Running head: HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION

HLSS 310 Critical Infrastructure Protection

Student’s name:

Professor:

Course name:

Date:
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 2

1. The interdependence of Critical Infrastructural Sectors

Critical infrastructural sectors of the United States have been exposed to 21st Century

complex issues that are beyond their scope. Notably, the complexity of these issues results from

the 21st Century factors such as population increase, globalization, and technological

development. The United States' critical infrastructural sectors, therefore, are now designed to

allow their interdependence with the objective of dealing with common complex issues. Energy

Sector, Nuclear Sector, and Information Technology Sector are among the other 16 important

United States infrastructural sectors that have collaborated to address the complex issue of

security (Lewis, 2019). The systems of Energy, Nuclear, and Information Technology sectors are

deliberately designed to integrate an overlapping and interdependent relationship.

The United States Nuclear Sector comprises three key subsectors, including Nuclear Waste,

Nuclear Materials, and Nuclear Facilities. The Nuclear Sector overlaps with the Energy Sector at

the asset and operation level because of their shared objective of electricity production. The

overlap mentioned above is based on the fact that the Energy Sector is assigned a primary role in

managing power transmission and distribution in the United States. Although the Nuclear

Regulatory Commission regulated the operation of the Nuclear Sector, it has to collaborate with

the Energy Sector to ensure that the generated electricity reaches safely reaches the consumers.

Notably, Nuclear Plants across the United States have transformers that enable them to step up

electricity voltage to facilitate its transmission through the national grid. The Nuclear Sector

also depends on the Energy sector for emergency power supply during maintenance operations

and emergencies such as reactor meltdown. Reactor meltdown occurs due to the natural

calamities such as tsunamis and earthquakes or technical problems within the nuclear plant.
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 3

Studies show that power supply interruption on the national electricity grid would have direct

consequences on the nuclear facilities.

It is important to note that the United States Energy Sector controls important energy

resources, including natural gas, petroleum, and electric power. However, the United States

Energy Sector depends on Nuclear Sector to meet the electrical power demand in the market.

The Nuclear Sector generates approximately 19.7 percent of the total electricity consumed in the

United States. The Nuclear Sector, therefore, teams up with the Energy Sector in protecting the

national electricity power resource by hiring services of the United States Information

Technology Sector.

The Energy and Nuclear Sectors involve the Information Technology Sector in the

management of daily operations, information storage, and control of important processes.

Additionally, these sectors include the IT Sector in protecting their systems from cybercrime

activities. Cybercrime is a global problem that has affected energy and nuclear sectors across the

globe. In 2015, for example, hackers illegally accessed the power grid of Ukraine and managed

to disconnect 43 substations from the national grid. The United States government energy and

nuclear sectors currently face cyber-attack threats from ISIS terrorist group and Dragonfly 2.0

campaign. The Homeland Security Department describes Dragonfly 2.0 as a Russian terrorist

group that aims at disrupting the normal operation of the critical infrastructure of the United

States. The Information Technology Sector, therefore, has created a cyber networking platform

that allows the dissemination and sharing of threat and security data between the Nuclear Sector,

Energy Sector, and the Homeland Security Department (Khattak et al., 2017). Sharing of threat

and security data enables these critical sectors to collaborate with the Homeland Security
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 4

Department in the development of platforms for disaster recovery, response, prevention, and

preparedness.

2. Prioritization of Critical Infrastructural Assets

The United States government considers the assets of the Energy Sector, Nuclear Sector, and

Information Technology Sector vital to public health, economic security, and homeland security.

The Nuclear Sector assets targeted for protection from humanmade and natural disasters include

the reactors, the radioactive materials, and radioactive waste. Reactors in the nuclear plants

generate electricity and add it to the national grid. The main types of reactors used in power

generation include Boiling Water Reactors (BWR), Pressurized Heavy Water Reactors, and

Pressurized Water Reactors (PWRs). The United States government has revised its nuclear

power program to avoid the problems experienced in the previous nuclear power plant disasters,

including Chernobyl and Fukushima Daichi disasters that posed a huge threat to human life and

ecosystem. The government observes that terrorist groups can bomb or hack into the IT facilities

of the nuclear energy sector hence leading to disastrous consequences.

The United States Government also protects the radioactive materials used in the cores of

reactors such as Uranium-235 to prevent their leakage or access by unauthorized individuals. The

government considers that terrorist groups can use radioactive materials to manufacture weapons

of mass destruction. Additionally, nuclear wastes can also be transformed into weapons of mass

destruction; hence their disposal points should be placed under tight security. The Energy Sector

collaborates with crucial other government sectors in the United States to ensure safe storage,

transport, and disposal of waste products from nuclear facilities. The Nuclear Regulation

Commission develops policies and regulations to protect assets in the Nuclear Sector in
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 5

collaboration with the Homeland Security Department and other sectors, including the IT and

Energy sectors (Stergiopoulos et al., 2016).

