Monday, May 20, 2019
Cybersecurity for Critical Infrastructure Protection Essay
Cyber bail entails safeguarding of computer networks and the information that it carries from self-appointed access and malicious disruption or damage. This is beca routine the use of networks has become common in businesses and government activities, and any(prenominal) tampering can caseful serious consequences for the stirred bodies. A question is what degree do the security bridge has to critical radical. Analyses of unconventional and asymmetric round downs assume that potential opponents would use cyber weapons.Such opponents could employ the use of conventional nation state and non-state actors opponents. Initially, cyber weapons were considered interrupt because of their asymmetric attacks because of the low cost, which results in damaging close to indefensible parts that argon found in most of the computer networks may be disastrous as kinetic or blast weapon. Digital Pearl Harbor a term that appeargond in mid-1990s, when profits was commercialized and frequently used came to birth. The scenario in this picture is that the world would plunge into disaster due to the entree of hackers.Some of the results that were predicted to be associated with the Digital Pearl Harbor include open floodgates, blackness, poison water app remove and planes crashing. However, in that location is no cyber attack that has produced such disastrous results. Such talk arose due to lack of expert mind, how softw ars operate, and the operation of other complex system. To determine the extent of risk that is posed by computer networks and its vulnerabilities, it requires an estimation of probability that pull up stakes damage critical infrastructure in certain ways that leave alone affect the national interest.Hence, it direction that there should be sequential or simultaneous events that mustiness occur for a digital attack in the cyberspace to confound physical effect. Computer networks are usually the vulnerable part, and not the critical infrastructure that these networks accommodate or brook. Infrastructures are strong and brisk and are dependent of absorbing damages that are associated to terrorism, natural disasters and climates. This means that the issue of cybersecurity in the stadium of terrorism is usually overestimated.By saying so, it does not mean that planning of critical infrastructure protective cover should not be in place. In planning for the measures that should be include in planning in the CIP, first as the computer networks increase, their vulnerabilities also increases. Secondly, another method that can be employed by the assaulters is attacking the storage parts of the networks instead of the networks itself. The networks are penetrated, collect-required information and monitor changes without creating any suspicion and when they are suspected, the databases and networks that support important activities are disrupted.Political Context for Cyber security and CIP In the end of 1990s, cybersecurity polici es were dominant and there were frequent discussions on the issue of critical infrastructure protection. Nevertheless, currently there is a minimal understanding by the federal that the initial issues that were associated with the use of internet and network connectivity were overemphasized. This overemphasis was due to several factors that range from the demonstration of network to the Y2K (Philemon 2005, pp. 70).Y2K was associated for previous programming errors which IT experts believed that world would plunge into chaos at the mid night of the parvenue Year, thus brought most attention to the world of cyber security. American government as been associated with risk-averse policies since the 1970s. This is because there is a button in terms of confidence of governing elites, decrease in public trust and a retributory and partisan political environment. Hence introduces plans, policies, and various strategies for critical infrastructure protection.This political change bring s in better understanding of cybersecurity and critical infrastructure protection. Hence, planning for critical infrastructure protection requires an assessment of risks that are capable of damaging attack. An individual who is risk aversive may estimate the probability of damage attack to be higher when compared to a neutral individual (Davis 2003, pp. 33). Assessing Risks In determination of the significance of cybersecurity for critical infrastructure protection, it must begin with estimating the risk. This method so far has proved difficult to incorporate.The better method is neutrally analyzing previous attacks and recognise better ways of knowing it causes and consequences that were associated. This will enable the estimation of likelihood that a potential attacker will concentrate on a particular target. In addition, it is able to predict the type of weapons that will be used. This involves understanding the motive of the attacker, strategic role, capabilities, preferences, goals and experience. This will weigh the capabilities and goals of the attacker against potential infrastructure vulnerabilities (Davis 2003, pp. 33 34).The definition of risk is how much of threats that a society or government could withstand and relies on the grandeur of the security. Homeland Security policy states that it is difficult to eliminate all risks, but requires priorities that will reduce the touchstone of risks that are associated with cybersecurity. Risks that are associated to cybersecurity can be grouped into three parts risks that can cause injuries or death, affects the economy or reduce the potentiality of military. So far, there are no issues or threats that are associated with the different groups (Keith 2005, pp. 66). Critical Infrastructures and Computer NetworksUnited States has a long list that identifies critical sectors and includes agriculture, health systems, banking and fiance, IT and telecommunication, energy, industries, and transportation. To the Federal government the issue of cybersecurity is not serious to them. An infrastructure is said to be critical since it is able to experience around standards of national interest. To meet these different standards, there is usually an implicit assumption that disruption of the infrastructure would reduce