Critical Infrastructure Protection

Encyclopedia : C : CR : CRI : Critical Infrastructure Protection

The Critical Infrastructure Protection or CIP is a Presidential directive (PDD-63) that calls for a national effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States. In July 1996, President Bill Clinton issued Executive Order Critical Infrastructure Protection. This order stated that certain national infrastructures are critical to the national and economic security of the United States and the well being of its citizenry. The critical infrastructure of the United States is comprised of the systems and networks that are so essential that if one or more is incapacitated or destroyed, an entire region, if not the defense or economic security of the nation, could be debilitated.

Contents

CIP Overview

Every day in this country, the products and services that support our way of life flow, almost seamlessly, to and from our homes, communities, and government. Making this possible are the systems and networks (the roads, airports, power plants, and communication facilities) that make up the infrastructure of our society. An infrastructure often taken for granted. If just one of these systems in the infrastructure is disrupted there could be dire circumstances. For example, natural gas supply could be disrupted by a computer virus. Electrical power is cut, causing computers and communications to shut down. Roads, air traffic, and rail transportation are inhibited. Emergency services are hampered. An entire region can be debilitated because an element critical to our infrastructure has been attacked. Some may think this unlikely or unthinkable, but the threat is very real. These scenarios should be considered if we are to be prepared for such an event. The unlikely and unthinkable often do happen and will continue to do so unless some action is taken.

During recent events in the Middle East, attacking the infrastructure assets that are critical to the enemy's fighting capability has become a timeless strategy. The U.S. is now in a new era, where threats to its security and way of life are taking new forms. A time when it must protect the critical infrastructure every day. In order to accomplish this a need for a common understanding of critical infrastructure protection is required. What is the critical infrastructure of the United States? What does protecting it really mean and why has it become so important now? Our nation's infrastructure is built on a framework of systems and networks from industry and government.

The infrastructure of the United States includes systems and networks from several major sectors such as:

Energy, including oil, natural gas, and electric power
Banking and finance
Transportation (Including air, surface, and water transportation )
Telecommunications and Information Technology (IT)
Water systems
Government and private emergency services

Some elements of the infrastructure have become essential to the minimum operations of the economy and government. These systems are part of the critical infrastructure of the United States.

Given the nature of our critical infrastructure, protecting it takes more than our traditional view of defense. The need to think and plan outside the box exist in order t proect the assets. Critical Infrastructure Protection is a national program, created through a partnership between the government and private industry. The CIP program includes a national structure and the development of a comprehensive National Infrastructure Assurance Plan.

Purpose

The purpose of critical infrastructure protection is to establish a real-time ability for all sectors of the critical infrastructure community to share information on the current status of infrastructure elements. Ultimately, the goal is to protect our critical infrastructure by eliminating known vulnerabilities. To understand this paradigm the following defintions are given:

Protection - Can be defined as the state of being defended, safeguarded, or shielded from injury, loss, or destruction from natural or un-natural forces.
Vulnerability – The quality of being susceptible to attack or injury, warranted or unwarranted, by accident or by design.
Risk – The possibility or likelihood of being attacked or injured.
Mitigation – The ability to alleviate, reduce, or moderate a vulnerability, thus reducing or eliminating risk.

Infrastructure Sectors

The national infrastructure sectors that were identified as critical include:

Banking and Finance - The banking and finance sector is involved in all types of monetary transactions, including storage, investment exchange, and disbursement. Public confidence is a key factor in the banking and finance sector

Transportation - Transportation demands are increasing but capacity is limited. Computers have enabled the transportation sector to achieve greater efficiency with just-in-time delivery, optimization of critical hubs that maximize throughput, and consolidation of operations centers.

Power Systems - Our energy supply including electric, oil, and gas is the economic and social lifeblood of our nation. They are essential to every aspect of our society.

Information and Communications - Our economy and way of life rely heavily on telecommunications and information technology.

Law Enforcement - The law enforcement agencies at every level of our society ensure the smooth orderly running of our day-to-day operations, activities and routines. The need for order is even more acute during times of threat or crises.

Government Services - It is imperative that the continuity of our government be guaranteed at all times. Sufficient capabilities at the federal, state, and local levels of government are required to meet the need for essential services to the public.

Fire - The importance of our fire and other emergency services was brought to light during 9-11 events.

Emergency Health Services - Our reliance on emergency health services is demonstrated in communities across the nation every day.

