Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Response to Questions on Critical Infrastructure

Q1

The emission of poison or toxic chemicals in the water system is a form of cybersecurity. According to Forbes, water and wastewater systems are among the most vulnerable cybersecurity sectors in all other critical infrastructural sectors in the United States (Magill, 2021). The magazine provides that foreign and domestic forces use many cybersecurity attempts on the water system to launch multiple-stage intrusion campaigns. For example, hackers managed to access the operations technology system used by a water treatment plant in Oldsmar, Florida (Magill, 2021). The attackers increased the amount of sodium hydroxide in the plant from 100 parts to 11100 parts per million (Magill, 2021). Increasing the amount of sodium hydroxide interferes with the pH and corrosiveness of metals like lead in the water system. Besides, the illegal entry into the computer system of the plant demonstrated a deadly attack on any other system. The emission of poisonous chemicals or adding too much concentration of the same compounds used to purify water affects the health of people. The danger of cybersecurity in the water system goes further than the health implications for individuals within a given area. Therefore, implications denote otherwise avoidable occurrences when measures are enacted in time.

Moreover, the water infrastructure can be affected by weaker passwords that cause access to the data system and programs used in the treatment and billing plans of an agency. While America’s Water Infrastructure Act provides that there should be cyber resilience and emergency response plans for all water systems, the vulnerability caused by weaker passwords deteriorates the full functionality of a water system (United States Environment Protection Agency, n.d). In January 2021, NBC News, a hacker logged into the water system of the Bay Area in San Francisco and deleted the programs used to treat drinking water, posing threats to the residents using the water (Collier, 2021). An incident such as that posed a threat to the consumers taking contaminated water due to failed treatment (Collier, 2021). It can similarly occur when the system logins are accessed and used to change the billing systems of the consumers. It indicates that cybersecurity threats are used in this critical infrastructural domain. Therefore, resilience and more aversive measures are needed to prove all water systems against digital attacks.

The Environmental Protection Agency (EPA) is responsible for overseeing the safety of water systems in the United States. Through the agency, the policies and laws such as America’s Water Infrastructure Act (AWIA) passed in 2018, successfully securing the water systems are to be guaranteed (AWIA, n.d). The agency emphasizes compliance and regulations of water taken by the public at all costs throughout the country. One of the stipulations of AWIA is that if any water system serves approximately 3300 people, it should have a risk and resilience assessment and emergency response plans (AWIA, n.d). Such a stipulation is highlighted in the two examples of Bay Area and Oldsmar treatment plants. The ability of the water system to bounce back relies on robust approaches offered by risk and resilience assessment standards in the plant. On the other hand, the roles of politicians in the cases of cybersecurity include making and amending laws that benefit the citizens (Hausken, 2020). It takes the participation of the politicians, technical operators and managers of these water systems to avert threats caused by cybersecurity issues. In summary, EPA must be diligent and proactive about cybersecurity issues in water infrastructure.

Q2

The specific components of cyber resilience include the ability to prevent, withstand and recover from unprecedented cybersecurity risks. In other words, if an organization within the critical infrastructure, such as one in a financial sector, makes plans to avert cybersecurity risks, handle their occurrence and continuously function after the risk, then the whole concept brings together the connotation of cyber resilience. The baseline begins by making plans that prepare an agency or organization for cyber risks. According to Hausken (2020), cyber resilience is planning that begins by assessing the organization for any porousness. Risk assessment enables the identification of threats, their severity and their impacts on the organization (Cybersecurity, 2018). Subsequently, the assessment informs the management and the stakeholders on the mitigation measures that further detail how to withstand the threats. For example, protecting consumer data in a food manufacturing company would require testing and prioritizing those who assess the plants. The company may install CCTV cameras to monitor movements to bring faster solutions when unprecedented eventualities occur. The requirement is to contain risk events before, during and after they occur.

