Advanced search    Help

Clear all search criteria

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

• President's FY 2007 Budget: Risked-Based Spending at the Transportation Security Administration: Hearing Before the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity of the Committee on Homeland Security House of Representatives, One Hundred Ninth Congress, Second Session, February 16, 2006

  Show summary     Open resource [pdf]     (open full abstract)

  From the opening statement of Daniel E. Lungren: "The annual budget process is an important ritual for both the administration and Congress. It is not, as some would believe, a means to secure higher funding levels for our pet projects. Instead, it represents an opportunity to step back, take a hard look at our priorities and refocus on our primary missions, understanding the successes and failures of the previous year as a key part of the resource management. The budget, as presented, asks for $6.3 billion for TSA, $4.7 billion of which would go toward aviation security. While I support the requested levels, I am concerned, as are others, that we may be spending too much on aviation relative to other homeland security priorities. We must do a better job driving down unnecessary costs and improving the effectiveness and efficiency of passenger and baggage screening. Ultimately, I think we are all in agreement that TSA's airport screening operations are too labor-intensive. We need to move to a system that has more capital-intensive to drive up performance and drive down operating costs. I would like to hear more about the administration plans to fund new inline EDS systems." Statements, letters, and materials submitted for the record include those of the following: Daniel E. Lungren, Peter A. DeFazio, Norman D. Dicks, Sheila Jackson-Lee, Edward J. Markey, Stevan Pearce, and Kip Hawley.

  United States. Government Printing Office

  2007
• Examining the Homeland Security Impact of the Obama Administration's Cybersecurity Proposal, Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, House of Representatives, One Hundred Twelfth Congress, First Session, June 24, 2011

  Show summary     Open resource [pdf]     (open full abstract)

  From the opening statement of Daniel E. Lungren: "We are meeting today to examine the impact of the administration's cybersecurity proposal on the Department of Homeland Security. The proposal touches on a number of issues, such as increasing the penalty for hacking, putting in place a comprehensive regime around the issue of large-scale breaches of personally identifiable information, regulating the cybersecurity of the private-sector critical infrastructure owners and operators, and providing needed clarity on the cybersecurity mission of the Department of Homeland Security." Statements, letters, and materials submitted for the record include those of the following: Daniel E. Lungren, Yvette D. Clark, Bennie G. Thompson, Melissa E. Hathaway, Gregory E. Shannon, Leigh Williams, Larry Clinton,

  United States. Government Printing Office

  2012
• Homeland Security Missions of the Post-9/11 Coast Guard: Hearing Before the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity of the Committee on Homeland Security, House of Representatives, One Hundred Ninth Congress, June 8, 2005

  Show summary     Open resource [pdf]     (open full abstract)

  From the opening statement of Daniel E. Lungren: "The subcommittee today is meeting to hear testimony on the post-9/11 security missions of the United States Coast Guard. Today we have the pleasure for hearing from Admiral Collins, the Commandant of the United States Coast Guard, as we explore the Homeland Security missions of the post-9/11 Coast Guard… Our hearing today will review how the implementation of the Coast Guard's integrated Deepwater system is considered to enhance our Nation's port judge minority capabilities. We will also exam how this long-term complex and costly project, which was begun before the terrorist attacks on the USS Cole and as of 9/11, has been revised by the Coast Guard to appropriately account for such events and expanded Homeland Security missions in this unique agency. As the lead Federal agency for maritime security, the Coast Guard has the awesome task of protecting our waterways and securing our Nation's ports. For over 200 years the Coast Guard has patrolled and protected our coastlines, which total over the 95,000 miles. The Coast Guard also plays a key role in pushing our borders out to prevent terrorists and terrorist weapons from arriving at our shores. The committee will be particularly interested in the details as to how the Coast Guard manages both these blue and brown-water missions." Statements, letters, and materials submitted for the record include those of the following: Daniel E. Lungren, Loretta Sanchez, Christopher Cox, Bennie G. Thompson, Donna Christensen, Peter A. DeFazio, Norman D. Dicks, James R. Langevin, John Linder, Bill Pascrell, Jr., Don Young, Thomas Collins, and Patrick M. Stillman.