National Water Supply' - Water systems provide safe water on demand across the United States.

The criticality of each sector applies not only to the daily operations of American society but also to military operations and defense. With 98 percent of the critical infrastructure privately owned, the military depends on the commercial infrastructure to support its operations.

The Importance of CIP

In September 1995: The Russian national who allegedly masterminded the break-in of Citicorp's electronic funds transfer system was ordered to stand trial in the United States. A gang of hackers under his leadership breached Citicorp's security 40 separate times during 1994. The hackers were able to transfer 12 million dollars from customer accounts and withdraw an estimated $400,000 dollars.

On March 9, 1999: Deputy Defense Secretary John Hamre warned Congress of a cyber terrorist "electronic Pearl Harbor" saying, "It is not going to be against Navy ships sitting in a Navy shipyard. It is going to be against commercial infrastructure…."

The above mentioned event exemplifies how CIP applies in a “Real World” scenerio. In the past, the systems and networks of the infrastructure elements were physically and logically independent and separate. They had little interaction or connection with each other or other sectors of the infrastructure. With advances in technology, the systems within each sector became automated and linked. As the revolution in information technology accelerated, the systems and sectors became increasingly interdependent and connected through computers and communications facilities.

As a result, there is now a vast interconnected network of systems that are dependent on one other. As an example, the flow of electricity, oil, gas, and telecommunications throughout the country are inextricably linked. Access to these interlinking systems can be managed through an Internet from all over the world, blurring traditional borders. While this increased reliance on interlinked capabilities helps make the economy and nation more efficient and perhaps stronger, it also makes the country more vulnerable to disruption and attack. This interdependent and interrelated infrastructure is more vulnerable to physical and cyber disruptions because it has become a complex system with single points of failure. An incident in the past that would have been an isolated failure and done little damage, can now cause widespread disruption because of a cascading effect. As an example, capabilities within the information and communication sector have enabled the United States to reshape its government and business processes. Like other sectors, however, the information and communication sector has also become increasingly software driven. One failure in this sector can bring down multiple systems including air traffic control, emergency services, banking, trains, electrical power, and dam control.

The elements of the infrastructure themselves are now considered likely targets of terrorism. Traditionally, critical infrastructures have been lucrative targets for anyone wanting to attack another country. Now, because our infrastructure is our national life-line, terrorists can achieve high economic and political value by attacking elements of it. Disrupting or even disabling the infrastructure reduces the ability to act in our national security interest, erode the public confidence in critical services, and or reduce economic strength. Additionally, terrorist attacks are easier and less costly than traditional warfare because of the interdependence of infrastructure elements. The infrastructure elements are targets for attack because there is a low probability of detection.

The elements of the infrastructure are also increasingly vulnerable to a dangerous mix of traditional and nontraditional types of threats. Traditional and non-traditional threats include equipment failures, human error, weather and natural causes, physical attacks, and cyber attacks. For each of these threats, the cascading effect caused by single points of failure can pose dire and far-reaching consequences.

Most experts expect the frequency and severity of critical infrastructure incidents to increase in the future. Although efforts are under way, there is no unified national capability to protect the interrelated aspects of the country's infrastructure. One reason for this is that a good understanding of the inter-relationships does not exist. There is also not a consensus on how the elements of the infrastructure mesh together, or how each element functions and affects the others. Securing our national infrastructure depends on understanding the relationships among its elements.

Critical infrastructure protection requires the development of a national capability to identify and monitor the critical elements and to determine when and if the elements are under attack or are the victim of destructive natural occurrences. CIP is important because it is the link between risk management and infrastructure assurance. It provides the capability needed to eliminate potential vulnerabilities in the critical infrastructure. CIP is how we determine our vulnerabilities and analyze alternatives. It is the way we will become prepared. Protecting the national infrastructure is a key element in future national security. There appears to be an urgent need to improve our capability to detect and warn of impending attacks on, and system failures within, the critical elements of the national infrastructure.

CIP Organization and Structure

The prospect of protecting the critical infrastructure of the United States can be a daunting task. The threats to our critical infrastructure are can be directed to both commercial and government facilities. A viable protection program requires a partnership between the government and commercial sectors. The partnership must be genuine, mutual, and cooperative in order to obtain the agreed upon goals of CIP.

