Posted by Public Affairs
From power grids to trading floors, every aspect of the Nation’s critical infrastructure is dependent on information technology to operate. That’s why securing critical IT infrastructure is so important to our homeland and economic security, public health and safety, and public confidence.
Today, the Department of Homeland Security and the Information Technology Sector Coordinating Council, which includes representatives from major IT companies, released three IT Sector risk management strategies to address risks to the Nation’s IT infrastructure as part of an ongoing collaboration between government and private-sector stakeholders. The first of these strategies relates to domain name resolution (DNS) services and was released last month. It allows Internet users to access services, such as Web pages, e-mail, instant messages, and files, by typing in a host name instead of the more difficult to remember IP address. Almost all Internet communications today rely on the DNS, making it as critical to the Internet as the Global Positioning System (GPS) is to navigation.
The strategies inform industry and government organizations of the IT Sector’s risk management priorities and activities by identifying risk responses and prioritizing risk mitigations. They address products and services, incident management, and Internet routing. Completing these strategies ensures that public and private sector resources are applied where they can most effectively respond to the threats, vulnerabilities, and consequences facing critical IT Sector functions.
The IT Sector Products and Services Risk Management Strategy includes a portfolio of risk mitigation activities, such as:
- Enhancing supply chain delivery mechanisms to minimize counterfeiting and tampering;
- Developing, establishing, and/or adopting IT Sector standards and/or best practices;
- Increasing awareness among buyers and suppliers of IT products and services of the need to manage business risk.
The IT Sector Incident Management Strategy includes a portfolio of risk mitigation activities, such as:
- Improving redundancy and distribution of resources and data;
- Educating the workforce to recognize falsified information and validate sources (training and awareness); and
- Investing in or developing alternative data delivery capabilities to use when primary ones are unavailable.
The IT Sector Internet Routing Risk Management Strategy includes a portfolio of risk mitigation activities, such as:
- Formulating and applying appropriate local routing policy;
- Taking extensive steps to secure facilities from physical attacks and natural disasters; and
- Developing a comprehensive incident management and incident recovery plan.
These IT assessments and risk management strategies are key not just to protecting the IT sector, but protecting all the critical infrastructure and key resource sectors that we rely on every day. All of these strategies are in response to a national-level IT Sector risk assessment produced by government and the private-sector IT experts.