Drawing upon resource material provided and that discovered while conducting your own research, answer the following:
1. Examine the role of risk management within the homeland security enterprise. Drawing upon your class readings and additional research, examine how risk management is used by the homeland security enterprise including such efforts as resource/grant allocation, strategic planning, and other homeland security-related initiatives (from the federal level to state and local efforts).
2. Examine the role of cyber-security within the homeland security enterprise. Specifically address how cyber-security relates to our national critical infrastructure and its protection.
Technical Requirements
-Your paper must be at a minimum of 5-7 pages (the Title and Reference pages do not count towards the minimum limit).
-Scholarly and credible references should be used. A good rule of thumb is at least 2 scholarly sources per page of content.
-Type in Times New Roman, 12 point and double space.
-Students will follow the current APA Style as the sole citation and reference style used in written work submitted as part of coursework.
-Points will be deducted for the use of Wikipedia or encyclopedic type sources. It is highly advised to utilize books, peer-reviewed journals, articles, archived documents, etc.
-All submissions will be graded using the assignment rubric.
Answers
Risk Management And Cyber-Security Within The Homeland Security Enterprise
Question One
A few months after the 9/11 attack, the department of homeland security (DHS) was established to foster public safety in the United States. This responsibility ranges from countering foreign and domestic terrorism, mitigating the impact of natural disasters when they occur, protecting the country’s cyberspace, responding to manmade accidents, among others. Besides enhancing safety, the DHS has a responsibility to manage the costs of projects that it undertakes, not to mention ensuring proper management of risks associated with its workforce (Beers, 2011, p.7). Dealing with all external and internal elements of the DHS environment can be challenging, especially due to the competing requirements of each component of the enterprise. As such, the adoption of risk management within the homeland security enterprise is essential to facilitate prioritization of activities, proper allocation of resources and strategic planning in responding to public safety.
Among the primary roles of risk management within the DHS is to facilitate prioritization of activities that involve public safety. As noted in the DHS risk management fundamentals, risk management does not preclude adverse events from occurring; however, it enables the agency to focus on things that are likely to bring the most significant harm to the American people (Beers, 2011, p.8). In other words, the DHS uses risk management to assess and rank security threats based on their vulnerability, possible danger, and consequences to the people. For example, some of the common security threats that are likely to occur in the United States are attacks by foreign terrorist organizations (FTOs) as well as events of domestic terrorism by racially-and ethnically-motivated violent extremism. Given that both threats have competing requirements, the DHS may use risk management to assess one that has a high probability of occurring and its impact on American citizens. In doing so, the DHS can decide which threats ought to receive considerable attention and those that only require monitoring.
Risk management is also used within the DHS to facilitate the proper allocation of resources and grants at the state and local level. It is argued that risk management is a vital component of an evidence-driven approach to requesting and allocating grant funding (Beers, 2011, p.9). Most notably, this is done because the DHS has several component agencies at the state and local levels that require funding to accomplish their objectives. Besides, the DHS acknowledges that it cannot afford to protect everything against all threats; thus, choices must be made regarding how best to allocate available resources (“Homeland security”, n.d., p.1). For example, it is noted that when agencies such as the Coast Guard and Customs and Border Protection (CBP) want to request funding, they conduct a risk assessment on the existing infrastructure. Most notably, if a specific infrastructure is a critical asset and a vulnerable target to security risks, it becomes a high priority for funding. On the other hand, if the infrastructure is susceptible to attack but already well protected, it receives lower priority and probably limited funding (“Transforming the department”, n.d., p.14). This scenario exemplifies the manner in which risk management is used within the DHS to facilitate the proper allocation of grants within its component agencies.
Additionally, risk management within the homeland security enterprise also plays a critical role in fostering strategic planning. In this context, strategic planning entails designing the best security strategies for addressing risks in particular organizations (Beers, 2011, p.9). It is worth noting that each component agency of the DHS may be susceptible to different security risks depending on its area of specialization. For example, the CBP is prone to maritime security threats, while the Transportation Security Administration is likely to face aviation-related risks. As such, risk management, which involves identification, analysis, and mitigation of risks, enables the DHS to have an oversight of the risks that are likely to affect each of its component agencies and establish a customized plan for each agency to control the risk effectively.
