Authors: Christine Izuakor; Richard White
Addresses: Department of Computer Science, University of Colorado, 1422 Austin Bluffs Parkway, Colorado Springs, CO, USA ' Department of Computer Science, University of Colorado, 1422 Austin Bluffs Parkway, Colorado Springs, CO, USA
Abstract: The attacks of 9/11 highlighted irrefutable vulnerabilities in the US critical infrastructure system and prompted necessary efforts to strengthen defence and resiliency of infrastructure against attack. As critical infrastructures become more dependent on cyber resources, the threat landscape continues to rapidly evolve exposing critical infrastructure to a heightened risk of cyber-attacks. The Department of Homeland Security's Risk Management Framework was developed to guide protection efforts and depends heavily on the ability of the department to effectively identify critical infrastructure assets. However, program audits have reported fundamental flaws in the US identification and prioritisation program. Specifically, there is a need for validation and verification that the right assets are being considered in order to ensure that scarce national resources are not wasted towards protection of the wrong assets. This paper summarises US critical infrastructure identification efforts, ongoing challenges to current programs, and recommendations for moving forward.
Keywords: critical infrastructure protection; critical asset identification; risk management; cyber; aviation; transportation sector; homeland security.
International Journal of Critical Infrastructures, 2017 Vol.13 No.1, pp.16 - 28
Received: 23 Sep 2015
Accepted: 19 May 2016
Published online: 31 Mar 2017 *