Vol. 11 No. 5
May 2008



Critical Infrastructure Challenges


Critical Questions

• What is the composition of the critical infrastructure?
  
• How does the context and culture vary among industry sectors?
  
• What operations do each of the principal sectors perform?
  
• How should coordination among the industry sectors of the critical infrastructure be arranged?
  
• How does the critical infrastructure fit within the Homeland Security Information Network?
  
• What preventive actions is the Federal segment taking to promote Cyber Security?
  
  
  
  
  
  
  
  
  
  
  
  
  
  

The critical infrastructure spanning the systems in the banking and finance, electrical, telecommunications, transportation and medical sectors comprises an accidental system of systems that intersect operationally without a plan and design in advance. Each sector system was constructed in accordance with its own context and culture, but in operation as members of a system of systems these sector systems inadvertently extend their own context and culture onto others resulting in clashes with uncertain and unintended operational results. Context and culture are the blended result of multiple dimensions that include application domain engineering approaches, the processes for management and engineering, fielding and operating practices governmental regulations, and public expectation and confidence.

1. Industry sector practice varies widely in its domain engineering approaches resulting in diversity in architecture, models, and patterns including their representation. Formality within an architectural framework facilitates the imposition of distributed supervisory control, interoperability, and operation sensing and monitoring protocols.
2. Industry sector maturity in management and engineering processes varies widely resulting in diversity in configuration management, frequency of release, conformance to requirements, and traceability among life cycle artifacts. Strong code management practices facilitate reconfiguration and reconstitution.
3. Industry sector practice varies widely in fielding and operating practices resulting in diversity in accountability and control, supply chain management, civility and pushback, and willingness to expend off the clock effort. Exercising strong control over the workforce facilitates business continuity and survivability.
4. Industry sector impacts from government regulation vary with respect to export control, tax policy, intellectual property, privacy, and antitrust litigation. Exercising strong government control facilitates compliance for the benefit of the commons at the expense of initiative for the self-interest.
5. Industry sector public expectation and confidence vary with respect to trust, loyalty, and satisfaction. The financial and medical sectors depend on public trust. The electrical and telecommunication sectors depend on customer loyalty and satisfaction.

The operations within the industry sectors of the critical infrastructure are diverse and complex. These operations are evolving into large systems of systems.

1. Telecommunications- network control and switching systems, satellite control and management systems, and mobile communications systems and protocols.
2. Transportation- route management and collision avoidance systems, avionics systems, air traffic control systems, navigation and position location systems, and embedded automobile control systems.
3. Banking and Finance- electronic commerce and electronic funds transfer systems, transaction processing systems, security and privacy management systems, and network management systems.
4. Medical Systems- medical device control systems, patient record systems, and insurance and payment systems.
5. Utilities and Energy - power generation and distribution systems, nuclear power control systems, and energy resource allocation systems.

If the critical infrastructure is to be resilient, its sector managers and systems must respond to guidance from intelligent middlemen whose influence is felt before, during, and after a crisis [Figure 1]. An intelligent middleman possesses the broad range of hard and soft skills spanning the cultural, ethical, legal, business, process, management, and engineering dimensions needed to meet the challenges of the critical infrastructure in anticipating, avoiding, minimizing, withstanding, recovering from crosscutting effects and to impede the emergence of propagating and cascading effects.

Figure 1. Critical Infrastructure and Intelligent Middlemen

The Intelligent Middlemen are positioned at the center of things and serve as the traffic cop for identifying and driving resolution of crosscutting issues. For example, they ensure that recovery time objectives are coordinated, interoperability protocols are followed, distributed supervisory control functions are coordinated, and operation sensing and monitoring functions are applied.

The critical infrastructure challenge calls for an intelligent middleman with such broad gauged abilities to manage the Trusted Pipe™ architecture. Adapted from a USPTO patent application, the Trusted Pipe™ is a high speed, secure electronic network manned by intelligent middlemen responsible for composing and interpreting multi-dimensional messages needed to ensure a trusted and harmonious operation.

Knowledge networks are needed to facilitate communities of practice. The knowledge networks associated with the Government Orbit and the Commercial Orbit represent two distinct audiences with contrasting perspectives. Consequently, interest-driven, small-world networks organized around the contrasting perspectives need to be formed for each of these orbits to facilitate collaboration and coordination. Forming these Knowledge Networks is expected to improve accuracy, speed, tolerance, and scalability in knowledge sharing outcomes and to promote the social interaction capable of producing innovative solutions needed for problem solving and crisis management.

Figure 2 illustrates a more robust application of the Intelligent Middleman in the Homeland Security Information Network. Beyond just the critical infrastructure shown in figure 2, the Homeland Security Information Network shown in figure 3 begins to capture the broader demand for resiliency. Here we need to strike an intelligent balance between two extremes, where no one knows anything and where everyone knows everything. We need to adopt the intelligent middleman approach where highly qualified middlemen know as much as possible, know how to acquire additional information, know how to connect the dots, and know how to act on what they know.

1. Of the three-dozen entries comprising the community of interest shown here, how many do you think are secure? Can you name one entry that is secure?
2. Now consider the Homeland Security Information Network. To what extent is the network resilient?
3. Just as important as the answer to the question is the means by which you arrived at the answer. How does one assess the assurance of resiliency?

Figure 2. Homeland Security Information Network

There are intelligent preventive actions being taken within the Federal segment affecting the Department of Homeland Security and its Information Network including:
1. Consolidating Technology Internet Centers [TIC] points of connection from 4,000 to several hundred
2. Installing Einstein intrusion detection and extending it to a real time operation at all points of connection in the reduced set
3. Presetting 700 vulnerable settings as part of managing the Federal Desktop Configuration.

However, neither the Federal government nor the Department of Homeland Security (DHS) with its public/private partnerships can order the private sector to safeguard the networks and computer systems that support 80-85% of the critical infrastructure.

Knowledge networks are needed to facilitate communities of practice. The knowledge networks associated with the Government Orbit and the Commercial Orbit represent two distinct audiences with contrasting perspectives. Consequently, interest-driven, small world networks organized around the contrasting perspectives need to be formed for each of these orbits in order to facilitate collaboration and coordination. Forming these Small World Networks is expected to improve accuracy, speed, tolerance, and scalability in knowledge sharing outcomes and to promote the social interaction capable of producing innovative solutions needed for problem solving and crisis management.

People write about chaos. Some even presume to advise on how to control chaos. But is controlling chaos possible? Chaos is the state of disorder and confusion. For example, chaos is the unpredictability inherent in a system, such as, the weather in which apparently random changes occur as a result of the system's extreme sensitivity to small differences in initial conditions. One time honored strategy to cope with chaos is luck. The former University of Texas football coach, Darrell Royal, understood something about luck when he said, “Luck is when preparation meets opportunity”.