Organization of security of critical infrastructure in the United States
Material posted: Publication date: 22-06-2017
A series of terrorist acts that swept the world in the end of XX - beginning of XXI century, showed that humanity has entered a new stage when decisions are important political objectives in an armed confrontation can be used rather small groups or even individual "suicide bombers". Currently, as a goal, the defeat of which may cause huge damage to the state and its citizens, it is more correct to consider not only military but especially the civilian sector, the disabling or destruction of each of which, including due to the "cascading effect" that could cause damage comparable to the attacks by the armed forces.

In most foreign countries with the aim of systematizing such potentially dangerous objects, destruction of which can have significant political and military consequences, and introduced the term "critical infrastructure". It refers to "the totality of physical or virtual systems and tools that are important for the state to such an extent that their failure or destruction can lead to devastating consequences in the sphere of defense, economy, health and security of the nation" (the law of the United States "USA PATRIOT Act" of 2001).

Abroad there are the following groups of critical infrastructure:

  • the actual infrastructure necessary for the decision of problems of national security;
  • objects that are not directly involved in solving problems of national security, but necessary to ensure the infrastructure for these tasks;
  • the objects needed for the solution of national tasks, disabling of which would have a debilitating effect on security and economic welfare or which might give negative effect to national prestige, morale and confidence.

List of objects includes system support activities government, defense, healthcare, financial, banking and research sectors, industry, energy, including nuclear, oil and gas, food, transportation, and utilities, including water, communications, and civil defense.

Quantitative characteristics of the critical infrastructure and key assets of the United States, to secure, are presented in table. 1.

Table 1

Quantitative characteristics of the critical infrastructure and key assets of the United States, be protected

Name of branches The critical infrastructure and fixed assets The number
Agriculture and food Farm 1912 000
Enterprises producing food products 87000
Water resources Federal reservoirs 1800
Municipal drains 1600
Dam 80 000
Public health Was hospitals 5 800
Service in emergency situations Settlements 87000
Defense industrial base Companies 250 000
Energy Power plant 2800
Aviation Public airports 5000
Passenger railway The main railway 120,000 miles
Roads and road transport Road bridges 590000
Oil and gas Oil 2 000 000 miles
Mining 300000
Maritime transport The ports on the coast and Islands 300
Mass transportation of citizens Transport company 500
Banking and Finance The financial institutions 26000
Chemical and other hazardous materials Chemical production 66000
Postal service and shipping Shipping items 137000000
National monuments and images Historical buildings 5 800
Nuclear power plant Commercial nuclear power plant 104
Facilities of the government Funds that are owned/used by the government 3000
Commercial buildings High-rise buildings 400

Analyzing contemporary approaches to security of critical infrastructure in the United States, we can distinguish five main elements of government strategy in this area:

first, the development of a national security plan for critical infrastructure establishes the reference point for vulnerability analysis and training programs to eliminate them in every sector of industry and economy;

  • secondly, organization of cooperation and interaction between the public and private sectors;
  • third, the creation of an apex Federal departments responsible for the implementation of security tasks elements of the critical infrastructure in each sector;
  • fourth, the coordination of the activities of these units and private companies;
  • fifth, the organization of system of informing and warning.

The main sources of threats to critical infrastructure overseas primarily considered:

  • terrorism and other acts of criminal nature (attacks, including armed, explosions, arson, the use for terrorist purposes of road and air transport, dangerous substances);
  • the human factor and technological accidents (technical breakdowns, accidents, leakage of hazardous materials, explosions, fires, the impact of other physical effects);
  • natural phenomena and natural disasters (storms, hurricanes, floods, floods, snowstorms, hail, droughts, earthquakes, tsunamis, fires, avalanches, mudflows, landslides, epidemics).

A distinctive feature of the modern era is that the greatest threat to critical infrastructure represent actions of subversive groups of the terrorist, mainly international, organisations. Unprecedented opportunities in the field of telecommunications technology and the rapid development of international trade-vehicles increase in both the magnitude and efficiency of such activities, allowing you to quickly travel long distances and penetrate through protected borders.

