DTL Power Corporation: Team Report Round 2
Introduction
In round two of the simulation, an attack on DTL Power left services down for hours last Wednesday. The cyber-attack left residential, business, and government customers in the dark for hours. During the forensic investigation, evidence revealed that the cause of the attack was a worm intrusion that caused a reduction in DTL system functions. This reduction in system functions resulted in an excessive amount of downtime. The confidentiality, integrity, and availability of DTL?s system was compromised. Cyberterrorism tools such as port scanners were found in our system. These tools were not detected prior to the investigation.
The U.S. economic downturn also played a major role in our security selections. Due to these recent attacks and the impact they have had upon our system, we will analyze our disaster readiness level, national security index, and budget. A detailed review of our security policies, procedures, rationale, and changes that were in place prior to the attack will be performed. This evaluation of our security decisions will be then be adjusted and reapplied to the control set in order to improve our security and national security index. After reviewing current security procedures, recommendations will be given to maximize the security posture and performance during round three.
Goals and Rationale
During this round of the simulation DTL strategically leverage the cost and benefits of various
The cybersecurity simulation rounds in UMUC?s Cybersecurity Master 's degree capstone are an integral part of the learning program. The simulation rounds expose students to real world incidents in a cyber representation of the US. In this environment students are provided a chance to gain experience in a setting where mistakes are far less impactful than those made in the real world. The environment includes five critical infrastructure sectors; DTL Power, Federal Government, Hytema Defense, Mistral Bank and Avisitel Telecom. The control decisions made by each have the potential to impact other groups operating within the environment.
We cannot assume that we can prevent all acts of terror and therefore must also prepare to minimize the damage and recover from attacks that do occur. As September 11 showed and proved to us that we are not where we are supposed to be, the aftermath showed us how vulnerable we were. The Department of Homeland Security has made tremendous improvement since then to ensure the preparedness of our nation’s emergency response professionals, provide the federal government’s response, aid America’s recovery from terrorist attacks and natural disasters and foresight.
office of the president has come up with three main strategies to respond to disasters and protect the critical infrastructure in the USA. The President has charged the National Strategy for Homeland Security (NSHS) with the responsibility to address the vulnerabilities that involve more than one sector or needs the responsiveness of more than one agency. The advanced strategy calls for interconnectivity and complementarity of homeland security systems. The second approach involves the National Strategy for the Physical Protection of Critical Infrastructures, and Key Assets (NSPPCIKA) identifies
The Department of Homeland Security (DHS) has a major and challenging responsibility to play in the acquisition of the most important and incorporated endeavor in the management of the different and difficult set of risks faced in the United States (Stewart, Ellingwood, & Mueller, 2011). According to Moteff, and Library of Congress (2004) the Homeland Security Act of 2002, and other documents of administration have assigned the Homeland Security department various duties that are associated with coordinating the efforts of the nation to protect its critical infrastructure. In the contemporary world, the environment is facing some tough requirements, and challenges that need and require immediate attention. DHS
Resources for a disastrous event require a defined set of resource which must be identified and communicated to the community at large. Funds are from a composite of sources to include the federal government, local and state agencies. Key preparedness elements for terrorism response: Hazard Analysis, Emergency Response Planning, Health Surveillance and Epidemiologic Investigation, Laboratory Diagnosis and Characterization, and Consequence Management all require financial consideration and community discussion. (CDC, 2009) Clearly difficult economic periods must be cautious to secure such funding.
A safe homeland is the country’s first main concern and is important to the successful implementation of its military policy. The United States military will persist to play a critical part in safeguarding the homeland because of military missions overseas and by implementing homeland defense and civil support duties and maintaining emergency preparedness planning actions. Though, it is important to realize the difference involving the part the Department of Defense (DOD) plays with regard to national security and the part Department of Homeland Security (DHS) as lead federal agency (LFA) for Homeland Security (HLS), as outlined in the National Strategy for Homeland Security. With this example in mind, this defines the tactic appropriate
With the Protected Critical Infrastructure Information (PCII) Program, it improves the sharing information voluntarily between owners of infrastructure, operators, and the government. However, with The Department of Homeland Security (DHS) along with Federal, tribal, state, and local analysts, they use the (PCII) program to analyze, identify vulnerabilities, enhances recovery preparedness of measures, develop risk assessments, secure critical infrastructure and protect systems (dhs.gov). The (PCII) also provides information that authorizes a level of protection made easier for DHS to work directly to identify mitigation strategies, vulnerabilities with the infrastructure owners and operators. With the (PCII) protection plan, it increases the
The Homeland Security Cycle consist of mitigation, preparedness, response, and recovery. Mitigation alludes to the procedure through which endeavors are made to keep a conceivable crisis or to lessen the potential effect of that crisis including terrorist attacks, natural disasters, or human-made disasters before it occurs. “Mitigation alludes to those means gone out on a limb of an attack or crisis. These means can likewise be thought of as any moves made with the expectation of evading an occurrence or mediating with an end goal to restrict the impacts it an episode should to happen” (Oliver, Marion, & Hill, 2015, p. 188). Preparedness is the exercises that assistance authorities be set up on account of a crisis. It is the “state of
From this definition, one can reasonably presume that protection of these assets is vital to the well being of the United States and as such is an essential element of homeland security. (U.S. Department of Homeland Security, 2009) I will then provide my assessment on what I feel is working and what could be improved in our Critical Infrastructure. I will finish this paper by giving conclusions and my final opinion on both Homeland Security versus Homeland Defense, and how
Homeland security in United States comprises of complex and competing requirements, incentives, and interests that need to be managed and balanced effectively to achieve the desired national objectives. Security, resilience and safety of the country are endangered by different hazards such as cyberspace attacks, terrorism, manmade accidents, pandemics, natural disasters and transnational crimes which are part of external risks affecting homeland security. Internal risks such as projects costs, workforce management and acquisition operations also affect the security. Internal and external risks impact the country in diverse ways such as human death, environmental degradation, injuries, economic loss, among other negative impacts. Department of Homeland Security and other involved partners should be in a position to manage and understand the different risks to security. The security state current is dynamic and relying on past cannot completely inform decision making (CRS, 2007). Risk management therefore is a process of analyzing, communicating and identifying risk and avoiding, accepting, controlling or transferring the risk to acceptable limits considering benefits and costs of measures taken with the aim of ensuring improving security decisions.
