What would happen if one day the computers stopped working? That is what we may face when we look at the growing threat posed by the sophisticated cyber attacks we are currently experiencing. A 2008 survey of security insiders (management, network engineers and administrators) in multiple infrastructure segments were questioned about the state of infrastructure cyber security in the U.S., Canada, and Europe. These professionals indicated that multiple segments were unprepared for cyber attacks. The segments specifically identified as unready were: water, utilities, oil and gas, telecommunications, transportation, emergency services, chemical and the shipping industry. For the purpose of this article critical infrastructure is defined as the facilities, services, installations, capabilities and key resources needed for the proper functioning of society. According to Executive Order 13010 signed by President Bill Clinton on July 15th, 1996, critical infrastructures includes the following.
Electrical power systems
Gas and oil storage and transportation
Banking and finance
Water supply systems
Emergency services (including medical, police, fire, and rescue)
Continuity of government
The Department of Homeland Security (DHS) inventory of our nations critical infrastructure includes 68,000 public water systems, 300,000 oil and natural gas production facilities, 4,000 off-shore platforms, 278,000 miles of natural gas pipelines, 361 seaports, 104 nuclear power plants, 80,000 dams and tens of thousands of other potentially critical targets across fourteen diverse critical infrastructure sectors.
The Department of Homeland Security (DHS) has begun implementation of a number of mechanisms in an effort to improve information sharing with critical infrastructure owners and operators. These include:
Homeland Security Information Network (HSIN)
Executive Notification System (ENS)
Critical Infrastructure Partnership Advisory Council (CIPAC)
Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)
National Infrastructure Coordinating Center (NICC)
Protected Critical Infrastructure Information (PCII)
The information sharing pertains to information flowing between the intelligence community and critical infrastructure owners and operators. Even though these programs are in place and they have made progress, there is more that needs to be done. The current threat environment requires solid, trusted relationships to ensure to successful information sharing and collaboration between the private sector and the government. That takes time.