  United States. Government Printing Office

  2005
• S. Hrg. 107-366: Improving Our Ability to Fight Cybercrime: Oversight of the National Infrastructure Protection Center: Hearing before the Subcommittee on Technology, Terrorism, and Government Information of the Committee on the Judiciary, United States Senate, One Hundred Seventh Congress, First Session, July 25, 2001

  Show summary     Open resource [pdf]     (open full abstract)

  From the opening statement of Dianne Feinstein: "This hearing will be on a GAO report, General Accounting Office report, on the National Infrastructure Protection Center, or NIPC...as it is called for short. NIPC is the leading Government body that combats cyber crime and cyber terrorism. So this Subcommittee hearing will actually cover all three parts of the Subcommittee's name--Technology, Terrorism, and Government Information. NIPC, which was founded only a few years ago, has a broad mission to prevent, to warn against, to analyze, and to respond to cyber attacks. However, many experts, both within and without Government and the private sector, have suggested that NIPC has not fulfilled its mission. Critics have argued that it has done a poor job at analyzing and warning against cyber threats and attacks. Second, while NIPC was intended to be an interagency organization, critics have contended that the FBI has dominated the NIPC and has done a poor job coordinating with other Federal agencies in fighting cyber crime. Third, critics have suggested that NIPC has not done a good at ensuring information sharing between it and private sector and Government entities. [The GAO] report, which is right here, generally confirms problems identified by the critics of NIPC. First, the report finds that, while NIPC has issued many analyses of individual incidents, it hasn't done a good job at developing strategic analysis of threat and vulnerability data. This is because of NIPC's failure to adopt a methodology to analyze strategic cyber threats, lack of adequate staff expertise, and an absence of sufficient industry-specific data on vulnerabilities. The result has been confusion about NIPC's role and responsibilities. The report also finds that the NIPC has not done enough to establish information-sharing and cooperative relationships with the private sector and other Government agencies. The report also concludes that NIPC has generally done good investigative field work. However, it points out they still need additional resources and new procedures to ensure that information flows more efficiently from the field to NIPC." Statements, letters, and material submitted for the record include those of the following: Dianne Feinstein, Charles E. Grassley, Orrin G. Hatch, Jon Kyl, Eugene F. Gorzelink and Taher Elgamal.

  United States. Government Printing Office

  2002
• Best Practices for Planning a Cybersecurity Workforce White Paper

  Show summary     Open resource [pdf]     (open full abstract)

  "The Nation's cybersecurity workforce is at the forefront of protecting critical infrastructure and computer networks from attack by foreign nations, criminal groups, hackers, and terrorist organizations. Organizations must have a clear understanding of their cybersecurity human capital skills and abilities as well as potential infrastructure needs to ensure protection against threats to information systems. Today, the cybersecurity community has evolved enough to define a National Cybersecurity Workforce Framework for understanding specialty areas of cybersecurity work and workforce needs. As a result, the field has reached a maturity level that enables organizations to inventory current capabilities. Next, as the nation seeks to build a skilled cybersecurity workforce, it will be necessary for organizations to mature further and begin forecasting future demand for the cybersecurity workforce. The National Initiative for Cybersecurity Education (NICE) evolved from the Comprehensive National Cybersecurity Initiative (CNCI), Initiative 8 - Expand Cyber Education, to develop a technologically-skilled and cyber-savvy workforce of people with the right knowledge and skills. Towards those ends, Component 3 of NICE is focused on the cybersecurity Workforce Structure - specifically the role of workforce planning in developing the national cybersecurity workforce. By identifying best practice1 elements of workforce planning across three components- Process, Strategy, and Infrastructure - and the unique attributes of the cybersecurity workforce, this paper serves as a starting point to encourage discussion around the best methods for cybersecurity workforce planning and ultimately identifying an approach to address significant cybersecurity workforce gaps nationwide."

  United States. Department of Homeland Security

  2014-08-04
• Letter Report: DHS Needs to Prioritize Its Cyber Assets

  Show summary     Open resource [pdf]     (open full abstract)

  This document is a letter providing recommendations to the Department of Homeland Security for protecting cyber critical infrastructure. "Homeland Security Presidential Directive 7 (HSPD-7), Critical Infrastructure Identification, Prioritization, and Protection, December 2003, established a national policy to identify and prioritize critical infrastructures. These critical infrastructures are both physical and cyber-based, and span all sectors of the economy. According to the National Infrastructure Protection Plan (NIPP), June 2006, Cyber infrastructure includes electronic information and communications systems, and the information contained in those systems. Computer systems, control systems…and networks such as the Internet are all part of cyber infrastructure. […]The department has not completed all the steps to produce a prioritized inventory of its internal cyber critical infrastructure. Further, the department's Management Directorate was not coordinating related efforts to secure these assets. We recommend that the department designate a specific office to determine protection priorities for its internal cyber critical infrastructure. Additionally, the department should develop a process to coordinate internal efforts to protect these assets in accordance with Homeland Security Presidential Directive 7."

