2. Government and cyber sector
Table of Contents
Propose cyberpolicytoensure the resiliencyof the U.S.Governmentandcritical infrastructure(week5)
Shaping the future cyber environment with respect to cyber security responsibilities………….2
Protecting critical infrastructure from catastrophic events……………………………………………………3
Engage internationally………………………………………………………………………………………………………….4
Secure federal network………………………………………………………………………………………………………..5
Executive summary………………………………………………………………………………………………………………6
3. Government and cyber sector
1
Propose acyber policy to ensure the cyber resiliency of the government
and critical infrastructure.
On a national and global level, cyber policy will play a major role in the way governments
will handle their critical infrastructure. The nation’s critical infrastructure provides the
essential services that hold the American society. Proactive coordinated efforts are necessary
to strengthen and maintain secure, functioning, and resilient critical infrastructure- including
assets, network, and system- that are vital to public confidence and the nation’s safety,
prosperity, and well-being.
The U.S. government needs a robust network system to function effectively therefore the
nation’s critical infrastructure which is complex and diverse must be operated by experts or
capable individuals. The infrastructure includes distributed networks, varied organization
structures and operating models (including multinational groups) interdependent functions
and systems in both the physical space and cyberspace, and governance constructs that
involve multi-level authorities, responsibilities, and regulations. Critical Infrastructure owners
and operators are positioned tomanage risks to their individual operations, assets, and to
determine effective strategies to make them more secure and resilient.
The infrastructure must be secure and able to withstand and rapidly recover from all
hazards. This will require integration with the national preparedness system across
prevention, protection, mitigation, response and recovery.
Securing critical infrastructure
4. Government and cyber sector
1a
The U.S. government has been overwhelmedwith cyber attacks from national and
international groups for several decades. In addition, many countries critical infrastructures
have become vulnerable to attacks over the years. Today many of the attacks are focused on
the U.S. government intellectual property as well as the private sector data. According to the
Assistance Secretary of Defense for Homeland Security in October of 2014,” said that the
United States would add deterrence by denial to more, retaliation-based approaches to cyber
deterrence”, he also stated that the biggest problem is that we don’t own the nation’s critical
infrastructure neither, of course does any other part of the federal government”Many of our
critical infrastructures are run by the private sectorso it is that both public and private
sectors strengthen their resilience in new realms, especially in continuity operation.
Cyber security issues have reached the multinational policy-making level in many
developed countries. It has been shown that countries such as Israel alongside with Sweden
and Finland have moved vigorously to tighten their networksystems when comparing many
other countries. Israel’s critical infrastructure protection policy has been built upon the
insights of defense establishment and evolved from a limited involvement with (IT) branches
of government, toward an early adoption of national security, the economy, and
international status.
5. Government and cyber sector
1b
The US government biggest concern must be towards tighter legislative policies and how
to enforce them. Some of these policies might be seen as responsibilities. Whatever way they
are viewed, they must be mandated as professional authorities. In order to establish some
resilience one must do the following:
Assess the threat landscape i.e. constant information sharing on a global level.
Evaluate the source of information by looking for properauthentication.
Develop protective doctrine and methods.
Integrate intelligence in all branches and agencies of the government.
Provide professional instruction in every office of both the private and publicsector.
Set standards and operating procedures for the benefit of supervised organization.
Develop technological expertise and cooperation with partners in the US and other
friendly nations.
Initiate and encourage research and develop defensive capabilities, in cooperation
with the defense community.
There are directives that have been established in the government that are national
policy on critical infrastructure security and resilience. The endeavor is a shared responsibility
among the Federal, State, Local, Tribal, and Territorial (SLTT) entities, and public and private
owners and operators of critical infrastructure. The directive refines and clarifies the critical
the critical infrastructure-related functions, roles and responsibilities across the Federal
Government, as well as enhances overall coordination and collaboration. The Federal
Government has a responsibility to strengthen the security and resilience of its own critical
infrastructure, for the continuity of national essential functions, and to organize itself to
partner effectively with and add value to the security and resilience efforts of critical
infrastructure owners, and operators.
