1. INFRASTRUCTUTRE SECURITY
“To build and implement a robust strategy to protect our critical infrastructures and key assets from further
terrorist exploitation, we must understand the motivations of our enemies as well as their preferred tactics
and targets.”
Submitted by: ADHAR
2. Contents
• Introduction
• AIM of Infrastructure Security
• Areas of critical infrastructure
• Potential threats to infrastructures
• Identifying Weaknesses in a Critical
Infrastructure
• Defence Critical Infrastructure Program
Procedures
• Example: Department of Homeland
3. Introduction
Infrastructure security is the security provided to protect
infrastructure, especially critical infrastructure, such as airports,
highways , rail transport, hospitals, bridges, transport hubs, network
communications, media, the electricity grid, dams, power plants, seaports,
oil refineries, and water systems etc.
4. AIM of Infrastructure Security
Safeguard the basic three basic assets:
1. Physical assets (e.g. facilities, components, real estate,
animals, and products etc.)
2. Human assets (e.g. operations, and sensitive area and
information etc.)
3. Cyber assets (e.g. electronic and computer networks )
5. Areas of critical infrastructure
i. Agriculture & Food
ii. Water
iii. Public Health
iv. Emergency Services
v. Government
vi. Defence Industrial Base
vii. Information and Telecommunications
viii. Energy
ix. Transportation
x. Banking and Finance
xi. Chemical Industry and Hazardous
Materials
xii. Postal and Shipping.
6. Agriculture & Food
This industry accounts for a large share of Gross Domestic Product. Areas of
concern include: Supply chains for feed, animals and animal products; Crop production
and supply chains of seed, fertilizer and other related materials; post-harvesting
components of processing, production and packaging, storage.
Water
This sector is divided into two areas: fresh water supply and wastewater collection. The
water sector criticality extends to both public health and the economy.
Public health
This area consists of state/local health departments, hospitals, health clinics, mental
health facilities, laboratories, mortuaries, and pharmaceutical stockpiles. All of these
would be critical after any form of attack or natural event. The personnel and
facilities
within this sector are trained and ready to react to emergency situations.
7. Emergency services
This area includes fire, rescue, emergency medical service (EMS), and law
enforcement
organizations. The emergency services sector differs from other
infrastructures in its focus and criticality is in its personnel and equipment,
rather
Government
than a facility.
The government itself can be viewed as a critical infrastructure, with
its ability to
command and control the response to any attack, terrorist or natural
to any of our
Defence base
infrastructures.
The private sector is critical to the Department of Defence effectively conductin
defence missions, mobilizing and deploying of our military forces abroad.
8. Information & Telecommunication
The telecommunications sector is vast and dispersed, containing both cyber an
physical
elements. The telecommunications sector provides voice and data service to th
public
and private users through use of the Public Switched Telecommunications Netw
(PSTN), the internet, and private enterprise networks..
Energy
Energy is the infrastructure that supplies the driving force in most of
American life today.
Energy of some kind heats our homes, moves us for one point to another
and drives our
businesses and industry. The energy sector is critical to the well being of
our economy,
national defence and quality of life. The sector is divided into to
9. Transportation
The area includes aviation, rail, pipelines, highways, trucking and
busing, and public
mass transit. The scope of the transportation sector makes it critical to both
our economy
Banking and Finance.
and national security.
This sector is made up of physical structures and assets as well as
personnel and cyber
assets. Retail and wholesale banking institutions are located in large office
buildings
with large groups of people. The financial sectors infrastructure includes
computer
networks, storage devices and telecommunications networks. This sector is
also
10. Chemical industries.
This sector impacts several other sectors; finance, agriculture, water, health
care, etc. The Chemical industry produces fertilizer for agriculture, chlorine
for water purification and polymers that create plastics from petroleum. The
sector is also a lucrative terrorist
target due environmental impact from the physical destruction of many of its
Postal and shipping.
sites
The postal system is interconnected with other infrastructure
systems, especially
transportation. The postal service controls thousands of points of entry as
well as
millions of facilities.
11. Potential threats to infrastructure
“The insider threat to critical infrastructure is one or more individuals
with the access
and/or inside knowledge of a company, organization, or enterprise
that would allow
them to exploit the vulnerabilities of that entity’s
security, systems, services, products, or facilities with the intent to
12. Terrorism - person or groups deliberately targeting critical
infrastructure for political gain
CITATION: World trade center
9/11
September 11 Attacks, coordinated terrorist strike on the
United States in 2001 that killed about 3,000 people and
shook the nation to its core. twin towers of the World
Trade Centre in the financial district of New York City. The
buildings burst into flame and then collapsed, killing
thousands. A third terrorist crew smashed their plane into
the Pentagon, headquarters of the U.S. military in
Arlington, Virginia.
13. Sabotage - person or groups such as ex-employee, political
groups against governments, environmental groups in defence of
environment.
CITATION: Bangkok's International Airport Seized by
Protestors
On 25 November 2008, the People’s Alliance
Democracy executed what they called
"Operation Hiroshima"[A convoy of hundreds of PAD
members dressed in yellow blocked the two ends of
the road in front of the terminal building
of Suvarnabhumi International Airport and
blockaded the main road to the airport. The airport is
Bangkok's main airport and an important regional
hub. PAD leaders mounted a mobile stage and
proceeded to criticize the government. All
14. Information warfare - private person hacking for private gain or
countries initiating attacks to glean information and also damage a
country's infrastructure.
