Infrastructure Protection Plan
Jasmeih Green
Theories of Security Management
July 23, 2017
Infrastructure Protection Plan
Phase 1: Memo
To: Chief Information Officer
From: Information Systems Security Director
Date: July 23, 2017
Subject: National Infrastructure Protection Plan As an “ Information Systems Security Manager” I find that the National Infrastructure Protection Plan (NIPP) provides the binding structure to the reconciliation of the existing and future Critical Infrastructure and Key Resources (CIKR) insurance endeavors and flexibility techniques into a national program that will allow to accomplish this objective. The NIPP structure underpins the prioritization of protection and versatility activities, and speculations
…show more content…
The original national policy framework, which was built on a risk-based architecture, is still relevant. However, the framework should be enhanced to emphasize the importance of protecting and preparing lifeline infrastructures and economic stability/development systems at the state and local levels in order to maintain infrastructure and regional resilience. There should also be a link to regional, state, and local critical infrastructure/key resources networks.
2. Regional public-private partnerships are necessary for: (a) addressing the integration of cross-sector dependencies and operations; (b) collaborating and setting priorities for withstanding the consequences of manmade and natural hazards; and (c) rapidly bouncing back from failures, disruptions, and destruction.
3. The NIPP should be concise and brief, yet still explain the national strategy for critical infrastructure security and resilience as well as transfer knowledge to state and community leaders for establishing their critical infrastructure security and resilience
…show more content…
The NIPP should include a list of actions that can be implemented at various levels – for buildings, systems, communities, states, regions, and federal agencies, for example. The NIPP also should motivate these stakeholders to develop plans for: infrastructure protection, continuity of operations, emergency preparedness, and disaster recovery.
6. The DHS Office of Infrastructure Protection should develop educational, training, and certification programs to drive the increased human resource capabilities with competencies in engineering, design, construction, and security operations.
7. The NIPP should support networking and relationship development by: (a) sharing lessons learned from exercises and disasters; and (b) building relationships before a disaster strikes to reduce response times, save lives, and reduce costs. (Inc.), 2017) Some levels of risk will dependably continue and appropriately embraces an “all – dangers” approach of ensuring America’s CIKR, full assortment of dangers to bunch of possible targets implies that it is difficult to shield each CIKR agent each conceivable disturbance that the NIPP recognizes. They have a unique insight into remote fear based oppressor dangers against U.S. based
Homeland Security Presidential Directive 5 directly relates to the National Incident Management System and the National Response Framework. In fact, it directly correlates with their missions. HSPD-5 was the directive that needed to start things in motion; NIMS and the NRF are the aftermath of the directive. With the formation of NIMS and soon after the NRF, America can operate successfully under one national manage...
2) Maintain critical infrastructure centers (telegraph, bridges, hospitals) that provide a situational awareness capability, actionable information about emerging trends, imminent threats, and the status of any incidents that involve
Homeland Security. (2008, 12). National Incident Management System. Retrieved 10 22, 2011, from FEMA: http://www.fema.gov/pdf/emergency/nims/NIMS_core.pdf
Retrieved from http://www.terrorismanalysts.com/pt/index.php/pot/article/view/268/540 White, J. R. (2014). Terrorism and homeland security (8th ed.). Belmont, CA: Wadsworth.
Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...
The goal of 2011 of the National Preparedness Goal, and a month later by the National Preparedness System (NPS). ‘Prepare’, or ‘preparedness’ is a key term here, as is ‘risk’. In order to properly examine the National Preparedness System these terms… (2011 National Preparedness Goal). The National Preparedness Goal can only work in risk management planning with prudency coupled with dispensation of resources at the local levels. Depending on the budgetary issues the financial appropriation might not be enough to sustain a carefully planned risk management. The forefront for the local authorities to mitigate against risk is funding. Of the pro at the community level are the loyalties of its employees of the local government and local community, and on hand resources that amplifies its footprint with the community in making sure that there is an uninterrupted continuation of life. The local government can device a well thought out plan to activate most of its resources when the alarms are sounded of a pending
This paper will briefly discuss the formation of the Department of Homeland Security (DHS). With every government program or agency comes an alphabet soup of acronyms and DHS is no different from the rest. To better understand the agency and concepts that comprise DHS, this paper will also examine acronyms associated with DHS. They are QHSR, HSE, NRF, NIMS, ICS, and UC. Each will get a description while highlighting and discussing core elements or requirements that each acronym calls for or offers.
