Welcome to the October issue of the CIP Report and its focus on the cyber dimension of Critical Infrastructure Security and Resilience. Few doubt the importance of the cyber dimension, but the recently released 2015 Cost of Cyber Crime Study from the Ponemon Institute brings this issue into a renewed focus.
In a representative sample of 58 organizations in both the public and private sectors, Ponemon found that the mean annualized cost of cybercrime per institution $15 million per year, a 19 percent increase in mean value over similar research released in 2014. Perhaps more alarming is that the study found that organizations engaged in functions of energy and utilities, financial services, transportation, communications, defense, and healthcare suffered the highest annualized costs. Clearly, firms engaged with critical infrastructure sectors are frequently targeted for criminal activity in the cyber realm.
For this month’s issue, our contributors include an offering from Idaho National Laboratory with an inquiry into the increasing importance of cyber hygiene as it applies to industrial control systems. Authors from Argonne National Laboratories share with us the interdependent nature of cyber systems and how they have included this aspect into monitoring systems for critical infrastructure operations.
Information sharing is an important aspect of cyber defense and response, and representatives from InfraGuard share practical insights as to the collaboration necessary between the public and private sectors for critical infrastructure security. Finally, representatives from FEMA share practical resources that leaders in the public and private sectors can use to enhance capability and incorporate into plans and exercises.
Links to each of these articles can be found below.
We are deeply grateful to the insights our partners share with us and ultimately you, the readers of this resource. We welcome your comments and ideas and thank you for being a part of this community. Please feel free to explore our website and send us your thoughts.
Warm Regards,
Mark Troutman. PhD
Director, CIP/HS
Cyber Hygiene for Control System Security
Posted: October 8, 2015
David Oliver explores the changing nature of industrial control systems and the way that notions of cyber hygiene are becoming a larger concern with the rise of the internet of things, including an overview of the latest cyber hygiene research from Idaho National Laboratory.
Assessment of Critical Infrastructure Cyber Dependencies
Posted: October 23, 2015
Nate Evans, Frédéric Petit, and Amanda Joyce present an overview of elements characterizing cyber dependencies and how they have been included in an assessment tool developed by Argonne National Laboratory for the Department of Homeland Security (DHS) Office of Cybersecurity and Communications.
InfraGard: Enhancing Information Sharing Through Strategic Programming, Outreach, and Communications
Posted: October 29, 2015
Talley Philpy, Vice President of Communications for INCRMA, provides a summary of operations and recent programming for InfraGard, a partnership between the FBI and the private sector that is devoted to sharing information and intelligence to prevent hostile acts against US critical infrastructure.
Cyber Resources from the FEMA Lessons Learned Information Sharing Team
Posted: November 2, 2015
We are pleased to share two of the latest releases from the FEMA Lessons Learned Information Sharing team. The ‘Lessons Learned Information Sharing (LLIS.gov)’ team identifies lessons learned derived from real-world or exercise experiences within the whole community and documents these lessons for emergency managers to consider when developing plans and exercises.