In order to establish just such a partnership, PDD-63, mandated the formation of a national structure for critical infrastructure protection. To accomplish this a process was develop called the National Infrastructure Assurance Plan, or NIAP. One of the primary tasks of the national CIP structure was the development of a comprehensive NIAP.

The different entities of the national CIP structure must work together to achieve national critical infrastructure protection. The national CIP structure is a partnership between the government and the public sectors of the critical infrastructure. There are, however, certain functions related to critical infrastructure protection that must be performed chiefly by the federal government. These are national defense, foreign affairs, intelligence, and law enforcement. Each lead agency for special functions appoints a senior official to serve as functional coordinator for the federal government. The United States Department of Defense is the lead agency and functional coordinator for national defense. DoD is responsible for working with other sectors in the national CIP structure to ensure the protection of the national defense infrastructure.

Each department and agency of the federal government is responsible for protecting its portion of the government's critical infrastructure. DoD is responsible for protecting its portion of the government's critical infrastructure. The defense critical infrastructure is made up of ten sectors that provide infrastructure services within DoD. As part of the CIP program, DoD has responsibilities that traverse both the national and department-wide critical infrastructure.

Developing the NIAP

For each of the identified major sectors of the critical infrastructure, the federal government appointed a Sector Liaison Official from a designated Lead Agency. A private sector counterpart, a Sector Coordinator, was also identified. Together, the two sector representatives, one federal government and one corporate, were responsible for developing a sector NIAP.

In addition, each department and agency of the federal government was responsible for developing its own CIP plan for protecting its portion of the federal government's critical infrastructure. The federal department and agency plans were assimilated with the sector NIAPs to create one comprehensive National Infrastructure Assurance Plan. Additionally the national structure must ensure there is a national CIP program. This program includes responsibilities such as education and awareness, threat assessment and investigation, and research.

DOD Responsibilities for CIP

Protecting the critical infrastructure is an investment in future and defense of the country. It requires contemplating the consequences of losing an element critical to our defense and security and planning methods for its protection. PDD 63 identified the responsibilities DoD had for critical infrastructure protection. First, DoD had to identify DoD-owned critical assets and infrastructures and provide assurance through analysis, assessment, and remediation. DoD was also responsible for identifying national and international infrastructure requirements to industry and other government agencies and for the monitoring of these requirements all of which needed to be included in the protection planning. DoD also addressed the assurance and protection of commercial assets and infrastructure services in DoD acquisitions. Other DoD responsibilities for CIP included assessing the potential impact on military operations that would result from the loss or compromise of infrastructure service. There were also requirements for monitoring DoD operations, detecting and responding to infrastructure incidents, and providing department indications and warnings as part of the national process. Ultimately, DoD was responsible for supporting national critical infrastructure protection.

In response to the requirements identified in PDD 63, DoD categorized its own critical assets by sector, in a manner similar to the national CIP organization. In the DoD CIP organization, however, the infrastructure sectors are those specifically requiring protection by DoD. DoD’s organizational structure for critical infrastructure protection reflects, complements, and effectively interacts with the national structure for CIP.

Sectors

There are ten defense critical infrastructure sectors that are protected by the DoD. These include:

Financial Services - Defense financial services support activities related to officially appropriated funds. These activities include the disbursement of cash, receipt of funds, and acceptance of deposits for credit to officially designated Treasury general accounts. This sector also provides financial services to individuals and on-base organizations, including deposits, account maintenance, and safekeeping. The Defense Finance and Accounting Service is the lead component for the Financial Services sector.

Transportation - The Defense Transportation System, or DTS, includes resources that support global DoD transportation needs. These include surface, sea, and lift assets; supporting infrastructure; personnel; and related systems. The US Transportation Command, or USTRANSCOM, is the single manager for DoD transportation.

Public Works - Public works includes four distinct physical infrastructure sectors: electric power, oil and natural gas, water and sewer; and emergency services, such as fire, medical, and hazardous material handling. This defense infrastructure sector is composed of networks and systems, principally for the distribution of the associated commodities. The US Army Corp of Engineers is responsible for coordinating the assurance activities of the public works infrastructure sector.

Global Information Grid Command Control, or GIG/C2 - The Global Information Grid Command Control, or GIG/C2, are two combined sectors that support overall asset assurance for CIP. The GIG is the globally interconnected set of personnel, information, and communication capabilities necessary to achieve information superiority. C2 includes assets, facilities, networks, and systems that support mission accomplishment. The Defense Information Systems Agency, or DISA, is the lead component responsible for Global Information Grid Command Control.