Furthermore, the recovery component of cyber resilience denotes that businesses should continue with the intention of achieving the set objectives. Approaches to mitigating cybersecurity risks should be long-term to allow business continuity (Srinivas et al., 2019). In the wake of cybersecurity risks, such as user data stolen from social media applications, the operations of the social media company should endeavour to continue. However, with the assertions of Clark and Knake on the private sector bearing all costs of cybersecurity damages, it becomes probable to think that social media companies must be at the forefront in enacting the three specifics of cyber resilience. For example, the Facebook scandal of 2018 involved leaking data of more than 87 million users to Cambridge Analytica (Hu, 2020). It demonstrated how the private sector deals with financial and reputational damages when they fail to implement cyber resilience approaches. Broadly, cyber resilience weaves together agility in the management of information systems security and the continuity of business, as it also requires proficiency in all aspects that digitally operationalizes the mandates of the organization. Therefore, initiating the whole process by assessing porous areas of the organization paves ways of managing the eventualities while also allowing the business to sustain the return on investment in the case of financial investments.

On personal reflection on the effectiveness and flaws of cyber resilience, there is a need for robust technology such as blockchain. An organization can require a simple technology system such as enterprise resource planning to protect and manage its supply chain and employee and customer relationships. However, an agency responsible for the security of the entire state could require a more robust technology software like blockchain. Blockchain technology as a digital ledger that covers multiple sectors such as the financial, manufacturing, supply and distribution would give agencies, such as Food and Drug Administration, authority over the hackers (Ali et al., 2019). Although the technology is expensive and complex in implementation, it is the technology recommendable for government agencies. The private sector can also choose to invest in it, but the emphasis is on the public utility sector. On the contrary, the flaws and challenges experienced by cyber resilience are human causative factors, as explained by Ali et al. (2019). Many organizations fail to perform intermittent assessments as they are costly, time-consuming and often regarded as less impactful in less exposed private organizations. Dealing with the challenges requires critical players to designate the entire department for the agility of the information security systems.

Q3

The Department of Defense is responsible for employing intelligent cybersecurity and information technology experts who help design, formulate and implement cybersecurity policies. Research denotes that DoD works with other agencies, such as the Federal Bureau of Investigations and the Department of Homeland Security, to monitor state and justice departments for possible leaks and rising cyberattack cases (Vergun, 2020). In the wake of general elections, the DoD is responsible for digital observation of the whole process to prevent interference from the outside world. Through their agile and experienced employees, DoD remains proactive in national intelligence collection and distribution (Vergun, 2020). Comparatively, the Department of Homeland Security is responsible for strengthening cybersecurity resilience across the United States (Homeland Security, n.d). The department outlines the areas of priority in which focus, resources and expertise are placed for the greater good of the country. For example, in 2021, the secretary for the department, Mayorkas, outlined priorities to include strengthening resilience in a public institutions in the wake of rising cyberattacks and exploring new technology to build on the resilience of cybersecurity in all sectors (Homeland Security, n.d). The two facets create a reflection on how the department approaches the issue of cybersecurity. Both DoD and DHS work with underlying agencies to promote agile, risk-free resilience across state departments.

The Department of Homeland Security faces challenges emanating from management setbacks. In a report that reviewed the recent performance of the department, it is indicated that the events of January 6 2021, that led to the breach at the Capitol Building in Washington could have been prevented if the intelligence had been provided to the subordinate units of the department (Cuffari, 2022). The report indicates that lack of management further derails how counter-terrorism approaches are implemented. The strategic framework for countering domestic terrorism uses goals that require the department to be 70% ahead in all aspects, but that is not the case (Cuffari, 2022). It is highlighted that the department is challenged by how to deal with improvised explosive devices. Comparatively, the Department of Defense faces persistent foothold attacks that derail how they respond to cybersecurity threats (Cronk, 2021). After gaining initial access, a foothold attack autonomously retriggers unwarranted software into a technology system. It causes challenges to identify the attackers if they use a foothold mechanism to gain access. Therefore, DoD and DHS face the same problem of attacks, with the difference only being in the means.

