Effectiveness of National Cyber Policy to Strengthen the Security and Resilience of Critical Infrastructure Against Attacks
Abstract
Presidential Policy Directive (PPD) 21, Critical Infrastructure Security and Resilience, directs a whole-of- government approach to strengthening the security and resilience of critical infrastructure against physical and cyber threats. Per policy, critical infrastructure is categorized into 16 sectors. Security and resiliency efforts against cyber threats are constrained by this sector-based approach. This thesis assesses the sector-based approach by the following criteria: expertise or a notable advantage of the sector-specific agency; promotion of cybersecurity measures by the critical infrastructure community partnership structure; and legislation, policy, or sector-specific characteristics that enhance security and resilience of the sector. These assessments gauged the adequacy of organizational structures that lead and supportcritical infrastructure cybersecurity. Exemplar cyber attacks against critical infrastructure and response actions are described in order todemonstrate strengths and limitations of the sector-based approach. This examination reveals that the U.S. approach to critical infrastructure is well conceived and executed in general. A number of significant vulnerabilities do remain in some sectors, however, as a result of incomplete or insufficient implementation.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2020
- Accession Number
- AD1126584
Entities
People
- Ian G. Simon
Organizations
- Naval Postgraduate School