Advertisement

Risk Analysis for Critical Infrastructure Protection

  • Richard WhiteEmail author
Chapter
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

Until recently, infrastructure owners and operators only had to worry about local acts of nature and the occasional vandal to maintain their services to a prescribed standard. All that changed with the 1995 Tokyo Subway Attacks and 9/11 which ushered in the unprecedented threat of domestic catastrophic destruction by non-state actors. Now infrastructure owners and operators find themselves under almost constant global cyber attack, the consequences of which could be catastrophic. Critical infrastructure protection has been a core mission of the Department of Homeland Security since its foundation in 2002. This chapter examines the work of the Department to protect the nation’s critical infrastructure, and efforts to develop a uniform risk analysis to guide its strategic planning and facilitate cost-benefit-analysis of mitigation measures on the part of infrastructure owners and operators.

Keywords

Risk analysis Critical infrastructure Cyber attack Homeland security NIPP RMF RAMCAP LIRA 

References

  1. 1.
    9/11 Commission (2004) A failure of imagination: the 9/11 commission report. US Government Printing Office, Washington, DCGoogle Scholar
  2. 2.
    American Water Works Association (2010) Risk analysis and management for critical asset protection (RAMCAP) standard for risk and resilience management of water and wastewater systems. American Water Works Association, Washington, DCGoogle Scholar
  3. 3.
    Anderson GB, Bell ML (2012) Lights out: impact of the August 2003 power outage on mortality in New York, NY. Epidemiology 23(2):189–193CrossRefGoogle Scholar
  4. 4.
    Brass CT (2012) Changes to the government performance and results act (GPRA): overview of the new framework of products and processes. Congressional Research Service, Washington, DCGoogle Scholar
  5. 5.
    Bucci S (2009) A most dangerous link. US Naval Institute, AnnapolisGoogle Scholar
  6. 6.
    Congress US (2002) Homeland security act of 2002. US Government Printing Office, Washington, DCGoogle Scholar
  7. 7.
    George R, White R, Chow CE, Boult T (2017) Apples-to-Apples: LIRA vs. RAMCAP. Homeland Security Affairs, Volume November, p. Article 17071Google Scholar
  8. 8.
    Idaho National Laboratory (2016) Cyber threat and vulnerabilty analysis of the US electric sector. Idaho National Laboratory, Idaho FallsGoogle Scholar
  9. 9.
    Lewis TG, Darken RP, Mackin T, Dudenhoeffer D (2012) Model-based risk analysis for critical infrastructures. In: Critidal infrastructure security: assessment, prevention, detection, response. WIT Press, Ashurst/Southampton, pp 3–19CrossRefGoogle Scholar
  10. 10.
    Minkel J (2008) The 2003 Northeast blackout – five years later. [Online] Available at: https://www.scientificamerican.com/article/2003-blackout-five-years-later/. Accessed 7 Mar 2018
  11. 11.
    Morrow M (2016) America’s water infrastructure is in need of a major overhaul. [Online] Available at http://www.foxbusiness.com/features/2016/01/28/america-s-water-infrastructure-is-in-need-major-overhaul.html. Accessed 6 Feb 2016
  12. 12.
    National Institute of Standards and Technology (2014) Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Washington, DCCrossRefGoogle Scholar
  13. 13.
    Neifert A (1999) Case study: sarin poisoning of subway passengers in Tokyo, Japan, in March, 1995. Camber Corporation, HuntsvilleGoogle Scholar
  14. 14.
    Office of Homeland Security (2002) National strategy for homeland security. The Whitehouse, Washington, DCGoogle Scholar
  15. 15.
    President’s Commission on Critical Infrastructure Protection (1997) Critical foundations: protecting America’s infrastructures. US Government Printing Office, Washington, DCGoogle Scholar
  16. 16.
    The President of the United States (2002) A reorganization plan for the department of homeland security. US Government Printing Office, Washington, DCGoogle Scholar
  17. 17.
    The White House (2013a) Executive order 13636, improving critical infrastructure cybersecurity. The Federal Register, Washington, DCGoogle Scholar
  18. 18.
    The White House (2013b) PPD-21, critical infrastructure security and resilience. The White House, Washington, DCGoogle Scholar
  19. 19.
    The Whitehouse (1998) PDD-63, critical infrastructure protection. The Whitehouse, Washington, DCGoogle Scholar
  20. 20.
    The Whitehouse (2001) EO 13228, establishing the office of homeland security and the homeland security council. The Whitehouse, Washington, DCGoogle Scholar
  21. 21.
    The Whitehouse (2013) Presidential policy directive – critical infrastructure security and resilience. Office of the Press Secretary, Washington, DCGoogle Scholar
  22. 22.
    US Department of Homeland Security (2013) National infrastructure protection plan. US Department of Homeland Security, Washington, DCGoogle Scholar
  23. 23.
    US Department of Homeland Security (2006) National infrastructure protection plan. US Department of Homeland Security, Washington, DCGoogle Scholar
  24. 24.
    US Department of Homeland Security (2010a) 2010 quadrennial homeland security Review. US Department of Homeland Security, Washington, DCGoogle Scholar
  25. 25.
    US Department of Homeland Security (2010b) Energy sector-specific plan. Department of Homeland Security, Washington, DCGoogle Scholar
  26. 26.
    US Department of Homeland Security (2014a) 2014 quadrennial homeland security review. US Department of Homeland Security, Washington, DCGoogle Scholar
  27. 27.
    US Department of Homeland Security (2014b) National protection and programs directorate (NPPD) office of infrastructure protection (IP). US Department of Homeland Security, Washington, DCGoogle Scholar
  28. 28.
    US Environmental Protection Agency (2014a) Climate change adaptation plan. US Environmental Protection Agency, Washington, DCGoogle Scholar
  29. 29.
    US Environmental Protection Agency (2014b) EPA response to EO13636, improving critical infrastructure cybersecurity. US Environmental Protection Agency, Washington, DCGoogle Scholar
  30. 30.
    US Environmental Protection Agency (n.d.) How the drinking water state revolving fund works. [Online] Available at: http://www.epa.gov/drinkingwatersrf/how-drinking-water-state-revolving-fund-works#tab-1. Accessed 6 Feb 2016
  31. 31.
    US-Canada Power System Outage Task Force (2006) Final report on the implementtion of task force recommendations, s.l.: s.nGoogle Scholar
  32. 32.
    Volz D, Gardner T (2018) In a first, US blames Russia for cyber attacks on energy grid. [Online] Available at: https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3 . Accessed 3 Apr 2018
  33. 33.
    White R (2014) Towards a unified homeland security strategy: an asset vulnerability model. Homeland Security Affairs 10:Article 1Google Scholar
  34. 34.
    White Ricahrd, Burkhard A, Boult T, Chow CE (2016) Towards a comparabgle cross-sector risk analysis: a re-examiniation of the risk analysis and management for critical asset protection (RAMCAP) methodology. s.l., s.n., pp 28–40Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of ColoradoColorado SpringsUSA

Personalised recommendations