Infrastructure Risk Management Paper Example

Introduction

The term infrastructure can be defined as the necessary systems and services that are needed by a country or organization for the smooth running and proper functionality. In the case of a state, infrastructure refers to the physical systems like transportation systems, public utilities like schools and healthcare facilities, sewerage, and services like communication systems. Infrastructure systems in most cases are interconnected and thus are very vital for the proper functioning of any organization system (Harasta, 2018). However, risks in any systems are prevalent, resulting in a breakdown of the arrangements. Some infrastructure systems are dependent on each other and thus a failure in one result in a ripple effect where the functioning of different methods is affected by the breakdown of one. One of these systems that are important for the smooth running of an organization is the communication system infrastructure.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Critical infrastructure is known for the provision of essential services that enable the day to day running of societies, organizations, and economies and thus, their protection is necessary. Their protection becomes necessary by the fact that these systems are interconnected and interdependent. Communication infrastructures are complex and owned by different stakeholders, and are dependent upon by different groups of people and therefore, their protection becomes a collective responsibility (Assaf, 2008).

Critical infrastructure

Critical infrastructure has been defined differently by different groups of researchers. According to the USA Patriot Act,(2001), critical infrastructure can be described as the systems as assets either virtual or physical that are essential in that their incapacitation or destruction results in the debilitating impact on national security, economic security, public health and the safety of all. In Germany, CI incorporates <

Critical infrastructure protection describes a continuous set of activities aimed at management of risks and initiating operational responses, with the focus being on the improvement of the security and the resilience of the critical infrastructure. For there to exist a stable and safe system of life, the society together with its members must sustainably receive different services and products and access various critical resources. In this regard, various assets, systems of the network, both physical and virtual must be put in place and operated. In this connection, there has been a rapid improvement the information technology sector in the recent past, to facilitate some of this needs (Crowther, 2008). Due to the increased development, there have been some revolutions which have resulted in the increased interrelation, interdependence and interpenetration of different systems of the network. The effect of this is the increased vulnerability of the systems, complicating the assurance of their reliability and security. All these develop against the framework of a sudden increase in the terror threats, mainly at the international level, increased disasters that are induced by man. All these calls for increased attention paid on the protection of systems against risks.

Communication systems are the pillars holding the information exchange networks. Communication systems are made up of voice communication, data transfer, video communication, and internet connectivity (Lauge, Hernantes & Sarriegi, 2015). In this regard communication systems are seen to be the most critical components that determine national security and emergency preparedness. This, therefore, makes communication systems essential systems of infrastructure in any nation. The primary focus of this paper is thus on the protection of the communication system infrastructure from risk, mainly on the cybersecurity, that is protection from information warfare (Grzywna, 2015).

Communications systems are among the most vulnerable infrastructure systems that face many risks. The risks range from attempted access to information sources by unauthorized hackers, as well environmental vandalism of the communication systems. There has been an increase in the number of risks associated with the communication as the perpetrators of the risk mainly capitalized on the open network systems, primarily in the public internet systems. The consequences of these acts are in most cases catastrophic in that they may result shut down of systems, cutting down the normal operations of the other systems dependent on the system like the national security system, which is a threat to human life (Rehak, Senovsky, Hromada, Lovecek & Novotny, 2018).

Protection of the Communication Infrastructure

Recently, the stability of the communication system has become a significant challenge especially for systems that operate in the adjacent channels. Security of these systems has two dimensions; protection from natural as well as human-made interferences. These interferences include electromagnetic emissions. Interventions from electromagnetic emissions usually are due to radiation or conduction, both of which can be intentional or unintentional. The unintentional electromagnetic Interferences can be omitted from the system at the construction stage by understanding the essential physical characteristics of wave propagation. In this regard, there is the need for proper designing and installation of the of communication systems so that the performance of the capability of the system is not subjected to degradation or sometimes complete loss due to EMI.