Intelligence Surveillance, and Reconnaissance, or ISR - The Defense Intelligence, Surveillance and Reconnaissance infrastructure sector is composed of facilities, networks, and systems that support ISR activities such as intelligence production and fusion centers. The Defense Intelligence Agency, or DIA, is responsible for coordinating the assurance activities of this infrastructure sector.

Health Affairs - The health care infrastructure consists of facilities and sites worldwide. Some are located at DoD installations; however, DoD also manages a larger system of non-DoD care facilities within its health care network. These health care facilities are linked by information systems. The Office of the Assistant Secretary of Defense, Heath Affairs is the designated lead component for this sector.

Personnel - The defense personnel infrastructure sector includes a large number of assets hosted on component sites, a network of facilities, and information systems linking those sites and facilities. In addition to being responsible for its own assets, the personnel infrastructure sector also coordinates commercial services that support the personnel function. These services include recruitment, record keeping, and training. The Defense Human Resources Activity is the designated lead component for the Defense Personnel infrastructure sector.

Space - The defense space infrastructure sector is composed of both space- and ground- based assets including launch, specialized logistics, and control systems. Facilities are located worldwide on both DoD-controlled and private sites. The Defense Space sector is led by the United States Strategic Command, or USSTRATCOM.

Logistics - The Defense Logistics infrastructure sector includes all activities, facilities, networks, and systems that support the provision of supplies and services to U.S. forces worldwide. Logistics includes the acquisition, storage, movement, distribution, and maintenance of material and supplies. This sector also includes the final disposition of material no longer needed by DoD. The Defense Logistic Agency, or DLA, is the lead component for the DoD Logistics infrastructure.

Defense Industrial Base - The Defense Industrial Base consists of DoD product and service providers from the private sector. The services and products provided constitute critical assets for DoD. The lead component for the Defense Industrial Base is the Defense Contract Management Agency. For those cases when infrastructure protection requirements affect more than one defense sector, DoD has set up special function components that support the implementation of CIP.

DOD Special Functions

The DoD CIP special function components interface with the equivalent national functional coordinators and coordinate all activities related to their function within DoD.

DoD’s special function components currently include seven areas of focus. They include the following components:

Policy and Strategy - The Policy and Strategy Special Function Component provides the strategic planning required to prepare our Armed Forces for the 21st century. In part, it satisfies this responsibility through the development of the National Military Strategy. Within the area of policy development it is responsible for leading the Chairman's biennial review of the Unified Command Plan and developing Joint Staff positions on such key issues as the organization, roles and missions, and functions of the Armed Forces and the combatant commands.

Intelligence Support - The CIP Intelligence Support Special Function Component provides intelligence support to DoD in protection of the Defense portion of the Federal Government Critical Infrastructure. Intelligence Support responsibilities also include supporting the Defense Warning System, Alert and Notification, and interfacing with the national intelligence community. The responsibilities of the Intelligence Support agencies include such activities as provisioning threat assessments; indications and warnings of potential attacks; advice and support to Sector CIAOs in the development of defense infrastructure sector monitoring and reporting; crisis management support; and counter-intelligence. This special function component is also tasked with the support to the DoD contingent of the NIPC related to intelligence and counter-intelligence.

Industrial Policy - The Under Secretary of Defense for Acquisition, Technology & Logistics ensures that an adequate defense industrial base exists and remains viable to meet current, future, and emergent national security requirements."

Defense Security - The Defense Security Service provides to the Department of Defense and other Federal agencies an array of security products and services which are designed to deter and detect espionage

Information Assurance - The Assistant Secretary of Defense for Networks and Information Integration, or ASD NII, is the principal OSD staff assistant for the development, oversight, and integration of DoD policies and programs relating to the strategy of information superiority for the Department of Defense. Information Assurance, or IA, is the component of Information Operations that assures DoD's operational readiness by providing for the continuous availability and reliability of information systems and networks. IA protects the DII against exploitation, degradation, and denial of service, while providing the means to efficiently reconstitute and reestablish vital capabilities following an attack.

Research and Development - The Research and Development Special Function Component is responsible for information assurance and protection. The Office of Director, Defense Research and Engineering coordinates a CIP DoD research and development agenda. As well as reconciling the DoD agenda with the national R&D agenda.

Education and Awareness - Although education and awareness may rightly be considered everyone's responsibility, a comprehensive education and awareness strategy was deemed essential for a successful DoD CIP program. The National Defense University, or NDU, provided advice and assistance in assessing DoD education and awareness requirements. The Education and Awareness Component also developed the CIAO Education Program. This component was tasked to assist in the development of any special education or training required for CIP crisis management personnel. Education and Awareness also supports both DoD and national CIP policy and strategy formulation and executive leadership development through periodic "infrastructure games."

DOD CIP Lifecycle

As mandated by PDD 63, the DoD must protect its portion of the federal government's critical infrastructure. For DoD, this is the Defense Infrastructure or DI. Protecting the Defense Infrastructure is a complex task involving ten defense sectors.

It was deemed that it was nearly impossible to protect every critical asset at every location, therefore the focus was directed on protecting the critical Defense Infrastructure. The critical Defense Infrastructure is comprised of the critical assets essential to providing mission assurance.

The Six Phases

The six phases of the DoD CIP life cycle build on one another to create a framework for a comprehensive solution for infrastructure assurance. The life cycle phases occur before, during, and after an event that may compromise or degrade the infrastructure. A synopsis of the six phases are:

Analysis and Assessment (occurs before an event) - The Analysis and Assessment phase is the foundation and most important phase of the CIP life cycle. This phase identifies the assets absolutely critical to mission success and determines the assets’ vulnerabilities, as well as their interdependencies, configurations, and characteristics. An assessment is then made of the operational impact of infrastructure loss or degradation.

Remediation (occurs before an event) - The Remediation phase involves precautionary measures and actions taken before an event occurs to fix the known cyber and physical vulnerabilities that could cause an outage or compromise a National Defense Infrastructure, or NDI, or critical asset. For example, remediation actions may include education and awareness, operational process or procedural changes or system configuration and component changes.

Indications and Warnings (occurs before and/or during an event) - The Indications and Warnings phase involves daily sector monitoring to assess the mission assurance capabilities of critical infrastructure assets and to determine if there are event indications to report. Indications are preparatory actions that indicate whether an infrastructure event is likely to occur or is planned. Indications are based on input at the tactical, operational, theater, and strategic level. At the tactical level, input comes from asset owners. At the operational level, input comes from the NDI sectors. At the theater level input comes from regional assets such as allied intelligence, NATO, command intelligence, allied governments, and coalition forces. At the strategic level, input comes from intelligence, law-enforcement, and the private sector. Warning is the process of notifying asset owners of a possible threat or hazard.

Mitigation (occurs both before and during an event) - The Mitigation phase comprises actions taken before or during an event in response to warnings or incidents. DoD Critical Asset owners, NDI sectors, DoD installations, and military operators take these actions to minimize the operational impact of a critical asset’s loss or debilitation.

Incident Response (occurs after an event) - Incident Response comprises the plans and activities taken to eliminate the cause or source of an infrastructure event.

Reconstitution (occurs after an event) - The last phase of the CIP life cycle, involves actions taken to rebuild or restore a critical asset capability after it has been damaged or destroyed. This phase is the most challenging and least developed process.

Effective management of the CIP life cycle ensures that protection activities can be coordinated and reconciled among all DoD sectors. In many ways, DoD CIP, is risk management at its most imperative. Achieving success means obtaining mission assurance. Missing the mark can mean mission failure as well as human and material losses. For critical infrastructure protection, risk management requires leveraging resources to address the most critical infrastructure assets that are also the most vulnerable and that have the greatest threat exposure.

The most important part of the CIP lifecye is Phase 1. Because it is crucial to target the right assets for infrastructure protection, determining these assets is the first phase in the CIP life cycle. This phase, Analysis and Assessment, is the key and foundation of the six lifecycle activities. Without a solid foundation, the remaining CIP life cycle phases may be flawed, resulting in a CIP plan that fails to protect the critical infrastructure and, therefore, mission assurance.

Phase 1: Analysis and Assessment

Phase 1 determines what assets are important, and identifies their vulnerabilities, and dependencies so that decisionmakers have the information they need to make effective risk management choices.

The Defense Infrastructure, or DI, is organized into ten sectors. Each sector is composed of assets, such as systems, programs, people, equipment, or facilities. Assets may be simple, such as one facility within one geographic location, or complex, involving geographically dispersed links and nodes.

The Analysis and Assessment is made up of five steps that include activities that span and encompass the ten DI sectors and their assets.

I. The first step in the Analysis and Assessment phase is to identify critical assets. An asset’s criticality is a function of both time and situation based on the asset’s operational or business value. For the DI, value depends on several factors: First, what military operations or services rely on an asset and how those dependencies change across time Next, how sensitive the operation is to the loss or compromise of the asset, in other words what is the maximum allowable down time if the asset is compromised. Finally, what the asset’s assurance profile is, in particular whether asset restoration or a switch to a backup can occur within the allowable down time. Through domain expertise and inspection, critical assets are identified and then reported to the CIP Program.

II. The second step of the Analysis and Assessment phase is Defense Infrastructure characterization. This step maps and associates critical asset functions and relationships within a DI sector.

III. The third step in the Analysis and Assessment phase is the Operational Impact Analysis. This step is accomplished through the development of operational dependency matrices and the application of operations research methods. Potential operational impacts and service-level requirements are then reflected in the asset’s criticality attributes and criticality index in the CIP program.

IV. The fourth step is the Vulnerability Assessment. This step is accomplished through multiple channels. Through the CIP program, all critical assets have a baseline vulnerability index, which is calculated from inputs associated with the class of asset and geographic region such as the probability of natural disasters, criminal or national security events, and technological failures. Asset owners, host installations, the sector CIAO, or other DoD entities may provide asset operational readiness and emergency preparedness information.

V. The fifth and final step in the Analysis and Assessment phase is Interdependency Analysis. Interdependency analysis seeks to map functions and relationships among DI sectors. As a result of the Interdependency Analysis, the criticality attributes for previously identified assets may be updated and additional critical assets may be identified to the CIP program. Multiple groups within the DoD CIP structure perform analysis and assessment activities. Translating the analysis and assessment process into concrete data requires specific activities, tasks, and tools.

Phase 1 Example in the “Real World”:

On August 24th 2001, the Director of the Joint Staff requested USPACOM to serve as the lead support Combatant Command for creating a CIP first-ever theater CIP Plan – known as the “CIP Appendix 16 Plan.” The following is how USPACOM approached the task. USPACOM focused the Analysis and Assessment phase by organizing its activities to answer three major questions:

What is critical?
Is it vulnerable?
What can be done?

To answer the question, “What is critical?”, USPACOM outlined a three-step procedure:

First, identify the project focus.
Second, complete an operational analysis.
Third, complete a Defense Infrastructure analysis.

To accomplish these steps, USPACOM adopted a methodology that focuses its CIP efforts on Tier 1 assets. Tier 1 assets are assets that could cause mission failure if they are compromised or damaged. The methodology UAPACOM adopted and modified is Mission Area Analysis, or MAA. The MAA links combatant command missions to infrastructure assets that are critical to a given Operations Plan, or OPLAN, Contingency Plan, or CONPLAN, or Crisis Action Plan. Typically, the MAA process determines the assessment site priorities. USPACOM modified the process and selected the CIP assessment sites and installations prior to conducting the MAA. The following is an illustration of the USPACOM MAA process:

First, it identified the Mission Essential Requirements, or MERs, which are specific combatant commands or joint task force capabilities essential for execution of a warfighting plan. Then, they created a MER matrix for the specific command. For example, one MER may be to provide command, control, communications, and computers, or C4.

Second, it identified forces required for each MER. For example, the C4 MER is linked to a specific signal battalion. Third, it linked the forces to the necessary functions and tasks supporting the force. For example, the signal battalion is linked to the Communications and Civil Engineers functions and the task of managing the theater’s C4 information systems requirements.

Third, it links assets to the functions supporting the tasks. The result is a mission area analysis of mission-critical assets.

USPACOM uses the MAA data it gathers to scope and focus its efforts on truly mission-critical assets to answer the next question in its process, Is it vulnerable?

The first step in answering this question is to complete an installation analysis. The next step is to complete a commercial infrastructure analysis. USPACOM relied upon two different DoD organizations for CIP assessments: Balanced Survivability Assessments, or BSAs, and Mission Assurance Assessments. The BSA is a two-week mission-focused assessment at a military installation or designated site. A Mission Assurance Assessment is unique because it uses an area assessment approach to focus on both commercial and military asset vulnerabilities and dependencies. The final step to determine vulnerabilities is to integrate the two analyses and assessments. With its critical assets and their vulnerabilities identified, USPACOM is ready to perform risk management activities to decide what can be done to protect the mission-critical assets.

Phase 2: Remediation Phase

The first phase of the CIP life cycle, Analysis and Assessment, identified the critical assets of DoD sector infrastructures and the vulnerabilities or weaknesses of those critical assets.

The second phase is the Remediation phase. In the Remediation phase, the known weaknesses and vulnerabilities are addressed. Remediation actions are deliberate, precautionary measures designed to fix known virtual and physical vulnerabilities before an event occurs. The purpose of remediation is to improve the reliability, availability, and survivability of critical assets and infrastructures. Remediation actions apply to any type of vulnerability, regardless of its cause. They apply to acts of nature, technology failures, or deliberate malicious actions.

The cost of each remediation action depends on the nature of the vulnerability it addresses. The Defense Infrastructure Sector Assurance Plan that each infrastructure sector must develop, establishes the priorities and resources for remediation. Remediation requirements are determined by multiple factors. These are analysis and assessment, input from military planners and other DoD sectors, the National Infrastructure Assurance Plan and other plans, reports, and information on national infrastructure vulnerabilities and remediation, as well as intelligence estimates and assessments of threats.

Remediation requirements are also gathered through lessons learned from Defense Infrastructure sector monitoring and reporting and infrastructure protection operations and exercises. The CIP program tracks the status of remediation activities for critical assets. Remediation activities to protect the critical Defense Infrastructure cross multiple Department components.

Phase 3: Indications and Warnings Phase

The need to monitor activities and warn of potential threats to the United States is not new. From conventional assaults to potential nuclear attacks, the military has been at the forefront of monitoring and warning of potential dangers since the founding of the country. Protecting the security and well being of the United States, including the critical Defense Infrastructure, has now entered a new era. It has been deemed essential to have a coordinated ability to identify and warn of potential or actual incidents among critical infrastructure domains. The ability to detect and warn of infrastructure events is the third phase of the critical infrastructure protection life cycle, the Indications and Warnings phase.

Indications and warnings are actions or infrastructure conditions that signal an event is either”

Likely,
Planned or
Underway.

Historically, DoD event indications have focused and relied on intelligence information about foreign developments. These event indications have been expanded to include all potential infrastructure disruption or degradation, regardless of its cause. DoD CIP indications are based on four levels of input:

Tactical level input from DoD asset owners or installations
Operational-level input from sector Chief Information Assurance Officers, or CIAOs
Theater-level input from command and service intelligence and counter-intelligence activities.
Strategic-level intelligence from the intelligence community, law enforcement, and the private sector.

This fusion of traditional intelligence information with sector-specific information has been determined to be essential for meaningful CIP indications.

If an indication is detected, a warning notifying the appropriate asset owners of a possible or occurring event or hazard can be issued. The sector’s assurance plan determines what conditions and actions are monitored and reported for each Defense Infrastructure Sector. Each sector must develop a written Defense Sector Assurance Plan that includes a compendium of sector incidents for monitoring and reporting. The sector incident compendium is made up of three types of incidents:

Nationally-defined reportable incidents
DoD defined reportable incidents, and
Sector-defined reportable incidents.

DoD critical asset owners, installations, and sector CIAOs determine the DoD and sector-defined incidents. Each of the reportable incidents or classes of incidents must include the following components:

Who should monitor the incident
How soon the incident must be reported
Which information elements the incident should contain
How the incident reporting should be routed
What follow-up actions are required

The National Infrastructure Protection Center, or NIPC, is the primary national warning center for significant infrastructure attacks. Critical asset owners, DoD installations, and Sector CIAOs monitor the infrastructure daily. Indications of an infrastructure incident are reported to the National Military Command Center, or NMCC. If indications are on a computer network, they are also reported to the Joint Task Force Computer Network Operations, or JTF-CNO. The NMCC and JTF-CNO assess the indications and pass them to the NIPC and appropriate DoD organizations. When the NIPC determines that an infrastructure event is likely to occur, is planned, or is under way, it issues a national warning. For DoD, the NIPC passes its warnings and alerts to the NMCC and JTF-CNO. These warnings and alerts are then passed to the DoD components. The warning may include guidance regarding additional protection measures DoD should take.

