Infrastructure protection has many elements, but the first step is determining what we need to protect. According to William Flynn, director, Protective Security Coordination Division at the Department of Homeland Security (DHS), "We know what is important to government, but we have to understand what the interdependencies are." From the data collection angle, infrastructure protection has made quantum leaps, and the ability to analyze the data also has come a long way, he explained.
But protection of our infrastructure requires that we engage at the local level and in the private sector to understand the critical and steady state security that is in place. "What keeps me up at night," he continued, is the potential of a coordinated improvised explosive device attack.
Staying current with new technologies and being innovative are continuing challenges in infrastructure protection, related Richard Driggers, director, Infrastructure Information Collection Division, Office of Infrastructure Protection, at DHS. Driggers also related a theme spoken in other panels throughout the two-day AFCEA Homeland Security event, saying that information sharing is a trust issue, and there needs to be better communications to instill confidence in industry that their proprietary information will be protected.
The issue of protecting corporate information was raised by Clyde Miller from the Partnership for Critical Infrastructure Security and director of corporate security for BASF. He said that government does not have a good understanding of how the private sector works.
Robert Dix, Jr., who is also with the Partnership for Critical Infrastructure Security and an executive with Juniper Networks, divided the elements of infrastructure protection into "good, bad and ugly." He suggested that the good part is that progress that has been made in government and industry infrastructure. But the bad, he contended, is that this relationship is bogged down with too many reporting requirements. There is a lack of understanding of the role of critical infrastructure, including electricity, information technology and communications, across government and industry and also a lack of knowledge of where the collaborative touch points need to be. The ugly part is that the exercise system used to test national preparedness does not include the owners of the infrastructure in the planning and execution of the exercises. This, he explained, creates a false sense of security.
Cyber security is part of the infrastructure too, Dix conveyed. "It is not just hackers. This is a national, homeland and economic issue. The adversaries are well resourced and committed.
Along with the threat that well financed enemies could attack the infrastructure is a growing concern brought on by the current financial crisis. The infrastructure could be made more vulnerable if industry reduces its investment in security and if companies and state and local governments have to make protection tradeoffs as a result of budgets. William Flynn, director, Protective Security Coordination Division, DHS, worries that the farther we are from 9-11, the more complacent we become. There needs to be a baseline for security, and resilience is important.