Essay Sample on Cyber Security Protection

Introduction

The articles by Clemente (2011); Bellovin, Bradner, Diffie, Landau, and Rexford (2011); Saadawi and Jordan (2011) focus on cybersecurity of critical infrastructure and issues surrounding this subject. In the past two decades, key infrastructure not only in the United States but also in other countries has become increasingly connected and dependent on each other. That increased connection was aimed at increasing efficiency and security by implementing and installing cyber technologies. For instance, the health-related departments have become closely connected to the Center for Disease Control and the Department of Homeland Security and the Department of Justice.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

As the dependency on cyber infrastructure has increased, so have the malicious attacks on the cyber infrastructure. In the aftermath of the 9/11 attacks, the US government embarked on determining the vulnerable areas that the enemy could target. One of those areas was discovered to be key cyber infrastructures whereby the main cause was inadequate security as a core aspect in the design and development of information systems, computer programs, and IT networks. Poor security exposes these systems to malicious intruders who use viruses and spams. In the contemporary world, the magnitude of sophisticated distributed denial of service (DDoS) attacks has increased sharply. The DDoS attacks that use numerous online bots have serious adverse effects such as wide-scale network failure, theft of intellectual property, loss of critical data, and interruption of service delivery (Deshmukh & Devadkar, 2015). Despite the scale of these threats, a majority of security applications are designed to react or detect attacks that have already happened rather than being proactive. In this regard, the articles by Clemente (2011); Bellovin, Bradner, Diffie, Landau, and Rexford (2011); Saadawi and Jordan (2011) focus on presenting frameworks and strategies to address the legal, social, and technical issues relating to the security of cyber infrastructure.

One of the most outstanding similarities between the articles by Clemente (2011); Bellovin, Bradner, Diffie, Landau, and Rexford (2011); Saadawi and Jordan (2011) is the acknowledgment of the existence and emphasis on the need to develop comprehensive strategies to mitigate the threats posed by cyber-attacks. The articles illustrate the growth of cyberspace and how interconnectedness and dependency have elevated the risk of attack. The articles highlight the challenges experienced in ensuring cybersecurity as well as the impediments to cyber infrastructure protection.

While the articles focus on cybersecurity and protection of key infrastructure, they do so in distinct ways that differentiate them. In particular, Clemente (2011) starts by defining critical infrastructure and the need to understand the adverse effects of attacks on these infrastructures. Clemente (2011) underscores the need for clarification in the definition of various categories of infrastructure so as to prioritize investments in security measures appropriately. On the other hand, Bellovin, Bradner, Diffie, Landau and Rexford's (2011) article focuses on an intrusion-detection and intrusion-prevention system called EINSTEIN 3 which monitors and screens internet traffic for government systems. The scholars dedicate their publication into detailing practical instances related to EINSTEIN 3 which indicate that the program might not be effective. In a quick glance, Saadawi and Jordan's (2011) publication appear to be similar to Clemente's (2011) article as they both dedicate a huge space into defining critical infrastructure and risk assessment. However, a deeper review of Saadawi and Jordan's (2011) article reveals that the scholars focus more on policy issues related to cyber protection and delve deeper into the theory of cyber-power and its role in humanitarian assistance. The scholars also look into the legal and social aspects of cybersecurity and the dynamics involved in religious and politically motivated cyber-attacks.

Clemente (2011) provides ways of resolving the issues that cause complexities while dealing with critical infrastructure due to the use of ambiguous language and bureaucracy. These methods relate to adapting, prioritizing, incentivizing, and investing in resiliency.

Adapt

Clemente (2011) demonstrates the inherent uncertainty in the sophisticated systems of critical infrastructure. However, promoting flexibility and adaptability with different organizational levels leads to better and faster responses to emerging risks and gain an edge. The FEMA Critical Infrastructure Protection Plan meets this requirement by leveraging on the wide array of capabilities and experiences of the critical infrastructure community. That leads to the efficient sharing of actionable and relevant information which creates situational awareness and better risk-informed decision making (Department of Homeland Security, 2018).

Prioritize

Clemente (2010) underscores the significance of scrutinizing downstream and upstream risks as well as restricting dependency where uncertainty is overly high. Methods of data collection and grouping should be updated regularly to avoid focusing on low-priority tasks and to ensure the right questions are asked. The FEMA Critical Infrastructure Protection Plan meets this requirement through the application of a systems-based approach whereby the critical infrastructure community identifies the national critical functions and gain a better understanding of the systematic risks. The National Plan requires the Federal Government to collaborate with the owners of critical infrastructure to develop and implement risk-based approaches (Department of Homeland Security, 2018). Also, the National Plan requires the application of a prioritized risk management framework which positions the government to prioritize the threats and vulnerabilities.

