The Cyber Dimension of Critical Infrastructure Key Resources
Cyber issues are taken very seriously by the White House as well as by Homeland Security because they have a direct impact on Critical Infrastructure Key Resources (CIKR). An assumption has been made for this paper that protecting the national cyber infrastructure from hackers must be a priority. The best way for protection would be to hire more people with excellent skills in cyber security and to follow President Obama’s Comprehensive National Cybersecurity Initiative (CNCI) of 2009. A review of the recent literature was done to try to prove this hypothesis.
Critical Information Infrastructures
The interstate highway system is an essential national infrastructure. A cyber-infrastructure has the same importance but it is virtual so it is not something a person can see or touch. Cyberspace moves information instead of vehicles filled with people and consumer goods. Trabansky (2008) has explained examples of the new national vulnerabilities that have been created by the information infrastructure. They list three main types of critical infrastructure a) symbolic power like government communication channels, b) important daily needs like electricity and telecommunications, and c) the layers of complex interactions between computer networks. Vulnerabilities are the most difficult to predict in the last kind. Critical Information Infrastructures (CII) can be totally made of data for example, “records of capital in the banking system, scientific and technical intellectual property, scientific and technical processes and various business processes . . . (and) computerized components” (Trabansky, 2008, p. 62). Computerized components that must be protected are found across the nation is organizations like aviation transmissions, health care facilities and water supply controls.
In general there are three types of failures a) common cause, b) cascading, and c) escalating (Trabansky, 2008, p. 63) Common causes have to do with natural events like flooding that might disable the electrical grid or an airport but these are not very threatened by cyber threats. On the other hand cascading and escalating failures could be caused by a direct cyber attack. Cascading failures are like a domino effect; if one part of the infrastructure is attacked then other parts are affected. The escalating type of failures must be avoided because they could slow down emergency disaster efforts. The communications system has such an important part in the countries security that any direct attack would impact other parts including transportation systems, the hospitals, the banks, and the educational systems.
Hawald and Bittinger (2012) have written that the worst problem faced by the Department of Defense and the rest of the government this year is not having a full workforce of cyber experts. The problem with attracting experts is that government cannot pay the large salaries plus benefits that cyber security companies pay.
Hawald and Bittenger (2012) suggest several strategies to attract quality employees for the national cyber security workforce; a) make hiring cyber security experts a priority. b) use targeted recruitment, in-house training, and offer internships, and c) increase Science, Technology, Engineering, and Mathematics (STEM) financial aid for college scholarships. d) Using “non-financial incentives . . . like leadership mentoring on key projects . . . and collaboration with the top experts in academia and industry” (Hawald and Bittenger, 2012, p. 1).
Initiative 12 of the Comprehensive National Cybersecurity Initiative addresses the issues of CIKR. A major point is to focus on information sharing between the public and the private sectors to strengthen cyber security in government and CIKR. Initiative 12 supports the efforts of Homeland Security to follow their plan to organize a project with all their recommendations. The main purpose of the Homeland Security plan is “to increase resiliency and operational capabilities throughout the CIKR sectors” (CNCI, WhiteHouse.gov, 5).
Cyber attacks can endanger the national security. The national cyber infrastructure needs to be protected from direct attacks by hackers. Two researchers emphasized the importance of having an expert and large enough workforce to prepare the cyber infrastructure. President Obama’s Comprehensive National Cybersecurity Initiative (CNCI) of 2009 contains twelve important initiatives to ensure the country is safe from cyber attacks. Expanding STEM (education), building an expert workforce, and public and private information sharing with operators of CIKR and the government are all addressed in the CNCI. The CNCI includes all the layers in the government not only the threats to the national government.
Comprehensive National Cybersecurity Initiative (CNCI). (2012). www.WhiteHouse.gov. Retrieved from http://www.whitehouse.gov/sites/default/files/cybersecurity.pdf
Hawald, S. & Bittinger, S. (2012). How government/DoD CIOs can deal with the cybersecurity workforce shortage. Gartner, Inc., Industry Research C002375335. Retrieved from http://www.gartner.com/resources/237500/237535/
Office of Infrastructure Protection. (2008). A guide to critical infrastructure and key resources protection at the state, regional, local, tribal, and territorial level. National Protection & Programs Directorate. U.S. Department of Homeland Security. Retrieved from http://www.dhs.gov/xlibrary/assets/nipp_srtltt_guide.pdf
Trabansky, L. (2011). Critical infrastructure protection against cyber threats. Military and Strategic Affairs, 3(2), 61-78. Retrieved from http://www.inss.org.il/upload/(FILE)1326273687.pdf