The Role of Infrastructure in Information Assurance and Cyber Security
Name:
Institution:
The Role of Infrastructure in Information Assurance and Cyber Security
The attacks on critical infrastructure have become a growing cause of concern for governments and private providers’ internationally whether caused through cybercriminals pursuing financial gain or by hackers as political acts intended to emasculate governments’ and companies’ credibility. The anxiety around these threats is vindicated, as research exhibits that attacks on the critical infrastructure are greater than before in both complexity and prevalence and will endure to develop in the near future. The site management and monitoring have progressed for critical infrastructure facilities as they have become more increasingly connected to the internet. However, added convenience of connectivity has turned once limited attack surface of these industries into a fertile landscape for cyber-attacks. Due to the potentially high profile impacts of attacks on critical infrastructure systems, these industries have become even more attractive targets for cybercriminals (Cavelty, 2014).
Information assurance is a measure that safeguards and defends information and information systems through ensuring availability, authentication, integrity, non-repudiation, and confidentiality. In addition, the measures comprise providing for information system restoration through incorporating detection, protection,
In order to ensure that all information manipulated through an IT system is safe and reliable we use some type of information guarantee. Information Assurance manages the risks that can be posed during the transfer and storage of data. It protects the legitimacy and privacy of all data within the IT system. It seems as though information assurance plays with that fine line between security and constancy trying to find a balance of both.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level
Since the onset of the first packet switching event that many believe to be beginning of the internet, no other technology besides the printing press has ever transformed the ability to deliver information. Although the internet is used by a large percentage of the civilized world, few Americans realize how vital cyberspace is to our national infrastructure. Today, we are faced with even more threats although it has been a recognized problem since 2009, when President Barrack Obama said “The cyber threat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government or as a country (Obama, 2009).” Every industry that operates in the United States is dependent on the internet for some aspect of their business. Commerce, transportation, financial institutions, military, as well as industrial control systems are all interconnected. This interconnectedness has created vulnerabilities within their infrastructure that have increasingly become targets of terrorists, script kiddies, foreign governments and hackers of all types.
If the user can access the file server using an IP address but not a name, then the most likely reason for failure to connect is a name resolution problem. Name resolution can fail for NetBIOS or DNS host names. If the client operating system is NetBIOS dependent, the VPN clients should be assigned a WINS server address by the VPN server. If the client operating system uses DNS preferentially, VPN clients should be assigned an internal DNS server that can resolve internal network host names.
It is essential to understand America’s critical infrastructure and key resources (CIKR) and National Infrastructure Protection Program (NIPP) to ensure survivability of its critical assets, while maintaining security for America. “The plans are carried out in practice by an integrated network of Federal departments and agencies, State and local government agencies, private sector entities, and a growing number of regional consortia (DHS, 2009, p. I).” Several agencies work together to mitigate attacks on CIKR to protect public safety and security of the nation. A terrorist may stop at nothing to carry out an attack on CIKR. If an attack or natural disaster does transpire, each agency working together to restore the damage must be timely. Additionally, NIPP helps to identify hazards associated with the various sectors, and provides necessary security measures to harden resources (DHS,
The Internet, as we all know, has rapidly spread around since its commercialization in the 1990s. It is evident that cybersecurity attacks are not going anywhere, and that government will continue to remain a target. In addition, the Internet of Things (IoT) growth will lead to more devices being connected to the networks. Therefore, with technology moving forward and hackers being more motivated as ever, the government finds itself struggling to keep up with effective cybersecurity measures and with filling up the designated positions in the Cybersecurity department.
A critical infrastructure is defined as any facility, system, or function which provides the foundation for national security, governance, economic vitality, reputation, and way of life. (http://www.dhs.gov/xlibrary/assets/NIPP_InfoSharing.pdf)In short, critical infrastructure is by definition essential for the survival of the nation. The USA PATRIOT Act specifically defines critical infrastructure as "systems and assets, whether physical or virtual, (Jena Baker McNeill and Richard Weitz, 2010) so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating
The Department of Homeland Security supplies a national protection plan concerning critical infrastructure security. This plan targets a wide audience, including public and private critical infrastructure owners and administrators. Managing risks through identifying, deterring, and disrupting threats to critical infrastructure is the direct focus of this plan. The ability of an organization to reduce the impact of a threat that has occurred and reducing the impact of one that may occur is essential to an active security posture. Compromise of a critical infrastructure such as oil, airports, or traffic flow management could result in a major loss of life or resources (Department of Homeland Security, 2013).
DTL Power Corporation is an electricity generating and distributing company headquartered in Santa Fe, New Mexico. Currently, they have 5.4 million electricity customers and 485,000 natural gas customers. Also, DTL Power has full or majority ownership of 14 nuclear reactors in 12 nuclear power plants. Additionally, it has 2 hydropower plants in the Midwest and 5 wind energy centers along the East Coast. Last year, incidents around the world involving nuclear reactors have led the company to increase security and safety regulations at its nuclear plants. Furthermore, the company is also researching additional environmentally friendly opportunities such as geothermal energy.
Information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Information security is achieved by ensuring the confidentiality, integrity, and availability of information. In health care:
Since the September 11, 2001 events, the United States of America gravitated towards a more aggressive approach in its security. The result of the tragic events was the establishment of homeland security. The White House, the federal government and the Congress joined together to establish it. On September 20, 2001, President George W. Bush issued an executive order 13228 to establish an Office of Homeland Security within the White House and assigning the Governor of Pennsylvania, Tom Ridge as its Director (Bullock, Haddow, & Coppola, 2013, p. 4). Ever since, the United States (U.S.) Department of Homeland Security diversified and evolved the way it is today. The Homeland Defense was also integrated into Homeland Security to protect the U.S. soil and its territories. However, what are Homeland Security and Homeland Defense? This paper will address those question as well as covering their missions/goals, tasks, duties, and responsibilities. In addition, a section of this paper is the assessment of the critical infrastructure protection programs of the U.S. The assessment will also include the overall capability of the nation’s critical infrastructure protection program to ensure the survivability of its critical infrastructure.
United States’ national infrastructure are resources that are vital to keep commerce operating. Technology have allowed the governments and the private sector to share vital information with them. The nation well-being depend on each of the critical infrastructures, the big question is on how to maintain all of our infrastructure sectors operative without any problem. There a big wave of threats to our nation and if one of this threads go through, it can created a multidimensional problem to the infrastructure system of the country. The main concerns that exist in protecting the U.S. against any attacks to any U.S. infrastructure and in the same time on how to have a system that work well with other agencies. For example; is important to
This paper covers homeland security and homeland defense and how they are both interpreted according to national strategies and current policies. There are defining differences between homeland security and homeland defense. This starts by identifying how missions, tasks, duties, responsibilities, operations, and others key areas are implemented. Also, being able to determine necessary resources and the shared responsibilities and efforts between the two will allow for a better understanding when drawing upon and defining homeland security. In addition, an assessment of the nation’s critical infrastructure and how it relates to homeland security and homeland defense will be described. This paper will further explore how vulnerabilities should be addressed as they relate to the nation’s infrastructure protection efforts.
There were a number of factors that contributed to the breach, which had they been addressed or had corresponding mitigation responses in place, would have reduced the likelihood that the breach would have taken place, or at a minimum reduce the impact of the attack. These items range from policy related issues, technology implementations, and security management and maintenance. Although I believe a number of these areas were in the process of being addressed, based on the information gathered regarding the details of the incident, it appears that it was still in many areas insufficient and would not have prevented an incident even if there had been more time available to perform the implementations.
Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.