Threats to the Different Kinds of Important Infrastructures

Critical infrastructures are systems serving the public and provide services whose interruptions would lead to a serious problem if interrupted by any means (Taylor et al., 2014). The compromise of critical infrastructures has safety issues on the lives of the public and the people who directly rely or indirectly rely on the affected systems. Some of the critical infrastructures that are of public concern include health sectors, security systems, communication networks, energy, banking, and government. Several threats make these systems prone to attacks and subsequently their fall which would lead to safety concerns in the public domain.

Depending on the type of infrastructure, the threats vary from one sector of critical infrastructure to another. For instance, the threats facing banking systems and the communication networks vary such since the exposure factors vary (Alcaraz and Zeadally, 2015). However, the end impact of the compromise of the critical infrastructures is that the lives of the people and their normal activities would be impacted negatively. In some instances, the interconnection of the systems makes them more prone to failures and destructions since the interconnected systems depended on each other for normal operations. Given that critical systems are prone to attacks and failures, there is need to find a way of mitigating the exposure of these systems to the threats and measures that would help protect them from attacks.

Threats Facing Critical Infrastructure

Order custom essay Threats to the Different Kinds of Important Infrastructures with free plagiarism report

450+ experts on 30 subjects Starting from 3 hours delivery

Get Essay Help

Depending on the type of infrastructure system and interconnection, several threats are facing them. The threats are either human made or natural; the natural threats are as a result of the natural phenomenon while human made threats are as a result of human activities that trigger a risk. For instance, the energy systems, power grids, may be compromised by hurricanes, floods, and earthquakes among others, and these are the examples of natural factors that threatens critical infrastructures. On the other hand, the cyber security threats are caused by malicious humans whose aim is to hack, intrude and make use of other people's efforts and enrich themselves or just interfere with computer systems of big companies just for fun (Wagner, 2016).

Despite the differences in the types of threats, the result is that there would be a great disruption of the critical systems which would subsequently result in the interruption of the normal functions of the systems. Therefore, there is need to come up with mitigation strategies that would see the prevention of risks and vulnerabilities as the reduction of the impacts of threats to the critical systems. This paper seeks to give a detailed report on the impacts of critical infrastructure and strategies to mitigate impending threats. The Impacts of the Disruption of Critical Infrastructure

The interconnection of critical systems makes them vulnerable to attacks and disruptions. According to (Petit et al., 2015), interconnected critical infrastructures depend on each other for them to function and provide the intended services. However, the interconnection makes them prone to fatalities and failures. Disruption of one of them leads to dire consequences across the interconnected systems. For instance, several sectors depend on the distribution of natural gas for the generation of power.

The power generated by the natural gas supplies sectors such a communication, computer controls, road traffic systems, air traffic systems, and emergency services (Lewis, 2004). Therefore, any mess with the distribution of natural gas would lead to disruptions in several sectors. On the other hand, the disruption of the emergency services may lead to loss of property and lives since the emergency teams would not be in a position to move to the affected areas.

The disruption of critical systems such as power grids and lines also leads to economic losses. The power lines may be disrupted by the natural disasters such as earthquakes, hurricanes, and floods. The sweeping of the power lines may render the power systems, together with the sectors that depend on them, useless since they would have no power for running its machines (Kiessling et al., 2014).

Moreover, cyber security and computer systems are critical to companies that rely on technology for its normal functions. Malware may be used by cyber attackers to destroy and disrupt computer systems. For instance, malware may attack a computer and destroy or relay organization's information to the attackers who may use them against the company. Consequently, this may lead to loss of money and thus bankruptcy of companies and loss of public money. Kalaimannan et al. (2017) noted the 2017 ransomware that was spread through the internet. According to him, the ransomware attacked and block computers demanding for ransom payment for them to unlock the computers. Both the public and private sectors were affected whereby some of them lost a lot of their cash.

The negative impacts of the disruption of the critical systems, therefore, calls for the development of strategies that would be used in responding to any impending threat. Based on the type of threat, whether human made or natural, the strategies should help minimize the impacts of both the already established threat and the oncoming ones. This would be important in ensuring that the impacts of the threat are at its lowest level possible. The mitigation strategies should be implemented by both private and public stakeholders to ensure that the threats targeting critical infrastructures are kept at levels that would cause little impacts.