Threats can also arise in connection with the creation of new technologies, to develop improved methods and means of causing destruction to the infrastructure due to the revaluation of strengths and weaknesses in the organization of their security.

The military-political leadership (CDF), the United States considers the task of ensuring the security of critical infrastructure a priority. Approach to the complex of measures for development and implementation of measures aimed at its protection, in particular, involves the following:

  • the implementation of preventive measures aimed at prevention of potential damage to critical infrastructure;
  • reducing the vulnerability of such facilities;
  • minimization of possible damage;
  • providing the possibility of eliminating the consequences of damage in the shortest time.

The problem of ensuring the security of critical infrastructure the CDF has realized long before 11 September 2001. Apparently, an important role was played by the events in Budennovsk and Kizlyar, which occurred in Russia.

In particular, in accordance with Directive PDD-63 (tab. 2), signed by the President of the United States in 1998, formulated the so-called strategy of joint efforts of the US administration and the private sector in protecting critical infrastructure, will largely determine further steps the legislature and the Executive. In that period, in the framework of this document identified five degrees of readiness the national warning system on the state of internal security: the red (high), orange (high) yellow (elevated), blue (caution) and green (low), a change which U.S. citizens can learn with the help of the Internet.

Table 2
Policy documents of States for the protection of critical infrastructure
Administrative decree of the President of the United States No. 13 010 (Executive Order 13 010) July 1996 0 work to study security vulnerabilities of critical infrastructure from cyber and physical threats
Directive No. 63 (Presidential Decision Directive 63) May 1998 The strategy is a joint effort of the U.S. administration and the private sector in protecting critical infrastructure
National plan for information systems protection (National Plan for Information Systems) January 2000 Of government activities for the prevention and detection of cyber attacks and vulnerability of information and computer networks
Administrative decree of the President of the United States No. 13 228 (Executive Order 13 228) October 2001 Organization of protect the United States against terrorist threats
Administrative decree of the President of the United States No. 13 231 (Executive Order 13 231) October 2001 On the protection of national critical information systems
National security strategy (National Strategy for Homeland Security) July 2002 We identified the main threats to the national security interests of the United States - international terrorism, proliferation of weapons of mass destruction and modern military technology. Recommendations for the protection of key resources and infrastructure of the United States
The national strategy for protection of critical and essential facilities (The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets) February 2003 The national strategy for the physical protection of critical infrastructure and guidelines for the protection of the most vulnerable critical systems
Administrative decree of the President of the United States, No. 13 228 (Executive Order 13 228) February 2003 Clarification of the administrative provisions of the decree of the President of the United States No. 13 228
Directive of the President for national security No. 7 (Homeland Security Presidential Directive 7) December 2003 The Directive replaces Directive No. 63 and defines a national policy for Federal departments and agencies to protect critical infrastructure from terrorist attacks, delineates the roles and responsibilities of the Department of homeland security and other agencies, as well as adjust their interaction on the protection of critical infrastructure
Plan for the protection of national infrastructure (National Infrastructure Protection Plan) October 2006 The plan is a national program primarily focuses on the development of tools that enable interaction in the interests of achieving the security infrastructure of the state, the long-term program on reduction of threats, maximize the use of resources allocated for the protection of critical infrastructure of the state
Plans for the protection of national infrastructure (National Infrastructure Protection Plans) May 2007 The security plans of the critical infrastructure of the state in various sectors of the U.S. economy

In the "National strategy for the physical protection of critical infrastructure and national heritage sites" objectives and principles of the security of the national infrastructure and the conditions for uniting the efforts of various public and private entities to improve the level of their security.