  United States. Department of Homeland Security. Office of Inspector General

  2008-03
• Cybersecurity: An Overview of Risks to Critical Infrastructure, Hearing Before the Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce, House of Representatives, One Hundred Twelfth Congress, First Session, July 26, 2011

  Show summary     Open resource [pdf]     (open full abstract)

  From the opening statement of Cliff Stearns: "Over the last 15 years, our Federal Government has wrestled with the question of how best to protect our Nation's critical infrastructures from cyber attacks. Since September 11, our infrastructure systems have become even more automated and more reliant on information systems and computer networks to operate. This has allowed our systems to become more efficient, but it has also opened the door to cyber threats and cyber attacks. Recent reports and news articles have highlighted how threats and risks to cybersecurity have created vulnerabilities in our Nation's critical infrastructures and information systems. For example, just last week, the Department of Homeland Security sent out a bulletin about potential insider threats to utilities. That bulletin stated that outsiders have attempted to obtain information about the utilities' infrastructure to use in coordinating and conducting a cyber attack. In March 2011, the computer systems of RSA were breached. RSA manufactures tokens for secure access to computer networks. Sensitive information about these tokens was stolen and later used to hack into the network of Lockheed Martin, a Department of Defense contractor. Last summer, the Stuxnet attack was identified. Stuxnet targets vulnerabilities in industrial control systems such as nuclear and energy to gain access to the systems and then manipulate the control process. This kind of attack has the potential to bring down or severely interrupt the functions of an electricity or even a nuclear plant. The issues surrounding critical infrastructure protection and security are complex. Our systems are interconnected and depend on one other to operate. A vulnerability in one critical infrastructure naturally exposes other critical infrastructures to the same threats and risks, either because they are linked together through information systems or because one infrastructure depends on another to operate. In addition, much of the country's critical infrastructures are privately owned, as much as 80 or 90 percent. They therefore have different operations, components, control systems, and computer networks--as well as vastly different resources available to address problems like cybersecurity and infrastructure protection." Statements, letters, and materials submitted for the record include those of the following: Cliff Stearns, Diana DeGette, Michael C. Burgess, Marsha Blackburn, Donna M. Christensen, Henry A. Waxman, Fred Upton, Roberta Stempfley, Sean P. McGurk, and Gregory C. Wilshusen.

  United States. Government Printing Office

  2012
• Peacetime Use of Computer Network Attack

  Show summary     Open resource [pdf]     (open full abstract)

  Published in May 1998, Presidential Decision Directive 63 (PDD-63), The Critical Infrastructure Protection Directive, calls for a national effort to protect America's increasingly vulnerable and interconnected information infrastructures. Such infrastructure includes telecommunications, banking and finance, energy, transportation, and essential government services. PDD-63 alerts the nation to prepare for impending cyber attacks. This paper examines the nature, scale, and likelihood of cyber attacks posited in PDD-63 and finds that the country does not face an imminent "electronic Pearl Harbor". Nonetheless, the country's information infrastructure is vulnerable to cyber attacks by a plethora of adversaries. The most dangerous threat is from state- sponsored cyber-warriors. In view of this real and growing threat, the prescriptions in PDD-63 for protecting the infrastructure are inadequate. This paper concludes that the defensively oriented policy measures in PDD-63 are insufficient for protecting the infrastructure. These measures are not working now, and because they are entirely reactive by nature, they will not deter future attacks by state-sponsored cyber-warriors. With the potential for severe disruptions to the infrastructure so great, this paper argues that the United States must conduct open, offensive Computer Network Attacks against state- sponsored cyber-warriors during peacetime. Only then will the country be able to stop these adversaries and adequately protect its infrastructure.

  Army War College (U.S.)

  Busby, Daniel J.

