1 / 22

John W. Bagby Prof. of IST Penn State

Critical Infrastructure Inter-Dependencies: Developing Professionalism in Cyber-Security Standards to Achieve the Economic Prosperity Essential to National Security. John W. Bagby Prof. of IST Penn State . Overview. Critical Infrastructure Protection = CIP

kalin
Download Presentation

John W. Bagby Prof. of IST Penn State

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Critical Infrastructure Inter-Dependencies: Developing Professionalism in Cyber-Security Standards to Achieve the Economic Prosperity Essential to National Security John W. Bagby Prof. of IST Penn State

  2. Overview • Critical Infrastructure Protection = CIP • Critical Infrastructures & Key Resources = CIKR • 85% of CIKR owned/controlled by Pvt. Sector • Freq. Cited: ‘02 Nat’l Strategy Homeland Security • Cyber-Infrastructure Impact: Cross-Cutting • Transaction Processing, Communications, Control • Major Unresolved Challenges: • Defining Critical Infrastructures; Provisionally: basic facilities, services, and installations needed for functioning of community/society, e.g., transportation & communications, water & power lines, schools, post offices, prisons • Developing Effective, Acceptable Institutions • Develop Nat’l Competencies to facilitate Planning • But, then coordination is likely soon to follow

  3. CIP Goals - Avoid Disruption • National Defense • Continuity of Government • Economic Prosperity • Quality of Life • Recognize CIKR are Most Likely Terrorism Targets

  4. Running Themes • Lack of Coordination within & between Sectors • CIKR Suffers Fragmentation: • Ownership, Control, Responsibility • Tradeoffs in Nat’l Priorities • Liberty, Private Property, Markets, CIP • Political Compromises • Cyber-Infrastructure is Most Critical/Key

  5. Tortured Policy Development for Critical Infrastructures • Evolved from vague concept before ‘90s of public works, form of public goods • Through EOs & Pres. Directives in ‘90s • E.g., EO 13010 (‘96), PDD 63 (’98) • Enshrined in legislation: • Critical Infrastructures Protection Act (CIPA; from ’01 PATRIOT Act) • Homeland Security Act of ’02 • Still Evolving

  6. What are Critical Infrastrucutres? • “Infrastructures” E.O. 13010 (7.15.96) • Framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of products and services essential to the defense and economic security of the U.S., the smooth functioning of government at all levels, and society as a whole • “Critical?” E.O. 13010 (7.15.96) • “certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the U.S.” • CIPA’s Critical Infrastructures: • “…systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

  7. What are Key Resources? • Catch-All for Other Important Things • Targets if destroyed would create local disaster or profoundly damage Nation’s morale or confidence, including symbols, historical attractions, national, state, or local monuments & icons • Classic Examples are National Icons • Statue of Liberty • Emotional Inspiration • But note symbolism important to terrorism in: • World Trade Center as Center of Capitalism (Financial Mkts) • Pentagon as Symbol of US National Might

  8. Initial (now evolving) List of CIKR • Telecommunications • Electrical power systems • Gas & oil storage & transportation • Banking and finance • Transportation • Water supply systems • Emergency services: medical, police, fire, rescue • Continuity of government

  9. Granularity of CIKR • Added Later: • Cyber-Infrastructure • Defense Industrial Base • Chemicals • Postal & shipping services • Standard Industrial Classifications (SIC) • Scoping CIRK is THE challenge of I/O Analysis • Role of “Lead (Regulatory) Agencies” • Coordination • Information Sharing • Research, Enhancing Capabilities

  10. The “Lead Agencies”

  11. An Evolving Scope: Defining Critical InfraStructures • Fragmented Historical Development • Presidential Decision Directive 63 (PDD 63) • Executive Order 13o10 • USA PATRIOT Act • Homeland Security Act • National Strategy for Homeland Security • National Strategy for Physical Infrastructure Protection • Homeland Security Presidential Directive No. 7 (12.17.03, HSPD-7)

