Critical Infrastructure Protection and Policy - PowerPoint PPT Presentation

Loading...

PPT – Critical Infrastructure Protection and Policy PowerPoint presentation | free to download - id: 7db48-NzBkY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Critical Infrastructure Protection and Policy

Description:

Critical Infrastructure Protection (and Policy) H. Scott Matthews. March 5, 2003 ... Identify and protect infrastructures and assets most critical to society ... – PowerPoint PPT presentation

Number of Views:183
Avg rating:3.0/5.0
Slides: 15
Provided by: hscottma
Learn more at: http://www.ce.cmu.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Critical Infrastructure Protection and Policy


1
Critical Infrastructure Protection (and Policy)
  • H. Scott Matthews
  • March 5, 2003

2
Recap of Last Lecture
  • Midterm Questions? Due today, 5pm!
  • Infrastructure interdependencies exist
  • 4 types, 6 dimensions
  • Some caused by our influence,
  • Some by management (systems)
  • Some by necessity
  • The interdependencies compound risk
  • We do not yet understand them well
  • Have high-level, not detailed models
  • Infrastructure sectors depend on each other
    more than average sectors depend on them

3
Threat
  • Any circumstance or event with the potential to
    cause harm to a system in the form of
    destruction, disclosure, adverse modification,
    and/or the denial of service.
  • Examples Hackers, electrical storms
  • Need to know likelihood of threats
  • Sources National Information Systems  Security
    (INFOSEC) Glossary, NSTISSI No. 4009, Aug. 1997)
    - generalized form of it

4
Vulnerability
  • Weakness in a system, or its components (e.g.,
    system security procedures, design, controls)
    that could be exploited by a threat
  • Examples Software bugs, structural design 

5
Risk
  • The likelihood that a particular threat using a
    specific attack, will exploit a particular
    vulnerability of a system that results in an
    undesirable consequence
  • Risk Assessment
  • Process of analyzing threats to and
    vulnerabilities of a system and the potential
    impact the loss of system would have. 
  • Resulting analysis is used as a basis for
    identifying appropriate and cost-effective
    counter-measures.   
  • Computing expected loss functions

6
Risk Management
  • The process concerned with identification,
    measurement, control and minimization of
    security risks in systems to a level commensurate
    with the value of the assets protected.  

7
Classic Warden Defense Model
Leaders
Organic Essentials
Infrastructure
Population
Military
8
New Defense Model
Military
Phys. Infrastructure
Leaders
Population
Econo-Tech. Infrastructure
9
Strategic Objectives of Plan
  • Identify and protect infrastructures and assets
    most critical to society
  • Provide warnings for specific, imminent threats
  • Over time protect other assets through federal,
    state, local govt and private sector
    collaboration
  • Homeland Security a Shared Responsibility
  • Source The National Strategy for the Physical
    Protection of Critical Infrastructures and Key
    Assets, White House, Feb 2003.

10
To Achieve Strategic Vision
  • Understand motivation of enemies
  • Understand preferred tactics
  • Comprehensive assessment of
  • Assets and vulnerabilities
  • Challenges of mitigating risk
  • Key assets may not be part of critical
    infrastructure but affect prestige, morale,
    confidence (e.g. WTC, Golden Gate Bridge)

11
Effects of Attacks
  • Direct - loss of service
  • Attack on a critical node, system, function
  • E.g. bridge
  • Indirect
  • Attack leads to behavioral/psychological
  • Exploitation
  • Using one to destroy another
  • May involve interdependencies

12
Guiding Principles
  • Assure safety, confidence, service
  • Responsibility, accountability
  • Collaborative partnerships govt/industry
  • Market Solutions where possible
  • Information sharing
  • International cooperation
  • Development of technology and expertise
  • Safeguard privacy and freedoms

13
Responsibility Chain
  • Federal Govt - oversee coordinate, set
    policies, ensure 3 strategic objs
  • State and Local - identify and secure their
    assets, emergency response, act as central points
    for requesting help, coordinate information flows
  • Private Sector - owns most of CI
  • Continue to perform RA/RM, reassess
  • Help identify vulnerabilities of national concern

14
Whats Missing?
  • Anything non-terrorist
  • Natural disasters
  • Accidents
  • Focus on terrorist-based attacks, while timely,
    is short-sighted given the range of threats and
    vulnerabilities to CI
About PowerShow.com