  2000-04-03
• Critical Infrastructures: Background, Policy, and Implementation [Updated May 6, 2003]

  Show summary     Open resource [pdf]     (open full abstract)

  From the Summary: "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There is concern that this reliance on computers and computer networks raises the vulnerability of the nation's critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). Those advocating the need for greater cyber security felt that this was a new vulnerability not fully appreciated by system owners and operators in either the private or public sectors. However, given the impact of the September 11 attacks on the communications, finance, and transportation infrastructures, physical protections of critical infrastructures may receive more attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2003-05-06
• Critical Infrastructures: Background, Policy, and Implementation [Updated July 18, 2002]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). Those advocating the need for greater cyber security felt that this was a new vulnerability not fully appreciated by system owners and operators in either the private or public sectors. However, given the impact of the September 11 attacks on the communications, finance, and transportation infrastructures, physical protections of critical infrastructures is receiving greater attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2002-07-18
• Critical Infrastructures: Background, Policy, and Implementation [Updated December 14, 2001]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There is concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). Those advocating the need for greater cyber security felt that this was a new vulnerability not fully appreciated by system owners and operators in either the private or public sectors. However, given the impact of the September 11 attacks on the communications, finance, and transportation infrastructures, physical protections of critical infrastructures may receive more attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2001-12-14
• Critical Infrastructures: Background, Policy, and Implementation [Updated February 4, 2002]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There is concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). Those advocating the need for greater cyber security felt that this was a new vulnerability not fully appreciated by system owners and operators in either the private or public sectors. However, given the impact of the September 11 attacks on the communications, finance, and transportation infrastructures, physical protections of critical infrastructures may receive more attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2002-02-04
• Critical Infrastructures: Background, Policy, and Implementation [February 21, 2014]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for some time about the vulnerability of critical infrastructure to both physical and cyberattack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e., computer hackers). Following the destruction and disruptions caused by the September 11 terrorist attacks in 2001, the nation directed increased attention toward physical protection of critical infrastructures. Over the intervening years, policy, programs, and legislation related to physical security of critical infrastructure have stabilized to a large extent. However, current legislative activity has refocused on cybersecurity of critical infrastructure. This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights two primary issues confronting Congress going forward, both in the context of cybersecurity: information sharing and regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2014-02-21
• Critical Infrastructures: Background, Policy, and Implementation [June 10, 2015]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for some time about the vulnerability of critical infrastructure to both physical and cyberattack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e., computer hackers). Following the destruction and disruptions caused by the September 11 terrorist attacks in 2001, the nation directed increased attention toward physical protection of critical infrastructures. Over the intervening years, policy, programs, and legislation related to physical security of critical infrastructure have stabilized to a large extent. However, current legislative activity has refocused on cybersecurity of critical infrastructure. This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights two primary issues confronting Congress going forward, both in the context of cybersecurity: information sharing and regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2015-06-10
• Critical Infrastructures: Background, Policy, and Implementation [May 12, 2015]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for some time about the vulnerability of critical infrastructure to both physical and cyberattack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e., computer hackers). Following the destruction and disruptions caused by the September 11 terrorist attacks in 2001, the nation directed increased attention toward physical protection of critical infrastructures. Over the intervening years, policy, programs, and legislation related to physical security of critical infrastructure have stabilized to a large extent. However, current legislative activity has refocused on cybersecurity of critical infrastructure. This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights two primary issues confronting Congress going forward, both in the context of cybersecurity: information sharing and regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2015-05-12
• Critical Infrastructures: Background, Policy, and Implementation [June 7, 2010]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for some time about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e., computer hackers). However, given the physical damage caused by the September 11 attacks, physical protection of critical infrastructures has received increased attention. […] In June 2006, the Bush Administration released a National Infrastructure Protection Plan. This Plan presents the process by which the Department of Homeland Security intends to identify those specific assets most critical to the United States, across all sectors, based on the risk associated with their loss to attack or natural disaster, and then to prioritize activities aimed at maximizing the reduction of those risks for a given investment. This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights five issues of Congressional concern: identifying critical assets; assessing vulnerabilities and risks; allocating resources; information sharing; and regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2010-06-07
• U.S. Department of Energy Audit Report: Implementation of Presidential Decision Directive 63, Critical Infrastructure Protection

  Show summary     Open resource [pdf]     (open full abstract)

