Cyber Attacks: Protecting National Infrastructure

Sunday, July 15, 2012

Ben Rothke


In Cyber Attacks: Protecting National Infrastructure, Edward Amoroso lays out the foundation on how to secure this monstrosity called national infrastructure, often referred to as critical infrastructure.

The US has had a critical infrastructure protection program in place since 1996. In 2001, the Patriot Act defined critical infrastructure as those “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”.

The critical infrastructures and responsible agencies in the US are:

  1. Agriculture and food – Departments of Agriculture and Health and Human Services
  2. Water – Environmental Protection Agency
  3. Public Health – Department of Health and Human Services
  4. Emergency Services – Department of Homeland Security
  5. Government – Department of Homeland Security
  6. Defense Industrial Base – Department of Defense
  7. Information and TelecommunicationsDepartment of Commerce
  8. Energy – Department of Energy
  9. Transportation and Shipping – Department of Transportation
  10. Banking and Finance – Department of the Treasury
  11. Chemical Industry and Hazardous Materials – Department of Homeland Security
  12. Post – Department of Homeland Security
  13. National Monuments and icons - Department of the Interior
  14. Critical Manufacturing - Department of Homeland Security

As CSO at AT&T, Amoroso brings significant experience to every chapter in this excellent resource.

In 11 densely-packed but very readable chapters, he provides a comprehensive overview on how to secure the national infrastructure.  While the title states national infrastructure; the entire book is completely relevant for any organization that has information assets they need to secure.

The book provides a good mix of both high-level overviews, suitable for management; and highly technical details, suitable for security architects.

Chapter 1 is titled introduction, but by page 7, the author is already detailing the nature of the threats of botnets.  The chapter provides a detailed list of the five entities that comprise a botnet attack.

The chapter and the rest of the book also make excellent use of graphics and illustration. 

Each chapter also includes review questions, exercises and hands-on projects to review and internalize the topics discussed.

Cyber Attacks: Protecting National Infrastructure is a very readable and engaging book on one of the most important topics the US is currently facing.

While Amoroso lays out the technical issues, he also notes that the only way to remediate them is via a commitment to infrastructure protection; based on a top-down approach from management. 

If management is supportive of information security, and understands its significant, the security teams ability to secure the infrastructure will be inordinately easier.

For those looking for a reference that provides both the breadth and depth on the topic, Cyber Attacks: Protecting National Infrastructure is an invaluable resource written by one of the smartest minds in the industry.

Cross-posted from RSA

Possibly Related Articles:
Industrial Control Systems
Enterprise Security Best Practices Utilities Cyber Security Attacks Network Security Infrastructure National Security Book Review
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.