Phase 4: Mitigation Phase

Phase 1 of the CIP life cycle provided a layer of protection by identifying and assessing critical assets and their vulnerabilities. Phase 2 provided another layer of protection by remediating or improving the identified deficiencies and weaknesses of an asset. Even with these protections and precautions, an infrastructure incident was still possible. When it does the Indications and Warnings phase goes into effect.

The Mitigation phase (Phase 4), is made up of preplanned coordinated actions in response to infrastructure warnings or incidents. Mitigation actions are taken before or during an infrastructure event. These actions are designed to minimize the operational impact of the loss of a critical asset, facilitate incident response, and quickly restore the infrastructure service.

A primary purpose of the Mitigation phase is to minimize the operational impact on other critical Defense Infrastructures and assets when a critical asset is lost or damaged. As am example, if there is a U.S. installation, Site A, located in a host nation. Site A is a tier 1 asset, meaning that if it fails, the Combatant Commands mission fails. Site A has mutual Global Information Grid Command Control, or GIG/C2, information interdependencies with Sites B and C. In addition, other Defense Infrastructure sectors rely on Site A for mission capabilities. In this scenario, what could be the impact if the supply line to the commercial power plant that provides the installation’s primary power is accidentally severed. Because of all the interdependencies, losing this asset is more than the loss of just one site. It means the loss of other sector capabilities.

A possible mitigation action might be for Site A to go on backup power. An alternate action could be to pass complete control of Site A’s functionality to another site, where redundancy has been previously arranged. These actions would limit the impact of this incident on the other sites and related sectors. In addition to lessening the operational impact of a critical infrastructure event, the Mitigation phase of the CIP life cycle supports and complements two other life cycle phases. Mitigation actions aid in the emergency, investigation, and management activities of Phase 5, Incident Response. They also facilitate the reconstitution activities of Phase 6.

During the Mitigation phase, DoD critical asset owners, DoD installations, and Sector Chief Infrastructure Assurance Officers, or CIAOs, work with the National Military Command Center, or NMCC, and the Joint Task Force-Computer Network Operations, or JTF-CNO, to develop, train for, and exercise mitigation responses for various scenarios. When there is a warning, emergency, or infrastructure incident, the critical asset owners, installations, and Sector CIAOs initiate mitigation actions to sustain service to the DoD. They also provide mitigation status information to the NMCC and JTF-CNO. The NMCC monitors for consequences from an event within one Defense Infrastructure sector that are significant enough to affect other sectors. For events that cross two or more sectors, the NMCC advises on the prioritization and coordination of mitigation actions. When event threats or consequences continue to escalate, the NMCC directs mitigation actions by sector to ensure a coordinated response across the DoD. The NMCC and the JTF-CNO keep the National Infrastructure Protection Center, or NIPC, apprised of any significant mitigation activities.

Phase 5: Incident Response

When an event affects the Defense Infrastructure, the Incident Response phase begins. Incident Response is the fifth phase of the CIP life cycle. The purpose of the Incident Response phase is to eliminate the cause or source of an infrastructure event. For example, during the 9/11 attacks on the World Trade Center and Pentagon, all non-military airplanes were grounded over the United States to prevent further incidents. Response activities included emergency measures, not from the asset owners or operators, but from dedicated third parties such as law enforcement, medical rescue, fire rescue, hazardous material or explosives handling, and investigative agencies. Response to Defense Infrastructure incidents can take one of two paths depending on whether or not the event affects a DoD computer network.

When incidents compromise a DoD computer network, the Joint Task Force-Computer Network Operations, or JTF-CNO, directs the response activities. These activities are designed to stop the computer network attack, contain and mitigate damage to a DoD information network and then restore minimum required functionality. JTF-CNO also requests and coordinates any support or assistance from other Federal agencies and civilian organizations during incidents affecting a DoD network. When incidents impact any other DoD owned assets, installation commanders and critical asset owners follow traditional channels and procedures to coordinate responses. This includes notifying affected Sector Chief Infrastructure Assurance Officers, or CIAOs, in the initial notice and status reporting. Although third parties play a major role in the response to Defense Infrastructure events, DoD CIP personnel also have responsibilities to fulfill.

Phase 6: Reconstitution

After the source or cause of an infrastructure event is eliminated or contained, the infrastructure and its capabilities must be restored. Reconstitution is the last phase of the critical infrastructure protection. Reconstitution is probably the most challenging and least developed process of the life cycle. DoD critical asset owners have the major responsibility for reconstitution.

References

DISA courses and participation in the CIP effort.