6. Government and cyber sector
2
Shaping the future cyber environment with respect to cyber security
responsibilities
The future of our cyber environment rests on the measures that are taken in order to
create a safe place to live in. It is the duty or policy of United States to strengthen the security
and resilience of its critical infrastructure against both physical and cyber threats. The Federal
Government must work with critical infrastructure owners and operators and (STLL) entities
to take proactive steps to manage risk and strengthen the security and resilience of the
nation’s critical infrastructure, considering all hazards that could have a debilitating impact
on national security, economic stability, public health and safety, or any combination of
disasters. These efforts are approaches to be used for reducing vulnerabilities, minimize
consequences, identify and disrupt threats and hasten response and recovery efforts related
to critical infrastructure.
The Government must engage with international partners to strengthen the security and
resilience of domestic critical infrastructure and otherinfrastructure located outside the
United States on which the nation depends. It should address the security and resilience of
critical infrastructure’s interconnectedness and interdependency. The policy also identifies
energy and communications systems as uniquely critical due to the enabling functions they
provide across all critical infrastructure sectors.
Three important factors that will drive the Federal approach to strengthen critical security
and resilience:
Refine and clarify functional relationships across the Federal Government toadvance
the national unity of effort tocritical infrastructure security and resilience;
Enable effective information exchange by identifying baseline data and systems
requirement for the Federal Government; and
Implement an integration and analysis function to inform planning and operations
decisions regarding critical infrastructure.
7. Government and cyber sector
3
Protecting critical infrastructure from catastrophic events
It is important that the government work collaboratively with critical infrastructure
owners and operators to protect the nation’s most sensitive infrastructure from cyber
security threats. Working with industries locally and internationally by sharing information is
an important way to mitigate or reduce vulnerabilities among the private and public sectors.
Securing the nation’s infrastructure requires a networksystem with reliable data, also
individuals who are authorizes to operate with capable tools in any given time. Network of
information sharing must be locally as well as globally.
The Secretary of Homeland Security, in coordination with the Office of Science Policy
(OSTP), the SSAs, DOC and other Federal departments and agencies, shall provide input to
align those Federal and Federally- funded research and development (R@D) activities that
seek to strengthen the security and resilience of the nation’s critical infrastructure including:
Promoting R@D to enable the secure and resilient design and construction of critical
infrastructure and more secure accompanying cybertechnology;
Enhancing modeling capabilities to determine potential impacts on critical
infrastructure of an incident or threat scenarioas well as cascading effects on other
sectors;
Facilitating initiative to incentivize cyber security investment and the adoption of
critical infrastructure design features that strength all hazards security and resilience;
and
Prioritizing efforts to support the strategic guidance issued by the secretary of
Homeland Security.
8. Government and cyber sector
3a
The various branches of government must have capabilities of real time communication
by accessing accurate information at every levels of government. The communication system
and the way we communicate are continually evolving so that changes have allowed for
many to have faster and easier way to pass on information. Traditional communications
infrastructure and legacy substation devices are being phased out to make way for next
generation Ethernet and Internet protocol-based packet switch network(PSNs). The
transition to (PSNs) is the move toward smart grids. Packet transport’s high capacity is
required to handle the amount of fluctuating trafficgenerated by the advanced grid
applicationswhich can be seen in such intelligent powernetworks. Another approach is the
use of high- resolution internet protocol- based video surveillance equipment, as well as
wholesale and UTELCO services that provide broadband access for local business and service
providers. Many power utilities around the globe is planning the transformation of its
transmission and distribution grid into an intelligent (PSN) that can efficiently and reliably
handle a large amount of bidirectional or multidirectional data communications among
Internet Protocol supervisory control and dataacquisition (SCADA) systems, IEC 61850
intelligent electronic devices and other substation automation equipment.
