, 2010).
Second, the CIP approach utilizes the same approach with different disaster not knowing that most of them are different and require different responses. For instance, the Plan allocates equal resources towards tackling different critical infrastructure challenges.
Hence, the following changes should suffice to improve the US critical infrastructure protection. The major change that should be made in the Plan is the emphasis on resilience rather that protection. The aspect of merely protecting a critical infrastructure is dangerous especially in cases where a system cannot be rebuild after a disaster. Critical infrastructures should be made resilient to threat and disasters. This ensures that there is quick rebound when a catastrophe occurs and sometimes investing in quality critical infrastructure might make it resistant to threats. Another, important consideration would be includes small-scale firms in the private sector initiative as they are the backbone of the United States economy. When a disaster occurs, they are the most vulnerable and yet people depend on them (McNeil, 2010). Lastly, since the success of CIP relies heavily on almost all the stakeholders in government, private sector, communities and individuals, the DHS should engage in massive education, awareness and training. Ignorance is detrimental to the implementation of CIP.
References
Cybersecurity, C. I. (2014). Framework for Improving Critical Infrastructure Cybersecurity.
Liu, E. C., Rollins, J., & Theohary, C. A. (2013, March). The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress. Congressional Research Service, Library of Congress.
McNeil, J. B., & Weitz, R. (2010, April 27). How to Fix Homeland Security Critical-Infrastructure Protection Plans: A Guide for Congress. Retrieved from http://www.heritage.org/research/reports/2010/04/how-to-fix-homeland-security-critical-infrastructure-protection-plans-a-guide-for-congress
