****ANSWER POST 250 WORDS MON EACH****

Discussion Questions: 1) Explain at least one key federal plan, strategy, or guidance released to date and how they have contributed to the current structure of critical infrastructure security and resilience. 

2) Define risk and explain the value of risk management to the homeland security enterprise.

3) Summarize at least one natural hazard, technological/accidental hazard, or adversarial/human-caused threat and provide a recent example.

4) Discuss at least one of the twelve technological/accidental hazards and provide a recent example.

5) Elaborate on at least one of the adversarial/human-caused threat examples and provide a recent example.

****REPLY TO EACH POST 100 WORDS MIN*** 

1. One key federal plan that has contributed to the current structure of critical infrastructure security and resilience is the National Infrastructure Protection Plan (NIPP). The NIPP provides a comprehensive framework and guidance for managing risks and protecting critical infrastructure in the United States. It outlines the roles and responsibilities of various stakeholders, including government entities, private businesses, and other organizations. The NIPP promotes a collaborative approach, encouraging cooperation and information sharing among different sectors to enhance the resilience of critical infrastructure. It has helped improve the coordination and implementation of security measures across sectors, and has increased the overall preparedness and response capabilities to various threats and hazards.  Risk can be defined as the potential for harm, loss, or damage resulting from a specific event or activity. In the context of the homeland security enterprise, risk management is a systematic approach to identifying, assessing, and mitigating risks. It involves the process of understanding the nature of risks, evaluating their likelihood and potential consequences, and implementing measures to minimize their impact or likelihood of occurrence. The value of risk management lies in its ability to prioritize and allocate resources effectively, enabling informed decision-making and the development of targeted strategies to enhance resilience. By understanding and managing risks, the homeland security enterprise can proactively prevent or minimize the impact of various threats, ensuring the protection of lives, critical infrastructure, and national security. A recent example for this question is the fire that occurred in 2020 in California. These fires were fueled by a combination of drought conditions, high temperatures, and strong winds. They resulted in the loss of lives, widespread destruction of homes and infrastructure, and significant environmental damage. The wildfires posed a serious threat to human safety, natural resources, and critical infrastructure, such as power lines and communication networks. One of the twelve technological/accidental hazards is a transportation accident. An example of a recent transportation accident is the collapse of the Morandi Bridge in Genoa, Italy, in August 2018. The collapse of this major highway bridge resulted in the tragic loss of 43 lives and caused significant disruption to transportation networks. This accident highlighted the importance of regular inspections, maintenance, and proactive safety measures to prevent catastrophic failures in critical infrastructure. An example of an adversarial/human-caused threat is cyberterrorism. Recent examples of cyberattacks include the Colonial Pipeline ransomware attack in May 2021, which disrupted the fuel supply on the East Coast of the United States, and the SolarWinds supply chain attack discovered in December 2020, affecting numerous government and private organizations. These cyber incidents demonstrated the potential for malicious actors to exploit vulnerabilities in critical infrastructure systems, leading to significant economic, societal, and national security consequences. Protecting against cyber threats requires robust cybersecurity measures, information sharing, and a proactive and adaptive approach to detect, prevent, and respond to such attacks.

https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/national-infrastructure-protection-plan-and-resources#:~:text=The%20National%20Infrastructure%20Protection%20Plan,achieve%20security%20and%20resilience%20outcomes.

https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years

https://calmatters.org/environment/2021/07/california-fires-2020/

2. The current state of critical infrastructure security and resilience owes much to the federal government’s National Infrastructure Protection Plan (NIPP). It is an all-encompassing strategy introduced in 2006 and revised in 2009 and 2013. The National Assets Protection Plan (NIPP) is a coordination and risk reduction strategy throughout the nation’s critical assets. It provides principles for collaboration between federal, state, local, and private sector institutions and assists in identifying and prioritizing essential infrastructure (Baggett & Simpkins, 2018). The plan contains risk management, information sharing, and incident management processes to protect vital infrastructure from cyber and physical attacks. The NIPP has been crucial in making the United States’ critical infrastructure solid and secure, and it is regularly updated to account for new risks.

