1. Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004

2. HW #3 Review (Mean=35)

3. Threat  Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, adverse modification, and/or the denial of service.  Examples: Hackers, electrical storms  Need to know likelihood of threats  Sources: National Information Systems Security (INFOSEC) Glossary, NSTISSI No. 4009, Aug. 1997) - generalized form of it

4. Vulnerability  Weakness in a system, or its components (e.g., system security procedures, design, controls) that could be exploited by a threat  Examples: Software bugs, structural design

5. Risk  The likelihood that a particular threat using a specific attack, will exploit a particular vulnerability of a system that results in an undesirable consequence  Risk Assessment  Process of analyzing threats to and vulnerabilities of a system and the potential impact the loss of system would have.  Resulting analysis is used as a basis for identifying appropriate and cost-effective counter- measures.  Computing expected loss functions

6. Risk Management  The process concerned with identification, measurement, control and minimization of security risks in systems to a level commensurate with the value of the assets protected.

7. Leaders Organic Essentials Infrastructure Population Military Classic Warden Defense Model

8. Military Phys. Infrastructure Leaders Population Econo-Tech. Infrastructure New Defense Model

9. Strategic Objectives of Plan  Identify and protect infrastructures and assets most critical to society  Provide warnings for specific, imminent threats  Over time protect other assets through federal, state, local gov’t and private sector collaboration  Homeland Security a “Shared Responsibility”  Source: “The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets”, White House, Feb 2003.

10. To Achieve Strategic Vision  Understand motivation of enemies  Understand preferred tactics  Comprehensive assessment of:  Assets and vulnerabilities  Challenges of mitigating risk  Key assets may not be part of critical infrastructure but affect prestige, morale, confidence (e.g. WTC, Golden Gate Bridge)

11. Effects of Attacks  Direct - loss of service  Attack on a critical node, system, function  E.g. bridge  Indirect  Attack leads to behavioral/psychological  Exploitation  Using one to destroy another  May involve interdependencies

12. Guiding Principles  Assure safety, confidence, service  Responsibility, accountability  Collaborative partnerships govt/industry  Market Solutions where possible  Information sharing  International cooperation  Development of technology and expertise  Safeguard privacy and freedoms

13. Responsibility Chain  Federal Govt - oversee & coordinate, set policies, ensure 3 strategic obj’s  State and Local - identify and secure their assets, emergency response, act as central points for requesting help, coordinate information flows  Private Sector - owns most of CI  Continue to perform RA/RM, reassess  Help identify vulnerabilities of national concern

14. What’s Missing?  Anything non-terrorist  Natural disasters  Accidents  Focus on terrorist-based attacks, while timely, is short-sighted given the range of threats and vulnerabilities to CI

15. Interdependencies  A new emphasis on critical infrastructures  PDD-63 in 1998 after Oklahoma City  Generally worried about hackers interfering with operation of physical infrastructures  Use of digital to disrupt physical suggests interdependency  There are many non-hacking interdependencies  Natural events can exploit them too  Perhaps can be better understood and managed with information systems

16. Key Questions  What tools can be used to predict?  How can everyday operation be balanced with security concerns?  What are performance measures?  Who are stakeholders?  How to deal with risk and uncertainty?

17. Complex Adaptive Systems (CAS)  Collective, systemic behavior emergent  I.e. follows patterns that result from, but not predictable from, nonlinear interactions with a large number of subsystems  Capabilities change over time  Greater than sum of its parts  May be possible to model/ manage/ understand via agent-based systems  Software systems where simple decision rules are followed and tracked via information given to them

18. Six Dimensions of Infras. Interdependencies (Rinaldi)  Infrastructure environment  Coupling  Response behavior  Failure types  Infrastructure characteristics  State of Operation