Incentivize

This entails understanding the political and economic factors that drive the conduct of the stakeholders so as to avoid unwanted surprises. Understanding the driving factors for the different stakeholders creates a bigger room for agreement. The FEMA Critical Infrastructure Protection Plan meets this requirement by providing a framework that guides the collaborative efforts of the partners. Also, the plan provides value to the stakeholders by ensuring the government coordinates with infrastructure stakeholders hence enabling the government to maintain public safety and national security (Department of Homeland Security, 2018).

Investing in Resilience

Clemente (2011) points out that stakeholders should concentrate on safeguarding dependencies that improve physical, societal, and cyber resilience. They should exploit instances where societal and commercial resilience overlap can be achieved through focused investment. The FEMA Critical Infrastructure Protection Plan meets this requirement by incorporating resilience and security considerations into the design of infrastructure, planning, and decision-making. Also, the plan focuses on the understanding of incentives so as to guide and prioritize activities that promote the development of safer and more resilient infrastructure (Department of Homeland Security, 2018).

While the FEMA Critical Infrastructure Protection Plan has attempted to meet the requirements set by Clemente (2011), there is still more to be done. That is because the requirements focus on utilizing the already existing systems and resources to enhance cyber protection. For that reason, future research should focus on the drivers of innovation and areas that need more innovative security and resilient mechanisms (Department of Homeland Security, 2018).

In the contemporary world, the types and scope of disasters have changed and expanded significantly. Prior to 2000, disasters were understood to include or fall into the category of events related to wildfires, earthquakes, tsunami, hurricane, and minor incidences of terror attacks. However, the 9/11 attacks changed this line of thinking and prompted the stakeholders in disaster management agencies to expand their line of thought and view disasters from a different perspective (Kwan & Lee, 2005). Further, the rapid growth of information technology, its high rate of adoption, and high level of dependency of critical infrastructure on these systems have contributed to these changes. That is illustrated by the article by Xia, Becerra-Fernandez, Gudi, and Rocha (2011) and a report by Hennessy, Patterson, and Lin (2003).

Perhaps the most outstanding takeaway from the publications by Xia, Becerra-Fernandez, Gudi and Rocha (2011); Hennessy, Patterson, and Lin (2003) is their emphasis on adequate preparation and the need for incorporation of information technology into the prevention, response and mitigation strategies. While the magnitude and gravity of the effects of an attack or a disaster are usually measured in relation to the 9/11 attacks, it is important to note that the threat posed by cyber criminals could have more and far-reaching consequences than the 9/11 attacks. That is because information technology essentially control's all the country's critical infrastructures ranging from air transport, the health sector, the banking sector, and the security sector. As such, a disaster involving information technology could happen in various forms. Indeed, the IT itself could be a target for hackers or a weapon to launch an attack on target information systems (Morreale, 2004). Nonetheless, the two articles demonstrate that information technology could be used to deter, detect, and mitigate such attacks.

While the report by Hennessy, Patterson, and Lin (2003) shows that information technology is key to preventing terror attacks and disasters, the findings by Xia, Becerra-Fernandez, Gudi, and Rocha (2011) show that the success and efficiency of IT approaches is dependent on the framework used in emergency management. Currently, Florida is considered as one of the states with the most effective emergency management framework. Many states in America work closely with National Oceanic and Atmospheric Administration's (NOAA) Storm Prediction Center (SPC) to predict the likelihood of storms and other related disasters (Lewis & Writer, 2013). In addition, the federal government heavily supports the local government by supplying the latest technology and funds for emergency management. As such, it might be true to say that many states have equal resources when it comes to emergency management. This means that what sets Florida apart from others is not resources but rather the framework and strategy applied to utilize the resources in responding to an attack or disaster. That concurs with the findings of Xia, Becerra-Fernandez, Gudi and Rocha (2011) which highlights the knowledge sharing strategies, categorization of the complexity of emergency management tasks, the physical organizational arrangement, tools for information sharing, and personnel training as the reasons behind the efficiency of Florida in emergency management.

Although the findings by Xia, Becerra-Fernandez, Gudi, and Rocha (2011) focus on Florida, the takeaways from those findings can be easily applied countrywide. The threat an IT terror attack does not relate only to Florida but to the whole world. Besides, the issues highlighted in both publications are fundamental to the security of any IT infrastructure. Given that Hawaii is an island surrounded by large water bodies and has a high risk of having disasters, the significance of having a comprehensive IT-based emergency management framework can only be underscored.

References

Bellovin, S. M., Bradner, S. O., Diffie, W., & Landau, S. (2011). Can it really work-problems with extending EINSTEIN 3 to critical infrastructure. H...