This is Part 2 of the two-part series on protection of the critical national infrastructure. Missed Part 1? Read Threats to the Critical National Infrastructure and Modes of Protection: Introduction and Overview.
By John Vacca
Regardless of size, degree of cybersecurity risk, or cybersecurity sophistication, it is paramount to apply the principles and best practices of risk management to improving the security and resilience of the critical national infrastructure. Key to the success of this program is the ability of a nation to interact with a broad constituency, in order to ensure that the program is consistent with the protection of the critical national infrastructure objectives related to or impacted by information security.
For example, China, Korea, Russia and Iran (The Gang of Four), have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies. Between July and October of 2014, a Chinese hacking group that has been linked to the Chinese army in Hong Kong, appears to have infiltrated a decoy power utility infrastructure system in a U.S. city. The system, also known as a honeypot, was set up by an undisclosed U.S. government critical national information security infrastructure research project. The infiltration is evidence that hackers are turning their attention to critical infrastructure industrial control systems.
Recently, a dozen honeypot industrial control systems drew a large number of intentional attacks from 38 countries, according to the FBI and Homeland Security. Of those, 31 managed to take over the system entirely. The undisclosed U.S. government critical national information security infrastructure research project that set up these honeypots recently released telling information: it is likely that power utilities and other infrastructure facilities using industrial control systems have been successfully compromised, but these facilities may not have been aware of these breaches.
Taking multiple approaches to cybersecurity, through the assembling of the standards, guidelines, and practices that are working effectively in industry today, is paramount in protecting the critical national information. Moreover, because a nation has globally recognized standards for cybersecurity, these multiple approaches can also be used by organizations located outside the United States, and can serve as a model for international cooperation on strengthening critical national infrastructure cybersecurity.
John Vacca is an information technology consultant, professional writer, editor, reviewer and internationally-known, best-selling author based in Pomeroy, Ohio. Since 1982, John has authored 77 books , including Computer And Information Security Handbook, along with the three additional derivative books that go with it: Managing Information Security, Network and System Security and Cyber Security and IT Infrastructure Protection; and, has written more than 600 articles. John was also a configuration management specialist, computer specialist, and the computer security official (CSO) for NASA’s space station program (Freedom) and the International Space Station Program, from 1988 until his retirement from NASA in 1995. In addition, John is also an independent online book reviewer. Furthermore, John was one of the security consultants for the MGM movie titled: “AntiTrust,” which was released on January 12, 2001. Finally, John can be reached at firstname.lastname@example.org and at www.johnvacca.com.