Emergency Plans and Mitigation Strategies

The emergency plans and mitigation strategies should be designed and implemented by the relevant authorities who are tasked with the role of protecting critical systems. Based on the nature and magnitude of damages caused by the threats such as war, terrorism, cyber- attacks and natural disasters, the strategies should be tested to ensure accuracy when putting into practice. The strategies aim at countering incoming threats as well as dealing with the already established threats. The strategies include prevention, prediction, detection, analysis, and reaction (Stergiopoulos et al., 2015). Prevention

Prevention is aimed at locking out the threats that are likely to attack and impact negatively on a critical infrastructure. According to National infrastructure protection plan (2009), protection of critical infrastructures is a key measure that is put in place long before a threat is detected. Protection is a long term preparedness against the possible threats in future. When establishing critical systems and infrastructure, a threat prevention measure forms part of the main pillars of setting up the systems to ensure that the systems being established can withstand future challenges that are likely to face the critical systems. Depending on the type of infrastructure, different prevention measures have been put in place by different managements of critical systems. For instance, the energy supply chain, computer management systems, and emergency teams have got different hazard prevention measures put in place.

In the prevention of hazards, there is need to protect the release of sensitive information regarding the security of the infrastructure. For instance, the computer systems that are used in the running of nuclear plant systems and natural gas distribution needs to be highly protected. Any information regarding the security of its critical systems should be handled with care and under privacy to avoid hackers and malicious individuals from accessing such information.

Pastore (2016) argued that disclosure of sensitive information may pose a security risk whereby the whole nation would be at risk of terrorist attacks and hacking. There is need to have the appropriate level of protection of information depending on the sensitiveness of the information about security matters. Moreover, the establishment of a common in information sharing protocols should be developed so that information is shared only with the relevant individuals.

Moreover, prevention of hazards is done by a strategic location of critical infrastructures and reduction of the interdependence of the critical infrastructures. For instance, the nuclear power plants should be located in higher grounds whereby floods are unlikely to affect. Also, the nuclear plants can be established in areas where they are not prone to earthquakes to reduce the impacts of the occurrences of the natural disasters. The strategic location would ensure that the critical systems are not affected by the earthquakes and floods that may occur unexpectedly.

Behr (2011) in his report noted that Diablo Canyon nuclear power plant is situated in an area where it makes its vulnerable to tragedies such as earthquakes and floods. The report was looking into the safety and vulnerability of the power plant, and the findings were that the plant was not safe. The inquiry into the safety of the plant was triggered by the disaster that was witnessed in Fukushima Daiichi power plant whereby there was massive destruction of property and lives due to the damages that occurred in the plant. While setting up nuclear power plants, there is need to come up with the best strategy of identifying the best sites to locate the infrastructures to avoid the impacts of the hazards.

Therefore, while using prevention and protection as a strategy for mitigating the impacts of hazards and threats on critical infrastructure, there is need to make sure that all the stakeholders take it with seriousness to avoid regrets when threats begin to eat into the infrastructures.

Prediction, analysis and Early Warning

Early warning is another important strategy that works best in the mitigation of the impacts of the threats that are likely to hit a critical infrastructure. According to Sajid (2016), most of the threats that damage the critical infrastructures are those that penetrate into the systems undetected.

Therefore, there is need to implement an operation where the impending threats are predicted and early warnings given to the relevant groups. Some of the critical infrastructures whose threats can be predicted through analysis and early warnings given include the power plant systems, health systems, and computer systems. With strategy, each of the stakeholders tasked with the role of ensuring the security of the systems would have to ensure that once a threat is suspected, the necessary information should be relayed to the relevant groups to act against the threats.

Several approaches can be used to ensure that early warnings are given to the relevant groups to act against an impending threat. Cordis, (2017) gives a detailed case study on the means in which the power plants can be managed and analyzed to get to understand the changes in the systems and early warnings given. The European Union funded ARGOS project which was aimed at developing early warning systems which would help boost the security of the power plants against malicious intruders. The approach used by the system enables the operators to get warning signals on time and act.