flow of services and goods creating hardship resulting to impeding of government economic operations.To understand the relation betwixt cybersecurity contributions to the critical infrastructure protection, two additional concepts of location and period can be introduced (Keith 2005, pp. 66). Location and while helps in understanding that cybersecurity is not a concern to critical infrastructure. Those issues that takes time to show problems, usually gives time for the alter organization to identify solutions and organize and in marshaling resources to respond to the issue, hence, does not present a crisis.The capability of industries to respond to the problems through in novation and creating alternative technologies or solutions means that those infrastructures that had disruption and did not posses immediate danger, results in minimal effect to the economic, national security and life in general. National infrastructures are geographical distributed which means that they are not critical in nature. This means that larger infrastructure provides critical supports to key political functions and economic, and not the entire industries or networks.This means that there are few networks that are national in nature and at the same time are usually mutually dependent. Networks that are associated with telecommunications, finance and galvanising power are most critical because of its interconnectedness, economic health and national scope. An example is the Fed electrify that supports banking, if it is attached it may cripple the banking sector form sometime, but the Federal Reserve have genuine means to harden the Fed Wire. net as a Critical Infrastr ucture With the help of cyber weapons, the Internet can to some point be attacked.However, the Internet is a shared network that if attacked will touch on both the target and the attacker. An attacker can calculate that the US economy may be most affected and the attacker may use back ups of some sort, giving it a temporary advantage. Internet is robust and is able to operate even if the Soviet Union and United States exchange nuclear weapons. Its computer architecture and design enables it to survive and withstand all these problems. With packet switching, the Internet can redirect the messages and at the end of the day arrives or are directed to the required port.The capacities of the internet to operate is due to the addressing system which is multilayered, alter and has the possibility of operating even if it means it will take days to update the routing table. The core protocols that are employed by the internet are vulnerable to attack. An example is the Border Gateway Proto col BGP that is amenable for routing traffic, has been tested and it is vulnerable to attacks but the attacker has to face the redundancy, which is associated with thousand of subsidiary networks in the Internet (Davis 2003 pp. 33 34).So far, there is only one case that has between witnessed, in 2002 there was an attack to the Distributed self-discipline of Service of eight out of the 13 important root servers, which govern the addresses of the Internet. The attack did not cause a lot disruption but it is believed that if it could have taken a longer time it would have degenerated the Internet. Since the 2002 incident the DNS system has been strengthened through dispersing the root servers to different places, using new softwares and employing routing techniques. Hence, the new redundancy that has been employed has drastically reduced the issue of shutting down the DNS.In addition, the complexness that is associated with estimating the actual cost makes planning for critical infr astructure protection difficult. Most estimates that are associated with cybersecurity are misinform or overestimated. To obtain the amount of damages that are caused by cybersecurity, a sample is estimated and then it is extrapolated to the affected population. Analysis of the impacts and effects of cybersecurity estimates should be analyzed by statistical analyses and economic losses should not be received in face value.Importance of the cybersecurity in protecting critical infrastructures other than electrical power, telecommunications or finance, rests on the believe that the critical infrastructures are dependent on the computer networks for them to be able to operate. In such perspective the computer network specifically are vulnerable but the infrastructure that they support are not vulnerable (Philemon 2005, pp. 70 75). An example of a distractive cyber attack was the clink worm. It effects affected automated teller machines (ATM) across the northwest making 13000 to be o ut of service.Many analysts belief that the Slammer was a damaging cyber attack, but in national perspective, it had small impact since other parts of the land operated normally. Furthermore, the Slammer Worm only affected one bank and its ATM services. In this case, the customers of the bank suffered some inconveniences the bank lost revenue and spoilt their reputation giving an advantage to the cybersecurity conscious competitors. Potential opponents in terms of nation-states may employ the use of cyberspace. When they gathering intelligence information will prompt them to attack and penetrate the U.S. computer networks. When a conflict occurs between different states, information, skills and access to crucial infrastructure will be used to disrupt important information system. Risks that are associated with espionage and cyber crime are real for firms, agencies and individuals. References Davis, J. (2003). study Technology Security Threats, smart York Barrons Educational Serie s, pp. 30 34 Keith, J. (2005), Plans and developments in Computer Networking, New Haven Yale University Press, pp. 66 Macklin, M.(2007), Computer networking Implementation and Security, Jakarta Cambridge University Press, pp. 45 49 Peter, K. (2001). Cyber Security and CIP, Australia Fontana Books, pp. 120 121 Philemon, M. (2005), Development of Computer Systems and Terrorism Threats, Stanford Stanford University Press, pp. 70 75 Rachael, L. (2003), Critical Infrastructure Protection, New York New York Publishers, pp. 13 16 Richard, Z. (2005), Management and Information Technology, London Oxford University Press, pp. 60 61
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.