 In homeland security, protecting civilians and vital infrastructure is of utmost importance. Natural disasters, acts of terrorism, cyberattacks, and other dangers to national security are examples of events and actions that pose risks. Effective risk management solutions are essential if we are to accomplish this mission. Identifying and mitigating risks can reduce the likelihood of suffering an adverse outcome. In this way, we can keep the people safe and keep their faith in our government and institutions strong. Comprehensive risk management requires cooperation between public and commercial organizations and the general population (Sadiq et al., 2019). Furthermore, the risk mitigation techniques’ effectiveness must be continuously monitored and evaluated. In conclusion, the safety and assurance of our nation depend on our proactive approach to detecting and managing threats. Doing so will help avert catastrophes and keep people safe.

Radiation is a significant technological risk that harms people and the environment. It is produced naturally and artificially in nuclear power plants and medical devices. The Fukushima accident vividly illustrates the terrible results of being exposed to radiation. The 2011 earthquake and tsunami damaged the nuclear power facility, which allowed radioactive materials to escape into the environment (Kamae, 2016). Long-term effects on public health and the environment necessitated the relocation of many individuals in the aftermath. The detrimental consequences of radiation exposure can be prevented or reduced using proper safeguards. Radiation-emitting medical equipment must be used correctly, and radioactive waste must be disposed of correctly. Nuclear power plants must undergo routine safety assessments. Taking these precautions will make the environment safer for everyone.

 It is crucial to keep in mind potential risks as we continue to navigate the ever-changing landscape of technology. Cyber attacks, which can involve everything from the theft of sensitive information to the entire takeover of computer systems, are among today’s greatest threats. The latest SolarWinds attack is a sobering reminder that no network is impenetrable (Leithauser, 2020). This attack affected a wide range of government organizations and significant corporations, highlighting the need for preventative measures against cyber attacks. Strong passwords and regular software updates are two of the best ways for individuals and businesses to protect themselves from cybercriminals. Keeping an eye out for potential cyber assaults and adopting precautions will help us avoid being caught off guard.

The proliferation of cybercrime is highly worrying and dangerous for our culture. As more and more of our daily activities become reliant on digital tools, so do the opportunities for cybercriminals to steal our data. There are many examples of this danger in the actual world, sadly. The Colonial Pipeline was shut down in May 2021 after a ransomware assault caused gas shortages and price increases along the East Coast (Hansbrough & Stephenson, 2021). Cybercrime can have severe consequences for our daily lives and essential infrastructure, as seen in this instance.

References

Baggett, R. K., & Simpkins, B. K. (2018). Homeland Security and Critical Infrastructure Protection. Bloomsbury Publishing USA.

Hansbrough, B., & Stephenson, E. F. (2021). Did Georgia’s Post-Pipeline-Hack Gasoline-Tax Suspension Lower Prices? Atlantic Economic Journal, 49(3), 321–323. https://doi.org/10.1007/s11293-021-09724-3

Kamae, K. (2016). Earthquakes, Tsunamis and Nuclear Risks Prediction and Assessment Beyond the Fukushima Accident (K. Kamae, Ed.; 1st ed. 2016.). Springer Nature. https://doi.org/10.1007/978-4-431-55822-4

Leithauser, T. (2020). CISA Issues New Warning About SolarWinds Breach. Cybersecurity Policy Report, 1–1.

Sadiq, A.-A., Tyler, J., & Noonan, D. S. (2019). A review of community flood risk management studies in the United States. International Journal of Disaster Risk Reduction, 41, 101327–. https://doi.org/10.1016/j.ijdrr.2019.101327

 ****ANSWER QUESTION 250 WORDS MIN****

Discussion Questions: 1) Discuss, in your own words, why critical infrastructure protection, security, and resilience are vital to the U.S. public confidence when considering the Nation’s safety, prosperity, and well-being.