The project entails the use of complex systems to make calculations of the risk factors based on the data collected by the sensors installed in the power stations. The system is, therefore, able to collect data and give warnings to the operators. The operators would then make decisions based on the magnitude of the threats detected. Any deviation from the normal would call for the operators to alert others and thus strategies are put in place to ensure that the threats do not impact much on the systems.

Moreover, in the protection of the power plants against the destruction by natural disasters such earthquakes, early warnings can be used to help mitigate the damages caused by the disaster. For instance, sensors can be used to alert the nuclear power plant that an earth tremor or earthquake is expected. The operators can then stop the operations and power production to avoid unnecessary damages caused by short circuiting. Without the early warnings, there is a high chance of big damages since the power lines are likely to short circuit and the consequences can be deleterious to lives and property Health sector as a critical system can also employ the use of early warnings.

According to Macrae (2014), the early warnings in the health sector are developed and incorporated to work together with the emergency response teams. In this case, the early warning teams can help warn the public of any health threat that is likely to occur within a specified period. The early warnings can be used to warn both the health response team and the public to take the necessary precautions. For instance, in the case of a rise in a cholera epidemic, the public and the health response teams are made aware of the situation. Therefore, early warnings can help rescue the population from the dangers associated with health hazards. Detection and Reaction

Detection and reaction is a strategy that can be applied once a threat gets into the systems. At this point, the threat can be eating into the systems but once detected, the reaction against it can help to mitigate its impacts. According to Obama (2010), the detection and reaction against a threat lie in the hands of "Federal, State, local, territorial, and tribal governments; private sector critical infrastructure owners and operators; first responders; and the public." They are supposed to identify and respond to attacks on the critical infrastructure. President Obama reiterated that the government was willing to work hand in hand with all the stakeholders to ensure the safety of the critical infrastructures.

In the detection of the threat, there are several measures that can be used based on the type of infrastructure being protected. SCADA has been used to monitor and optimize power production in the nuclear power plants, firewall and antivirus have been used in the protection of computer systems from malicious attacks. The use of SCADA helps to give the operators a clear overview of the network systems and respond appropriately based on the overview given by the system. This has enabled the operators to notice any malfunctions that may lead to low power production and thus respond and make the necessary corrections. The advantage with SCADA is that it is reliable regarding accuracy and reduces the cost of maintaining the power production systems since it gives an overview of the systems that need to be corrected (Lewis, 2004).

On the other hand, cyber security of a vital sector that needs a lot of attention in all sectors. According to the US department of energy (2008), Computer systems has several vulnerabilities that makes it prone to cyber-attacks. However, the vulnerabilities and the loopholes that can be exploited by the cyber attackers can be blocked by the use of strong firewalls and antiviruses installed in computers. Arneja and Sachdev (2015) argued that firewall based antivirus is essential in ensuring that malicious software and virus send through internet networks does not penetrate into a computer.

The installation of antivirus alone does not guarantee the keeping away of malicious malware from a computer; Manning, (2015) postulated that an antivirus should be kept up-to-date to ensure full security of the computer systems. Therefore, computers in any sector that do not have an antivirus is vulnerable to malware attacks and hacking by malicious individuals. Hacking and other cyber-attack related actions could lead to devastating losses of money and even life if the computers were part of critical systems such as hospital life support machines.

Reaction to the detected attacks is done by the immediate action of installing an antivirus if the computers did not have them before. In the case of installed antivirus and SCADA systems, the necessary actions of correcting the problem are taken. For instance, the source of the malware can be traced and see if it can be cracked to restore the safety of the computer systems. Recommendations

The comprehensiveness of the threats and mitigation strategies given in this study are aimed at improving the resiliency of the critical infrastructure. The strategies highlighted in the study are easy to adopt, and therefore it is important for different sectors to adopt varied mitigation strategies to avoid the challenges that are associated with the impacts of the hazards facing critical infrastructures. The critical infrastructure managers have a task of forming emergency teams who will analyze the best strategies that can use against critical infrastructure threats. Conclusions

In conclusion, critical infrastructures are critical in the economy and the boosting of the lives of people. Critical infrastructure makes up the main pillars of the state's economy. Some of the critical infrastructures rely on each other since they are interconnected in function and location (Ouyang, 2014). Therefore, there is need to strategize and adopt the best mitigation methods to avoid losses associated with the impacts of the attacks on these critical systems.

