Cyber Readiness: Are We There Yet?

Cyber Readiness: Are We There Yet?

John S. Hurley (National Defense University, Washington, DC, USA), H. Mark McGibbon (National Defense University, Washington, DC, USA) and Roxanne Everetts (National Defense University, Washington, DC, USA)
Copyright: © 2014 |Pages: 16
DOI: 10.4018/ijcwt.2014070102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Many of the systems that control the critical infrastructure were not originally designed with security in mind. This has left us vulnerable to unwanted attacks in many of the environments. It has become essential that the authors determine if their infrastructures are better prepared for existing and future threats. In this study, the authors will examine the impact of attacks, including terrorist attacks on critical infrastructures, in particular, the Energy sector. The results show that in spite of the warnings of the threats carried out in various sectors and organizations around the world, they have still remain extremely vulnerable because of a number of critical security issues that hamper their ability to better serve and protect our vital information assets. The authors examine some of the most prominent models being used today and how they may be modified to better serve the needs of their user communities and key stakeholders.
Article Preview

Introduction

The concept of “cyber readiness” requires the establishment of limits and boundaries, especially when framing the discussion outside of the context of the federal government. In particular, when the focus is through the lens of the military, cyber readiness intimates the ability to maintain the integrity of its networks (Barnes, 2013; Bowen, 2009). Hathaway, however, presents a more comprehensive and formidable definition, in which she discusses cyber readiness in the context of a “state of maturity via a commitment to secure the cyber infrastructure and services upon which the digital future and growth of the entity depends” (Hathaway, 2013). In the context of this paper, we focus more on Hathaway’s definition because we believe that a focus solely on the entity’s networks, as is typically the case in the federal government, excludes many other very important variables that are critical to the discussion. In addition, it is important to establish that our focus is on the information infrastructure, which embodies the data, information, networks, devices, Internet connectivity, etc. Hathaway (2013) offers the stated position that current trends tend to indicate that incidents will continue to increase in terms of costs, frequency and gravity for the near future. The last three decades have seen advantages through Information and Communications Technology (ICT) in terms of efficiency, growth, and productivity. However, the benefits may not outweigh the unreliability and risk of new cyber threats.

Current government strategies, unfortunately, are inadequate in addressing the main issues because the ICT vision of many governments is not adequately aligned with their national security strategies. Hathaway promotes the view that cyber readiness should be evaluated in terms of two sets of investments, national security and economic prosperity. A major failing of many of the previous measures is that there was no index established that established the link between ICT and security. Again, it is important to reinforce the importance of Hathaway’s perspective because for the first time we were able to see a direct correlation between national security and ICT that had been a glaring omission in previous studies.

Within the discussion of the cyberspace domain, two terms, situational awareness and resilience, seem to consistently come up within a discussion of cyber readiness. The Presidential Directive (2013) reinforces the importance of resilience with respect to the critical infrastructure (Presidential Policy Directive--Critical Infrastructure Security and Resilience, 2013). In this paper, we will examine more thoroughly the situational awareness and resilience of information infrastructures and their relevance to cyber events. Though there are 16 sectors identified by the Department of Homeland Security (DHS) as sectors within the critical infrastructure, in this study, we will focus our attention on just one sector, the Energy sector. With the vastness of the challenges within the Energy sector, it should be clear that the challenge of addressing the problems of all 16 sectors would appear to be somewhat ominous. We draw this inference given the fact that it would not only be very costly to examine all 16 sectors, but also seem almost overwhelming in its ability to be adequately addressed. However, to be clear, we are not advocating in any sense the thought of avoiding the other fifteen sectors—quite the contrary. In spite of the overwhelming nature of taking on such a Herculean task, it is essential that each of the sectors receive the necessary attention because within our infrastructures, vulnerabilities are constantly being assessed to gain unwanted access to our information assets. In this study, we examine the concept of cyber readiness and its relation to the critical infrastructure, specifically the Energy sector. In addition, we discuss previous work of some of the authors in expanding the evaluation of the networks to include other “assets” that are under siege by attackers and more seriously, terrorist campaigns.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing