Trident University International

Gary Lam

EDM502 Critical Infrastructure Vulnerability and Protection

Module 3 Case

Dr. James Carlino

July 21, 2019

 Module 3 – Case

Infrastructure Protection, Vulnerability Analysis, & Network Architectures

The critical infrastructures and assets of the country play important roles in the

sustainability and success of government’s processes and operations. It is one of the

responsibilities of the government to ensure the protection and efficiency of these critical

infrastructures since these assets are essential for the consistency of the operations and processes

in the country. Critical infrastructures can be considered as essential components of various

functions necessary for the accomplishment of private, public and government’s activities and

endeavors. The protection and security of these critical infrastructures must be taken into

consideration in the implementation of homeland security measures so that threats and risks will

be prevented from compromising the vulnerabilities of these sectors. . Basically, it is the role of

the entities from the private and public sectors, from the local, state and federal government, to

ensure that the critical infrastructures of the country will be safeguarded.

Refinery and Storage Stages and Vulnerability

Critical infrastructures are vulnerable to different natural and artificial risks and threats.

Artificial threats or those man-made perils can take advantage of the critical infrastructures’

vulnerable aspects. It must be neutralize since it can also affect the safety and security of the

nation and its people. According to Department of Homeland Security (2019), in order to raise

the awareness of the public regarding the importance of safeguarding and ensuring their

involvement in the process, Critical Infrastructure Protection was established. Critical

Infrastructure Protection is instrumental in threats and risks management and prevention. One of

the critical infrastructures in the country is the energy sector. Moreover, the energy sector is

consisted of refinery and storage phases.

1
 As mentioned by NIPP (2009), the process of energy sector involves the production,

refining, storage and distribution of gas, oil and electric power. However, commercial nuclear

power refineries are not included in the energy sector. Basically, the energy sector, more

particularly the refinery and storage phases, are instrumental in the activities of the business

organizations in the United States. The security measures for homeland security must also take

into consideration the protection of the energy resources of the country since these are highly

important for the stability of the processes of businesses and industries in the country. Artificial

threats or those man-made perils can take advantage of the vulnerabilities of refinery and storage

stages. As to avoid any hindrances in the refinery and storage processes, the energy sector must

be safeguarded against various types of threats and risks.

Majority of the energy sector is owned by private entities and companies. These

companies are the suppliers of energy such as fuel and petroleum products to the transportation

sector, electric power to households and establishments and other energy sources essential to

sustain different activities and operations in the country. The supply chain operations of

businesses can be disrupted and broken if the energy sector would be compromises by man-made

or natural threats and risks.

It is really necessary to strengthen the security given to the energy sector since any

damage to the latter could produce large-scale damages to other sectors. One of the threats

observed to be a challenge to the energy sector is the aging infrastructures. In order to meet the

increasing demand for energy sources, the refineries are being used at their maximum capacity

level. Furthermore, natural calamities and other fortuitous events such as earthquake and

hurricane which can cause disruption and damage are also some of the threats and risks

challenging the energy sector in the country

2
 .Information Technology-Information Sharing and Analysis Center (IT-ISAC)

IT firms have established the Information Technology-Information Sharing and Analysis

Center or IT-ISAC. The objective of this organization is to achieve collective initiatives and

contributions from IT companies to collaborate their expertise and capabilities for the

enhancement of the processes and approaches of gathering information, relaying and managing

it. Basically, IT-ISAC was established so that involved entities can collectively work for the

purpose of addressing, managing and preventing cyber-related threats and risks that could disrupt

the processes and operations of the IT sector.

IT-ISAC allows the members of the organization to access the information, approaches,

measures and standards of the other members. Because of the information sharing process of IT-

ISAC, it is easier for them to protect their IT infrastructures. Furthermore, IT-ISAC assists the

government in safeguarding other critical infrastructures. The government can utilize the

strategies employed by IT-ISAC, more particularly its information sharing approach and

integrate it with the Critical Infrastructures Protection measures.

Supervisory Control and Data Acquisition: SCADA

The control and supervision of the processes of different industries, sectors and

establishments is through industrial control systems. One example of industrial control systems

is the Supervisory Control and Data Acquisition or SCADA. Using programmable logic

controllers, SCADA systems allow programmed administration of processes. Basically, the

administration and management of industrial activities have been automated through the

integration of SCADA systems. Since technology has flourished, the usage of SCADA systems

became popular with business owners and industries. In addition, the government can also use

3
SCADA systems as part of its home land security and critical infrastructures protection

measures.

Supervision is one of the paramount considerations of SCADA so that critical

infrastructures protection will succeed. It was reported that several infrastructures in the United

States are controlled and monitored by SCADA systems. Through monitoring of critical

infrastructures, SCADA systems can easily detect changes in the state of an operation or

establishment. However, there are instances that SCADA may contradict the protection and

security measures of other systems. Since other security systems such as FEMA are sector-

specific, the system of SCADA may not compliment the processes.

National Infrastructure Protection Plan (NIPP)

One system that defines bringing together of systems for the unification of current and

future CIKR security measures and protection methods is National Infrastructure Protection Plan

or NIPP. Through gathering of information and dissemination of pertinent data about terrorism-

related threats and risks, NIPP can help the private and public entities such as the government

and its network to strengthen its security measures and address its vulnerabilities. Furthermore,

NIPP which aims to protect and safeguard critical infrastructures compliments the duty of the

DHS to ensure the safety and security of the nation and its people. One function delegated to

Department of Homeland Security is to safeguard the critical infrastructures in the United States.

In order to effectively fulfill such responsibility, DHS needs to devise strategic and efficient

security measures that will strengthen national security including critical infrastructures.

NIPP allows government agencies and private institutions to establish a system that will

help in the process of determining the important aspects of organization that must be given

utmost consideration in the implementation of security measures and initiatives. Through

4
detection of possible loopholes in their current system, NIPP allows public and private entities

address the vulnerabilities of their organization. Since the vulnerable aspects of the security of

the organizations will be identified, they can conduct analysis and devise the most feasible and

effective effort to strengthen their security and address various types of threats and risks that can

hinder the success of their processes and operations.

Sector-Specific Plans (SSPs)

The index of specified approach among the industries mandated in monitoring the critical

infrastructures of the country is included in the Sector-Specific Plans. Basically, Sector-Specific

Plans define the distinct environment, threats and susceptibilities existing among industries

involved, which are necessary in devising security, management and controlling measures for the

industry. Sector-Specific Plans are necessary component of homeland security since it is

necessarily included in the process of devising security measures that will strengthen national

security and critical infrastructure protection against various types of risks and threats that can

hamper down the operations and processes of critical infrastructures and other industries and

sectors in the United States.

As mentioned by the report issued by the Department of Homeland Security regarding

Sector-Specific Plans for the Energy Sector, electricity, natural gas and oil are the three principal

fragments of the sector. Furthermore, electricity, natural gas and oil are considered to be

correspondingly fundamental in the processes of the United States. Basically, Sector-Specific

Plans of the sector is important to ensure that the energy sector is capable of fulfilling its

functions and duties. SSP helps in identifying the appropriate methodologies and technologies

5
and in the process of collecting, evaluating and disseminating of pertinent information across

different sectors and industries.

6
 References

AOC Petroleum Support Services LLC. (2014). U.S. Fuel Supply Infrastructure Vulnerability to

Natural and Physical Threats. United States Fuel Resiliency, Vol II. Retrieved from

https://www.energy.gov/sites/prod/files/2015/04/f22/QER%20Analysis%20-

%20United%20States%20Fuel%20Resiliency%20Volume%20II.pdf

Department of Homeland Security (DHS) (2009). National Infrastructure Protection Plan.

Retrieved from http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

Department of Homeland Security (DHS). (2015). Energy Sector-Specific Plan. Retrieved from

https://www.dhs.gov/sites/default/files/publications/nipp-ssp-energy-2015-508.pdf

Department of Homeland Security (DHS) (2019). Infrastructure Security. Retrieved from

https://www.dhs.gov/cisa/infrastructure-security

Macaulay, T. & Singer, B. (2012). Naming, Functionality, and Components of Typical

ICS/SCADA Systems. Cybersecurity for industrial control systems: SCADA, DCS, PLC,

HMI, and SIS. [Books24x7 version] Retrieved from

http://common.books24x7.com.ezproxy.trident.edu:2048/toc.aspx?bookid=47183

Ralston, P., Graham, J. & Hieb, J. (2007). Cyber security risk assessment for SCADA and DCS

networks. Science Direct. Retrieved from

http://www.sciencedirect.com/science/article/pii/S0019057807000754

Rouse, M. (2016). IT-ISAC (Information Technology Information Sharing and Analysis Center).

Tech Target. Retrieved from http://searchsecurity.techtarget.com/definition/IT-ISAC

Shahzad, A., Lee, M., Kim, H., Woo, S. & Xiong, N. (2015). New Security Development and

Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions.

7
The Information Technology - Information Sharing and Analysis Center. (2019). About Us.

Retrieved from https://www.it-isac.org/about