CIKR protection is an incredibly important task for our country. We know just how vital CIKR is, and we have to have a way to defend it from the many threats posed to it. According to our reading, there are six main threats toward CIKR which include cyber, human error, technological failure, terrorism/crime, natural hazards, and deterioration. We need policies, laws, and practices in place to defend against these different types of threats and ways to mitigate in the event a threat takes place.
After 9/11 there was a huge shift in the attitude and approach toward infrastructure security in the United States. The major change was the enactment of the Homeland Security Act of 2002. This Act established the Department of Homeland Security (DHS). One of the main jobs of DHS is exactly this, CIKR protection. Since the creation of DHS there have been numerous modifications and additions to policy toward CIKR, and moving forward this will probably always be the case as the threats toward CIKR are also constantly changing and growing.
With this risk management is a main focus in the protection of CIKR. I mentioned how threats are always changing toward CIKR. The National Infrastructure Protection Plan Risk Management Framework has a built-in feedback loop to account for those changes and how this plan in particular can be improved for the better and help to better mitigate risk and vulnerabilities (even when performing CIKR threat drills). Vulnerability assessments are also done to help mitigate and lower risk.
Sometimes risk management and assessment is done through just information (ie not drills or real-world scenarios). The Infrastructure Information Collection Division (IICD) within the CISA Infrastructure Security Division that is talked about in our reading helps to provide information to help mitigate risk. They provide information regarding technology-related CIKR data to other parts of DHS so that risk management policies can be altered and formed. We already know how incredibly important this is based on previous readings and discussions because almost every part of our CIKR is connected and online in some form or another. Cyber threats are constantly changing and growing so having an entire division dedicated to just the informational and data visualization part of the threats in this area is incredibly beneficial.
I just wanted to add- on a semi-related but not completely serious side note, this class is really making me want to watch Live Free or Die Hard (Die Hard 4). I know that the entire movie is a completely fictitious and fairly unlikely scenario but, for what it’s worth, the cyber threat and attacks toward CIKR shown in that movie aren’t completely outside of the realm of possibilities. Just a thought. Have a great day everyone!