  "In 1997, a Presidential Commission on Critical Infrastructure Protection concluded that the national critical infrastructures -- energy, banking, transportation, vital human services, and telecommunications -- were vulnerable to attack through the malicious use of commonly available tools. On May 22, 1998, as a result of the Commission's findings, the President issued Presidential Decision Directive 63 (PDD 63), Critical Infrastructure Protection. PDD 63 required Federal agencies to take action to eliminate significant vulnerabilities, especially cyber-related, and to assure the continuity and viability of the nation's critical infrastructures. Under PDD 63 the Department of Energy (Department) is required to develop and implement a number of infrastructure protective measures. Specifically, the Department was required to: 1) Develop and implement an internal plan for protecting its critical infrastructure assets by May 22, 2000; and, 2) Coordinate external energy sector infrastructure protection activities by aiding private sector electric power and petroleum entities in assessing their vulnerabilities to cyber and physical attack, recommending plans to eliminate vulnerabilities, and proposing a system for identifying and preventing attacks. The objective of our audit was to determine whether the Department's implementation of PDD 63, Critical Infrastructure Protection, was achieving its intended purpose. The audit disclosed that the Department had not implemented its critical infrastructure protection plan to mitigate significant vulnerabilities, or assure the continuity and viability of its critical infrastructures. While external energy sector infrastructure protection activities were progressing and a number of internal and collateral actions had been completed, actions had not progressed to the point where the objectives of PDD 63 were being accomplished."

  United States. Department of Energy. Office of Audit Services

  2000-09
• Critical Infrastructures: Background, Policy, and Implementation [Updated February 10, 2003]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks and the subsequent impact on the communications, finance, and transportation services, physical protections of critical infrastructures is receiving greater attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2003-02-10
• Critical Infrastructures: Background, Policy, and Implementation [Updated December 17, 2002]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks and the subsequent impact on the communications, finance, and transportation services, physical protections of critical infrastructures is receiving greater attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2002-12-17
• Cybersecurity: The Nation's Greatest Threat to Critical Infrastructure

  Show summary     Open resource [pdf]     (open full abstract)

  From the thesis abstract: "Over the past decade, the cyber threat to critical infrastructure has grown to potentially catastrophic dimensions. Critical Infrastructure protection has become a matter of national security, public safety, and economic stability. It is imperative the U.S. Government (USG) examine current responsibilities, develop a comprehensive cybersecurity strategy, cybersecurity regulations, impose standards, and enforce the strongest security measures possible to protect the Nation from cyber attacks to critical infrastructure. This paper provides a background of what constitutes national critical infrastructure and Critical Infrastructure Protection (CIP), discusses the immense vulnerabilities, threats, and risks associated in the protection of critical infrastructure, and outlines governance and responsibilities of protecting vulnerable infrastructure. Finally, the paper will make recommendations for federal responsibilities and legislation to direct nation critical infrastructure efforts to ensure national security, public safety and economic stability."

  Army War College (U.S.)

  Griffin Olive, Nikki L.

  2013-03
• Critical Infrastructures: Background, Policy, and Implementation [Updated September 25, 2003]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. InMay1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks and the subsequent impact on the communications, finance, and transportation services, physical protections of critical infrastructures is receiving greater attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2003-09-25
• Critical Infrastructures: Background, Policy, and Implementation [Updated April 9, 2003]

  Show summary     Open resource [pdf]     (open full abstract)

  "The nations health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nations critical infrastructures to 'cyber' attacks. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nations critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks and the subsequent impact on the communications, finance, and transportation services, physical protections of critical infrastructures is receiving greater attention."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2003-04-09
• Proclamation 8875: National Cybersecurity Awareness Month, 2012, October 1, 2012

  Show summary     Open resource [pdf]     (open full abstract)

