Recent orders

Class 643 Discussion 2

Class 643 Discussion 2

Author’s Name

Institutional Affiliation

Class 643 Discussion 2

Defining the terms Critical Infrastructure and Key Resources from a policy perspective is important because the security and resilience of the two are principal priority areas, especially in the aspects preparedness, public awareness, training, and implementing activities and requisites (DHS, 2013). Defining these two terms from a regulatory perspective is important as key resources and critical infrastructure networks, systems and assets reside in specific jurisdictions, compliance and authority mandates, and regulatory standards that should be observed (DHS, 2008; Knapp & Langill, 2014). Defining the two from a management perspective is important because protecting them requires the integration of management functions such as coordination, planning, and risk management.

Adopting a unified public, private, and cross-agency approach to managing and protecting critical infrastructure as advocated by PPD21 and the NIPP is important due to strategic collaboration. Specifically, the joint efforts of partners in the private and public sectors and agencies help in attaining collaborative, flexible, inclusive, and proactive coordination, action, and information sharing essential in advancing critical infrastructure security and resilience (DHS, 2013; The White House, 2013).

The fact that a significant portion of the United States’ critical infrastructure is managed privately has implications for emergency management, raising concerns for national security and the handling of community and regional risks. The portion of critical infrastructure managed privately is increasingly aging, augmenting vulnerability to failure and susceptibility to evolving terrorist threats, hence creating challenges for national emergency management (FEMA 2011). I see the attempt to manage the 16 critical infrastructure sectors, which contain many national resources, as feasible but only when an aggressive and collaborative approach is adopted. Each of these sectors has a specific protection plan and unique man-made and natural threats and risks (Hemme, 2015). This necessitates a holistic and comprehensive approach that brings together the collaborative efforts of all players in the public and private sectors to attain feasible management.

References

DHS. (2008). A guide to critical infrastructure and key resources protection at the state, regional, local, tribal, and territorial level. Washington, DC. DHS.

DHS. (2013). NIPP 2013: Partnering for critical infrastructure security and resilience. Washington, DC. DHS.

FEMA. (2011). Critical infrastructure: Long-term trends and drivers and their implications for emergency management. Strategic Foresight Initiative. Washington, DC. FEMA.

Hemme, K. (2015). Critical infrastructure protection: Maintenance is national security. Journal of Strategic Security, 8(3), 25-39.

Knapp, E. D., & Langill, J. T. (2014). Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems, 2 Ed. Syngress.

The White House. (2013). Presidential policy directive/PPD 21–Critical infrastructure security and resilience. Washington, DC. The White House.

Class 607 Week 5

Class 607 Week 5

Author’s Name

Institutional Affiliation

Class 607 Week 5

The local power plant we analyzed based on the knowledge garnered from the red team handbook by TRADOC G2 Operational Environment Enterprise (2015) is Harbor Generating Station (HGS). Following the analysis, we identified three vulnerabilities that jumped out at us one of which includes regulatory and compliance concerns regarding environmental protection. The cumulative emission of particulate matter, sulfur oxides, nitrogen oxides, regeneration wastes, and other pollutants from HGS will increase, raising concerns about the plant’s compliance with environmental protection regulations. The second is the use of technology in observing effluent limitations. HGS must meet technology-based numeric effluent limitations established for cooling tower blowdown under the effluent limitation guidelines. These standards necessitate HGS to enhance its technologies to meet them adequately. The third vulnerability is the absence of physical tamper detection controls aimed at shielding HGS’s transmission systems and towers, control centers, transformers, and fuel delivery systems from tamper.

Based on our analysis, the aspects of HGS’s operations that we might seek to exploit are automation errors by maintenance and control room workers. We would target these because they can allow for easier access to information and generate large amounts of money for adversaries. HGS’s operators can improve their current security posture by augmenting surveillance, restructuring procedures and systems for error detection and avoidance, and implementing better training for error detection and rectification. In gathering our results, the process we used aligned with the three steps provided by the red teaming text. The first step entailed putting ourselves in potential adversaries’ circumstances and reacting to external stimuli as if they were real-life situations. The second involved developing some first-person questions that potential adversaries would ask concerning the circumstances. The last step involved developing action decisions and recommendations.

References

TRADOC G2 Operational Environment Enterprise (2015). The applied critical thinking handbook Vol. 7.0. Leavenworth, Kansas. University of Foreign Military and Cultural Studies.

Class 607 Week 5 (2)

Class 607 Week 5

Author’s Name

Institutional Affiliation

Class 607 Week 5

After conducting a red team analysis of a local power plant based on what we understood from the red team handbook by TRADOC G2 Operational Environment Enterprise (2015), we identified three vulnerabilities that jumped out at us. One of these is the aging of the workforce. Aging means losing expertise, which translates to less reliability of the power system and augmented susceptibility to external threats such as disruption by natural phenomena and terrorist-related intrusions. The second vulnerability is security threats instigated by insiders. Contractors and employees of this local power plant who have authentic reasons for accessing the systems can change their motives and end up doing great harm to the systems by damaging physical assets and the entire power plant. The third is the lack of preinstalled physical tamper detection hardware to shield transmission systems and towers, transformers, control centers, and fuel delivery systems from internal and external tampering.

The aspects of the operations in this power plant that we might seek to exploit include automation errors by maintenance and control room workers. The operators in this power plant can improve their current security posture by redesigning systems and procedures for error detection and avoidance, augmenting surveillance, and implementing better error detection and correction training. The process we used to get to the results of our analysis was consistent with what we learned from the red teaming text, and it entailed three steps. The first of these steps included putting ourselves in the circumstances of a potential adversary and reacting to external stimuli as if it were a real-life situation. The second was to develop some first-person questions that the potential adversary would ask regarding the ensuing circumstances. The last step was to develop decisions and recommendations on the next course of action.

References

TRADOC G2 Operational Environment Enterprise (2015). The applied critical thinking handbook Vol. 7.0. Leavenworth, Kansas. University of Foreign Military and Cultural Studies.