Help drafting assignments
TheMatrix
HM502Unit6DQ.docxHM502
Unit 6 DQ
Topic 1: Sector-Specific Plans (SSPs)
The protection of the critical infrastructure and key resources (CI/KR) is essential to homeland security. In response to a multiplicity of identified threats, sector-specific plans (SSPs) have been designed for several of the CI/KR domains. Each SSP has many unique characteristics but several of the plans share similar attributes. In addition, many of the sectors share interdependencies. For example, the threats, vulnerabilities, and consequences of a natural or man-made disaster in one sector affect other sectors as well.
Designing comprehensive plans that addressed sundry threats and interdependencies was but one of the multitude of challenges faced by security planners. Consequently, a discussion of the similarities, differences, and interdependencies among the SSPs will reveal much about how the plan designers assessed threats and responded to challenges to their sectors.
· What risk assessment methodologies were used in the various sector-specific plans reviewed?
· Describe some of the key elements of the sector risk assessments.
· How are some sector plans similar and some plans different?
· What are some of the interdependencies between sectors?
· Describe some of the major challenges to protecting CI/KR.
Topic 1 Student Response#1: (Respond to Skyler)
Skyler Fry
All of the sector-specific plans utilize risk assessment methods aligned within their sector in conjunction with the use of THIRA (Department of Homeland Security, 2013). The three main elements that each sector addresses are human, cyber, and natural threats (Department of Homeland Security, 2015). Most of the plans follow a similar pattern and utilize similar methodologies with the exception of interdependency being more of a concern for sectors like the energy and food sectors. The plans also create not broad plans for the sector but also tend to split their sector into sections in order to combat the threat to the sections within the sector. The cyber threat is the most common trend across all sectors as the interdependency between sectors would be directly impacted and place other sectors at risk due to the interdependency aspects associated. Some of the major challenges to protecting CI/KR is that much of it is privatized and the reliance on interdependency. The privatization of CI/KR while in most incidents provides room for a sector to advance technologically without government interference has led to the profit margins taking control which in turn has left the CI/KR with severely aging infrastructure. The primary sectors that are most vulnerable to threats and that would have a direct effect on the rest of the sectors are energy, communications, water, and transportation (Department of Homeland Security, 2015). The interdependency and cooperation between sectors while being a good thing on most fronts also makes connected sectors vulnerable to cyber attacks that can easily be passed through shared communication networks (Department of Homeland Security, 2016).
Department of Homeland Security. (2013). Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach. Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/sites/default/files/publications/NIPP-2013-Supplement-Executing-a-CI-Risk-Mgmt-Approach-508.pdf.
Department of Homeland Security. (2015). Food and Agriculture Sector-Specific Plan . Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/publication/nipp-ssp-food-ag-2015.
Department of Homeland Security. (2015). Energy Sector-Specific Plan. Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/sites/default/files/publications/nipp-ssp-energy-2015-508.pdf
Department of Homeland Security. (2016). Information Technology Sector-Specific Plan 2016. Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/sites/default/files/publications/nipp-ssp-information-technology-2016-508.pdf.
Topic 1 Student Response#2: (Respond to Jeffery)
Jeffery Bailey posted
Hello classmates/prof
Under the NIPP 2013 Critical Infrastructure Risk Management Framework, the risk is defined as the potential for an adverse outcome from an event, determined by the event’s likelihood as a function of the specific threats and vulnerabilities and associated consequences if the event occurs. While individual owners and operators are responsible for managing risk to their individual assets, (Communications Sector-Specific Plan 2015) Sector-Specific Agencies/Plans are tentacles of the National Risk Assessment and Critical Infrastructure Protection Plan. In the assessment and risk management of critical infrastructure, there are many tools at the disposal of the Federal government, one of which is Sector-specific agencies (SSP). These are organizations that partner with the National Protection as well as the Federal Emergency Management Agency (FEMA).
Sector-Specific Plans have several directives that they strive for such as Identify and prioritizing of critical infrastructure, consider the different types of threats such as cyber-physical or biological. Sector-Specific Agencies and planners must work with other SSA’s to provide their expertise, technical evaluation assessment, and analysis. Sector-Specific Plans are orchestrated with the knowledge that they have specific insight, and they are uniquely tuned into the needs, concerns, and vulnerabilities of their specific agencies.
