PROPOSAL FOR CREATION OF DEDICATED INFRASTRUCTURE CYBER DEFENSE ORGANIZATION

Prepared for The Department of Homeland Security National Cyber Security Division

Written By: Garret Brown Technical Writing Student

January 30, 2012

1

TABLE OF CONTENTS LETTER OF TRANSMITTAL3 VISUALS....4 Figure 1...6 Figure 2...7 APPENDIX8 Appendix A / Survey8 Appendix B /Glossary of Terms. 9 INFORMATIVE ABSTRACT...10 PROPOSAL.11 INTRODUCTION..11 Statement of Problem.11 Objective Statement...11 Sources.12 Scope12 Details of the Problem....12 Infrastructure Automation and Design...12 Documented Incidents...13 Domestic Issues and Incidents..13 Electrical Grid Design Vulnerabilities.14 Cyber Offensive Capabilities14 PROPOSED SOLUTION...15 Details of the Solution.15 Federal Agencies and Organizations15 Private Firms and Defense Contractors......16 Citizens Response and Responsibility......16 Public and Private Partnership....17 Required Resources17 Job Creation...17 Time Frame and Schedule..18 CONCLUSION18 Work Cited Page..19

2

January 30, 2012

National Cyber Security Division Department of Homeland Security 12th & C Street SW Washington, DC 20024 Dear policy makers, The following proposal addresses the Department of Homeland Security with the intent of bringing forward an issue of the utmost importance. As we push further into the 21 century, American society continues to integrate itself into the digital age. Many aspects of citizens daily lives are now facilitated and deployed via the internet through its ever increasing number of online services. While the online automation of services has made many tasks easier and more expedient, it has also opened up new avenues for criminals and enemies of the state to exploit. Overview of the Problem The critical infrastructure, the backbone of essential services which all Americans rely upon for water, transportation, communication and electricity has also migrated towards a networked structure and gained much in the way of data collection and incident response because of it. This networked structure has also yielded new security threats; threats which will become more frequent and sophisticated as online, malicious actors attempt to penetrate and bring down infrastructure services for personal gain. While the targeting and frequent disabling of infrastructure services is still relatively distant, this incoming threat must be addressed immediately in order to prepare for its eventuality and undeniable importance. This issue is further complicated by infrastructure firms antiquated online security architecture and defensive capabilities. Solution The DHS, in accordance with its mission to defend the nation from all domestic and international threats, must take the lead in defending this vital element of American society. With current, in house cyber defense capabilities through the National Cyber Security Division, the department will have the required resources and expertise to stand up a new dedicated cyber defense organization. This new organization will operate with the primary mission of defending and monitoring the networks of the nations critical infrastructure services such as water treatment, transportation and the electrical grid.

3

Background Online security threats have steadily grown over the past decade into an issue of the highest importance to the US federal government. Online threats span from issues of minor significance, such as the defacing of corporate websites, to the stealing of classified information by foreign intelligence services. Due to the increasing reliance upon networked technology and architecture, security of these networks must be addressed and proactively solved. The targeting of the infrastructure is one of the newest issues to emerge from a networked society. As it stands today, the United States has endured a few yet telling incidents aimed at critical services such as power and water treatment. The consequences of these incidents have been minor yet they display hackers ability to penetrate networks and cause physical damage to components from remote locations overseas. As these hackers continually attempt to gain larger access to these systems, incidents will increase in frequency and consequence. Methods A dedicated organization, with the specialized expertise of the DHS-NCSD, academia and the private sector, would effectively take the lead in monitoring and defending these vital networks. There are several responsibilities DHS would need to address in order to comprehensively deal with this mission statement. Scheduled monitoring, patching and sweeping of all identified networks would need to be lead by NCSD and filtered down through its affiliated partners. The organization would also lead incident response, crafting of policies and advancement of network defensive and offensive capabilities. Schedule The timeline for standing up a new government organization would be lengthy and this critical task must be started immediately. The government would need to find a home for this new organization, preferably within the currently existing NCSD division, and begin to asses the critical services of the nation which must be defended. The DHS would also need to approach the critical infrastructure firms responsible for each element and garner their support and access to infrastructure networks. This alone will take a large amount of time. The department would also need begin assessment of existing federal government capabilities and begin allocating necessary subject matter experts and technology as required. Resources With a persistent operating schedule of 24 hours a day, 365 days a year, the funds needed to support such an organization will be substantial. Congress, which is currently undergoing extensive austerity measures, would need to acquire the sustainable funding required to run such an extensive operation. It will be vital the government look to utilize any currently existing framework and resources to mitigate the costs whenever possible. Currently the DHS is well