In General, the challenges facing American ministries and agencies in ensuring security of the national territory from the point of view of combating terrorism, are as follows:

  • keeping focused exploration to determine the likely areas, the nature and means of implementation of terrorist acts, and the places of deployment, rest and treatment of terrorists;
  • strengthening the protection of borders and communication system in order to prevent terrorist acts on all types of transport;
  • counter-intelligence software with recruiting in addition to the FBI other law enforcement agencies (identification of individuals suspected of terrorism, the organization of secret monitoring, linkages, funding sources, etc.) in order to curtail terrorist activities;
  • protection of key infrastructure, the violation of which can lead to serious disruptions in the functioning of state institutions;
  • preventing the access of terrorist organizations to the technologies and materials needed to create weapons of mass destruction, and preparation for liquidation of consequences of terrorist attacks could lead to mass casualties among the population;
  • the creation of a national system of emergency response (planning, equipping and training of specialized units of the police force, fire brigade, medical and utilities)

Table 3

The model of prioritization of fixed assets of the military-industrial base

Factor Range zones assessments Evaluation parameters Weighting factor factor factor The procedure for determining the rating of the object from the point of view be considered revenage factor
Impact on the implementation of large-scale programs of production 1-3 The evaluation is based on the analysis of the participation in the production of products necessary to ensure the combat readiness currently. By considering such indicators as the number of major programmes which the object participates, participation in cooperative security head of customers, the degree of importance of programs. When this is taken into account not only modern, but also planned programs 16 1 - least important
2 - intermediate
3 - most important
Influence on modern combat capabilities 1-3 The evaluation is based on the importance of production for the current task. In the evaluation takes into account mainly the following factors: the duration of the production cycle; the time required for reaching the maximum production volumes; inventories of these products; the interests of the command, the presence of manufacturers 15 the same
The impact on the planned combat capabilities 1-3 The evaluation is based on determining the importance of the enterprise in the production process for future objectives and programs, analytical assessments of the level of production or level of technological readiness of production of individual types of products. 14 the same
Corporate financial risks 1-3 The necessity of assessment of financial risks is determined by the fact that large financial companies are much easier to cope with the crisis and disintegration in comparison with weak companies. The estimation of this risk factor is information-analytical departments using the assessment of financial capability of contractors (CFAR).
Company, information which is outdated or which does not meet the requirements automatically receive a rating of 3.8
13 the same
The indicator of the economic vitality of the object 1-3 The index is information-analytical units based on the number of employees, capacity utilization, availability of debt, budget, and products, development of distribution network 12 the same
Recovery plan 1-3 Evaluation of the recovery plan is based on the analysis performed by the office of contracts, Department of defense and some other services. Thus, the paper discusses the planned activities for elimination of consequences of terrorist attacks. In the basis of assessment is the forecast of the possibility of full recovery of production. By considering only objects that were not destroyed completely and not work for up to 60 days 11 the same
Temporary needs for recovery 1-3 Take into account what the consequences could have a terrorist attack and any preparatory activities are conducted with a view to overcoming their consequences. It also examines the changing needs of the company's products, the maximum allowable break in production, the time required for completion by its qualified staff 10 the same
Money needs to recover 1-5 Take into account what the consequences could have a terrorist attack and any preparatory activities are conducted with the aim of overcoming them. Also analyzes the changes of the needs of production enterprises, the maximum allowable break in production, the cost characteristics of products, the value of the rehabilitation costs of the facility and staffing it with qualified personnel 9 the same
Threats 1-3 Threat assessment is based on analysis of various information about the activity of terrorists in the area. In the absence of this information the evaluation is based on data on the number of employees of the enterprise and its role in the production of the final product, and its distance from other potential targets 8 the same
Polished set of security issues 1-3 The estimation is performed on the basis of the results of the prerequisite checks of the facility personnel to act in emergency situations 7 the same
The probability of danger 1-3 Takes into account the presence of dangerous substances at the plant, the condition of the equipment 6 the same
The likelihood of collateral damage, destruction of chemical/ biological/ radiological and explosives during the attack on the enterprise 1-3 Assesses the risk of collateral damage destruction of chemical / biological / radiological and explosives during the attack on the enterprise 5 the same
The population of the area in which the facility is located 1-3 The population estimate is important because the probability of terrorist attacks on enterprises of the defense industry is higher in densely populated areas. This is because any event in this area will be widely covered in the press and will lead to a binding reaction of public authorities. The highest rating a 3 - automatically assigned to objects in the capital and major cities 4 the same
The share of employment at the facility in relation to the number of economically active population of the territory 1-3 This factor is important when assessing the impact of possible terrorist attacks on the object, on the social and economic situation in the area of its location, especially if the number of employees in the organization is a significant part of the total economically active population 3 the same
Response to comments made during audits 1-3 Evaluates the readiness of the property to cooperate with organizations responsible for the protection of critical infrastructure 2 the same
Vulnerability assessment or security assessment tasks for the protection of critical infrastructure 1-3 Evaluates the complexity and danger of the implementation of the action plan for the protection of critical infrastructure 1 the same

