Critical Infrastructure Protection
The goal of a national critical infrastructure protection (CIP) program is to manage risks to critical infrastructures. In Presidential Decision Directive 63, the White House described these infrastructures as "those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems, and emergency services, both governmental and private."
Since its inception, the CERT Program has supported critical infrastructure protection (CIP) and critical information infrastructure protection (CIIP), both in the United States and abroad, with a mission to build competent cyber security management capabilities. The CERT Infrastructure Resilience Team has established a center of excellence focusing on information technology management that supports critical infrastructure and key resources (CI/KR).
We work with a diverse collection of CI/KR stakeholders, from owners and operators of the infrastructure itself to regulating bodies and the federal agencies with lead responsibility for sector performance and risk management. We produce tools, techniques, technologies, and training to raise awareness of the information security risks to CI/KR and to manage and improve resiliency.
Our research and outreach in CIP includes the following areas:
- Conducting research to identify new technologies and methodologies to be used by members of the CI/KR community to support protection efforts
- Conducting research to provide an understanding and perspective of CI/KR threats and vulnerabilities
- Capability development for national critical infrastructure protection programs
- Developing information security risk assessments and methodologies, guidelines, and best practices centered on CIP
- Collaborating with standards bodies to develop cyber security standards that support national CIP goals
|
|