Institutions such as the military, has been drawn to the new voice overIP-based technology
because of how robust, reliable, and flexible it is. The military is finding the voice over
internet protocol is an effective technology for secure collaboration and information sharing
on converge network- those that combine voice, videoand data. Defense organizations are
migrating from the isolated, point-to-point communications model of the past towards a
more agile, networked and collaborative environment. In the defense community, converged
networks running on an Internet Protocol (IP) infrastructure enable communications across
compartmentalized organization. Voice and data collaboration tools have been helping many
organizations in decision processes by allowing all parties to share and to evaluate the same
information at the same time.
9. Government and cyber sector
3b
The (VOIP) is becoming a more effective way to communicate. Standard bodies and
networking vendors are developing secure, collaborative (VOIP) technologies that will
support new defense applications, including security, priority and preemptions; policy
constraining communications, conferencing and collaboration systems; text-based instant
messaging; voice and video; shared whiteboard and applications; and location-based on a
geographic region.
In the past the problem voice communication networks have been plagued with security
issues, which included toll fraud, eavesdropping, call misdirection, identity misrepresentation
and information theft. Public sectorsuch as the military and some private sectors are high
profile target for hackers, which makes it necessary that the highest level of security must be
given to these institutions.
10. Government and cyber sector
4
Engage internationally
Because cyberspace crosses every international boundary, we must engage with our
international partners .We will work to create incentives for, and build consensus around, an
international environment where states and countries recognize the value of an open,
interoperable, secure, and reliable cyberspace. Oppose efforts to restrict internet freedoms,
eliminate the multi-stakeholderapproach tointernet governance, or impose political and
bureaucratic layers unable to keep up with the speed of technological change. An open,
transparent, secure and stable cyberspace is critical to the success of the global economy.
In each branch of government the roles are carried out because of carefully plan
regulatory policies. The legislative branch looks at the kind of cyber threats, who is it
targeting, why is the threats becoming a concern, and the type of impact it will have on
critical infrastructure. Because of these concerns, the government legislative branch will look
at strengthening the regulatory policies that now exist or remove those that are ineffective.
The judicial system shares information with the (CNCI) agency which interns help in
establishing strong and reliable regulatory policy. The sharing and the interpretation of
information help to create roles that are easily understood and able to follow.
Sharing Information
11. Government and cyber sector
5
Secure Federal network
Improving the security of all Federal networks by setting clear targets for agencies
and then hold them accountable to achieve those targets. Insist on developing better
technology through the process of research and development. This will enable more rapid
discovery and response to threats to federal data, systems and network. Some agencies that
are crucial in the network are as follows:
The Department of State in coordination with DHS, SSAs and the Federal department
and agencies, shall engage foreign governments and internationalorganizations to
strengthen the security and resilience of criticalinfrastructure located outside the
United states and to facilitate the overall exchange of best practices and lesson
learned for promoting the security and resilience of critical infrastructure on which the
nation depends.
The Department of Justice (DOJ), including the Federal Bureau of Investigation (FBI),
shall lead counterterrorism and counterintelligence investigations and related law
enforcement activities across the critical infrastructure sector. DOJ investigate,
disrupt, prosecute, and otherwise reduce foreign intelligence, terrorist, and other
threats to and actual or attempted attacks on, or sabotage of, nation’s critical
infrastructure. The FBI also conducts domestic collection, analysis, and dissemination
of cyber threat information, and is responsible for the operation of the National Cyber
Investigative Joint Task Force (NCIJTF). This organization serves as a multi agency
national focal point for coordinating, integrating, and sharing pertinent information
related to cyber threat investigation, with representation from DHS, the Intelligence
Community (IC), the Department of Defense (DOD), and other agencies as
appropriate.
12. Government and cyber sector
6
Executive Summary
Technology has become interconnected that everyone is now exposed to the pros
and cons of this latest contribution to society. In the last thirty years, our society has become
bombarded with new ways of communication, transportation, and visualization. As a result,
the computers that we use are either stationary ormobile. Along with this sophistication,
come all kinds of draw backs. People who use wireless telephone are more exposed to
vulnerability. Most of us today make transactions online as a result, everything we do and say
is being watched by those who are ready tocreate malicious acts.
Hacker