The U.S. has developed and is constantly improved plan for the protection of national infrastructure.

The plan, which is a national programme primarily involves the creation of instruments for partnership in the interests of the security infrastructure of the state, the long-term program for reducing the risks, maximize the use of resources allocated for infrastructure protection of the state.

Key elements of the Plan national infrastructure protection States are:

  • a comprehensive approach combining the different structures of power, opportunities and resources of a country, region or a particular locality;
  • comprehensive and accurate assessment of the infrastructure of the state, which will not only allow us to prioritize in the organization of his defense, but will also give the opportunity to retaliate and to restore the damage;
  • organization and coordination of partnerships at all levels from government to the private sector;
  • integration in enhancing protection of physical objects, cyberspace and the public;
  • the use of sophisticated methodologies for analysis and modeling in the development of, and increased attention to efficiency in countering the destruction in all contexts.

To determine the degree of "vulnerability" of public infrastructure Ministry of internal security of the USA is the methodology, which is based on the so-called model for prioritization of fixed assets of the military-industrial base (The Asset Prioritization Model (APM)). Its essence lies in the calculation of the index of riskiness of an object depending on the object rating scale categories of factors and the "weight" of this factor. That is, the specialists of the Department of defense have identified 16 factors (ability to restore a measure of economic vitality of the area where the facility is located, the likelihood of concomitant destruction of chemical/biological/radiological/nuclear and explosives, the presence of political and side effects, etc.), which is assessing the "riskiness" of objects of military-industrial base (table. 3).

This technique can be used in the assessment of vulnerability of objects and sectors of critical infrastructure in the event of strikes in a variety of ways and means, including sabotage and terrorist groups, conventional or nuclear missiles, as well as in the event of disasters of natural and technogenic character.

It should be noted that the model was developed in 2007 on the basis of similar pre-existing. This was a revised assessment of the impact of various factors on the overall "attractiveness" of the enterprise to commit his attacks. In particular, the most important factor in the present period the influence of the object on the implementation of large-scale programs of production. Previously it was considered only the third most important, and as important considered the impact of the object on modern combat capabilities. However, the evaluation was only on 14 factors, not 16, as now.
At the same time, in the current model greatly simplified the procedure of determining the rating of the object from the point of view of estimated parameters. If the previously used model, it was estimated in the range of from 1 to 5 for each factor was calculated according to a special, rather complicated and not applicable to other settings the approach at the present time, the interval is more versatile - from 1 to 3, where 1 is the least important object and 3 - object the most important.

Thus, the military-political leadership of the United States believes that in the current circumstances, the safety of society greatly depends on security of critical infrastructure of the state, which increases vulnerability. The modern stage of society development is characterized by an acute need to develop both national and international programs for the protection of critical infrastructure in peacetime and during hostilities. Developed and implemented measures to protect critical infrastructure does not fully correspond to the level of threats and require constant improvement.

A. Barannik

Source: Foreign military review, No. 8 of 2009 S. 3-10

Tags: USA , information war