Each critical infrastructure sector has unique characteristics, operating models, and risk profiles that benefit from an identified Sector-Specific Agency that has institutional knowledge and specialized expertise about the sector. Recognizing existing statutory or regulatory authorities of specific Federal departments and agencies, and leveraging existing sector familiarity and relationships,(NIPP2013) SSAs shall carry out the following roles and responsibilities for their respective sectors. Each critical infrastructure sector has unique characteristics, operating models, and risk profiles that benefit from an identified Sector-Specific Agency that has institutional knowledge and specialized expertise about the sector (Presidential Policy Directive/PPD-2 2013). In these plans there are often similarities that cross-sector from agency to agency with the identification, prioritization, assessment, remediation, and security of their respective internal critical infrastructure, as well as citizen safety and the complete disruption of daily life. As with any endeavor that involves the working together of multiple agencies there are cross-sector vulnerabilities and consequences that affect other concerned agencies, such as the vulnerability of cyber threats, what one agency may view as risk mitigation may put another agency in a position of vulnerability. In general most SSP; use the methodologies of identifying and assessing the risk and figuring ways to mitigate the damage as well as means of resilience. Key elements often involve partnerships across all sectors of local and federal government as well as local private partners. These partners also have what is described as interdependencies of each other. One example of this is the sharing of what could be considered privileged information and the sharing of this information makes agencies dependent upon each other. Some of the major challenges that face Sector-Specific Plans involve getting all to agree on an avenue of approach cost is always a challenge when it comes to figuring ways to mitigate and respond to risk.
Communications Sector-Specific Plan an Annex to the NIPP 2013. (n.d.).
https://training.fema.gov/iemc/
National infrastructure protection plan for threats, vulnerability, risk, and resilience. (2014). Homeland Security and Private Sector Business, 78–109. https://doi.org/10.1201/b17838-7
Topic 2: Reflect and Discuss
Now that you have completed this course, reflect on the outcomes as well as your personal goals for the course. This is not intended to be a mere recap of the course. The emphasis here is what you have personally learned and how it will affect your professional goals. Discussing what you have learned during this term will not only help you better process the information, but will help you enhance each other’s learning experience. Please reflect on the previous units and post a response that addresses the following questions:
· What prior knowledge did you bring to this course?
· What were the most important new ideas you encountered and how did they change your understanding of this class?
· Do feel you have met the outcomes in your work on this course? Is there any outcome with which you feel you still need support or assistance?
· What have you learned from your discussions and collaborations with your fellow students?
· In what specific ways can you use the knowledge you have gained in this course in your chosen profession? What are your strengths and opportunities for growth in this area?
· What questions or concerns do you have about what you have studied?
· What areas of the subject would you like to continue to explore, and why?
Topic 2 Student Response#1: (Respond to Skyler)
Skyler Fry
What prior knowledge did you bring to this course? My prior knowledge that I brought to this course was restricted to prior classes and threat assessments to areas. However, the threat assessments were not specific to a structure but rather to personnel and politics.
· What were the most important new ideas you encountered and how did they change your understanding of this class? The most important information that I took from this class was the risk assessment methodologies that are in use and the specific uses for each as well as the upsides and downsides associated with each method.
· Is there any outcome with which you feel you still need support or assistance? I believe I have a relatively decent understanding of all of the outcomes thus far.
· What have you learned from your discussions and collaborations with your fellow students? The discussions have been very helpful on expanding the baseline knowledge through adaptation of various perspectives on the same subject.
· In what specific ways can you use the knowledge you have gained in this course in your chosen profession? What are your strengths and opportunities for growth in this area? The knowledge of how to conduct a risk assessment and the methodologies most pertinent to that specific area are beneficial in seeking employment in risk analysis or risk management positions.
· What questions or concerns do you have about what you have studied? No questions or concerns at this time.
· What areas of the subject would you like to continue to explore, and why? I would like to explore what policy changes could be made or programs implemented in order to get sectors that are behind the mitigation curb up to date without over-regulating that sector.
Topic 2 Student Response#2: (Respond to Zak)
Zak Arnish
Dear Class,
At the start of this class, I had experience in risk identification from my career but lacked abilities in risk communication. From the experiences evaluating risk assessments and the studying of formal risk assessment methodologies I have gained experience and new ideas on how to formulate these problems and solutions to my peers and supervisors. I feel that meting the course outcomes will come with time, as some experience is necessary to gain the creative side of the risk identification, but by taking this class, I have all the tools I need to gain that experience. The students in this class were great in filling in some of the gaps I did not see during my readings and we shared these during discussion, I feel collaboration was limited. As a career firefighter in a small department much of the responsibility fall on everyone no matter your rank, and I plan to climb the ladder as much as I can. Currently this risk assessment knowledge will help me lead my department in ways that were always an afterthought and I hope to build risk assessments into the normal workload as a department. My main questions lie in how to motivate stakeholders to see this sometimes-difficult material, it is not always as easy as declaring yourself an expert that allows the leaders above you to trust you and consider risks sooner rather than later. To further this, that is one subject I will continue to explore and that is risk communication from a financial point of view, and how we can illustrate costs of mitigation into an easy to understand way for elected leaders to commit to the strategies needed today.