  12. Risks/Benefits of Cooperation • Information Sharing as Root Cure • Identifies threats, promulgates responses • Implementation through Coordination using various “Authorities” & Institutional Structures • ISACs as the Central Information Node • ISAC Model Based on Center for Disease Control (CDC) • CIP Progress Somewhat Less Impressive • Risks of Cooperation • Signaling Vulnerabilities • Revealing Confidences, Undermining IP, Competitive Intelligence • Coordination ends in Collusion: “Contrivance Against the Public” • Untoward Merger of Government & Business

  13. Interdependency Analytical Tool: I/O • Input-Output Analysis: Matrix Tables • Purpose: • Identify Interdependencies • Develop Policy with Derived Insights • Deployed matrix algebraic (simultaneous equations) linking of economic sectors • Depicts all flows of goods, services in an economy • Technique depends on robust & accurate record of inter-industry transaction flows • Sources: Commerce Dept., Trade Assns, Financial Discl.

  14. Wassily Leontief • Russian-born, German educated, American academic Economist • Harvard, NYU (’75-99) • B:1906; D:1999 • Received the 1973 Nobel Prize for this Groundbreaking Work • The Structure of American Economy, 1919-1939 (NY; Oxford Univ. Press, 1951) • Inspired modern work, large-scale empirical macro-economics

  15. Interdependency Analytical Tool: I/O • I/O Traditional Usefulness • Planned & Developing Economies • Central Control Device • View Big Picture: Forest, then Each Tree • I/O Traditional Limitations • Planned & Developing Economies • Central Control Analytic Device • Sensitivity Analysis for Substitutes

  16. Advantages: I/O Application to CIP • Reveals inter-dependencies & sensitivities of links among economic sectors • Considerable experience in infrastructure planning by local, municipal, regional planning authorities • Deployed Increasingly by civil engineering to develop forecasting models for transportation & public works infrastructures • Recent applications to risk assessment of critical infrastructure vulnerabilities • Shows promise where public sector orchestrates other infrastructure inter-dependencies deploying control or regulatory structures of central planning

  17. Disadvantages: I/O Application to CIP • Primarily relegated to developing or planned economies & some US regional/urban planning • Predictable resistance from free-market economists & conservative ideologues preference for ltd. Govt. • Sensitivity Analysis Adjustment Difficulties • Challenges in Varying Input Substitutes • Resolution of CIP coordination problem undermines need for a central (govt) authority • However, authority necessary for public policy implementation of CIP derived from I/O analysis

  18. Dawning of Some Success in Applying I/O to CIP; a/k/a IIM • Civil Engineers & Regional Planners: but not Economists • I/O Application to narrow CIKR contexts • a/k/a - inoperability input-output model (IIM) • EX: recent 2000s particularly 2008-2009 • Journals: • J.Infrastruct.Syst.; J. Homeland Sec.& Emerg. Mgt.; Syst.Eng.; Int’l.J.Log.Mgt. • Treatise & Visualization Device: • Macaulay, Tyson, Critical Infrastructure: Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies, CRC Press, ‘09 • Macaulay, Tyson, U.S. Critical Infrastructure Interdependency Wheel ’09 • Sectors & Contexts: • GeoSpatial, Electric Pwr, healthcare, Disaster, Inter-Regional Interdependency Mfg. Supply Chain, Counter-Terrorism

  19. Challenges of Applying I/O to CIP • Accurate & Complete Data Collection • Long live the Commerce Dept! • Host of I/O Technique Assumptions • Sensitivity Analytics for Substitutes requires robust micro-economics • Antitrust, econ-regulated indus. (FCC, CAB, ICC) • SIC Granularity Needed • Many More Evaluation Tools are Needed

  20. Macaulay’s Critical Infrastructure Interdependency Wheel

  21. Macaulay’s Critical Infrastructure Interdependency Wheel

  22. Interim Observations • Cyber-Infrastructure is the Key Cross-Cutting CIKR • IT Governance lies at the Heart of the Threat Analysis, Remediation & Safeguarding for Cyber-Infrastructure • Development of an Environment of Professionalism for IT Professionals Promises to Contributes Most to Cyber-Infrastructure Protection • Development of Coherent IT Professional Duties Will Contribute Most to CIP

More Related