nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Risk Analysis for Critical Infrastructure Protection

verfasst von : Richard White

Erschienen in: Critical Infrastructure Security and Resilience

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Until recently, infrastructure owners and operators only had to worry about local acts of nature and the occasional vandal to maintain their services to a prescribed standard. All that changed with the 1995 Tokyo Subway Attacks and 9/11 which ushered in the unprecedented threat of domestic catastrophic destruction by non-state actors. Now infrastructure owners and operators find themselves under almost constant global cyber attack, the consequences of which could be catastrophic. Critical infrastructure protection has been a core mission of the Department of Homeland Security since its foundation in 2002. This chapter examines the work of the Department to protect the nation’s critical infrastructure, and efforts to develop a uniform risk analysis to guide its strategic planning and facilitate cost-benefit-analysis of mitigation measures on the part of infrastructure owners and operators.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Methodologies and Strategies for Critical Infrastructure Protection

Nächstes Kapitel Risk-Based Analysis of the Vulnerability of Urban Infrastructure to the Consequences of Climate Change

More precisely, the 2002 Homeland Security Act was the largest reorganization of Federal government since the National Security Act of 1947 formalized the structural changes that occurred during World War II creating a new Department of Defense and Central Intelligence Agency.

Observation made by Intel founder Gordon Moore in 1965 that the number of transistors per silicon chip doubles about every 18 months.

PPD-21 released in 2013 by the Obama administration was only the most recent executive order to define critical infrastructure. Critical infrastructure was originally defined in PDD-68 released in 1998 by the Clinton administration. PDD-68 identified twelve infrastructure sectors. PDD-68 was superseded by HSPD-7 released in 2003 by the Bush administration identifying eighteen infrastructure sectors. Although the number of critical infrastructure sectors changed in each iteration, the definition of critical infrastructure remained relatively unchanged. It is not inconceivable that a future executive order might again change the number of critical infrastructure sectors.

From the outset, the US government has claimed that 85% of critical infrastructure is privately owned. Despite this claim, nobody knows the true percentage of private versus public infrastructure.

Although US law may grant regulatory control over many facets of critical infrastructure, those same laws may not necessarily authorize regulatory authority over industry security measures. Thus, for example, although the 1970 Clean Air Act, 1972 Clean Water Act, and 1974 Safe Drinking Water Act give the Environmental Protection Agency authority to regulate drinking water and waste treatment utilities, those same laws do not give EPA authorization to regulate security measures for those utilities.

GPRA was amended in 2011 by the GPRA Modernization Act of 2010.

The NIST Cybersecurity Framework is but one of a number of process maturing models for improving critical infrastructure cybersecurity. The NIST Cybersecurity Framework itself was based upon the 2012 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) developed with support from the Department of Energy. In 2012 the Department of Transportation released its Roadmap to Secure Control Systems in the Transportation Sector. And in May 2013, DHS reported it was employing the Cyber Assessment Risk Management Approach (CARMA) to assess cybersecurity in the Information Technology Sector (i.e., “Internet”).

To date, the worst disaster in US history outside the Civil War was the 1900 Galveston Hurricane in which an estimated 6000–12,000 people perished.

9/11 Commission (2004) A failure of imagination: the 9/11 commission report. US Government Printing Office, Washington, DC

American Water Works Association (2010) Risk analysis and management for critical asset protection (RAMCAP) standard for risk and resilience management of water and wastewater systems. American Water Works Association, Washington, DC

Anderson GB, Bell ML (2012) Lights out: impact of the August 2003 power outage on mortality in New York, NY. Epidemiology 23(2):189–193CrossRef

Brass CT (2012) Changes to the government performance and results act (GPRA): overview of the new framework of products and processes. Congressional Research Service, Washington, DC

Bucci S (2009) A most dangerous link. US Naval Institute, Annapolis

Congress US (2002) Homeland security act of 2002. US Government Printing Office, Washington, DC

George R, White R, Chow CE, Boult T (2017) Apples-to-Apples: LIRA vs. RAMCAP. Homeland Security Affairs, Volume November, p. Article 17071

Idaho National Laboratory (2016) Cyber threat and vulnerabilty analysis of the US electric sector. Idaho National Laboratory, Idaho Falls

Lewis TG, Darken RP, Mackin T, Dudenhoeffer D (2012) Model-based risk analysis for critical infrastructures. In: Critidal infrastructure security: assessment, prevention, detection, response. WIT Press, Ashurst/Southampton, pp 3–19CrossRef

10.

