Response to the following discussions from classmates (X5) with approximately 150 words or more each. Include a reference to each response. Be thoughtful and insightful and it must demonstrate critical thinking and analysis.
1. Thanks for your post, you did well to make note that: A nation has useful sectors and entities that are very vital but not infrastructure. These entities play a significant role in a nation, and it is difficult for a nation to do without them as they affect other sectors. In this category, there are entities that will normally fall under the chemical sector. These entities are the likes of; consumer products, pharmaceuticals, agricultural chemicals, specialty chemicals and even basic chemicals....
Now, long these lines, please consider that the example of agriculture and food production...If those particular entities were to collapse and fail, the American public could enter into a stage of starvation. This starvation could lead to riots, looting and a complete loss of control of the American society. Many people look at critical infrastructure as you described it to me and it makes perfect sense. This is a very important life line, not just for the American people but all humans all over the world. Most would think that something structurally sound would be considered to be something critical but in reality it may not be. Your thoughts?
2. Critical infrastructure refers to assets of physical and logical systems that are essential to the minimum operations of the economy and government; these include a vast array of industries found in the governmental and private sector (Radvanovsky & McDougal, 2013). These systems could be defined as critical if the incapacitation of it were to affect national security, or public health or even economic security.
While Public and Private can both be entities that provide what can be defined as critical, it may not necessarily be considered an infrastructure. An entity that is critical but not an infrastructure could be a public-sector entity that ensures compliance with applicable laws, or even an entity that provides support for IT components of an infrastructure that is deemed critical. An example of a governmental entity that is critical but not an infrastructure is the Office of Infrastructure Protection(OIP). OIP leads and coordinates national programs and policies on critical infrastructure security and resilience (Staff, n.d.).
There are 16 critical infrastructures sectors listed on DHS website, and 19 within the book. However Just because a particular asset is within a critical sector, does not mean it will be considered a critical asset. The transportation sector is a critical infrastructure, but this does not necessarily mean every road is a critical asset since an asset will be dependent upon its effect on a given system.
Similarly, agriculture and food production are a critical infrastructure according to P.L. 107-56 (Radvanovsky & McDougal, 2013). However, this does not mean McDonald's distribution system that provides food and supplies to its franchise owners is a critical asset, as a disturbance within their supply chain would not incapacitate or harm national security, public health (would likely help), or economic security.
3. After reading the text and the definition, it is hard to say that an entity that is critical would not be infrastructure. "The term critical infrastructure refers to assets of physical and logical systems that are essential to the minimum operations of the economy and government. They include...telecommunications, energy, banking and finance, transportation, water systems, and emergency services, both governmental and private" (Radvanovsky, 2016, p. 2).
Through the analysis of the text, this also includes critical support to members of that society, not just the economy or government. Therefore, designating an entity as critical automatically places it within the infrastructure of that society. This designation may have different definitions in different locations in terms of what is critical but once defined as such it becomes part of that locations infrastructure.
The criticality of an infrastructure is dependent upon several variables. First, what may be considered critical infrastructure in one location is not in another. The text describes this through the example of energy for heating homes. In hot humid environments, this is not a critical infrastructure.
However, as you move to colder climates, this criticality rises. The same can be said during seasonal changes, as colder weather moves in, criticality of this infrastructure rises. One question that is asked to determine if an infrastructure is critical would be, "Is the infrastructure necessary for the preservation of life or the continuation of a society" (Radvanovsky, 2016, p. 7)? If it does not, it may not be considered critical. Does this entity only operate in one community or does it span throughout a larger regional base? This will affect whether it is considered critical at a local, regional, or national level.
Is the entity a standalone entity or does it operate with the cooperation of several entities? This is important to know because if it is a standalone entity and it fails, production is completely lost. However, if it works in cooperation with other entities, production loss can be mitigated by the other entities involved.
4.Some unique problems that are associated with the creation of critical infrastructure networks include the reliance on a network for a facility or an entity to maintain operational capability and the problem of risking information from being compromised.
I only have a few years of experience in the field of cyberspace and from my personal experience, the two main issues are ensuring that redundancy is protected in the event that one part of a network goes down and then the need to safeguard the network from adversaries. There is also a need to understand what is considered key terrain in cyberspace which has proven to be a difficult task for many network owners. These are only a few examples of unique problems associated with this new form of critical infrastructure.
Critical infrastructure protection (CIP) and critical infrastructure assurance (CIA) both benefit from these networks but they also can be hindered in some aspects.
The most significant benefit is that it adds additional security, makes facilities more efficient, and limits human error for some things. Negative aspects of a network when it comes to CIP and CIA include the scary truth that anyone willing to watch a YouTube video for a few hours and has a computer with internet access can successfully infiltrate a network and gather information or manipulate the system.
If an adversary can access the network, human error does not seem to be the biggest concern anymore. "The concept of cyberterrorism has approached the forefront of many critical infrastructure issues" (Radvanovsky & McDougall, 2013, p. 17). This is important to consider when preparing for a possible attack or when trying to make sure the service is able to continue at all times. It is also worth noting that terrorists are not the only threats within the cyber domain. State and non-state actors, hacktivists, and independent cybercriminals are only a couple threat that have the capability to target critical network infrastructure.
5. A unique problem with the creation of critical infrastructure networks is the threat cyberterrorism poses. Cyberterrorism is defined in many ways by different agencies just like the term terrorism. For example, the Federal Bureau of Investigation (FBI) defines cyberterrorism as "The premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents" (Elmusharaf, 2004).
However, the "National Infrastructure Protection Center (NIPC), within the Department of Homeland Security (DHS) in the United States, defined cyberterrorism as a criminal act conducted with computers and resulting in violence, destruction, or death of targets in an effort to produce terror with the purpose of coercing a government to alter its policies" (CRS, 2003). Regardless of the definition, cyberterrorism poses a significant risk to critical infrastructure networks.
Cyber-attacks on critical infrastructure networks are cheap and very efficient. They are also challenging to track due to the growing digital world and the assistance of websites that hide their IP addresses. Another advantage is the lack of physical barriers and the amount of people they can effect. A great example is a recent cyberattack on Equifax. Equifax is one of the three most significant credit bureaus in the U.S. This attack affected more than 143 million people by compromising their Personally Identifiable Information (PII) and some of their credit card information.
Fragility is another problem associated with the creation of critical infrastructure networks. "Fragility can be described in terms of the propensity of something to fail" (Radvanovsky & McDougall, 2013 pp.19). Fragility is divided into the following categories:
1. Design of objects;
2. Natural fragility; and
3. Cyclical fragility.
Design of objects is the amount of effort spent on creating the network. If you don't spend time on a network and do not have quality assurance in place to test the network, then it has a higher propensity for it to fail. Natural fragility refers to how the network will respond to the environment.
An example would be a computer located in a high heat area with no ventilation. The result would be the computer overheating and shutting off. Lastly, cyclical fragility is "the concept of systems being sustained by the efforts of various inputs, the concept of capacity and demand attempting to maintain a level of equilibrium, and finally the fragility that is intrinsic at each point of time within the system" (Radvanovsky & McDougall, 2013 pp.20)