References

1. Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: requirements and challenges for the 21st century. International journal of critical infrastructure protection, 8, 53-66.
2. Arneja, P. S., & Sachdev, S. (2015). Detailed Analysis of Antivirus based Firewall and
3. Concept of Private Cloud Antivirus based Firewall. International Journal of Computer Applications, 111(4).
4. Behr, P, (2011). Many U.S. nuclear plants ill-prepared to handle simultaneous threats. Scientific American. Retrieved from: http://www.scientificamerican.com/article.cfm? id=many-us-nuclear-plants-ill-prepared-to-handle-simultaneous-threats US Department of Energy, (2008),. Common cyber-security vulnerabilities observed in control system assessments by the INL NSTB program. Retrieved from: http://energy.gov/oe/downloads/common-cyber-security-vulnerabilities-observed-control-system-assessments-inl-nstb
5. Cordis (2017). European Commission: CORDIS : News and Events: Early warning systems to boost security for Critical Infrastructures. [online] Available at: http://cordis.europa.eu/news/rcn/122322_en.html [Accessed 23 Jul. 2017].
6. Kalaimannan, E., John, S. K., DuBose, T., & Pinto, A. (2017). Influences on ransomware's evolution and predictions for the future challenges. Journal of Cyber Security Technology, 1(1), 23-31.
7. Kiessling, F., Nefzger, P., Nolasco, J. F., & Kaintzyk, U. (2014). Overhead power lines: planning, design, construction. Springer.
8. Lewis, T. (2004). Energy vulnerability analysis-Part 1. 25 minute video: https://www.chds.us/coursefiles/cip/lectures/energy/cip_energy_vulnerability analysis_p01/player.html
9. Lewis, T. (2004). SCADA vulnerability analysis. 25 minute video: https://www.chds.us/coursefiles/cip/lectures/scada/cip_SCADA_vulnerability analysis/player. html
10. Macrae, C. (2014). Early warnings, weak signals and learning from healthcare disasters. BMJ Qual Saf, bmjqs-2013.
11. Manning, A. (2015). Data Protection, Security, and Privacy Policy. In Databases for Small Business (pp. 123-130). Apress.
12. National infrastructure protection plan (2009). [Read 5.2 The CIKR Protection Component of the Homeland Security Mission, and 5.3 Relationship of the NIPP and SSPS to Other CIKR Plans and Programs, pp. 76-79]. Retrieved from: http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf
13. Ouyang, M. (2014). Review on modeling and simulation of interdependent critical infrastructure systems. Reliability engineering & System safety, 121, 43-60. Pastore, J. (2016). Practical Approaches to Cybersecurity in Arbitration. Fordham Int'l LJ, 40, 1023.
14. Petit, F., Verner, D., Brannegan, D., Buehring, W., Dickinson, D., Guziel, K., ... & Peerenboom, J. (2015). Analysis of critical infrastructure dependencies and interdependencies (No. ANL/GSS--15/4). Argonne National Lab. (ANL), Argonne, IL (United States).
15. President Obama (2010). Presidential proclamation--Critical infrastructure protection month. The White House, November 30, 2010. Retrieved from: http://www.whitehouse.gov/the- press-office/2010/11/30/presidential-proclamation-critical-infrastructure-protection-month Sajid, A., Abbas, H., & Saleem, K. (2016). Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges. IEEE Access, 4, 1375-1384. Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., & Gritzalis, D. (2015). Risk mitigation strategies for Critical Infrastructures based on graph centrality analysis. International Journal of Critical Infrastructure Protection, 10, 34-44. Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice Hall Press.
16. Wagner, D. (2016). infrastructure under attack. Risk Management, 63(8), 28.

Don't let plagiarism ruin your grade

Run a free check or have your essay done for you

Check my essay Hire Writer