4

positioned to undergo minor shifts to facilitate needed allocation of organizational structure, personnel, technology and resources. As a secondary consideration, this new organization would also generate a large number of federal positions, directly affecting the nations current economic situation. Conclusion It is vital DHS move proactively to address this quickly approaching threat and consider the creation of the proposed organization. As hackers attack techniques evolve and increase in number, a larger federal presence will be required in order to properly defend the nations essential infrastructure elements and prevent future large scale attacks and loss of service. A centralized organization, with the ability to dictate incident response, threat detection, defensive architecture and overall cyber strategy will be required to quickly address this most exigent of issues. Cyber related issues will continue to grow, and now is the ideal moment to stand up an organization, which undeniably will be a permanent and vital element to the US national defense in the decades to come.

5

Figure 1: Proposed Infrastructure Cyber Defense Organization Chart within Department of Homeland Security (DHS)

Department of Homeland Security

National Protection and Programs

Federal Protective Service (FPS)

Office of Infrastructure Protection (IP)

Cybersecurity & Communications (CS&C)

Risk Management & Analysis (RMA)

Risk Management & Analysis (RMA)

National Communications System

National Cyber Security Division (NCSD)

Office of Emergency Communications

Infrastructure Cybersecurity (Proposed Org)

6

Figure 2: Supervisory Control and Data Acquisition System - SCADA

Source: http://en.wikipedia.org/wiki/SCADA

7

Appendix A: Survey Title: Online Security Survey Pool: 24 Participants Given on January 21, 2012 / - Conducted via Surveymonkey.com Question 1: How concerned are you about online security? Very Concerned - 37.5% - Somewhat Concerned - 62.5% - Not Concerned - 0.0% No Opinion - 0.0% Question 2: Have you ever been a victim of an online crime (identity theft, monetary theft ect...) Yes - 43.5% - No - 56.5% Question 3: Do you feel the federal government is doing enough to protect its citizens from emerging online security issues? Yes - 26.1% - No - 73.9% Question 4: Are you concerned with the online security of essential services such as the electrical grid of water treatment and distribution? Very concerned - 16.7% - Somewhat concerned - 54.2% - Not concerned - 12.5% No Opinion - 16.7% Question 5: Do you feel the federal government should take a great role in directly monitoring and protecting the nations infrastructure services such as electrical grid and water treatment? Yes - 69.6% - No - 30.4% Question 6: Do you feel the frequency and severity of malicious online actions will increase and drastically affect the nations prosperity and economic future? Yes - 58.3% - No - 8.3% - No Opinion / Not well Informed - 33.3%

8

Appendix B: Glossary of Terms and Acronyms US - United States DOD - Department of Defense APT - Advanced Persistent Threat NSPD-54 National Security Presidential Directive 54 CNCI Comprehensive National Cybersecurity Initiative FBI Federal Bureau of Investigation SCADA - Supervisory Control and Data Acquisition System NSM Norwegian National Security NorCERT - Norwegian Computer Emergency Readiness Team NERC North American Electric Reliability Corporation APT Advanced Persistent Threats DHS Department of Homeland Security NCSD National Cyber Security Division US-CERT Department of Homeland Securitys Computer Emergency Readiness Team NCAS National Cyber Alert System USCYCOM United States Cyber Command NSA National Security Agency CIA Central Intelligence Agency NCRCG - National Cyber Response Coordination Group CERT Carnegie Mellons Computer Emergency Readiness Team TSA Transportation Security Agency 9/11 September 11, 2011

