Question: Review the National Infrastructure Protection Plan (NIPP) 2013: Partnering for Critical Infrastructure Security and Resilience plan and identify how the government and private sectors work together to manage risks while achieving security outcomes.
Critical Infrastructures and Protecting Strategies
The world changed after the terrorist attacks of September 11, 2001, and our security posture became dependent on crisis management, emergency management, continuity of operations, and threat mitigation. Maintaining our Critical Infrastructure (CI) became a priority. A critical infrastructure is a set of physical or virtual systems and assets vital to a nation, organization, or a business where incapacitation or destruction would have a debilitating impact on our nation. Our Critical Infrastructure consists of many interdependent networks. Our Critical Infrastructures and Key Resources (CI/KR) are our assets, which consists of physical and virtual systems or networks which include the food and agriculture sectors, the information technology sector, the transportation sector and the emergency services sector.
Our CI/KR’s are vital to sustaining our everyday way of life. Incapacitation or destruction will have a debilitating impact on our society, our nation’s economy, safety, and public health.
Disruption/interruptions due to a disastrous incident will negatively affect our communities. Lives may be lost, and our quality of life may deteriorate quickly. Continual loss will leaded to massive disease contamination, lack of government services, chaos, civilian unrest, and anarchy.
In the United States, 85% of our Critical Infrastructure (CI) is owned and operated by the public sector. Coincidentally, 85% of terrorist attacks have targeted the private sector. As a result, the U.S. is faced with the challenge of effectively preparing risk-management and emergency management strategies to effectively respond to cataclysmic events. Furthermore, the rapid advancement of technological strategies increases the outlook to enhance cyberspace resiliency. Therefore, governments and the private sectors should collaborate on effective emergency prevention, proactive preparedness, effective mitigation and recovery efforts to protect our nation’s Critical Infrastructure, our economy and our nation’s workforce.
Our Critical Infrastructure is a body of systems and networks that are essential to our overall security as a nation. Furthermore, our Critical Infrastructure is essential for maintain a vibrant economy and our health. Our Critical Infrastructure consists of 16 Networks, which are necessary for our economy to function effectively. They are:
1) The Chemical Sector
2) The Commercial Facilities Sector
3) The Communications Sector
4) The Critical Manufacturing Sector
5) The Dams Sector
6) The Defense Industrial Base Sector
7) The Emergency Sector
8) The Energy Sector
9) The financial Services Sector
10) The Food and Agriculture Sector
11) The Government Facilities Sector
12) The Healthcare and Public Health Sector
13) The Information Technology Sector
14) The Nuclear Reactors, Materials, and Waste Sector
15) Transportation Systems Sector
16) The Water and Wastewater Systems Sector
The protection of our critical infrastructure rests with our government. However, steps to reduce vulnerabilities of privately-owned corporate assets through public-private partnership will enhance the overall security posture of our Critical Infrastructure. Collaboration is critical element to effectively secure the assets. Through the use of public-private partnerships, financial resources can be pooled, along with expertise and the ability to develop effective proactive goals. Without properly crafted public-private partnerships, business emergency management plans and strategies for preventing and responding to terrorist incidents will be ineffective. The inability to effectively respond to critical infrastructure incidents will also complicate the severity of the incident or disaster.
A Case Study of Resiliency and the Lack of Resiliency:
In 2008, a resiliency plan of a large telephone company was tested. Ericsson headquarters was in the process of creating a new mobile phone. A fire in a Philips microchip plant contaminated millions of mobile phone chips. As a result, the company endured severe losses of operations. The telephone company was not able to provide the excess material needed to fulfill outstanding orders for its two largest customers, Ericsson and Nokia telecommunication companies. Aggravating the matter was Ericsson’s lack of a business continuity plan in place. However, Ericsson rival company (Nokia) had a business resiliency plan in place which enabled the company to obtain the necessary additional materials needed to expand their telephone production. As a result, Nokia was able to acquire a substantial amount of Ericsson ‘s market share.
Resiliency is the ability of an organization to spring back or rebound from an unexpected disaster or impact. In objects resiliency is the ability to recover and hold their shape, in people resilience is the strength and ability to remain intact.
In business, resilience is the ability of an organization to promptly adapt to disruptions while having the ability to maintain continuous business operations while safeguarding the organization’s people, assets and their name brand. Resilience is a step forward from disaster recovery. Resilience is having the strategies in place in post-disaster phase and the maintenance of operations when an unexpected breach occurs.
How do we build resilience? Through the use of connections and good relationships with family members, friends, peers, understanding the obstacles facing an organization, not fighting change, and developing realistic goals. Understanding the workflow of an organization is critical to identifying the challenges an organization faces. Often one of the most overlooked challenges in an organization is the ability to respond to chaotic situations. Chaos coupled with a workflow interruption will likely render an organization unrecoverable.
In conclusion, our critical infrastructure provides essential services and is also the backbone of our nation’s security. However, it is reliant on technology and virtual communication. As result resiliency is a critical element to consider when securing critical infrastructure system. Protecting our critical infrastructure is reliant on sharing the responsibility between public and private sector owners and operators, including technology providers.
A resilient organization will have the capability to prepare for, recover from and adapt to stress, adversities and challenges. One of the most critical elements is to assess the workflow of services and products to ensure backup plans are in place should a disruption occur in the organization’s supply chain.