Chapter 1 Origins of Homeland Security and Critical...
Transcript of Chapter 1 Origins of Homeland Security and Critical...
CRIM 3460; Introduction to Critical Infrastructure Protection Spring 2016
Chapter 1 – Origins of Homeland Security and Critical Infrastructure Protection Policy
School of Criminology and Justice Studies University of Massachusetts Lowell
“Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private.” Source: http://www.fas.org/irp/offdocs/pdd/pdd-63.htm
Critical infrastructure is the backbone of our nation's economy, security and health. We know it as the power we use in our homes, the water we drink, the transportation that moves us, and the communication systems we rely on to stay in touch with friends and family.
Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Source: Department of Homeland Security, 2013
Source: Figure 1.1 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Source: Table 1.1 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Source: Table 1.1 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Source: Table 1.3 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Source: Table 1.3 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Source: Table 1.4 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Risk - The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences.
Risk-Informed Decision-making - The determination of a course of action predicated on the assessment of risk, the expected impact of that course of action on that risk, and other relevant factors.
Risk Management Framework - A planning methodology that outlines the process for setting goals and objectives; identifying assets, systems, and networks; assessing risks; prioritizing and implementing protection programs and resiliency strategies; measuring performance; and taking corrective action.
Risk => fProb(x) • Consequence (x)
Where x = hazard
Hazards include: Natural disasters, such as hurricanes and earthquakes
Terror attacks
Vandalism
Where: ROI = Return on Investment
Risk = Expected loss
$Investment = Cost to reduce the risk
ROI = Risk (before) – Risk (after)
Investment $
Source: Figure 1.2 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Definition - The ability to resist, absorb, recover from, or successfully adapt to adversity or a change in conditions.
How can this be measured?
How do we know when something is more or less resilient?
What does resist, absorb, recover mean?
What is adaptation?
More difficult to define….
Resilience is a property of a system; not just an object or single asset
Understanding of CIKR as systems is needed to determine resilience
A simple definition of resilience for now: Normal output
Collapse
Recovery
Elapsed time to recovery
This forms a triangle as shown
Source: Figure 1.2 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
High-risk vs. low-risk
Different strategies for different classifications?
Prevention vs. response
Low risk means the risk profile goes to zero with increasing consequence
High risk means the risk profile goes up forever, with increasing consequence
Risk is defined here as expected loss, or probable maximum loss.
Source: Figure 1.4a “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Low-risk profiles can initially be high and then drop to low, as consequence increases
Conversely, high-risk profiles can be low, initially, and then rise without bound, as consequence increases.
Source: Figure 1.4b “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition
Why is terrorism a low risk and earthquakes a high risk?
Source: Table 1.6 “Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation”, Second Edition