  "Today, Americans are more connected to each other and to people around the world than ever before. Many of us depend on the Internet and digital tools in our daily lives--from shopping at home and banking on our mobile devices to sharing information with friends across the globe. And America far outpaces the rest of the world in adoption of cutting-edge wireless broadband technology. Our growing reliance on technology reminds us that our digital infrastructure is not just a convenience; it is a strategic national asset. During National Cybersecurity Awareness Month, we recommit to ensuring our information and infrastructure remain secure, reliable, and resilient. Though our Nation benefits immensely from the Internet, increased connectivity brings increased risk of theft, fraud, and abuse. That is why my Administration has made cybersecurity a national and economic security priority. By bringing together Federal, State, and local governments and private industry partners, we have made great progress in securing cyberspace for business, education, entertainment, and civic life. In November 2011, we released the Blueprint for a Secure Cyber Future--a strategic plan to protect government, the private sector, and the public against cyber threats today and tomorrow. As we continue to improve our cybersecurity under existing authorities, comprehensive legislation remains essential to securing our critical infrastructure, facilitating greater cyber information sharing between government and the private sector, and protecting the privacy and civil liberties of the American people. My Administration looks forward to working with the Congress to address these goals. Cybersecurity cannot be guaranteed by government, industry, and law enforcement alone. Each of us has an important role to play in reducing the cyber threat and increasing our resilience following cyber incidents. The Department of Homeland Security's ''Stop.Think.Connect.'' campaign continues to empower digital citizens with the information and tools they need to stay safe online. To learn more about how we can all contribute to the security of our shared cyber networks, visit www.DHS.gov/ StopThinkConnect."

  United States. Office of the Federal Register

  Obama, Barack

  2012-10-01
• Critical Infrastructure: Control Systems and the Terrorist Threat [Updated October 1, 2002]

  Show summary     Open resource [pdf]     (open full abstract)

  "Much of the U. S. critical infrastructure is potentially vulnerable to cyber-attack. Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been perceived as a high priority. Industries potentially affected by a cyber-attack on industrial control systems include the electrical, telephone, water, chemical and energy sectors. The federal government has issued a warning regarding an increase in terrorist interest in the cyber-security of industrial control systems, citing both interest by international terrorist organizations in critical infrastructure and increases in cyberattack on critical infrastructure computer systems. The potential consequences of a successful cyber-attack on critical infrastructure industrial control systems could be high, ranging from a temporary loss of service to catastrophic infrastructure failure affecting multiple states for an extended duration. A draft version of The National Strategy for Securing Cyberspace has been released. Contained within are a number of suggestions regarding security measures for control systems. A focus on the further integration of public/private partnerships and information sharing is described, along with suggestions that Department of Energy standards for securing control systems be implemented. Possible policy options for congressional consideration include further development of uniform standards for infrastructure cyber-protection, growth in research into encryption methods for industrial control systems, enhancing information sharing between industry and government representatives, potentially through expanded exemptions to the Freedom of Information Act, and mandating assessments by industry to determine and reduce cyber-vulnerabilities."

  Library of Congress. Congressional Research Service

  Shea, Dana A.

  2002-10-01
• 2020 Staff Report: Lessons Learned from Commission-Led CIP Reliability Audits

  Show summary     Open resource [pdf]     (open full abstract)

  From the Introduction: "During Fiscal Year (FY) 2020, staff of the Federal Energy Regulatory Commission (Commission) completed non-public Critical Infrastructure Protection (CIP) audits (CIP Audits) of several 'registered entities' of the bulk electric system (BES). The CIP Audits evaluated registered entities' compliance with the applicable Commission-approved CIP Reliability Standards. Staff from Regional Entities and the North American Electric Reliability Corporation (NERC) participated in the audits, including the on-site portion. During the CIP Audits, staff found that most of the cyber security protection processes and procedures adopted by the registered entities met the mandatory requirements of the CIP Reliability Standards. However, there were also potential compliance infractions found. Additionally, staff observed practices that could improve security, but are not required by the CIP Reliability Standards. Therefore, this report includes recommendations regarding cyber security practices that are voluntary. This anonymized summary report informs the regulated community and the public of lessons learned from the FY20 audits. This report provides information and recommendations to NERC, Regional Entities, and registered entities that staff believes are useful in their assessments of risk and compliance, and to overall cyber security. Moreover, this information may be generally beneficial to the utility-based cyber security community to improve the security of the BES."

  United States. Federal Energy Regulatory Commission

  2020-10-02
• Privacy Impact Assessment for the Enhanced Cybersecurity Services (ECS)

  Show summary     Open resource [pdf]     (open full abstract)

