Center for Infrastructure Protection & Homeland Security

From the Director – January/February 2017

Welcome to our first issue of the 2017 edition of The CIP Report. We open this year in Critical Infrastructure with a focus on the subject of Business Continuity and the role that this discipline plays in the resilience of Critical Infrastructure systems. Critical Infrastructure systems often deliver their capabilities in a near continuous fashion. The linkage between systems presents the risk that disruptions in one sector will transmit and manifest in disruptions in other sectors. Therefore, business continuity is a necessary condition for resilience.

Our first offering comes from Richard Tracy of Telos Corporation, which provides cyber security solutions to private and public sector organizations. Rick highlights the unique role that the Cyber Security Framework released by the National Institute for Standards and Technology plays in business decision making. The commonly accepted approach of the CSF, developed in collaboration with industry, provides a guide for leaders to improve the business continuity of their organizations in the cyber realm.

Noel Hannan provides an international perspective of business continuity in the cyber realm. His offering ties the theoretical to the applied and process aspects of business continuity. Noel’s offering bases a path for continuity on the practical experience of firms in the UK and throughout the world with an eye toward future trends.

Next, George Huff who serves as the Executive Director of the Continuity Project provides an overview of ISO Business Continuity Standards. His offering provides a guide for business leaders to put in place a continuity plan that serves overall strategic objectives and provides a path for improved continuity and resilience, extending continuity and resilience into a holistic view of the firm.

We are most grateful for the insights our contributors provide for each issue of The CIP Report. As with all of our issues, we invite the robust dialogue that follows. I might observe that the area of Business Continuity is well known, but the relationship of this discipline to the overall subject of security and resilience is worthy of greater research and scholarship.

We make the cutting edge content of The CIP Report available through free distribution to a community of over 5,000 subscribers. The distribution grows each month because of your commitment to professional discourse and outreach to a community that far exceeds our base readership. We invite you to support this wide reaching publication and invite you to make a financial contribution to The CIP Report, either on a one time or a recurring basis. Your tax-deductible contribution will receive an acknowledgement in this publication that includes your company logo and link to your corporate website. If you wish to support publication of The CIP Report, please contact me at mtroutma@gmu.edu. We wish you good success in your efforts and look forward to your comment!

Warm Regards,
TroutmanSignature
Mark Troutman. PhD
Director, CIP/HS


Cyber Resilience and the Critical National Infrastructure – A UK Perspective

Posted: February 15, 2017

Providing an international perspective on cyber resilience, Noel Hannan presents a brief examination of the landscape of cyber strategy in the UK with some comparisons to analogous aspects of US efforts.

ISO 22331, Guidance for Business Continuity Strategy

Posted: February 21, 2017

From the Continuity Project, George Huff introduces ISO 22331, an international standards guidance document for business continuity strategy that pairs with other ISO standards on business management to enable leaders in the private sector to implement best practices across their enterprise.

A Business Case for the NIST Cyber Security Framework

Posted: February 23, 2017

As NIST presents the first drafts of an update to the NIST Cyber Security Framework, Richard Tracy outlines the business case for wider adoption of the Framework across industry as a tool for addressing potential gaps and inefficiencies in the cyber operations of private-sector firms.