Information Technology Sector Baseline Risk Assessment
Abstract
The Information Technology (IT) Sector provides both products and services that support the efficient operation of today's global information-based society. These products and services are integral to the operations and services provided by other critical infrastructure and key resource (CIKR) sectors. Threats to the IT Sector are complex and varied. In addition to the risks presented by natural hazards? such as catastrophic weather or seismic events?the IT Sector also faces threats from criminals, hackers, terrorists, and nation-states, all of whom have demonstrated a varying degree of capabilities and intentions to attack critical IT Sector functions. Additionally, manmade threats to the IT Sector are also rapidly evolving from simple automated worms and viruses to complex social engineering attacks that exploit known and unknown vulnerabilities in products and services developed by the IT Sector. While existing security and response capabilities mitigate many of these threats, the IT Sector still faces Sector-wide risks to its ability to provide hardware, software, and services to other CIKR sectors. Due to the IT Sector's high degree of interdependency with other CIKR sectors and the continuously evolving threat landscape, assessing vulnerabilities and estimating consequence is difficult. Therefore, these issues must be dealt in a collaborative and flexible framework that enables the public and private sectors to enhance the resiliency and security of the critical IT Sector functions.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 2009
- Accession Number
- ADA505059
Entities
Organizations
- United States Department of Homeland Security