This paper covers homeland security and homeland defense and how they are both interpreted according to national strategies and current policies. There are defining differences between homeland security and homeland defense. This starts by identifying how missions, tasks, duties, responsibilities, operations, and others key areas are implemented. Also, being able to determine necessary resources and the shared responsibilities and efforts between the two will allow for a better understanding when drawing upon and defining homeland security. In addition, an assessment of the nation’s critical infrastructure and how it relates to homeland security and homeland defense will be described. This paper will further explore how vulnerabilities should be addressed as they relate to the nation’s infrastructure protection efforts.
Risk management is applied in numerous ways by various agencies and organizations within the U.S. national security apparatus. One manner in which risk management is utilized by the Department of Defense is to mitigate vulnerabilities to personnel during military operations. Whether or not to recruit and deploy a double-agent is a primary focus of risk management within the CIA’s Counterespionage Group. Moreover, evaluating security threats to U.S. embassies and other diplomatic facilities is an application of risk management within the U.S. Department of State. Not surprisingly, risk management is also found throughout the U.S. Department of Homeland Security (DHS). The five primary missions of DHS are: terrorism prevention and security enhancement; border security; immigration law enforcement; cybersecurity; and disaster resiliency (Department of Homeland, 2012, p.2). The concept of risk is inherent to varying degrees in each of these missions. In order to achieve the subordinate goals and objectives associated with each mission, risk management is utilized by DHS to assess subjects such as threats, vulnerabilities, asset criticality, and budgetary matters. Thus, risk management is an essential component in DHS activities such as terrorism prevention, critical infrastructure protection, and resource allocation
After the 9/11 terrorist attacks against the United States, a series of risk management evaluations were created by the US Federal Government to assess the future risks the homeland was going to face. When the Department of Homeland Security (DHS) was officially created in 2002, more effective risk management assessments were re-designed to evaluate the past and present dangers, prevent them and respond successfully to more terrorist attacks. Since 2001 until 2007, a development of risk assessment has been divided in phases to be able to reach a better formula that would analyze the risk within the homeland security and provide the appropriate fund to homeland security enterprise.
The quote; “Threats and Vulnerabilities emanating from man-made and natural disaster are the crux of the U.S. all-hazard approach to homeland security (HS), but this approach appears to be inherently flawed.” is not true. This essay will argue that emergency response operations are at the crux of the U.S. all-hazard approach to homeland security and that this approach is not inherently flawed just not all encompassing. This is because the emergency response operations such as crisis and consequence management directly correlate with the length and overall effect of vulnerabilities and threats emanating from a disaster, presenting post disaster risks that need to be accounted for but are not. Also, the all-hazard approach is correct, threats to homeland security do not just come from militarized attacks but also chemical spills, tornadoes and other disasters showing that it is not inherently flawed. The approach simply fails to recognize the effect that interagency and intergovernmental coordination during the emergency response operations, or lack thereof, has on the magnitude of threats and vulnerabilities that emanate from man-made and natural disasters. Preparedness should account for both pre and post disaster conditions. Section one of this paper will define the concept of an all hazard approach to homeland security. Section two of this paper will argue that emergency responses act as the crux of the all-hazard approach. The third section will argue that all hazard
Nearly every community has some sort of community risk, threat, and assessment plan that takes into account one of the six potential risks that are of concern to homeland security. Though each of these plans will likely differ from one another, many communities will have the same types of information in their plans. This essay will look at the Threat and Hazard Identification and Risk Assessment Guide (THIRA), the Community Risk Reduction Planning Guide, as well as FEMA’s National Preparedness plan. Any combination of these guides are a good starting point for every community in America. At top of every communities list as well as the nation is the protection of the critical infrastructure. Loss of infrastructure regardless of how big or small the community is could have very crippling effects on that community.