DOD teaming on critical infrastructure

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.fcw.com/fcw/articles/2003/0616/web-dod-06-18-03.asp

By Dan Caterinicchia 
June 18, 2003

The Defense Department is working with government officials at all 
levels, as well as with the private sector, to ensure that the 
nation's critical infrastructure assets are protected and that 
contingency plans are in place in the event of an attack or disaster.

Navy Capt. Robert Magee, deputy director for industrial base 
capabilities and readiness in the Office of the Secretary of Defense, 
said infrastructure protection is really "mission assurance" for DOD 
because the failure of critical assets would disrupt operations.

DOD infrastructure includes everything from personnel and health 
affairs to command, control, communications, and intelligence, 
surveillance and reconnaissance assets, Magee said during a June 17 
panel discussion at a National Defense Industrial Association security 
conference in Reston, Va. 

The defense industrial base must coordinate critical infrastructure 
protection efforts from top to bottom, because their collective assets 
represent the "blue target fodder" that any U.S. enemy would love to 
have, he said. The private sector controls about 80 percent of the 
nation's critical infrastructure, including utilities, 
telecommunications and transportation networks.

Magee said that a critical infrastructure protection directive and 
instructions are awaiting the signature of the deputy secretary of 
Defense, and the documents would update DOD's formal policy and 
guidance in this area.

DOD has made solid progress in identifying its internal critical 
assets and those within the defense industrial base, Magee said, 
adding that about a month ago the department began performing 
vulnerability assessments at the first of three private-sector sites 
approved for funding this year.

He said that 10 to 15 more sites should be funded through a 
supplemental budget, and DOD is issuing commercial off-the-shelf 
self-assessment software for vendors it is unable to visit in person.

Paula Scalingi, president of the Scalingi Group, a Vienna, Va.-based 
consulting firm, said that members of the private sector in general, 
not just utilities, often feel left out of the information sharing 
process, which is why many interdependencies take longer to be 
identified.

Randy Smith, head of critical infrastructure assurance for the Marine 
Corps, said that the Marines have been developing their own critical 
asset list for the past 18 months. He called it a "work in progress" 
because things are often missed if the Marines do not own them.

For example, it's obvious to include an air base on the list, but the 
telecommunications switch located behind a gas station just off the 
base also is critical, Smith said, adding that the Marine Corps is 
expanding its integrated vulnerability assessment program with the 
Navy.

The Marine Corps performed a critical infrastructure response and 
protection tabletop exercise with the New York City Police Department 
in September 2002 that garnered numerous information-sharing lessons 
and the opportunity to compare tactics, techniques and procedures, he 
said. 

The program proved so successful that the service is doing another one 
in San Francisco. It will include all city and county agencies and 
test the "commander's handbook," a knowledge management tool the 
Marine Corps has developed to help civilian agencies it may need to 
coordinate with in the future.
 


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.