The assets in the Energy Sector are linked to its natural gas, petroleum, and electrical power

resources. These assets are owned by local, federal, state, and private entities in the United

States. Assets in the Energy Sector include power generation plants, transmission and

distribution facilities, electricity markets, and control systems. Additionally, the power

transmission and distribution assets in this sector include control centers, substations, main

stations, and power lines. Energy involves other sectors in the electricity generation such as

nuclear, hydroelectric dams and renewable energy sectors. The petroleum and gas facilities

include the offshore and onshore extraction platforms, storage and refineries, pipelines, control

systems, and markets. Protection of the assets in the Energy Sector is essential since their

physical damage and hacking of their IT platforms can disrupt normal operation in residential

areas, business districts, and industrial areas.

The Information Technology (IT) Sector of the United States comprises a complex array of

infrastructure. The assets in the IT sector include computerized organizational systems, personal

computers, internet, and cloud computing platforms. The IT sector shares its cloud computing

assets with other critical sectors in the United States and the Homeland Security Department with

an objective of disseminating and sharing security data. The IT sector in the United States uses

innovation, creativity, and teamwork to protect digital systems, networks, and computer systems

from sabotage, hacking, and computer virus infiltration (Colesniuc, 2013).

The United States Information Technology Sector classifies cyber threats on its assets into

intentional and unintentional ones. The unintentional threats, in this case, includes mistakes

made by employees because of inexperience and low level of skills, errors in computer coding
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 6

processes, and equipment failures. Unintentional threats on the assets in the United States IT

Sector also includes critical failures in the infrastructures of collaborative sectors and physical

damage by natural disasters such as typhoon, floods, wildfires, and tsunami. The intentional

threats on the assets of IT Sectors, on the other hand, includes sabotage by disgruntled workers,

physical damage by terrorists, hacking and virus infiltration, and information warfare.

Information warfare in the 21st Century is evidenced by the case of WikiLeaks that has been

involved in the publication of confidential information belonging to the United States

government. WikiLeaks activities are among other information warfare activities that are

motivated by military, political, and economic benefits.

3. Measures to Continuity of Operation in the Infrastructural Sectors

The information technology, energy, and nuclear sectors in the United States have developed

defensive mechanisms to prevent and overcome 21st Century threats on their assets. The Nuclear

Sector, for example, has established the Nuclear Sector Coordinating Council (NSCC) to protect

its assets. The NSCC was formed to promote emergency, cybersecurity, and physical

preparedness in accordance with the expectation with the overall goal of protecting the national

infrastructure. NSCC collaborates with Homeland Security Department and the IT sector in

protecting reactors for electricity power generation and other used for non-power generation

activities such as training, testing, and research. The defense strategy also aims at protecting

radioactive materials and radioactive waste during storage, transportation, and disposal (Moore

& Shenoi, 2010).

The Nuclear Sector of the United States also formed a Nuclear Cyber Sub-council in

collaboration with Nuclear Government Coordinating Council in 2007. The primary role of the

Nuclear Cyber Sub-council to safeguard the Nuclear sector from cybercrimes. The Nuclear
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 7

Cyber Sub-council is operated in joint consultation with the representatives from private sectors,

the Nuclear Regulatory Commission, Federal Bureau of Investigation and Homeland Security

Department. The sub-council is operated based on the Homeland Security Department’s slogan

that protection of critical national infrastructure occurs as a shared responsibility between

individuals, governments at the local, federal and state levels, and private companies.

The United States Energy sector collaborates with the Homeland Security department in the

protection of its assets. Notably, this collaborative process mentioned above aims at ensuring the

continuity of operation of the Energy sector after humanmade and natural disasters. The

emergency preparedness strategies in the Energy Sector of the United States involves the

identification of vulnerabilities of its assets. First, the location and physical attributes of the

assets are identified to enable the Energy sector to develop protective, vulnerability, and risk

management strategies. Second, the cyber characteristics of the Energy Sector are identified to

facilitate control and monitoring of is systems. Third, information regarding the volumetric

characteristic of the Energy Sector facilitates the adoption of damage assessment procedures to

facilitate reinstatement of its operation. Fourth, the human resource characteristic of the Energy

Sector is also involved in the formulation of the risk management plan (Poustourli & Kourti,

2014). Notably, highly skilled and experienced personal in the Energy Sector would ensure the

effectiveness of the risk management procedure. A high level of skills and experience among the

employees would enable the sector to maintain reliability, security, and safety in case of

emergencies.

The IT Sector of the United States also collaborates with the Homeland Security Department

in protecting its assets and those of its clients. As mentioned above, the IT sector in the United

States offers cloud computing services to other sectors in the United States. The risk
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 8

management strategy in IT assets involves the identification of various disciplines of

cybersecurity. The disciplines of cybersecurity include informational security, physical security,

computer security, and personnel security. These disciplines have a complementary relationship

with regard to the ensuring security of organizational systems. Studies have shown that failure in

any cybersecurity discipline increases the vulnerability of the other disciplines. The designers on

IT infrastructural systems hence ensure that the cybersecurity disciplines effectively protect the

system from all types of cybercrimes. The design of defense components of the IT infrastructural

system should incorporate technological innovation and creativity. IT experts working in the

United States Energy Sector are expected to stay up to date with the latest technologies to

effectively outsmart hackers and other cybercrime perpetrators.

