Critical Infrastructure Protection

Critical Infrastructures areCritical Infrastructure Protection those systems that are necessary to the minimum operations of the economy and government, such as the water supply, food supply, transportation, oil and gas production, banking and finance, electrical generation, health and emergency services. Critical Infrastructure Protection refers to activities for protecting these systems and facilities. IIT offers a range of services to help protect the people, physical entities, and cyber systems essential to national security, public health, and economic stability against a host of natural and man-made threats.

IIT services and capabilities include:

Business Continuity and Disaster Recovery
IIT offers a comprehensive set of services designed to simulate, plan against, and ultimately survive potentially damaging situations. IIT goes beyond traditional disaster recovery planning to include Business Impact Analysis and take into account the reliance on an IT infrastructure for e-business and e-government operations. The resulting plan includes all critical business functions.
Computer Incident Response
IIT provides a cost-efficient strategy for dealing with network security incidents. IIT has demonstrated expertise in designing Computer Incident Response Facilities and Teams, and can assist in building your team, to include development of technical and procedural policies and provide training resources. IIT also offers remote assistance and on-site incident analysis and recovery services.
Information Sharing
Information accessibility, integrity, and sharing represent critical foundations of the National Homeland Security Strategy. Information fusion – tying together the appropriate pieces of information from multiple sources and providing that information quickly, securely, and confidentially to operations personnel who may then act upon it – is essential for detecting, preparing, preventing, protecting, responding, and recovering from crisis events.
Incorporating the concepts of Information Operations allows IIT to gain and maintain information superiority for its clients, a condition that allows leaders to seize, retain, and exploit the initiative in a crisis event, facilitating more effective decision making and faster execution.
Information Sharing and Analysis Centers (ISACs)
Homeland Security Presidential Directive 7 (HSPD-7) calls for the creation of private sector Information Sharing and Analysis Centers to protect United States critical infrastructures from attack, ninety-five percent of which are privately-owned. On a 24/7 basis, ISACs collect and analyze information pertinent to their industry and focus on those incidents, threats and activities that most affect that industry. ISACs help identify critical infrastructure and the impacts of its loss or degradation. Filtering information from the global information environment by the threats and infrastructure vulnerabilities permits ISAC analysts to focus their efforts and helps the industry to prioritize the application of limited security resources.
ISACs:

• Acquire Relevant Information
• Analyze Threat Indicators
• Monitor and Fuse Intelligence
• Alert and Warn
• Assess Risk
• Build Critical Infrastructure “Target Folders”
• Enhance Cyber Security
• Employ Red Teaming
• Reduce Decision Cycles

IIT currently operates three 24×7 ISACS:  the Public Transportation (PT-ISAC), the Over The Road Bus (OTRB-ISAC) and the Surface Transportation (ST-ISAC) ISACs.

Public Key Infrastructure (PKI)
IIT provides complete PKI systems lifecycle solutions: initial needs assessment, architecture design, applications development, system implementation, and turn-key Certificate Authority (CA) or a CA managed service.
Risk Management Planning and Implementation
Risk management is the continuous process of selecting, implementing, and monitoring countermeasures to maintain an acceptable level of risk at an acceptable cost. IIT begins the process with an assessment of an organization’s critical assets and the impact of their degradation, their vulnerability to exploitation, and the nature and likelihood of specific threats. This information is used to identify and evaluate risks and develop effective countermeasures to reduce that risk.
Threat and Vulnerability Analysis
With a unique focus on managing business and information related risk, IIT works with organizations to examine the threats they face and to analyze their unique vulnerabilities. The primary objectives of a vulnerability assessment (VA) are to provide information on the security and operational posture of a military unit or commercial enterprise to improve mission capability, and to protect proprietary technology/information by identifying Information Operations (IO) vulnerabilities in some or all of the following areas:

• Deficiencies in policy, programs, or personnel security resulting in Organizational vulnerabilities.
• Vulnerabilities resulting from Organizational structure and information flow.
• Vulnerability of computer networks, and the systems they support, to threats which could adversely impact the unit’s ability to accomplish critical mission functions.
• Vulnerability to enemy/adversary intelligence activities including SIGINT, IMINT and HUMINT. Vulnerabilities identified through counterintelligence activities.
• People, process or technology vulnerabilities identified via a SSE-CMM (ISO 21827) survey.
• Enforcement in areas of OPSEC, INFOSEC, or physical/personnel security.
After analyzing the current situation and risk from all perspectives (people, processes, technology), the IIT team will produce a detailed report, complete with recommendations to address all findings. Customers may then rely on IIT for all security process reengineering, infrastructure improvement, training and implementation needs.

Related Resources


IIT Cyber and Physical Security and Enterprise Technology Recognition

2014 AFEI Enterprise Information Winner – Industry Category

2013 AFEI Enterprise Information Honorable Mention – Industry Category

2011 SANS Institute National Cyber Security Innovation Award

2009 NSA Rowlett Award for Organizational Achievement

Awards and Logos