The United States is a complex nation whose critical infrastructure is “technologically sophisticated and highly interconnected”. This infrastructure is critical to the operations of the government, economy and the society at large. The Department of Homeland Security is tasked with the protection of the critical infrastructure, 85% of which is owned and controlled by the private sector. As a result, a public-private partnership approach to protection of the country’s critical infrastructure is indispensable.
There are several security concerns that are faced by critical infrastructure communities. Some are sector-specific while others cut across the industries. They range from natural disasters, industrial accidents, domestic and international terrorism and deliberate acts of malicious individuals. In a world of Information Age, most of the aforementioned threats can be executed through cyber-attack. This is due to the fact that most critical infrastructure systems, upon which industrial operations are supported, are highly dependent on information systems for their command and control. Additionally, most of the systems are designed to be interdependent, efficient and accessible. Hence, they constitute high value targets for attacks and provide a window of opportunity that is potentially exploitable by terrorists and malicious groups.
Mitigation strategies refer to measures aimed at countering and neutralizing the aforementioned threats. To begin with, a sound strategy ought to provide for security policy framework. To this end, best practice requires formulation of sector-specific and multi-sector policies. Furthermore, the policies ought to be periodically reviewed to keep abreast with emerging threats in the dynamic threat environment.
Moreover, it is imperative that mitigation strategy provides for building of security partnerships and intelligence gathering and sharing. Intelligence should not only be shared among the law enforcement agencies but also between the law enforcement agencies and the private sector. This approach is necessitated by the fact that private sector owns and controls vast of the critical infrastructure. Besides, potential threats can be neutralized if actionable intelligence is passed to the right persons at the right time.
More so, the mitigation strategy ought to focus on implementing the Critical Infrastructure and Key Resources (CIKR) risk management programme and maximization of the efficient use of CIKR resources. Besides, it should aim at building awareness on the security threats against critical infrastructure and mitigation mechanisms thereof. Most importantly, it should provide for resource mobilization to fund various mandates established by the strategy.
In conclusion, protection of CIKR is essential to the national security, safety and economic prosperity of the country. Successful sector-specific threats may produce cascading effects that transcend the targeted sector. Therefore, collective mitigation effort aimed at threat deterrence, vulnerability mitigation and minimization of consequences is indispensable.
References
Bart, E., Peterman, D. R., & Frittelli, J. (2015). Transportation Security: Issues for the 114 . Washington, DC: Congressional Research Service. Available at: <https://www.fas.org/sgp/crs/homesec/RL33512.pdf>.
Nelson, R., & Wise, R. (2013, February 1). Homeland Security at a Crossroads: Evolving DHS to Meet the Next Generation of Threats. Retrieved April 25, 2016, from Center for Strategic and International Studies: <http://csis.org/publication/homeland-security-crossroads-evolving-dhs-meet-next-generation-threats>.
U.S. Department of Homeland Security. (2006). National Infrastructur Protection Plan. Washington, DC: U.S. Department of Homeland Security. Available at: <https://www.dhs.gov/xlibrary/assets/NIPP_Plan_noApps.pdf>.
U.S. Department of Homeland Security. (2009). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Washington, DC: U.S. Department of Homeland Security.Available at: <https://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf>.
U.S. Department of Homeland Security. (2009). Reccomended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies. Washington, DC: U.S. Department of Homeland Security. Available at: <https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_Oct09.pdf>.
