[ISN] DOD teaming on critical infrastructure

From: InfoSec News (isnat_private)
Date: Thu Jun 19 2003 - 03:05:45 PDT

  • Next message: InfoSec News: "[ISN] Universities try to hone cybersecurity niche"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.fcw.com/fcw/articles/2003/0616/web-dod-06-18-03.asp
    
    By Dan Caterinicchia 
    June 18, 2003
    
    The Defense Department is working with government officials at all 
    levels, as well as with the private sector, to ensure that the 
    nation's critical infrastructure assets are protected and that 
    contingency plans are in place in the event of an attack or disaster.
    
    Navy Capt. Robert Magee, deputy director for industrial base 
    capabilities and readiness in the Office of the Secretary of Defense, 
    said infrastructure protection is really "mission assurance" for DOD 
    because the failure of critical assets would disrupt operations.
    
    DOD infrastructure includes everything from personnel and health 
    affairs to command, control, communications, and intelligence, 
    surveillance and reconnaissance assets, Magee said during a June 17 
    panel discussion at a National Defense Industrial Association security 
    conference in Reston, Va. 
    
    The defense industrial base must coordinate critical infrastructure 
    protection efforts from top to bottom, because their collective assets 
    represent the "blue target fodder" that any U.S. enemy would love to 
    have, he said. The private sector controls about 80 percent of the 
    nation's critical infrastructure, including utilities, 
    telecommunications and transportation networks.
    
    Magee said that a critical infrastructure protection directive and 
    instructions are awaiting the signature of the deputy secretary of 
    Defense, and the documents would update DOD's formal policy and 
    guidance in this area.
    
    DOD has made solid progress in identifying its internal critical 
    assets and those within the defense industrial base, Magee said, 
    adding that about a month ago the department began performing 
    vulnerability assessments at the first of three private-sector sites 
    approved for funding this year.
    
    He said that 10 to 15 more sites should be funded through a 
    supplemental budget, and DOD is issuing commercial off-the-shelf 
    self-assessment software for vendors it is unable to visit in person.
    
    Paula Scalingi, president of the Scalingi Group, a Vienna, Va.-based 
    consulting firm, said that members of the private sector in general, 
    not just utilities, often feel left out of the information sharing 
    process, which is why many interdependencies take longer to be 
    identified.
    
    Randy Smith, head of critical infrastructure assurance for the Marine 
    Corps, said that the Marines have been developing their own critical 
    asset list for the past 18 months. He called it a "work in progress" 
    because things are often missed if the Marines do not own them.
    
    For example, it's obvious to include an air base on the list, but the 
    telecommunications switch located behind a gas station just off the 
    base also is critical, Smith said, adding that the Marine Corps is 
    expanding its integrated vulnerability assessment program with the 
    Navy.
    
    The Marine Corps performed a critical infrastructure response and 
    protection tabletop exercise with the New York City Police Department 
    in September 2002 that garnered numerous information-sharing lessons 
    and the opportunity to compare tactics, techniques and procedures, he 
    said. 
    
    The program proved so successful that the service is doing another one 
    in San Francisco. It will include all city and county agencies and 
    test the "commander's handbook," a knowledge management tool the 
    Marine Corps has developed to help civilian agencies it may need to 
    coordinate with in the future.
     
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 05:29:23 PDT