NIMS provides a uniform nationwide basis and way for federal, state, tribal, and local governments, along with the public to work on preparedness, recovery, response and mitigation no matter what causes an event. With all organizations using the same application, effective and efficient responses are possible. Organizations will be able to arrive on the scene and be ready to assist and understand exactly what each group is doing and why. Protocols are set and it is known what equipment and personnel are available. With NIMS all groups are able to integrate und...
Local, State and Federal government have unique roles which would allow the flow of communication and resources to transition smoothly during each stage of progression. The local and state level (first responders) are the most important source as they can assess, coordinate and notify the next available resources of what is needed. State and local governments are the front runners of planning for and managing the consequences of a terrorist incident using available resources in the critical hours before Federal assistance can arrive (Managing the Emergency Consequences of Terrorist Incidents, July 2002). A Terrorist Incident Appendix (TIA) was designed to mirror an Emergency Operations Plan in relations to terrorist incidents. The TIA consists of six phases: Initiation, Concept Development, Plan Development, Plan Review Development of supporting plans, procedures and materials and Validation of plans using tabletop, functional, and full scale exercises. The TIA should be compared to those plans of existing Emergency Operation Plans (EOP) in place at the local and state level. Comparing plans before and incident allows time for comparison and revision of the various functions which will prevent disconnects to ensure coordination and
However, some sources say that the DHS lead National Infrastructure Protection Plan (NIPP) falls well short because of not listening and not sharing information with critical infrastructure owner/operators. The NIPP document created by the DHS is for the government and is not a plan to improve resilience. The document is said to lack private sector information and most feel that the meetings with the government about the document were not heard. As for the information sharing part of the document there are shortcomings that do not enhance national level situational awareness. However, there are seven topics raised in the new document after its original creation four years ago. The first is to elevate security and resilience as the primary aim of CIP efforts. Second, expanding and updating critical infrastructure risk management. Third, focus on national priorities jointly determined by public and private sector. Fourth, integrate cyber and physical security. Fifth, affirm the reality that critical infrastructure security and resilience require international collaboration. Sixth, show continued progress to support execution of the plan at both national and community levels. Lastly, present a detailed Call to Action that includes steps the federal government will undertake to work with partners to make progress toward security and
...the nation’s critical infrastructure. With the creation of the DHS the government has shown that they are investing money and resources into protecting our nation’s infrastructure.
What concerns the government of the United States most is the security of the critical infrastructure from the cyber threats. The nation is depending heavily on the technology in most of its critical sectors to keep it up and running. Thus, this makes its more vulnerable to cyber-attacks from outsiders and insiders. Therefore, its protection must be a priority.
In recent years, many possible plans to enact government regulation to improve cybersecurity have been suggested. Most recently, in 2017, then U.S. president Barack Obama implemented the Cybersecurity National Action Plan (CNAP). The plan would have invested $19 billion in cybersecurity by gathering experts to make recommendations in regards to cyber security, help secure the government IT group, and encourage more advanced security measures (Daniel 1). However, while CNAP does present a way to solve the problem, it just adds another program that attempts to enhance cybersecurity: “It is the multiplicity of programs and division of responsibility that diminishes their effectiveness. At least eleven federal agencies bear significant responsibility for cybersecurity” (Cohen 1). Every so often, another cybersecurity program will be established, but former plans are seldom removed. This leads to a large amount of departments to share responsibility, which creates general confusion and limits each department’s power. Furthermore, widespread government regulation may weaken cybersecurity. Many fear that any regulation would not be flexible enough and would instead allow easier hacking (Ridge 3). If every system in the entire nation had the same security measures, it would be much easier to break into as by breaking into one system, a hacker a could break into everything.
There is a lot of complexity in understanding risk management and its correlation to homeland security. Risk management is a way to approach the fact that securing the homeland is not certain and there are unknown variables in every aspect of life; risk management is a way to narrow down the focus based on quantifiable information determining probability against capability. Risk management plays and integral role in homeland security. Risk management is employed using a formula described in the NIPP for establishing a narrow scope to make the best decision about protecting infrastructure. The risk management formula lays down the foundation to make the most reasonable determination based on the potential consequences, vulnerability, and
The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.