I am in need of a 250 word discussion post as well as 200 word responses.
Discus
I am in need of a 250 word discussion post as well as 200 word responses.
Discussion post: What specific role(s) does risk management play in national security and why is it of importance to homeland security and defense initiatives? Within the homeland security enterprise, how does cyber-security specifically factor into critical infrastructure protection and risk management?
Response #1 (Uchendu): Afternoon Sir and Classmates,
Last week we talked about the Critical Infrastructure Risk Management Framework at the five-step method decision-making process for the protection of CIKRs. This week speaks to the role risk management has and the importance of the initiatives set by homeland security (HLS) and homeland defense (HLD). The use of the new risk assessment formula assists with determining the variables needed to create the level of risks proposed by different threats. The results of these analysis push the adaptation and implementation of strategies for both HSE and DOD stakeholders to develop their initiatives toward national security. According to the National Infrastructure Protection Plan (NIPP) “To achieve critical infrastructure security and resilience, critical infrastructure partners must collectively identify priorities, articulate clear goals, mitigate risk, measure progress, and adapt based on feedback and the changing environment” (Dolbow 2024). This statement demonstrates the risk management approach that must be achieved by homeland security enterprise (HSE) agencies. Specifically, the threat of malicious cyber activity conducted by nation-state or criminal organizations. Department of Homeland Security (DHS) guiding principles of risk prioritization, cost-effectiveness, innovation, collaboration, global approach, balanced equities, and national values encompasses their cybersecurity measures. This all points to one thing. The risk analysis posed towards the threat of a cyber-attack towards our nations CIKR is a serious one. When utilizing a three-question risk assessment of what can go wrong, what is the likelihood, and what are the consequences (Santos 2020), we can contrast aftermaths from different scenarios and by different actors. The outcome of a cyber-attack on an electrical power grid may create different responses from a natural disaster. The use of rehearsed critical action plans, specifically for the preparedness, response, recovery, and mitigation from cyber attacks speaks to the importance placed on the protection of CIKRs.
Dolbow, Jim. “National Infrastructure Protection Plan (NIPP).” Praeger Security International, ABC-CLIO, 2024, psi.praeger.com. Accessed 3 Mar. 2024.
Santos, J, Baggott, S (2020) A Risk Analysis Framework for Cyber Security and Critical
Infrastructure Protection of the U.S. Electric Power Grid
file:///D:/HLSS302/Risk%20Analysis%20Framework%20for%20Cyber%20Security%20and%20Critical.pdf
Response #2 (Dylan): Risk management, in the context of national security, allows for identification, assessment and mitigation of potential threats and vulnerabilities that are hazardous to the nation’s interests, critical infrastructure, and populous. Risk management exists in every facet of homeland security and defense operations. It is important because it allows the “powers that be” an opportunity to step back and think about what they are trying to accomplish and why. It has the potential to thwart negative consequences that can result from action or inaction before they can happen.
Using my profession in aviation under the DoD as an example, before every sortie my teammates and I go fly, the pilot in command must write up and brief risk with the operations superintendent. There is a point scale that exist for environmental conditions, crew member factors, events to be accomplished, proficiency, etc. Higher points total equal higher risk. Higher risk requires higher approval authority (transfer) for mission execution. Even moderate to lower risk requires mitigation efforts and an explanation of how we are going to accomplish what we need to accomplish in a safe manner, even on a routine training sortie. The bottom line is that the appropriate application of risk analysis and risk management can save lives and scarce, valuable resources. Critical infrastructure in the United States relies heavily on information technology and interconnectedness. American transportation, power, finance, and water systems require intricate networks and firewalls that identify vulnerabilities an defend against attacks. Malware, ransomware, and nation state sponsored attacks are some examples of threats to our critical infrastructure. Cyber security initiatives, involving private business and homeland security organizations such as CISA, assist with protecting critical data, identifying perpetrators of attacks, and incident recovery when attacks do occur. By integrating cybersecurity into overall risk management, homeland security agencies and operators of critical infrastructure can make informed decisions about their resources, strategies, and responses to enhance resilience against cyber threats.
References:
Malatji, M., Marnewick, A. L., & Von Solms, S. (2022). Cybersecurity capabilities for critical infrastructure resilience. Information and Computer Security, 30(2), 255–279. https://doi.org/10.1108/ICS-06-2021-0091
Leave a Reply