2) Explain the consequences, as well as the impacts, of aging critical infrastructure failures. Be sure to summarize their ramifications for our nation’s citizens.

3) Identify and explain at least two key legislations, acts, and Presidential actions since 9/11, be sure to include one that occurred in the past five years. Do not write about the USA PATRIOT Act or the USA FREEDOM Act.

****REPLY TO EACH POST 100 WORDS MIN EACH****

1. Critical infrastructure protection is a key part in maintaining the publics confidence in the U.S. National Security apparatus for two key reasons.  The first is the simple fact that one of the key things U.S. citizens pay taxes for is the protection of the homeland, one of the primary missions of the Department of Defense (DOD), more specifically U.S. Northern Command who maintains that primary mission.  While protecting the homeland also includes deterring, and if necessary, defeating foreign threats it also encompasses protecting vital critical infrastructure from threats both domestic and abroad.  The second key reason that maintaining the public’s confidence in this effort is important is because that same critical infrastructure that needs to be protected and resilient enables each citizen to carry on with their day to day lives.  Whether it is running water, electricity, or interstates, all of these are critical infrastructure that if destroyed or degraded would have far reaching impacts on citizens across the country. 

The consequences of aging critical infrastructure have the same impacts on individual citizens as is described above.  While there are threats to critical infrastructure that originate from malicious actors, the maintenance of critical infrastructure can be just as serious of a problem.  The impact of a decaying roadway, water pipes, or hydroelectric dam is just as serious as that of a terrorist attack on any of these entities.  The only difference is that the cause of this is entirely on the United States itself, and blame can not be placed on some external entity.

In the wake of 9/11, there was a series of laws and executive actions put into place to better protect the homeland and address some shortfalls in national security at the time.  One of these was Executive Order 13231, put into place on 16 October 2001. Titled, “Critical Infrastructure Protection in the Information Age” this executive order directed the federal government to take appropriate action to identify and address vulnerabilities in information systems that would impact critical infrastructure.  This ranged from the digital control switches for power grids, to the air traffic control systems that had become reliant on computers and the internet.  Since 2001, the reliance on information systems has increased significantly, which also caused a sharp uptick in cyber vulnerabilities to these systems.  This led to the “Cybersecurity and Infrastructure Security Agency Act of 2018” (Public Law Number: 115-278) which amended the homeland security act of 2002 and established the aforementioned agency.  This law took elements of the DHS and formally established it as an independent agency whose sole focus is to lead all cybersecurity and critical infrastructure security programs.

2. A critical infrastructure can be described as a virtual or physical asset or system vital to the US that if suffered disability or destruction would have a devastating effect on security, national economic security, national public health or safety, or any mixture of those elements (NIST, n.d.). This list includes but is not limited to the transportation system, water and wastewater management, energy sources, and national cyber-security. These lifeline functions are vital to every US citizen’s everyday life. We count on the reliability of these systems to function and complete our own personal and business objectives. Protecting, maintaining, and providing uninterrupted service of these systems is vital to public confidence. An example of this can be found in 2017 when the Election Infrastructure became a subsector of the Government Facilities sector supporting a “free and fair” democracy – a foundation of the American way of life (Harrell & Sales, 2019). The partnerships built between the government and the private and public sectors are what maintain public confidence in the US critical infrastructure (Harrell & Sales, 2019).

An aging infrastructure does not only affect one sector of the framework of the American backbone. Each sector feeds off one another. For example, if the transportation sector is disrupted, the price of goods (the agriculture sector) may increase or even experience a slight influence. In turn, this can cause a strain on the US economic structure. In addition, an aging infrastructure has several consequences for US citizens. Not only does it impede our everyday activities, but it can possibly deteriorate, succumb to failure, and affect the health and well-being of us all. A decline in communication between friends and family can cause a decline in mental health of individuals. Without the public’s confidence in the infrastructure, the possibility of civil unrest and economic turmoil may increase. This economic turmoil may lead to higher consumer prices, water usage restrictions, and/or power outages across the nation. With all this uncertainty, the call for leadership and government change increases due to the public’s uncertainty and frustration (Little, 2012; p.7).