9

INFORMATIVE ABSTRACT Increased reliance upon digital automation and connectivity has yielded new security challenges for the United States, as the networked and internet accessible components of the critical infrastructure are now accessible to external threats such as hackers and foreign intelligence services. In response to this new evolving threat, the United States government, in coordination with the private sector and academia, must look to create a centralized government agency responsible for the defense of these networked components and security of the nations critical services such as water treatment and the electrical grid. Cyber security is an issue that has grown in importance over the past 20 years. Online crimes range from the stealing of credit card information to organized and deep penetrating espionage actions, which have begun to plague the computer networks of everyday citizens and governments around the world. While the attacks have previously focused identity and monetary theft, these attacks have become infinitely more threatening as hackers target and probe the critical infrastructure of the nation. One major attack against an inadequately defended infrastructure component, such as a water station or the electrical grid, can cause immediate and lingering damage to the country and its recovering economy. Even though these attacks are low in tangible numbers, the increasing trend of targeting the infrastructure is an imminent problem the US government must address. These trends are corroborated by documented incidents which show hackers interest in the infrastructure and the damage it can cause. The problem is further complicated by infrastructure firms' inability to modify and design their networked components with security in mind. A dedicated organization is needed address these vulnerabilities and help bolster the defense of the nations infrastructure and protect it from future threats. The proposed organization would be responsible for the following: - scheduled sweeping of infrastructure networks for sleeper programs - proactive network security patches to keep pace with evolving attack techniques - persistent network monitoring, intrusion response and subsequent digital forensics The federal government, with its obligation to prevent and deter all forms of terrorism, must establish a dedicated government organization, solely responsible for monitoring and defending the networks of the nation's critical infrastructure. While the government has been skeptical to take a direct stake in monitoring and defending these networks, the threat posed to the general public warrants this measure and must be addressed proactively before any large scale incident has occurred.

10

INTRODUCTION Statement of Problem As society shifts towards an emerging digital age, new threats have materialized in the form of cyber theft, sabotage and espionage. Over the past decade, cyber defense advancement has increasingly become more of a priority as lone wolf hackers to foreign intelligence services increasingly attempt to penetrate United States government systems. There were an estimated 6 million attacks targeting US military networks during 2006. By 2010, an estimated 6 million attacks targeted US government and Department of Defense (DOD) networks each day, and that number continues to rise incrementally year to year. (Goldman 6) The United States government, under President Bushs 2008 National Security Presidential Directive 54 (NSPD-54), otherwise called the Comprehensive National Cybersecurity Initiative (CNCI), has implemented a proactive policy designed to protect sensitive data stored on government networks. (19) As the government evolves to properly defend classified information, in accordance with NSPD-54, new vulnerabilities and targets must be quickly identified and addressed in order to sufficiently defend the nation's critical networks. Digital attacks against the nations critical infrastructure, and their respective internet accessible Industrial Control Systems, present a new set of targets capable of producing loss of life and wide spread disruption to American society. (Finkle 5) The still maturing US cyber defense capabilities currently stand highly compartmentalized and many private infrastructure firms still employ quickly aging defense techniques. This antiquated defense structure leaves numerous attack vectors capable of crippling critical infrastructure elements, such as water and electrical services. (Dignan 4) Failure of infrastructure services can result in an incalculable loss and directly threaten the security of the United States and its citizens. (22) In order to effectively defend against such threats, the United States government, in accordance with NSPD-54, needs to establish a centralized cyber defense organization, solely responsible for monitoring and safeguarding the nation's vital infrastructure services. Objective This proposal addresses an emerging digital threat and the measures which will be required to keep pace with the dire consequences of indifference. This document proposes the creation of a dedicated cyber defense organization, contained within a currently existing US government agency. This new organization would be responsible for the following: - identification of networked and online accessible infrastructure components and industrial control systems - assessment of firms security architecture, protocols and network defense methodology - direct and persistent monitoring of these networks and components for illegal intrusions - periodic sweeping of all networked components for embedded malicious code or dormant programs - establishing proactive incident response and adaptive procedural directives

