@Risk

Focused on supplier risk issues for business leaders

Homeland Security Releases IT Sector Baseline Risk Assessment

August 27, 2009

Earlier this week, the Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) released the IT Sector Baseline Risk Assessment (ITSRA), a 114-page document that:

  • identifies and prioritizes national-level risks to critical sector-wide IT functions
  • outlines strategies to mitigate those risks and enhance national and economic security.

“Private sector owners and operators of this nation’s critical infrastructure manage risk on behalf of their customers and their internal operations every day, and the risk assessment validates the overall resiliency of that infrastructure.  Industry and government, however, need to understand the risk across the entire IT Sector,” says IT SCC Chairman Bob Dix. “This dynamic process and its tangible results provide an opportunity to collectively manage risk at the national level, and we are already working on applying the findings of the IT Sector Baseline Risk Assessment to better mitigate risk, making the IT sector and the nation more resilient and secure.”

As the report states, threats to the IT sector are complex and varied. The constantly evolving list currently includes: natural hazards (weather, seismic events, etc.), criminals, hackers, insider threats, terrorists, nation-states, and automated worms/viruses and other social engineering attacks. The ITSRA deep dives into each risk of concern and then offers strategies (whether existing, being enhanced, or potential future) for mitigating those risks.

The report addresses, in detail, these critical IT sector functions:

  • IT products and services
  • Incident management capabilities
  • Domain name resolution services
  • Identity management and associated trust services
  • Internet-based content, information and communications services
  • Internet routing, access and connection services.

Then, the ITSRA does on to identify several areas that need more study, including:

  • identity management
  • manmade unintentional threats
  • natural threats and impacts to infrastructure
  • the establishment of national-level testing and simulation capability for the Internet infrastructure
  • development of a national-level cybersecurity awareness program that includes outreach, training and education
  • cross-sector interdependency analysis
Bookmark and Share
Tags: , , , , , , , ,

1 Trackbacks/Pingbacks

  1. @Risk | In-House Supply Chain Management Cuts Costs for Retailers 25 02 10

Leave a Reply