On November 5, 2021, congress entered legislation (US Code Chapter 53, Title 49) for the funding of programs for the Federal Transit Administration (FTA). Known as the Infrastructure Investment and Jobs Act, this program authorizes close to $108 billion for service transportation programs and other FTA programs. The focus of the legislation entails safety oversight programs, modernization of current infrastructure, addressing “greener” methods of transportation, and increasing the accessibility of transit service for more Americans (FTA, 2023).

In 2018, then President Donald Trump signed into legislation America’s Water Infrastructure Act. This act supports America’s competitive by increasing storage, protection from flood waters, deepening ports of interest, and maintaining the stability of inland waterways. The legislation further calls for an increase in local and stakeholder input while decreasing the “red tape” that has been experienced before (EPW, n.d

You have recently accepted a new position at a large hospital that specializes in critical care of cancer patients. Your supervisor, the CIO, has requested you create and present to upper-level management (C-Suite: CEO, CFO, CSO, etc.) a presentation on the various bad actors your organization may face in the near future. The CIO impresses upon you the need for additional funding to secure key systems in the network but cautions you against creating a state of panic as none of those attending have a deep understanding of cybersecurity.

Create a 10- to 12-slide digital presentation for upper-level management that explains the possible threats. Address the following:

• Research and identify the various threat actors of the digital world, including advanced persistent threats (APTs), cyberterrorism, script kiddies, cybercriminals, hacktivists, industrial espionage relating to intellectual property, and insider threats.
• Prioritize which threat actors would pose the greatest threat.
• Utilizing the article “The Role of the Adversary Model in Applied Security Research,” located in the topic Resources, include an adversary model to compare and contrast threats and adversaries related to each threat actor.
• Define insider threats and the problems associated, assumptions, goals, capabilities, favored techniques, and aversion to risk.
• Identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations, and aversion to risk.
• Must include a title slide, reference slide, and presenter’s notes.

Additionally, include graphics that are relevant to the content, visually appealing, and use space appropriately. 

Please respond to the following:

• Debate  whether the cost of utilizing ATOM for large projects is justified when  an organization has limited resources to dedicate to risk management  efforts. Provide a description that you would present to your managers  to persuade them to see matters your way.

Be sure to respond to at least one of your classmates’ posts.

Respond to student below

Yolanda Kennedy         

 4:10pm Sep 10 at 4:10pm          

The  answer cost of whether or not utilization of ATOM for large projects is  justified when an organization has limited resources to dedicate to risk  management efforts is difficult to provide a clear answer.  From a  business perspective, the cost of ATOM for large projects is justified  because larger projects correlate with a more intricate ATOM methodology  (ATOM-risk.com, 2023).  Therefore, whenever there is greater complexity  with a business process or function, it is expected that costs will be  higher .

            From the perspective of the smaller business or the  business with fewer available resources, the cost of utilizing ATOM for a  large project is likely not justified.  The reason for this is that the  cost for larger projects, as mentioned above, is higher.  A smaller  company or a company with  fewer resources likely cannot afford it  (ATOM-risk.com, 2023).  From this perspective, the cost would not be  justified.

            A description that I would present to your managers to  persuade them to see matters your way is the following: for larger  projects, the ATOM methodology is associated with higher costs because  of the increased size of the project.  Because of this, the ATOM cost  for larger projects also increases (ATOM-risk.com, 2023) .  However,  with that being said, the data or findings generated through the ATOM  with respect to risk management can help companies to save an incredible  amount of money in avoiding or better mitigating risks.  Therefore, the  cost savings create a significant and positive return on the investment  that the company spends on the ATOM methodology being used, which makes  the investment more than beneficial for the company it in the long run.

Reference

ATOM-risk.com. (2023). THe ATOM methodology. ATOM Risk. Retreived from https://atom-risk.com/atom-methodology/#1600443752039-c5ac53ca-1b1d