|
Back To Business & Public Policy Focus Area |
||||||||
|
||||||||
|
||||||||
|
 |
|||||||||||||||
|
In May 2001, at Gartner's Denver Symposium/ITxpo, I had the pleasure of co-hosting a distinguished keynote panel on cybercrime that included the National Security Council's Richard Clarke; now-defunct Egghead.com's president and CEO, Jeff Sheahan; and former federal prosecutor and cybercrime expert Fred Smith. I was chosen to co-host this panel not for my IT security background (of which I had none), but rather for my knowledge management expertise. And so began, unwittingly, my foray into critical infrastructure protection (CIP).
It turns out that protecting IT infrastructure from cybercrime, cyberterrorists, war, and other malicious threats and events requires a lot of coordination and collaboration, and a knowledge management background is helpful for that. In the hands of IT security alone, CIP can quickly become a battle of firewalls, intrusion detection, authentication, identification, security patches, and so on — all those things designed to wall out intruders. Unfortunately, they also make it hard for legitimate users to collaborate, access systems, and share information and data. As if it were not already hard for IT security professionals to wall off intruders, end users often look for ways around the walls, or coerce the IS department to open holes in the walls, so that they can get their jobs done. If CIP were just about IT security, practicing good IT security would keep us safe and secure, almost. But at our "Digital Pearl Harbor" wargame in July 2002, we demonstrated CIP is not just IT, or even mostly IT; rather, it consists mostly of the physical-world systems on which a complex modern society depends: gasoline and oil distribution, electrical power grids, telecommunications, transportation and banking systems. All of these systems are heavily dependent on IT, and in a real-time economy, the physical and electronic systems are becoming more interdependent. And in that real-time world, the Internet is the most critical infrastructure of all — absent information and data, the real-time world grinds to a halt. In the physical world, as our Digital Pearl Harbor project colleague, Dr. Craig Korener, at the U.S. Naval War College says, "Absent electrical power, pretty much nothing works, except for gravity and photosynthesis." At this time, Gartner has reached a transition point in its coverage of CIP. Since that Denver symposium, real events around the world have superimposed themselves on our thinking and our research. Now is the time for some retrospection, to look at what we've done and where we and our clients are going. In our research, we have laid out the critical issues that will guide us as we go forward. Future developments in Critical Infrastructure protection will depend upon how governments and enterprises address three critical issues: How will the legal and regulatory obligations of critical infrastructure protection develop?, How does an enterprise know whether it is doing well at protecting critical infrastructure?, and What are the business and operational benefits of following good practices in critical infrastructure protection? |
|
|
|
|||||||||||
 |
||||
|
Internet Business Expands Infrastructure, Its Vulnerabilities 3 April 2003 Rich Mogull Ray Wagner As enterprises use the Internet more as a business platform, the vulnerabilities and complexities of the environment will multiply. Closer links between the Internet and infrastructure require a broader view of IT security. |
|
Governments Must Tackle Critical Infrastructure Protection 7 April 2003 Andrea Di Maio French Caldwell Christopher H. Baum John Kost Critical infrastructure items, such as power and telecommunications facilities, may be publicly or privately owned. Governments must use education, regulation and encouragement to ensure public services are secured. |
|
|
Critical Infrastructure Protection Issues for Society 1 April 2003 Richard Hunter Social and political issues may be the most-complex challenge for enterprises involved in critical infrastructure protection, because government, business and the public will have different priorities for security and privacy. |
|
Critical Infrastructure Protection Key Questions for Telecom 3 March 2003 David L. Fraley Ron Cowles Antiterror regulations will play a key role in shaping the telecom industry's competitive landscape. Carriers, vendors and enterprises can prosper if they know the regulations and how to find opportunities in them. |
|
|
Q&A Highlights Internet and Networking Security Issues 12 March 2003 David Neil John Mazur The war on terrorism makes securing network infrastructure essential, but enterprises too often overlook vulnerabilities in WANs. Improving WAN security will require renewed focus and some balancing of priorities. |
|
Process Industries' Critical Infrastructure Protection Issues 26 February 2003 Dan Miklovic French Caldwell Kristian Steenstrup The process industries remain vulnerable to cyberattacks that could unleash civilian devastation; yet a poor climate for industrywide cooperation limits the effectiveness of the industries' response to terrorism. |
|
|
Transportation Faces Infrastructure Protection Issues 19 February 2003 French Caldwell Robert L. Goodwin Transportation security activity will increase during 2003. Governments' role in setting standards and funding technology to support them in this market will require continued attention. |
|
Critical Infrastructure Protection Key Issues for FSPs 10 February 2003 David Furlonger Annemarie Earley Financial services providers have long focused on security risks and the tracking of suspicious activities. The war on terror will force them to do more. FSPs should include cyberterrorism in all risk assessments. |
|
|
Critical Infrastructure Protection: Key Issues for Utilities 5 February 2003 Cynthia Moore John P. Dubiel Eric Purchase French Caldwell Kristian Steenstrup To protect the utility industry's infrastructure managing people, technologies and processes will be complex and enterprises will need to navigate relationships with the government and industry groups. |
|
Act Now to Minimize the Impact of War With Iraq 13 February 2003 Dan Miklovic A U.S.-led war with Iraq will affect businesses directly and indirectly. It will have an impact on most multinational businesses. Enterprises can take several steps to minimize the disruption caused by the war. |
|
|
The Last-Minute Checklist for Emergency Preparedness 12 February 2003 Roberta J Witty The U.S. government has said that terrorist attacks are likely as the nation prepares for a possible war with Iraq. Enterprises should take steps to protect employees and reduce the impact of business interruptions. |
|
CIOs, HR Executives: Prepare Your Workforce for War 14 February 2003 Diane Morello The looming war with Iraq will require immediate action from human resources executives and CIOs in three areas: calls to duty, communicating and travel. Ignoring those areas will compromise workforce performance. |
|
|
Reinforce Cyberdefenses Against 'Hactivism' 14 February 2003 Rich Mogull The number of cyberattacks rose alarmingly, even before the war on terror. A U.S.-led war against Iraq will increase politically motivated "hactivism." Enterprises should take basic steps to protect against attacks of any origin. |
|
Offshore Outsourcing Vendor and Enterprise Action Items 14 February 2003 Rolf Jester Debashish Sinha Dion Wiggins The possible war with Iraq represents the biggest cloud hanging over the global economic recovery. Enterprises looking at offshore outsourcing and the vendors that provide these services must act to mitigate risks. |
|
|
Using the Internet to Distribute Operations in Wartime 14 February 2003 John Girard Dan Miklovic Kristian Steenstrup Because of its inherent ability to heal itself, the Internet reduces an enterprise's vulnerability to business disruptions. Distributed computing and the Internet are critical to protecting an enterprise's supply chain. |
|
Telecommuting in Wartime: Draft a Remote-Access Program 14 February 2003 John Girard Telecommuting and mobile access can help enterprises cope with emergencies. When disaster strikes, key company locations may go offline or be physically inaccessible. Remote-work capability will keep businesses operational. |
|
|
Tighten Global Supply Chains for War 17 February 2003 Robert L. Goodwin In a war with Iraq, global supply chains face serious risk from many sources. Enterprises must acquire inventory safety stock and meet new, worldwide customs regulations for cargo security. |
|
||
 |