4. Safeguarding of Life and Property

The protection and reinstatement of the critical infrastructural operations is a strategy of

protecting life and property during emergencies. Studies have shown that terrorist attacks on the

nuclear, information technology and energy sectors would lead to death and incapacitation of

many people, and destruction properties of immense value. Experts base their arguments on the

results from previous catastrophes from different parts of the world. The Chernobyl disaster of

1986, for example, led to the death of approximately 54 people and the abandonment of

properties occupying an area of over 1544 square miles. The hacking of the Ukrainian national

power grid in 2015 in a cyberwar between the Ukrainian and Russian governments is said to

have affected approximately 225,000 people (BBC, 2017).

Terrorist threats on the energy, IT, and nuclear sectors of the United States has significantly

affected the normal operation of the businesses and government. The case of WikiLeaks and

threats posed by the Dragonfly 2.0 group has led to the diminished trust of the United States on
 HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 9

the Homeland Security Department. These threats have also discouraged private investments in

these sectors due to the fear of huge losses in the future.

The United States government's move to protect the assets in the Nuclear Sector is based on

the hazardous effects of the materials involved. The United States government avoids a scenario

where the radioactive materials are used in the manufacture of weapons of mass destruction. The

historical contexts of nuclear weapons show that the use of these weapons leads to devastating

economic, physical, and psychological consequences. Notably, most reactors in the United States

and other nations across the globe generate nuclear power through the fission process of

Uranium-235. Furthermore, atomic waste contains a smaller portion of undecayed Uranium-235.

Uranium-235 is commonly used in the making of atomic bombs. The Japanese city of Nagasaki,

for example, was bombed using a Uranium-235 bomb that weighed over 9000 pounds. This

bomb immediately killed about 80,000 people, where approximately 200,0000 deaths related to

the irradiation exposure occurred over the subsequent decades in Hiroshima (Maguire, 2018).

The technological advancement and huge population in the United States cities means that the

casualties would be higher of an atomic-based terrorist attack is conducted in the 21st Century.

The Defense Department of the United should intensify the security of the nuclear plant and

nuclear waste disposal areas to prevent radioactive materials from getting into the wrong hands.

Protecting nuclear, energy, and information technology assets would make the United States

resilient and more secure from terrorist attacks. The protection procedures involve the mitigation

of all risks to the systems, assets, and networks of these sectors. The main objective is to protect

individuals from incapacitation, injury, deaths, and psychological problems caused by the

terrorist attacks on these sectors. The protection procedure also includes activities such as

vulnerability mitigation, threats deterrence, and minimization of the severity of the incidences.
HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 10

Other protective strategies include the hardening of facilities, improvement of business

protocols, the building of resilience, and initiation of countermeasures.

The United States government should also integrate effective technologies of protecting the

citizens in case of emergencies. The effectiveness of these technologies should be proved

through vulnerability assessments. The vulnerability assessments conducted should test their

abilities to overcome threats from computer systems and physical forces such as aerial and

ground-based attacks. The defense systems of these sectors should feature periodic technological

training to ensure that the defense systems stay abreast of modern war technologies.
HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 11

References

BBC . (2017). Ukraine Power Cut 'was Cyber-attack'. BBC News .

Colesniuc, D. (2013). Cyberspace and critical information infrastructures. Informatica

Economica, 17(4).

Khattak, M. A., Shaharuddin, M. K. H., Islam, M. S., & Ahmad, M. H. N. (2017). Review of

cyber security applications in nuclear power plants. Journal of Advanced Research in

Applied Sciences and Engineering Technology, 7(1), 43-54.

Lewis, T. G., (2019). Critical infrastructure protection in homeland security: Defending a

networked nation. Hoboken, N.J: Wiley.

Maguire, A. (2018). World politics explainer: The atomic bombings of Hiroshima and Nagasaki.

The Conversation.

Moore, T., & Shenoi, S. (Eds.). (2010). Critical Infrastructure Protection IV: Fourth Annual

IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP

2010, Washington, DC, USA, March 15-17, 2010, Revised Selected Papers (Vol. 342).

Springer Science & Business Media.

Poustourli, A., & Kourti, N. (2014). Standards for Critical Infrastructure Protection (CIP)-The

Contribution of ERNCIP. In 19th EURAS Annual Standardization Conference,

Cooperation among standardization organizations and the scientific and academic

community (pp. 8-10).

HLSS 310 CRITICAL INFRASTRUCTURE PROTECTION 12

Stergiopoulos, G., Vasilellis, E., Lykou, G., Kotzanikolaou, P., & Gritzalis, D. (2016, March).

Critical infrastructure protection tools: classification and comparison. In Proceedings of

the 10th International Conference on Critical Infrastructure Protection, USA (Vol. 8).