In infrastructure risk management program, risk assessment is one of the pillars for successful management of infrastructure risks. Risk assessment helps in identifying the possible threats in the system, assess the vulnerabilities of the system and analyze the impact they have on the assets or any other infrastructure systems that depend on communication system (White, Burkhart, George, Boult & Chow, 2016).

Protection of Communication System

Communication system infrastructure is made up two primary systems, the physical systems that are made of the physical connections and the virtual method that is virtually connected where the transfer of information employs the use of radio frequency, Protection of this system is therefore complex in that both systems have to be protected. The physical parts of the communication need to be protected from adverse weather condition as well as human interference. The virtual system needs to be protected from cyber-attack. In this regard, there are thus different significant parts of the communication system that need to be protected (Aradau, 2010). These include the perimeter which could be achieved through the insulation of the wires and fencing of the peripheral regions of the grid systems to prevent unauthorized access to the system. Protection from malware; with increased cyber-crime, cases of cyber-attack to control operations of communication infrastructure are on the increase which necessitates the protection of the system from cyber-attack. Authentication of the various sources of information getting in and out of the system: With the increased connectivity, the rate of flow of information is high and therefore the risk of transfer of malware from one communication system to another is high which might result in the corruption of the destination system.

Steps followed in the management of risks

Risk management if a continuous process that requires some steps for effective implementation. Every step of the process involves an evaluation process of various factors with the primary aim of coming up with the best solution that would be applied in the solving of the problems that may arise in the subsequent stages. The following are the main steps involved in the management of infrastructure risks.

Identify the Risk

Some risks are associated with the communication infrastructure which is all different. In this case, the process of risk management must begin with the identification of the nature of the risk and the potential areas of the system that are more likely to experience risks. Communication systems are made of both physical and virtual systems which both need protection this. Therefore, identification of the risk would require a thorough and continuous evaluation of the communication to identify areas that are prone to risks. Identification of these areas gives the management an easy time in the license since they would have a clue of where to check before running a troubleshoot (Crowther, 2008). For virtual systems, the primary mode of identification of risk is through troubleshooting the system.

Establish Risk Tolerance

Having identified the risks in the systems, there is needed to determine the tolerance level of the system. Methods are always constructed in a way that they can stand a level of noise in the before breakdown. In this case, the management will evaluate the various sections of the communication system and identify the risks that the system can operate with, without being affected. This helps in the making of decisions of the risks to be mitigated and those to be left within the system. This also helps in the formulation of a tentative budget that would be used in risk management.

Analyze the Risk and Prioritize

After identifying the risk and establishing the tolerance of the system, what follows is isolating the known from the unknown. Certain risks are known to be associated with communications systems; however, with the increased innovation and cybercrime, there is a high probability of new risks being introduced into the system on a daily basis. To achieve this, the management decision will commence at describing the threat to the system and its nature and its consequences. This helps in the determination of whether the risk is big or small. Analysis and prioritization of risk are made using either qualitative or quantitative methods (Pirson & Turnbull, 2010). Quantitative methods involve actual calculation of risks while qualitative methods depend majorly on experience. This, therefore, is mainly on risks that are already known in the system.

Develop Risk Management Options

Prioritization is then followed by the development of the various options of dealing with the risks. It is not possible to completely remove the risk. However, options are available, to either reduce the extent of exposure, manage the potential effects the chance has to the system, or shift the risk to less vulnerable positions.

Reduction of Risk

Reduction of risk implies tightening up of the vulnerabilities in the system. In physical communication systems, one way in which the changes can be reduced would be the relocation of individual components of the system from areas that are prone to disruption. Having the nature of threats in the order, one gets an idea of how the risks affect that system and the areas of the systems that are most affected as well as those components that are less affected by the given a chance. In this case, it becomes easy for the risk manager to make a decision on which parts to move to which location.

The second option for reduction of risk exposure for the tools is through diversification of the components. Diversification helps in the increasing of the flexibility of the system in the elements can be used to perform different functions. In this case, various parts are used to different environmental conditions as well as other factors and thus will not be affected by a shift from the equilibrium. T...