11

Sources The information used to create this proposal were obtained via the Internet and open source materials, such as news organizations and various media outlets. Secondary sources also include transcribed government testimony and public white papers of the United States Executive Branch and other government agencies. Secondary sources also include an original survey and data obtained from the general public. Scope The scope of this proposal covers current online security threats, the proposed solution in relation to these threats as well as affected organizations, fiscal considerations and the schedule and time-frame in which this action can be completed. Details of Problem Over the past decade, network security issues and malicious cyber incidents have become increasingly common and infinitely more dire in nature. From the simple stealing of credit card information to coordinated military cyber attacks and digital espionage actions, online security has become increasingly more of an exigent issue to the general public, as well as organized governments. The most immediate threat still remains the vulnerabilities within the network security of essential infrastructure services, such as financial data, communications, water treatment and the electrical grid. During a hearing in April of 2011, the Federal Bureau of Investigations (FBI) Assistant Director of Cyber Security, Gordon Snow, stated It is difficult to state with confidence that our critical infrastructurethe backbone of our countrys economic prosperity, national security, and public healthwill remain unscathed and always be available when needed. (14) Disruption to infrastructure services effectively cripple the nation's economic productivity and can potentially incite panic within the general population as seen during the northeast blackout of 2003. (PerezPena 10) Infrastructure Automation and Design In order to understand the threat, one must understand how a standard infrastructure element is designed. The critical elements of the national infrastructure are currently classified as agriculture, food, water, public health, emergency services, government, defense, industrial base, information and telecommunications, energy, transportation, banking / finance, chemicals, hazardous materials, postal and shipping. (5) Many of these, such as the electrical grid, water treatment and energy production, are currently run via Industrial Control Systems (ICS). The ICS of each plant administers the automated coordination of basic tasks and functions. These ICS functions are aided by the Supervisory Control and Data Acquisition System, otherwise known as SCADA. (25) The SCADA system coordinates data collection within ICS functions. As an example, a SCADA system will read the output of an electrical generator and modify output accordingly. Please refer to figure 2 for visual flow chart of a sample SCADA layout. These SCADA systems, when initially created, contained no external connection outside the plant, rendering itself invulnerable to remote attack vectors.