  "The Enhanced Cybersecurity Services (ECS) is a voluntary program based on the sharing of indicators of malicious cyber activity between Department of Homeland Security (DHS) and participating Commercial Service Providers. The purpose of the program is to assist the owners and operators of critical infrastructure to enhance the protection of their systems from unauthorized access, exploitation, or data exfiltration through a voluntary information sharing program. ECS consists of the operational processes and security oversight required to share unclassified and classified cyber threat indicators with companies that provide internet, network, and communication services to enable those companies to enhance their services to protect U.S. Critical Infrastructure entities. ECS is intended to support U.S. Critical Infrastructure, however, pending deployment of EINSTEIN intrusion prevention capabilities, ECS may also be used to provide equivalent protection to participating Federal civilian Executive Branch agencies. The National Protection and Programs Directorate (NPPD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected. This PIA consolidates and serves as a replacement to the DHS/NPPD/PIA-021 National Cyber Security Division Joint Cybersecurity Services Pilot PIA, published on January 13, 2012, and the DHS/NPPD/PIA-021(a) National Cyber Security Division Joint Cybersecurity Services Program (JCSP), Defense Industrial Base (DIB) -- Enhanced Cybersecurity Services (DECS) PIA Update, published on July 18, 2012."

  United States. Department of Homeland Security

  2013-01-16
• Threat Warning for America's Critical Infrastructures

  Show summary     Open resource [pdf]     (open full abstract)

  "The President's Commission on Critical Infrastructure Protection, Critical Foundations, was a report of a multi-agency effort to "study the critical infrastructures that constitute the life support systems of (the United States), determine their vulnerabilities, and propose a strategy for protecting them in the future".2 Spurred by this report, the President signed Presidential Decision Directive 63 which built upon the PCCIP's recommendations. In signing PDD-63, the President's intent was for the United States to "take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems".3 One of the goals of PDD-63 was to create a national center to warn of significant infrastructure attacks, to include the detection and analysis of such attacks, with maximum participation from the private sector. This task fell to the FBI's National Infrastructure Protection Center (NIPC) to provide threat assessment, warning, vulnerability assessment, and law enforcement investigation and response.4 Now, nearly two years hence, these encompassing tasks are largely going undone while the NIPC focuses nearly all its resources on law enforcement investigation and response, with only minor Information Sharing and Analysis Center (ISAC) coordination. It is the purpose of this paper to show that national cyber threat warning measuresare important for protecting critical infrastructures. Further, this paper asserts that tactical and strategic cyber threat warning is inadequate and needs to be reassessed vis- -vis the role of the Department of Defense, the Intelligence Community, and the Justice Department."

  National Defense University

  Thrasher, Paul W.

  2000
• Critical Infrastructures: Background, Policy, and Implementation [Updated April 13, 2007]

  Show summary     Open resource [pdf]     (open full abstract)

  From the Summary: "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks, physical protections of critical infrastructures has received increased attention. […] This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights five issues of Congressional concern: identifying critical assets; assessing vulnerabilities and risks; allocating resources; information sharing; and, regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2007-04-13
• Critical Infrastructures: Background, Policy, and Implementation [July 11, 2011]

  Show summary     Open resource [pdf]     (open full abstract)

  From the Summary: "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for some time about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both man-made and natural events, implementation focused on cyber protection against man-made cyber events (i.e., computer hackers). However, given the physical damage caused by the September 11 attacks, physical protection of critical infrastructures has received increased attention. […] This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights five issues of Congressional concern: identifying critical assets; assessing vulnerabilities and risks; allocating resources; information sharing; and regulation. This report will be updated."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2011-07-11
• Critical Infrastructures: Background, Policy, and Implementation [Updated March 13, 2007]

  Show summary     Open resource [pdf]     (open full abstract)

  From the Summary: "The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, functions, and systems across which these goods and services move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the electric grid upon which it is distributed). The national security community has been concerned for sometime about the vulnerability of critical infrastructure to both physical and cyber attack. In May 1998, President Clinton released Presidential Decision Directive No. 63. The Directive set up groups within the federal government to develop and implement plans that would protect government-operated infrastructures and called for a dialogue between government and the private sector to develop a National Infrastructure Assurance Plan that would protect all of the nation's critical infrastructures by the year 2003. While the Directive called for both physical and cyber protection from both manmade and natural events, implementation focused on cyber protection against manmade cyber events (i.e. computer hackers). However, given the physical damage caused by the September 11 attacks, physical protections of critical infrastructures has received increased attention. […] This report discusses in more detail the evolution of a national critical infrastructure policy and the institutional structures established to implement it. The report highlights five issues of Congressional concern: identifying critical assets; assessing vulnerabilities and risks; allocating resources; information sharing; and, regulation."

  Library of Congress. Congressional Research Service

  Moteff, John D.

  2007-03-13