Securing Critical Infrastructure and Cyber Systems - Essay Example

Infrastructure control systems face risks because of system vulnerabilities, cyber threats, and grave probable effects of attacks as displayed by reported incidents. Cyber threats can be targeted or untargeted, intentional or not, and come from numerous places. Control systems are nowadays more vulnerable to cyber-attacks because of numerous reasons, counting the increased connectivity of systems through the internet. From the evidence of past control attacks, it is clear that the effect on critical infrastructure is vast. In 2003 for instance, a computer virus shut down the train signaling system all through the East Coast. In 2006, a foreign hacker planted malicious software that had the ability to affect a water treatment plant’s operations.
Infrastructure owners face organizational and technical challenges to securing control systems. Technical challenges include restricted processing abilities, design constraints, and real-time operations all of which deter the owner’s ability to implement information technology security processes. Organizational defies which include difficulty in coming up with a convincing business case for capitalizing in security and contradictory priorities of information security personnel and engineers. Numerous private sector acts such as standard-setting associations and trade associations are putting up efforts to aid in securing control systems. The efforts put forth by the private sector entities include providing guidance to members, developing standards, and hosting workshops on the security of control systems. For instance, the electricity industry recently advanced standards for the cybersecurity of their control systems, and a trade association (gas) is in the process of developing guidance to members to use encryption as a security measure to protect control systems.
Two areas of precise concern include protecting the country’s critical infrastructure (roughly 70-90% of which are privately owned) against cyber threats, together with addressing potential weaknesses in the universal nature of the ICT source chain. Both policymakers and the ICT industry share the collective objective of addressing these worries. Concerning critical infrastructure, the existing voluntary public-private partnership exemplary has offered private-sector proprietors and operatives with the flexibility they require to address bouts as they occur – principally as cyber-attacks have amplified in both sophistication and volume.
Important investments in security from operatives and ICT dealers, strong network organization, application of best practices and procedures, and intentional coordination are all vital constituents of the current ecology that has threatened critical infrastructure from substantial attacks. These mechanisms should continue to offer the basis for critical infrastructure policy moving forward.
Government agencies have also had numerous initiatives that are underway to aid in the security of infrastructure control systems. Despite all these efforts, more still remains to be done to manage these efforts and also to address specific deficits. In recent years, federal agencies; the departments of energy, Homeland security, and the (FERC) Federal Energy Regulation Commission have started efforts to advance the control systems’ security of the critical infrastructure. However, there is still no common strategy to coordinate the numerous activities across government agencies and the private sector. Additionally, DHS lacks procedures required to address exact weaknesses in information sharing on control systems' weaknesses. Until private and public sector security exertions are synchronized by an all-encompassing plan and specific information sharing deficits are addressed, there is an upsurge risk that numerous organizations will conduct duplicative work and miss chances to achieve their critical missions.
Read More