12

Recently however, the SCADA system, with its high level of networked automation and connection to external networks, has become vulnerable to external cyber threats and remote access vulnerabilities. This is the design element which allows hackers access to specific hardware within a power or water treatment plant and effectively turns any networked hardware component into a liability. Documented Incidents Cyber attacks have already been recorded within the United States and incidents overseas have been well documented. Late in 2011, French energy conglomerate, Areva, found dormant malware embedded in its nuclear power facility's operating system. Further investigation into the incident found no immediate threat; however, it was apparent the network security of a highly volatile energy source, such as nuclear power, had been severely compromised and the company suspected Chinese or North Korean involvement (Leyden 8). In late 2011, Norwegian National Security (NSM) discovered an attack targeted at Norways oil, defense, gas and energy sectors. Companies within these sectors were compromised via malware-infected emails opened by internal employees. Once opened, the virus began to quickly steal usernames, passwords and even proprietary data, such as documents and industrial drawings pertaining to these infrastructure firms. According the Norwegian Computer Emergency Readiness Team (NorCERT) the incident was the tenth known cyber attack of this nature during 2011 alone. (Albanesius 1) Domestic Issues and Incidents Domestically the US has already seen the first attacks aimed at the infrastructure. In Illinois, hackers were allegedly able to penetrate the Curran-Gardner Township Public Water treatment plant's network security and remotely short out a pump, temporarily disabling the plant's production. The networked components of the pump were allegedly accessed remotely overseas, again by suspected Russian or Chinese hackers, and the direct control to these components allegedly led to their eventual disabling. (11) Curran-Gardner mirrors another suspected cyber attack against the infrastructure in 2008, when Chinese hackers disabled a Miami power station leading to the eventual loss of power in 3 million households across southern Florida. (Leyden 9) While the Illinois and Florida attacks mark the first suspected cyber offensive actions against American infrastructure, increased attempts are inevitable and more extensive intrusions have previously been detected. Curran-Gardner and the Florida blackout corroborate a recent statement by national security officials claiming malicious software programs were detected buried within the American electrical grid. The officials further detailed the discovery stating Chinese and Russian intelligence agents attempted to map the US electrical grid and implant dormant software programs which could be activated at an opportune moment. (Gordon 7) In response to the growing threat, many infrastructure firms have utilized internal self assessments of their network defense capabilities and the conclusions have not yielded favorable results.

13

Electrical Grid Design Vulnerabilities In 2009, in an internal memo for industry stakeholders, the North American Electric Reliability Corporation (NERC) cited gaping vulnerabilities in its cyber defense structure. There were numerous issues and possible exploits detailed in the memo. The memo suggests many NERC electric stations had not correctly assessed their systems and the critical nature of networked components within those systems. These critical components were vulnerable to external cyber attack and due to inadequate classification, could be manipulated or destroyed remotely. Furthermore, it stated that these critical assets if destroyed, degraded or maliciously modified, would have the ability to cause a geographically widespread loss of power. NERC continued to imply the original architecture of the American electrical grid was well designed to withstand and prevent single points of failure; however, due to the potential of a widespread, simultaneous cyber attack against laterally connected stations, a geographically widespread failure was possible. (23) The memo did not even begin to address the previously mentioned dormant programs within their systems, which could further compromise the electrical grid's vulnerability. This lack of security driven methodology displays NERC's antiquated defensive and monitoring practices and their inability to adequately understand their systems in online automation in relation to network defense. Since these systems are an essential part of everyday life, greater means must be taken in order to detect and destroy currently existing dormant programs and defend these systems from future intrusions. Due to the immediate nature of this threat, a quick response is critical to effectively prevent a catastrophic event and potential loss of life to US citizens. Curran-Gardner and Florida power grid attacks, signifies the inevitable trend of cyber attacks against critical services. A failure of the American infrastructure, by the way of wide speared loss of power and water, would be catastrophic to the nation and would force a major network defensive evolution, but at far too great a price. It is vital that the American government work proactively to directly defend infrastructure vulnerabilities and prevent such an attack from ever occurring. Cyber Offensive Capabilities and Techniques The sophisticated attack techniques needed to bring down infrastructure services are currently only available to Advanced Persistent Threats (APT), such as highly funded governments and terrorist organizations, however with each year the bar is lowering. (18) With the development of new, easy to use yet sophisticated attacks techniques, even a lesser skilled hacker can inflict serious damage against individuals, companies and even entire nations. There are numerous attack techniques a hacker may utilize to penetrate an ICS defense. Siemens, developer of many ICS systems, recently discovered authentication bypass, a basic hacking technique which allows an intruder access to networked systems by circumventing password protections. With such techniques lone wolf hackers to large hacker collectives, such as Anonymous, will be able to carry out the large scale attacks. (Smith 11) To complicate matters, these hacker collectives often strike out in idealistic retaliation to world events and government actions. (23) The US government needs to be prepared for this eventuality and

14

ensure the infrastructure is not at risk from cyber retaliatory strikes, which will become more sophisticated and frequent in the near future. Advanced offensive capabilities, such as the mysterious Stuxnet worm, to simple techniques, such as authentication bypass have been largely successful for gaining access to secured ICS networks and increasingly test private infrastructure firms defensive capabilities. (Clayton 2) So far these firms have been unable to prevent intruders from penetrating their defensive measures. True, advanced defense and system monitoring, must be undertaken on a 24 hour, 365 days a year basis, as opposed to moving to react and contain intrusions after they have occurred. The United States government must be the one to lead and coordinate this defensive evolution. PROPOSED SOLUTION Details of the Solution In order to effectively address and deal with this quickly approaching threat, the government must look to take a more direct role in the defense and persistent monitoring needed to adequately safeguard the networked components of these infrastructure services. A dedicated organization, geographically dispersed across the nation and created under the NSPD-54 statement of intent, would be required to keep pace with this monumental task and workload. The proposed organization, focused solely upon identified critical services, would take the lead in a structured and periodic sweep of infrastructure networks for embedded malicious code or programs and actively work to defend these networks from future intrusions. Federal Agencies and Organizations There are three major groups which must be addressed in order to effectively create the proposed organization: the United States Government; the private sector; and the citizens of the United States. The primary organization to be utilized would be the Department of Homeland Security (DHS). Homeland Security is currently the cornerstone of American cyber defense and home of the National Security Cyber Division (NCSD) and its subdivision, the United States Computer Emergency Readiness Team (US-CERT). This organization establishes policy and methodology across the federal government regarding cyber defense and incident response. (13) Neither of these organizations currently monitors nor defends the networks of the nations critical infrastructure as proposed in this document. Currently US-CERT, in collaboration with the private sector, helps patch critical system vulnerabilities in federal and private systems and coordinate alerts and information dissemination via their National Cyber Alert System (NCAS). While NCSD and US-CERT help to advise and bolster critical infrastructure systems, neither directly monitor their networks on a permanent basis. A derivative organization, contained within NCSD, can be created and dedicated to monitoring, defending and sweeping through critical infrastructure systems. Please refer to figure 1 for a current DHS organization chart with the newly proposed organization added. Secondary, yet vital, organizations include: the policy makers and subject matter experts

15

within the Department of Defense; United States Cyber Command (USCYCOM); Directorate of National Intelligence (DNI); National Security Agency (NSA); Central Intelligence Agency (CIA); Department of Justice; and other agencies of the 19 member National Cyber Response Coordination Group (NCRCG). With the benefit of collaboration across the federal government and utilization of the subject matter experts within NCRCG, a centralized government entity can properly defend the nation's critical infrastructure. (17) Private Firms and Defense Contractors In 2003, the White House stated, The Cornerstone of America's cyberspace security strategy is and will remain a public-private partnership'. (5) The private firms, which include the US defense industry, must be integrated into this newly centralized organization, drastically increasing its workforce and capabilities. United States cyber security firms, capable of heavily investing in advanced research and development, where the fiscally stricken US government cannot, will help yield the sophisticated defense methodology required to keep pace with evolving attack techniques. The intense competition amongst these companies will ideally trigger a private cyber arms race and quickly advance the defensive capabilities of the American critical infrastructure. Citizen Response and Responsibilities The citizens of the United States, who would ultimately pay for this new organization, would need to be proactively engaged and informed of this issue's importance and immediacy. Statistical data, obtained via a survey conducted for this proposal, showed the citizens of the United States desire an increased government presence, pertaining to online security. When questioned, 62.5% responded they were somewhat concerned about the online security of the nations critical services, while 69.6% said they felt the government should take a greater role in protecting the infrastructure. A striking 73.9% responded that the government was not doing enough in relation to online security. (Appendix A) These numbers plainly show the publics interest in government intervention and an increased emphasis upon online security. Since only 54.2% were concerned about the security of critical infrastructure networks, the government, in coordination with the media, would need to help educate the public and validate the large allocation of resources needed to stand up the proposed organization. Citizens dependence upon the critical infrastructure makes them directly vested in the issue. The citizens can, by the way of academia, also contribute to the effort. Carnegie Mellon's CERT, a completely separate entity from DHS's US-CERT, has become an industry expert, providing the federal government and the private industry advanced network security research and solutions. (24) The collective expertise and advanced research yielded by these universities can help propagate American cyber offensive and defensive capabilities, as well as train the next generation of cyber professionals needed to sustain this increasingly critical element of US national defense. International collaborations must also be strengthened to help achieve global digital security and the means to track and prosecute cyber criminals abroad when they do attack. Public and Private Partnership Telecommunications, financial institutions, water treatment, and

16

the electrical grid would be the primary focus of the proposed organization. The firms responsible for these public services must be closely partnered with, in order to ensure all sectors of American infrastructure are properly defended. These firms have increasingly shown an inability to defend their own systems, effectively prompting the need for the federal government to step in, monitor and augment their defensive capabilities. In order to properly defend these sectors, each must be willing to partner with the federal government to allow federal employees access to their proprietary networks. While the federal government has been reluctant to directly monitor and defend these private firms in the past, the increasing number of incidents and the potential threat against the nation validates the proposed action. This direct intervention would be covered by HSPD-7, a federal mandate stating the federal government must work to protect and defend the critical infrastructure from terrorist action. (20) In the White House's own cyber strategy it states, It is the policy of the United States to prevent or minimize disruptions to critical information infrastructures and thereby protect the people, the economy, the essential human and government services, and the national security of the United States. Under this statement of intent, the government should proactively look to take a major stake defending the critical infrastructure in the same way the Transportation Security Administration (TSA) and the US Marshalls helped defend the vulnerable airline industry after 9/11. Required Resources The resources and schedule of completing such an action cannot be understated. This would be an expensive proposition, yet one that would help save the country an indeterminate number in the long run. Again, the citizens of the US would need to be convinced of the issue's importance and immediacy in order to validate the cost. Going by the survey data, with 73.9% feeling the government should take on a larger role in network security, this proposition would not be difficult to sell to the public. The creation of a new government agency, with wide sweeping responsibility and purview, requires a large amount of funds, personnel, and time. While the government is currently undergoing fiscal reform and austerity measures, the funds needed to address this situation must be categorized no differently than money allocated for the DOD or any organization responsible for the defense of the nation's citizens. It is imperative that the high price of standing up a new organization not deter the fiscally stricken Congress into reluctance or inaction. A spend money to save money mentality must be used in order to carry through this action properly. In relation to the proposal as a whole, generating these funds will be the largest challenge which must be addressed. Job Creation The creation of this organization, however, can help to lessen the economic strain upon the citizens of the United States. Financially, there are numerous advantages to creating the proposed organization. These advantages include: - Creation of an undetermined, yet large number of direct, federal government positions

17

- Creation of an undetermined, yet large number of defense contractor positions needed to adequately staff the program - Creation of an undetermined, yet large number of indirect jobs and task orders, such as construction and support based positions, which will be required to construct the necessary buildings, work spaces and technology for this new organization - Creation of geographically dispersed positions over a wide variety of skill-sets Time Frame and Schedule The schedule and projected completion of standing up an organization would prove to be a timely endeavor. Due to the immediate nature of the problem, an action would need to be established immediately to begin assessment of government resources and expertise needed to stand up the new organization. The government would also need to reach out to geographically dispersed infrastructure firms and propose direct, governmental intervention before setting up the critical partnership required for such an organization. The proposed organization must be created before the US infrastructure finds itself under frequent and progressively more destructive attacks and reliant upon current and inadequate security methodology and structure. Conclusion With the increased automation and online networking of infrastructure services in the United States, it is vital the US government move proactively to counter-act system vulnerabilities and protect the nation from cross-border cyber attacks aimed at causing mass panic and economic regression. The suspected attack in Illinois and the constant probing of the electrical grid by foreign intelligence services, is only the tip of a fast approaching spear which must be addressed today, in order to well position the United States on this newly established online battlefield. The critical infrastructure, which is the backbone of services provided to the American public, must be thoroughly swept for existing dormant programs and properly defended from online adaptive threats. To achieve this goal, a dedicated government organization, with the full expertise and capabilities of United States government, private sector and academia, must be established to safeguard vulnerable critical systems and prevent a geographically large-scale failure of essential services such as water, electricity and communications. The protection of essential services, which citizens rely upon daily, is critical and must be given the proper attention it demands and requires. The country must not be forced to endure a September 11- scale cyber attack before moving to adequately defend its systems and understand comprehensive security is required beyond sensitive government networks.

18

REFERENCES 1.Albanesius, Chloe Norway Cyber Attacks Target Oil, Gas Systems PC Magazine. 18 Nov 2011. 10 Jan 2012 2. Clayton, Mark Cyber Attack on Illinois Water Treatment Plant May Confirm Stuxnet Warnings. The Christian Science Monitor. 18. Nov. 2011. 05 Jan. 2012 http://www.csmonitor.com/USA/2011/1118/Cyberattack-on-Illinois-water-utility-may-confirmStuxnet-warnings 3.Derene, Glenn How Vulnerable is the US Infrastructure to a Major Cyber Attack? Popular Mechanics. 01 Oct 2009. 09 Jan 2012. 4.Dignan, Larry Chinas Cyber-militias behind US blackouts? ZDnet 30 May 2008. Jan 18 2012. 5. Finkle, Jim. Cyber Attack Could Hit Infrastructure If Flaws Are not Fixed The Huffington Post. 22 Dec 2011. 06 Jan 2012. 6. Goldman, David. China v the US: The Cyber Cold War is Raging CNN Money. 28 Jul 2011. 06 Jan 2012. 7. Gordon, Siobhan. Electricity Grid Penetrated by Spies Wall Street Journal. 08. Apr. 2009. 05. Jan. 2012. http://online.wsj.com/article/SB123914805204099085.html 8.Leyden, John French Nuke Biz Slapped in Mystery Cyber Attack. The Register. 01 Nov 2011. 06 Jan. 2012. http://www.theregister.co.uk/2011/11/01/french_nuke_firm_mystery/ 9. Leyden, John Chinese Crackers blamed for US power blackouts. The Register. 02 Jun 2008. 06 Jan 2012. 10.Perez-Pena, Richard THE BLACKOUT of 2003: HEALTH CARE; Early Panic leads to rush on emergency rooms. The New York Times. 15 Aug 2003. 06 Jan 2012. 11. Smith, Gerry. Cyber Defense Agency Faces Challenges From Within. The Huffington Post.

19

29. Jul 2011. 05. Jan 2012. http://www.huffingtonpost.com/2011/07/28/cyber-attack-threatgovernment_n_912114.html12. Waugh, Rob Lethal Stuxnet cyber weapon is 'just one of five' engineered in same lab - and three have not been released yet. The Daily Mail. 29 Dec 2011. 06 Jan 2012.

13. National Cyber Security Division. http://www.dhs.gov. Department of Homeland Security, n.p. Oct. 10, 2010. 20. Dec. 2011. 14. Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Http://www.FBI.gov. n.p. 11 Apr. 2011. 15. National Strategy To Secure Cyberspace. http://www.dhs.gov. Department of Homeland Security, n.p. Feb. 01, 2003. 04. Jan. 2012 http://www.us cert.gov/reading_room/cyberspace_strategy.pdf 16. Industrial Control Systems. Wikipedia n.p. n.d. 24 Jan 2012 17. United States Cyber Command. Wikipedia, n.p. n.d. 07 Jan. 2012