CITATION: Cyber attacks during the 2008
South Ossetia war
On 5 August 2008 South Ossetia war a series
of cyber attacks swamped and disabled
websites of numerous South
Ossetia, Russian, Georgian, and Azerbaijani
organisations.
South Ossetia to envoy to Moscow, claimed that
Georgia was attempting to cover up information
on events which occurred in the lead up to the
war.
15. Natural disaster - hurricane or natural events which damage critical
infrastructure such as oil pipelines, water and power grids.
CITATION: Economic effects of Katarina
The economic effects of Hurricane Katrina, which
hit Louisiana, Texas and Mississippi in late August
2005,Administration has sought $105 billion for
repairs and reconstruction in the region, making it
the costliest natural disaster in US history. And this
does not account for damage to the economy
caused by potential interruption of the oil supply and
16. Identifying Weaknesses in a Critical Infrastructure
Identifying critical infrastructure weakness is based on a risk
management framework. It is continuously influenced by the ever
changing threat environment, both physical and natural. The goal is to
reduce the vulnerabilities to our nation’s assets from attack and natural
disaster.
Critical infrastructures are composed of physical, personal, and
cyber components, and as any of those three portions change so does
the list of critical assets requiring security.
17. ASSE
TS
PHYSICA
L
Identifying and assessing Normalizing, analysing, and Implementing protective
HUMAN Identifying critical assets
vulnerabilities prioritizing programs
Measuring performance
CYBER
Feedback to correlating threats to mitigation programs/effectiveness
Infrastructure weakness analysis
18. IDENTIFYING CRITICAL ASSETS
• The first step will be to identify the critical assets located within area
of responsibility.
• The process should be an on-going with constant review of unit
missions, higher headquarters missions and requirements, as well as
the overall operations within location.
• The information collected should be used as the base for further
discussion
IDENTIFYING AND ASSESSING VULNERABILITIES
• Potential areas of weakness need to be identified as well as
protective measures that need to be undertaken to mitigate
those vulnerabilities.
• Interdependencies within and between infrastructures need to
be identified to minimize cascading effects.
• The vulnerability assessment needs to take into account
19. NORMALIZING, ANALYSING, AND PRIORITIZING STUDY RESULTS
• The group of accumulating the vulnerability assessments needs to
normalize the information from each subordinate section or staff, and then
prioritize against all of the assets the higher organization is responsible
for.
• It will identify which areas offer the greatest risk and the best benefit from
protective measures
IMPLEMENTING PROTECTIVE PROGRAMS
• The information gathered during the process will assist in developing
and executing programs to protect or minimize damage to
infrastructures.
• The staff or organization can find assistance in developing programs
from their agencies. e.g. Department of Homeland Security (DHS).
20. MEASURING PERFORMANCE
• Metrics need to be established for each protective measure to
ensure they are being performed consistently, are sustainable and
are effective.
• Continuous review of the metrics will result in improvements to the
framework and the protection plan
21. Defence Critical Infrastructure Program
Procedures
DCIP risk management procedures for all critical infrastructures. The
purpose of the DCIP is to ensure the availability of assets critical to all
infrastructures.
Once risks are assessed in all tasks and missions then possible
responses can be reviewed and emplaced to ensure all missions will be
accomplished no matter what actions are taken against an infrastructure.
The DCIP Interim Implementation Guidance stresses that Risk
management is cyclical, as changes are constantly made to systems and
personnel are replaced, risks to infrastructures must be re-assessed.
22. Criticality
Risk Vulnerabilit
Assessment
Threats and y
hazards
Risk
Management
Remediation
Risk
Response Mitigation
Reconstitution
Defence Critical Infrastructure Program Procedures flow diagram
23. Example: Department of Homeland Security
• Officially established in January 2003.
• The department’s mission is to help prevent
terrorist attacks in the United States, reduce
the country’s vulnerability to terrorism, and
assist in recovery after an attack.
• The department was created in response to
the September 11, 2001, terrorist attacks
against the World Trade Centre and the
Pentagon as a way to oversee and coordinate
security functions previously performed by
dozens of different government. agencies.
24. The department has four main divisions known as directorates, each
administered by an undersecretary.
• The Directorate of Border and Transportation Security is responsible for
preventing terrorists from entering the United States; for protecting air, land, and
sea transportation systems; and for enforcing immigration laws.
• The Directorate of Emergency Preparedness and Response is responsible for
coordinating the federal government’s response to terrorist attacks and major
disasters and for assisting in recovery.
• The Directorate of Science and Technology is charged with overseeing efforts to
protect the United States from attacks involving
chemical, biological, radiological, and nuclear weapons. It also conducts and funds
research related to homeland security.
• The Directorate of Information Analysis and Infrastructure Protection is
responsible for analysing intelligence from a vast array of federal, state, and local
agencies in order to detect terrorist threats and identify vulnerabilities in the
25. SUPPORTING AGENCIES
Many agencies assist the DHS in its mission. Primary responsibility for
investigating and prosecuting acts of terrorism rests with law enforcement
agencies, including the Department of Justice, the Federal Bureau of
Investigation (FBI), and state and local law enforcement agencies. The
CIA gathers overseas intelligence about terrorist threats. Other members
of the intelligence community, such as the National Security Agency
(NSA) and the Defence Intelligence Agency (DIA), also provide the DHS
with information.