Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
The Ministry of internal security of the United States report on the state of cybersecurity in the country
Material posted: -Publication date: 20-06-2013

In March of this year before the appropriations Committee of the U.S. house of representatives were made by the Deputy Minister of internal security of the United States, the head of the Department of defense and the Ministry's programs Rand Beers with a progress report on the implementation of the presidential Directive, PDD-21 and Executive order EO 13636 and future plans for improving the national system for the protection of critical infrastructure of the United States. The theme of the report – "Cybersecurity and critical infrastructure".

In the report of the representative of the Ministry of internal security of the USA noted that ongoing U.S. government efforts on cyber security are bearing fruit. Created a system that can successfully resist the large number of attacks on the objects in the information space.

However, and most importantly made in the report to provide the required level of security of information networks, as well as the entire critical infrastructure is impossible without joint efforts to ensure the security of physical infrastructure and information infrastructure.

Physical security measures that prevent unauthorized access to the servers, communication lines and other sensitive items of equipment computer systems allow in some cases to ensure the protection of information processes of databases and data banks from illegal intrusion or causing other damage. On the other hand, information security systems, directly related to physical security, e.g. systems for air traffic control, management of a water utility, etc. to prevent physical damage and even possible loss of life.

It is the emphasis on the inseparable relationship between physical and information infrastructure gives a special character to the specified statement.

The report States that the number of enforcement documents issued by the administration in recent months (in particular, PDD-21 and EO 13636), contributes to the strengthening of the existing security systems in ensuring the security of critical infrastructure.

The adoption of these documents allows to develop and improve the existing cooperation model between the private sector and government.

To date, DHS has already formed a working group to coordinate the implementation of PDD-21 and EO 13636.

It is also noted that to date done quite a lot in terms of information security: establish a monitoring system, the system analytical processing of the information received about the invasion, and etc. Which generally allow to organize work on prevention of incidents in computer networks almost in real time.

In this direction in the current fiscal year Directorate for national protection and programs National Protection and Programs Directorate, NPPD) will continue to support the initiatives of continuous monitoring of computer networks, providing support for the purchase of monitoring equipment, software, etc.

It will also continue development and National cyber security system (National Cybersecurity Protection System, NCPS) known as EINSTEIN. Given the importance of the system for the implementation of the basic responsibility of the Ministry of internal security, the leadership of the Ministry plans to increase funding for modernization of this system. In the current fiscal year the program will expand through the development of means of detection and analytical processing, which will allow to organize a more flexible response to threats.

Important is the cycle of works aimed at the improvement of the functioning of the Center for analysis of threats and risks (NPPD''s Homeland Infrastructure Threat and Risk Analysis Center HITRAC). This structure is the basis of analytical infrastructure and implements functions of collecting and evaluating intelligence on the situation in the national information infrastructure. HITRAC conducts a comprehensive risk analysis plans and cross-calculates the impact of infrastructure, analyzes potential events associated with the "Domino effect" in the implementation of threats to critical infrastructure.

Important for the Department of homeland security USA today is a complement to existing practices of risk analysis and risks techniques that combine an understanding of risk and threats in information and in physical space. Also important is the development of algorithms and techniques for recovery of critical infrastructure or its separate elements and segments in case of realization of those or other security threats.

Emphasized the importance of research and development specifically aimed at the combination of understanding the threats and risks associated with incidents of physical and information space.

In General, based on the analysis of the basic steps for the implementation of the key documents of the US administration to ensure the security of critical infrastructure, as well as considering the views of the leadership of the Ministry of internal security of the United States, we can say that today there is a certain revision of approaches to ensuring the security of critical infrastructure in the United States.

This revision is that, first, increasingly in official documents begin to be present estimates showing the inability to ensure full security of the critical infrastructure of the country and the need to speak only about the sustainability of certain, the most significant of its segments.

Secondly, the Ministry is increasingly on the revision of some key positions (including own work) to complementarity of the techniques and methods of physical security and information security of objects of critical infrastructure.

The approach, which are closely intertwined physical and information space is characteristic of many works of American experts not only in providing security but also in several other areas, for example, in the formation of views on the use of information weapons.

RELATED MATERIALS: Defence and security