While the Department of Homeland Security has a Cyber and Infrastructure Security Agency (CISA), the Defence Intelligence Agency collects intelligence from inside and outside the United States to build robust systems against domestic and foreign attacks. The agency under Homeland Security integrates all other sectorial departments to make them aware of the issues that can affect their operations and undermine the legitimacy of the presidency (Homeland Security, n.d; Cuffari, 2022). Therefore, its objective is to build proactive strength against national cyber threats for all stakeholders. On the other hand, Defense Intelligence Agency collects information from military operators worldwide to enable the United States to win all wars (Vergun, 2020). In other words, the Defense Intelligence Agency spies on the world military for America. Therefore, the underlying significance is that all these agencies support the government and the position of the United States worldwide.

In conclusion, the Department of Defense and Department of Homeland Security need to improve how they share information for the good and safety of the country. There are more internal attacks aimed at the country that Homeland Security can use avert by leveraging the efforts of the Defense Department. For example, the mass school shooters historically aimed at causing fatalities can be identified from the wider population to revert their efforts to cause mayhem. Several agencies are under Homeland Security, posing management issues derailing achieving goals. They require internal autonomy for the functions to work across other sectorial institutions. The Defense Department should be the supplier of information for the DHS to act on. In summary, interdepartmental functionality is what is required.

References

Ali, O., Jaradat, A., Kulakli, A., & Abuhalimeh, A. (2021). A comparative study: Blockchain technology utilization benefits, challenges and functionalities. Ieee Access9, 12730-12749.

Collier, K. (2021). 50,000 security disasters waiting to happen: The problem of America’s water supplies. NBC News. Available at https://www.nbcnews.com/tech/security/hacker-tried-poison-calif-water-supply-was-easy-entering-password-rcna1206

Cronk, T M. (2021). Summit Highlights DOD’s Cybersecurity Initiatives, Challenges. U.S. Department of Defense. Available at https://www.defense.gov/News/News-Stories/Article/Article/2806264/summit-highlights-dods-cybersecurity-initiatives-challenges/

Cuffari, J, V. (2022). Major management and performance challenges facing the Department of Homeland Security. Office of Inspector General. Available at https://www.oig.dhs.gov/sites/default/files/assets/2022-11/OIG-23-01-Oct22.pdf

Cybersecurity, C. I. (2018). Framework for improving critical infrastructure cybersecurity. URL: https://nvlpubs. nist. gov/nistpubs/CSWP/NIST. CSWP4162018.

Hausken, K. (2020). Cyber resilience in firms, organizations and societies. Internet of Things, p. 11, 100204.

Homeland Security. (n.d). Cybersecurity. Available at https://www.dhs.gov/topics/cybersecurity#:~:text=The%20Department%20of%20Homeland%20Security,our%20democratic%20values%20and%20principles.

Hu, M. (2020). Cambridge Analytica’s black box. Big Data & Society7(2), 2053951720938091.

Magill, J. (2021). U.S. Water Supply System Being Targeted by Cybercriminals. Forbes. Available at https://www.forbes.com/sites/jimmagill/2021/07/25/us-water-supply-system-being-targeted-by-cybercriminals/?sh=46aefa6e28e7

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future generation computer systems92, 178-188.

United States Environment Protection Agency. (n.d). America’s Water Infrastructure Act: Risk and Resilience Assessments and Emergency Response Plans. Available at https://www.epa.gov/waterresilience/awia-section-2013

Vergun, D. (2020). Cybersecurity Expert Discusses DOD’s Role in National Security. U. S Department of Defense. Available at https://www.defense.gov/News/News-Stories/Article/Article/2226447/cybersecurity-expert-discusses-dods-role-in-national-security/

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics