The world has in the recent past experienced a surge of issues that create significant security concerns. Factors relating to globalization, computerization, and increased internet accessibility pose significant threats associated with cyber-attacks and terrorism. The criticality of advanced security issues faced today relates to the resulting impacts. Security issues tend to threaten life continuity and daily government operations especially when they affect critical infrastructures. As a strategy of promoting security management, the United States Homeland Security Department participates in the management of all critical infrastructures. Therefore, these pages will focus on evaluating security management, Homeland Security, and terrorism management.
Security management is a critical aspect of the protection of critical infrastructures (CIs) in both developing and developed nations. While critical infrastructures play a significant role in enabling the reliability, the ongoing globalization poses significant security threats. For instance, globalization has created a borderless world by increasing transportation through different strategies and enhancing communication through advances in computers and internet technologies. While the efficiencies have been critical to supporting national economic growth and development, the associated threats pose significant risks relating to terrorism and cyber-attacks. As a result, governments must prioritize the idea of security management to ensure that critical infrastructures are maintained and protected. Through proper security management, nations would efficiently manage to ensure the continuous operation, safety, performance, and reliability of CIs.
Typically, security management describes an integrative role that focuses on identifying a nation’s assets which are both people and sectors that promote continuous operations of daily life operations. Further, security management incorporates the development and planning of strategies and policies that promote the management of the identified assets together with their documentation and implementation. Governments are able to identify critical infrastructures together with possible threats through security management. In the United States, the Department of Homeland Security undertakes the responsibility of managing the security of critical infrastructures.
Critical infrastructures in the US describe both assets and systems both virtual and physical that are increasingly significant and their service disturbance could pose severe effects to national security with respect to factors that include, safety, public health, and economic wellness (Alcaraz, and Zeadally, 2015). Critical infrastructure sectors include the energy sector which incorporates sources of energy production, as well as storage and distribution resources. Others include the water and wastewater systems, dams, transportation systems, government facilities, and information technology sectors. In addition, critical infrastructures include the nuclear reactors, materials, and waste sectors, defense industrial, chemical, critical manufacturing, and commercial facilities sectors. More so, the United States recognizes national monuments and icons as CIs. According to the Department of Homeland Security, they represent the physical structures, geographical locations, monuments, and objects that are agreed as critical representations of the national culture or are linked with some form of historical or religious significance (Alcaraz, and Zeadally, 2015).
The need for security management in countries has been exacerbated by the interdependence of critical infrastructure sectors. While the interdependence implies that different sectors depend on each other for efficient operations, it equally means that the disruption of a single sector could trigger notable effects on interrelated sectors as well (Alcaraz, and Zeadally, 2015). Scholars note that there exist different relationship types which are logical, geographic, physical, and cyber (Alcaraz, and Zeadally, 2015). Geographic interdependency describes a relationship that results when different infrastructures are located within a similar location and the occurrence of a problem in a single infrastructure could negatively impact the other CIs.
Further, logical interdependency explains relationships where the actions, decisions, and systems of a specific infrastructure agent tend to be attached to a different agent of another CI despite the lack of an uninterrupted association through geographic, cyber, or physical connections (Alcaraz, and Zeadally, 2015). On the other hand, physical interdependency describes a form of connectedness relating to the acceptance of raw material or resources from different CIs. Lastly, cyber interdependency is associated with the current connectedness in systems of information and communication between and among varying critical infrastructure sectors (Alcaraz, and Zeadally, 2015).
Security management in countries like the united states describe highly complex responsibilities that utilize varying technologies to increase efficiency. United States has for decades maintained the position of the primary economic power recording significant technology adoptions in different critical sectors. Equally, the technological advances and expertise are documented in criminal practices thus posing significant security threats to government operations as well as other critical infrastructures. A common aspect of security management relates to the protection of data primarily government data from the enemy.
Basically, data protection in security management relates to a government’s need to promote the efficiency and reliability of information systems performance in all critical infrastructures (Alcaraz, and Zeadally, 2015). Managing the security of Critical Information Infrastructures (CIIs) could effectively promote security management in all other sectors. According to Alcaraz, and Zeadally (2015), critical information infrastructures incorporate the information procedures that are driven by communication and information technology forming their specific critical infrastructures and are significant to other CIs operations. In a nutshell, the scholars imply that most critical infrastructures crucial to societal operations rely on systems of information for the management of delicate data that links to critical infrastructures.
According to Alcaraz, and Zeadally (2015), unexpected occurrences on infrastructures of information systems could result to significant outcomes that would, in turn, impact the reliability, safety, performance, and security of the related CIs. As such, there exists a significant need for countries to focus on security management which would facilitate the development of efficient measures for protecting CIIs. Security management has seen the development of Critical Information Infrastructure Protection (CIIP) which incorporates activities and infrastructure programs manufacturers, owners, operators, institutions of Research and Development (R&D), users, regulatory authorities, and governments that focus on ensuring critical infrastructures such as information systems reliability in a situation of attacks, accidents, or failures (Alcaraz, and Zeadally, 2015). More so, the team seeks to improve service delivery and reduce both damages and time required for recovery.
Therefore, security management should be perceived as an integrative role instead of a role that is limited to specified sectors in order to promote the efficiency of outcomes. Within security management both the ideas of critical information infrastructure protection should be integrated with those of critical infrastructure protection in order to ensure the protection of national data (Alcaraz, and Zeadally, 2015). Countries tend to be keen on aspects that relate to the protection of cyber systems due to the underlying risk of utilizing information systems to undertake different threats and terrorist acts. The United States acknowledges the criticality of security management through critical information infrastructure protection by outlining that it is important for both the country’s economic and national security built, designed, and implemented by private sectors (Alcaraz, and Zeadally, 2015).
The United States policy that accepts the need for CIP protection in sectors perceives CIIs as critical infrastructures since their data is usually secret to the public and equally promotes the security of protected systems. According to Alcaraz, and Zeadally (2015), information and communication technology describes the critical infrastructures pillar that incorporates varying network topologies, interfaces for data transmission and management, as well as communication links that target to promote reliability and timely deliveries. Critical information structures are described as very critical elements in different sectors. For instance, in Industrial Control Systems (ICS) are responsible for supervising and controlling industrial infrastructure operations like lines of electrical distribution and transmission, oil and gas pipelines/refineries, energy bulk generation systems, together with water treatment systems (Alcaraz, and Zeadally, 2015).
ICS communication structural design incorporates communication topologies, links, as well as techniques that enhance the receiving and processing of data from nearby remote substations of the infrastructure under supervision. The management of the security of such systems is both critical and unavoidable especially considering that they include automated systems that include different industrial engineering devices like sensors, actuators, and Remote Terminal Units (RTUs) that collect and send information relating to infrastructure controls such as that relating voltage, pressure, and temperature levels (Alcaraz, and Zeadally, 2015). As such, every CI sector should ensure the perfect understanding of its information systems to increase vigilance while evaluating the efficiency in performance.
Security Risk Management
Security risk management is the backbone of overall security management and incorporates the idea of identifying, evaluating, treating, and monitoring the existing risks. The primary step in managing security risks is the identification of the existing threats which requires the evaluation of possible issues in the current controls as well as the probability of threats and equally determine the possible risk effects in a situation of risk occurrence. Normally, possible risks could be internal referring to those that could possibly develop from within the country/ sector/ organization. Others could develop from outside the country and are identified as external threats.
After identifying the underlying security threats, the security management team should focus on prioritizing the risks with the aim of evaluating the possibility of event presentation as well as the effects that could result. Understanding the possibility of risk presentation enables the specific sectors a chance to focus on the riskiest issues. The next step after risk prioritizing is the treatment/ management of the problem by ensuring the classification of the specific risk and selection of the most effective response strategy depending on the specific event. The management phase involves the identification of possible response strategies for identified threats in a manner that would ensure agility and minimize the risk impacts. Lastly, the managing team should focus on outcome monitoring ad ensure the fixing of possible issues that could be presented in the general security management operations.
Further, the teams should focus on elements that would efficient for the management of external risks which could take different options such as avoidance, reduction, transfer, spreading, or acceptance. Risk avoidance relates to the idea of failing to enter or accept situations that present hazards. Experts discourage in the acceptance of the specific strategy noting that it presents challenges that could implicate other effective strategies. For instance, avoidance of threats could include the failure to adopt certain technologies due to their associated risks. Another option to responding to risks is through risk reduction which is a strategy that could focus on different measures that include educating participants on risk management and utilization of preventive measures. For instance, specific sectors could focus on ensuring the protection of CIIs through the appreciation of preventive measures such as passwords to protect data. Further, risk transfer describes a situation that results when sectors transfer the possible risks to other parties through contracts or insurance purchases. Risk acceptance, on the other hand, describes a situation where the specific affected CI accepts the cost of risk management.
Typically, regardless of the strategy that the critical infrastructure sector decides to employ for risk management, communication serves as a crucial aspect in security management. Primarily, communication promotes the possibility of ensuring that the interdependent sectors facing similar threats or risks ensure the implementation of the appropriate risk management strategies. For example, in a case of a threat relating to information systems in different critical infrastructures, the responsible teams would be in a position to ensure the implement different safety measures. More so, communication plays a significant role in increasing the vigilance of other sectors to evaluate the security of their information systems and equally ensure the implementation of the appropriate safety measures.
Furthermore, communication of issues relating to security management promotes the appreciation of developing security measures to emerging problems. Similar to technology advances, security concerns advance at high rates and require the utilization of equally advanced measures to minimize their impacts. For instance, the utilization of encrypted language and codes in communications between criminals or terrorists limit the chances of authority detection. Different sectors should focus on communicating developing coding as well as effective codes for decrypting encrypted data. In the united states, communicating about developing problems increases the vigilance of the Homeland Security Department in pooling together resources that evaluate security issues in different critical infrastructures.
The management of security in countries plays a significant role in assuring citizen protection and as well as protection of critical infrastructures. Ideally, security management ensures the continuity of operations in case of an incident and minimizes the impacts associated with developing incidents. More so, security management promotes the reliability of critical infrastructures which is simply defined as the practice of ensuring that they operate as expected. Managing security minimizes the development of issues that could disrupt essential life quality enhancers such as national security, health, and safety of the public since governments are able to respond to disasters quickly and equally limit the occurrence impending threats. Therefore, the application of proactive security management measures could be more critical to promoting proper progress in managing national security.
Terrorism Prevention and Management
Terrorism has been a significant issue for global nations over recent decades. According to the United States Code Section 2331 domestic terrorism explains practices that incorporate behaviors that pose danger to human life and violate the US criminal regulations as well as those of other states (Jackson et al., 2019). More so, it could explain activities that target to coerce or intimidate civilians, or affect government policy through coercion or intimidation, and impact government conduct through practices that include kidnapping, mass destruction, or assassination. Further, rimes that present in United States territorial jurisdiction. Both the united states and international definitions for terrorism imply the need for nations to implement terrorism prevention and management strategies.
According to Jackson et al (2019), terrorism prevention which is the overriding of activities and programs that were in the past described as countering violent extremism (CVE) is among the United States’ complex reactions to threats relating to extremist and terrorism inspired violence. Efforts of terrorism prevention and management integrate those of enforcing counterterrorism (CT) and criminal justice through ensuring prevention of threat occurrence and minimizing the necessity for implementing CT actions within the US (Jackson et al., 2019). More so, efforts of terrorism prevention and management focus on the management of persons who have been released after conviction on offenses that relate to terrorism activities.
Experts argue that major united states terrorist threats have been contributed by the radicalization of people through activities that include interaction with people representing global terrorism groups overseas, exposure to terrorist content through the internet, as well as through attacks or attack attempts by people who are motivated by foreign/ domestic terrorist groups (Jackson et al., 2019). Most nations have continued focusing on efforts of countering violent extremism as an approach for minimizing terrorist attack threats from persons who have migrated to conflict zones to battle, as well as those who have volunteered to implement violence with the US or back terrorist groups.
Originally, the United States initiated a focus on aspects relating to violence mobilization and radicalization after the 9/11 attacks in 2001 (Jackson et al., 2019). However, following the Fort Hood attack in 2009 as well as the 2010 attempt to bomb Times Square, the US started active CVE interventions. The reduced terrorist threat levels in the united states in comparison to those of other nations have enabled the country to implement strategies for managing possible threats. The United States has active terrorism prevention and management programs and policies that target to minimize terrorism risks in a manner that is different from incarcerating or investigating persons suspected of supporting or planning violence (Jackson et al., 2019).
Nevertheless, the country struggles with the development of policies that would enhance proper response to the reduced terrorist incidence considering that the resulting outcomes are far-reaching (Jackson et al., 2019). As such, the united states focus on increasing efficiency in terrorism prevention and management through the utilization of tools that seek to minimize terrorism for a long time. The tools seek to minimize recruitment/ radicalization of individuals to groups of terror, ensuring interventions with persons who are susceptible to violent radicalization, and reduce impacts relating to terrorist messaging. More so, the tools employed by the united states incorporate activities and programs that seek to prevent reoffending for individuals who had been incarcerated for crimes relating to terrorism (Jackson et al., 2019). Strategies of terrorism prevention and management are equally focused on educating communities which normally describes the concept of creating awareness on aspects that relate to crime investigation.
The need to implement terrorism prevention and management strategies in the United States significant especially as a strategy for minimizing the severity of impacts. Terrorist attacks pose significant threats to people, the economy, properties, and the environment as well. Within the US, about 10 individuals have been killed annually in terrorist attacks between the end of 2001 and 2018 (Jackson et al., 2019). The different strategy efforts employed by the Department of Homeland Security such as radicalization prevention targets to minimize forms of violence that are motivated by extremist or ideology causes.
Terrorism prevention and management focuses on ensuring the development of options that go further than the traditional tools of criminal justice such as arrest, trial, and imprisonment (Jackson et al., 2019). The tools seek to improve terrorism prevention for a prolonged period. Equally, Homeland security focuses including the involvement of capabilities and non-governmental organizations in promoting programs for terrorism management and prevention (Jackson et al., 2019). The programs focus on ensuring that individuals intending to engage in terrorist activities are apprehended before breaking the law and posing danger to both themselves and other citizens as well.
The Department of Homeland Security focuses on efforts of preventing and managing terrorism through radicalization minimization efforts such as counter-messaging and educating communities, identification and assisting of venerable populations through efforts of creating community awareness, trainings relating to low enforcement, intervention programs, and recidivism minimization through ensuring that people who were previously imprisoned receive the relevant services (Jackson et al., 2019). Intervention efforts are not limited to homeland security but cold equally includes community entities, law enforcement government sectors, and social services within or outside the government. Community-based terrorism prevention efforts include purely community organizations that involve in the prevention of terrorism while those that are purely law enforcement describe government-based organizations most of which include agencies of criminal justice (Jackson et al., 2019).
Options of terrorism prevention and management could take integrative or individual operations depending on the local/ community area circumstances. Separate involvement is at times documented in situations where the involved parties such as the government, agencies of law enforcement, NGOs, and individuals have differing ideas (Jackson et al., 2019). Further, in the case where the different parties agree on the strategies to employ in managing and preventing terrorism, a multidisciplinary or collaborative method is employed. Considering the complexity of terrorist attacks, employing collaborative strategies of preventing and managing terrorism would be more convenient in enhancing management. Collaborations could effectively enhance the countering of terrorism activities in time.
Security Risk Assessment and Plan Development Case
Efforts for security management have been critical to ensuring the availability of early warnings as well as information on impending threats. The information enables sectors of critical infrastructure to manage risks through ensuring proper implementation of both prevention and management approaches. Over the years, terrorist activities tend to target areas that have a high population which increases the severity of associated impacts. Improvised explosive devices (IEDs) and homemade explosives are some of the devices used by attackers to perpetrate attacks in commercial facilities which targets to cause both property damage and mass population casualties (Department of Homeland Security, 2015). Open space locations are normally vulnerable to such attacks. For example, locations that have thousands of spectators, as well as notable leaders such as the Head of state, are at higher risks of terrorist attacks including bombing. In a situation of such threats, individuals in charge of security must focus on promoting the implementation of strategies that ensure optimum security for all the people present.
Security management in a situation where there is ahead of state and some huge public population creates the need for rigid security measures especially when accompanied by warnings of possible bomb threats. The security team in charge must, therefore, focus on ensuring the proper assessment of the impending risk as well as the efficient plans for resolving the issues. In a situation of bomb alerts in a location where the Head of State and high populations are present requires the assessment of physical risks as well as cyber vulnerabilities. Considering that the parade within a stadium represents a commercial facility, evaluating the possible disruption outcomes and including relevant data sourced for information sharing intelligence and experience is critical. The evaluation plays a significant role in enabling the security team to develop the most effective strategies for risk reduction.
Personally, assessing the risk would involve a partnership with the fusion centers to increase the gathering, analysis, and threat-associated information sharing between different involved institutions. Considering the presence of the Head of State to the stadium parade, information sharing could include high priority security departments to promote efficiency. For example, the Department of Homeland Security, Department of Justice (DOJ), and the Federal Bureau of Investigations (FBI) could be involved in enhancing security plans for the specific day (Department of Homeland Security, 2015). The involvement of the different experienced departments in handling security could promote the assessment of possible bomb threats and enable the implementation of the necessary prevention strategies to prevent the threat. Government facilities infrastructure, information technology systems, communication systems as well as the transportation system critical infrastructures would play a significant role in facilitating research on the specific issue.
After evaluating the risk and realizing that the bomb threats are indeed possible, the teams could consider the incorporation of the Infrastructure Survey Tool (IST). Typically, IST describes security surveys that promote the identification and documentation of all the security relating to critical infrastructure and would equally enable the provision of data relating to proactive planning strategies as well as the allocation of resources (Department of Homeland Security, 2015). More so, the survey would be critical in enabling information sharing between government agencies, in this case, to evaluate the available information and assist in developing useful metrics. Considering that the IST tool utilizes the Protective Measures Index method to determine the CI capability in resisting disruptive happenings (Department of Homeland Security, 2015), the tool in this context would enhance the possibility of using relevant strategies to eliminate the impending threat.
Typically, IST incorporates some form of control panel that develops a Protective Measures Index for the facility in question and is employed to evaluate similar facilities while including the Resilience Measurement Index (RMI) evaluating aspects of preparedness, mitigation strategies, capabilities of response, and mechanisms of recovery (Department of Homeland Security, 2015). In addition, the tool plays a significant role in informing about some of the planning and allocation of resources strategies that could be applied proactively. The comparison could enhance the team to determine the possibility and effectiveness of utilizing the existing in place strategies to overcome the bomb threat. The RMI operates at a scale of 100 showing high resilience and 0 showing minimal resilience thus enabling the development of a comparison of various CI resilience (Department of Homeland Security, 2015). Equally, RMI offers a center for determining which priorities of physical and operational efficiencies could be employed to promote the resilience of assets.
The security plan would, therefore, focus on strengthening the protected and trusted strategy of information sharing and enhance the accessibility of actionable, timely, and threat particular data and analysis throughout the preparation process. This would be achieved through the official improvement of information sharing between procedures of the private and public entities and equally allow the team responsible for the management of the stadium access the relevant intelligence to focus on improving their management strategies (Department of Homeland Security, 2015). More so, the plan could focus on enhancing the sharing of information relating to between the private and public as a strategy for streamlining documentation. This could be effective in ensuring that emerging issues relating to the bomb threat are received and countered early enough. More so, the security plan for the specific day would focus on ensuring the promotion of participation value through the process of handling the issue, this would further teamwork as well as enhance accessibility all the involved sections including those that appear less critical.
More so, the plan would focus on increasing the availability, economic strength, and public confidence while still ensuring the application of budget-conscious strategies for minimizing cyber ad physical threats and supporting total increment of both resilience and security. Improvement of public confidence would be an effective strategy for ensuring that regardless of the impending threats relating to the bomb issue, the public could still be involved. The plan would focus on strategies that include expansion of facilities that include training, education, and practices that would enable operators and the public to gain knowledge on both readiness and risk reduction.
Readiness serves not only as a crucial aspect in enabling efficiency in preparedness but also in promoting agility in evacuation works in case of an emergency. Basically, training/ education and exercise offers the involved teams expertise on responding to attacks, which could help in minimizing injuries, damages, and losses. Additionally, the plan could focus on a strategy that seeks to enhance the security of cyber resources considering that they could be altered to minimize the realization of communication during attack perpetration. Information systems serve as a critical aspect of terrorism management as they enhance communication between the officers within the site as well as those in specific stations. As such, the efficiency of cyber systems would not only promote the effectiveness of terrorism prevention in the stadium but also enhance communication in case suspense presents.
Having evaluated the capability of the facility to avoid risks, the plan would equally focus on maintaining the efficiency of the effective and advanced systems to promote proper and timely response together with recovery procedures. This could be achieved through enhancing proper coordination with the interrelated facilities as well as community response agencies in order to promote flexibility and equally promote decision-making procedures. Having implemented the different strategies before the parade date, the plan will ensure the analyzing and assessment of threats, susceptibilities, and outcomes on a specific day and notify risk management teams of the facility as well as those of collaborating sectors. This could be achieved through continuous evaluation of physical and cyber risks as well as the development of measures for minimizing the presenting threats if they are still valid. In case the team finds the claims of bomb threat still active, the team would ensure partnership with various security institutions including federal, local, and regional stakeholders.
The last step could involve the promotion of ongoing adaptation and learning during the planning which could involve advising the crowds present during the parade on the best exit routes as well as ensuring that every person getting in the stadium is identified and their identity documented. In addition, the plan could include sharing flexibility and security practices to ensure that all the risk response teams available at the scene are well equipped with skills that would promote timely response.
Other than the efforts outlined above, the plan would consider the sourcing of enough security management personnel from law enforcement agencies as well as security expertise departments including the FBI. Further, considering the bomb threats could be true, security management should focus on carrying out an assessment to ensure the screening of explosive devices. The assessment should include bomb experts who would in case of explosives identification carry out safe elimination of the devices. Even when the assessment fails to detect possible explosives within the facility, the management team should ensure that entrance to the stadium is through the specified checkpoints and everybody attending the parade is screened effectively. Proper application of safety measures during the specified day could not only promote threat prevention but also promote proper response efforts.
In conclusion, security concerns have presented a significant topic of research especially in the 21st century. Increasingly, the security concerns are linked to the need for coping with challenges that present with technological advancement and globalization. Following the increasing demand for minimizing the occurrence of threats, countries are focusing on the management of critical infrastructure security. Due to the complexity and criticality of information systems, most efforts of security management focus on implementing proactive strategies for safeguarding cyber resources. Within the united states, the Department of Homeland Security undertakes the responsibility of ensuring the prevention and management of terrorism. In cases of threats, security risk assessment focuses on ensuring the participation of relevant departments through information sharing and implementation of plans that focus on ensuring location security before and after the incidence
Alcaraz, C. and Zeadally, S., 2015. Critical infrastructure protection: Requirements and challenges for the 21st century. International journal of critical infrastructure protection, 8, pp.53-66.
Department of Homeland Security (2015). Commercial Facilities Sector-Specific Plan An Annex to the NIPP 2013. [online] Dhs.gov. Available at: https://www.dhs.gov/sites/default/files/publications/nipp-ssp-commercial-facilities-2015-508.pdf [Accessed 28 Nov. 2019].
Jackson. B. A., Ashley. L. R., Jordan. R. R., Natasha. L., Katherin. C., and Sina. B. 2019. Practical Terrorism Prevention: Reexamining U.S. National Approaches to Addressing the Threat of Ideologically Motivated Violence, Homeland Security Operational Analysis Center operated by the RAND Corporation, RR-2647-DHS