Minkel J (2008) The 2003 Northeast blackout – five years later. [Online] Available at: https://www.scientificamerican.com/article/2003-blackout-five-years-later/. Accessed 7 Mar 2018

11.

Morrow M (2016) America’s water infrastructure is in need of a major overhaul. [Online] Available at http://www.foxbusiness.com/features/2016/01/28/america-s-water-infrastructure-is-in-need-major-overhaul.html. Accessed 6 Feb 2016

12.

National Institute of Standards and Technology (2014) Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Washington, DCCrossRef

13.

Neifert A (1999) Case study: sarin poisoning of subway passengers in Tokyo, Japan, in March, 1995. Camber Corporation, Huntsville

14.

Office of Homeland Security (2002) National strategy for homeland security. The Whitehouse, Washington, DC

15.

President’s Commission on Critical Infrastructure Protection (1997) Critical foundations: protecting America’s infrastructures. US Government Printing Office, Washington, DC

16.

The President of the United States (2002) A reorganization plan for the department of homeland security. US Government Printing Office, Washington, DC

17.

The White House (2013a) Executive order 13636, improving critical infrastructure cybersecurity. The Federal Register, Washington, DC

18.

The White House (2013b) PPD-21, critical infrastructure security and resilience. The White House, Washington, DC

19.

The Whitehouse (1998) PDD-63, critical infrastructure protection. The Whitehouse, Washington, DC

20.

The Whitehouse (2001) EO 13228, establishing the office of homeland security and the homeland security council. The Whitehouse, Washington, DC

21.

The Whitehouse (2013) Presidential policy directive – critical infrastructure security and resilience. Office of the Press Secretary, Washington, DC

22.

US Department of Homeland Security (2013) National infrastructure protection plan. US Department of Homeland Security, Washington, DC

23.

US Department of Homeland Security (2006) National infrastructure protection plan. US Department of Homeland Security, Washington, DC

24.

US Department of Homeland Security (2010a) 2010 quadrennial homeland security Review. US Department of Homeland Security, Washington, DC

25.

US Department of Homeland Security (2010b) Energy sector-specific plan. Department of Homeland Security, Washington, DC

26.

US Department of Homeland Security (2014a) 2014 quadrennial homeland security review. US Department of Homeland Security, Washington, DC

27.

US Department of Homeland Security (2014b) National protection and programs directorate (NPPD) office of infrastructure protection (IP). US Department of Homeland Security, Washington, DC

28.

US Environmental Protection Agency (2014a) Climate change adaptation plan. US Environmental Protection Agency, Washington, DC

29.

US Environmental Protection Agency (2014b) EPA response to EO13636, improving critical infrastructure cybersecurity. US Environmental Protection Agency, Washington, DC

30.

US Environmental Protection Agency (n.d.) How the drinking water state revolving fund works. [Online] Available at: http://www.epa.gov/drinkingwatersrf/how-drinking-water-state-revolving-fund-works#tab-1. Accessed 6 Feb 2016

31.

US-Canada Power System Outage Task Force (2006) Final report on the implementtion of task force recommendations, s.l.: s.n

32.

Volz D, Gardner T (2018) In a first, US blames Russia for cyber attacks on energy grid. [Online] Available at: https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3 . Accessed 3 Apr 2018

33.

White R (2014) Towards a unified homeland security strategy: an asset vulnerability model. Homeland Security Affairs 10:Article 1

34.

White Ricahrd, Burkhard A, Boult T, Chow CE (2016) Towards a comparabgle cross-sector risk analysis: a re-examiniation of the risk analysis and management for critical asset protection (RAMCAP) methodology. s.l., s.n., pp 28–40

Titel: Risk Analysis for Critical Infrastructure Protection
verfasst von: Richard White
Verlag: Springer International Publishing
Buch: Critical Infrastructure Security and Resilience
Print ISBN: 978-3-030-00023-3

Electronic ISBN: 978-3-030-00024-0

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-00024-0_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"