As noted, risk management is used by the homeland security enterprise in the assessment of three primary aspects, vulnerability, threat, and impact of a security threat. Vulnerability, in this context, refers to the likelihood of the agency being exposed to an attack. For example, the susceptibility of the DHS to FTOs can be higher than that of domestic terrorism. Also, risk management assesses the threat or the type of risk that is likely to occur within the agency. Thirdly, risk management is used to evaluate the effect of the identified risk on all stakeholders. Fundamentally, risk management is used by the DHS to assess the three elements of security threats.
In summary, risk management plays critical roles in facilitating the evidence-based allocation of resources, prioritization of risks, and strategic planning within the DHS. When used by the DHS, risk management assesses the threat, vulnerability, and impact of a security issue.
Question Two
On several occasions, the United States’ cyberspace has made headlines on the media for reasons that cause concern to the American people. Most notably, almost every year, there have been reports of alleged threats on the country’s cyberspace from hackers. Some of these threats are either from terrorist groups or international governments that have malicious intentions. An example of prior risks in the United States cyberspace is the alleged cyberattack launched by Russian military intelligence officers on the United States cyberspace, which led to the hacking and publishing of content belonging to a presidential candidate (Jamieson, 2018). While some of these attacks are trivial, others can have detrimental effects on the welfare of American citizens. Therefore, cyber-security within the homeland security enterprise plays a critical role in ensuring that the country’s cyberspace is protected against cybercrime and disrupting the activities of foreign terrorist organizations (FTOs).
The primary role of cyber-security within the homeland security enterprise is to protect the United States’ cyberspace against cybercrime. Cyber-crime is criminal acts perpetrated using a computer and may include credit card fraud, identity theft, impersonation, intellectual property fraud, phishing, spoofing, and spyware (Ajayi, 2016, p.3). Most notably, a significant fraction of data in the United States is automated and tied to the internet, which implies that it can easily be maliciously attacked. For this reason, cyber-security within the homeland security ensures that all automated data is protected using security protocols to prevent malicious attacks from external forces. Besides protecting, cyber-security within the enterprise fosters a quick restoration of the functionality of the country’s cyberspace after an external attack by creating backup plans.
Apart from protecting the country against cybercrime threats, cyber-security within the homeland security enterprise plays a critical role in disrupting the activities of FTOs. As noted in the strategic framework for countering terrorism in the United States, the success of Homeland security enterprise in countering terrorism depends on its ability to investigate and disrupt terrorists and their support systems (McAleenan, 2019, p.6). These support systems may include finances used to purchase weapons and recruit individuals in their movement. Some of the money that terrorist groups use to fund their activities is gathered from data hacked from unsuspecting individuals. For example, terrorists can raise money by stealing the identity of other people and using it to conduct financial transactions. However, with cyber-security measures in place, the homeland security enterprise can disrupt the activities of FTOs by preventing identity threat, which is a common way used by terrorists to fund their illegal operations.
Fundamentally, cyber-security and our national critical infrastructure and its protection are closely related by the fact that the latter is automated; thus, deeming the need for computer security. As noted, cybersecurity involves the protection of online systems and computer networks from disruptions caused by malicious attacks. On the other hand, critical infrastructure is “physical and cyber systems and assets that are vital to the United States that their incapacity would have a debilitating impact on the physical or economic security or public health or safety” (“Critical infrastructure security”, n.d.). An example of critical infrastructure in the United States is public health. Over the years, the infrastructure has highly become automated and tied to the internet, which increases its susceptibility to cyber-attacks. As such, cyber-security is associated with such critical infrastructure in the sense that it helps mitigate their vulnerability to cyber-attacks.
In summary, cyber-security within the homeland security enterprise plays a critical role in protecting the country against threats of cybercrime and disrupting the activities of FTOs. Also, cybersecurity and our national critical infrastructure are related by the automation of the latter. Most notably, the vulnerability of the automated infrastructure to computer attacks necessitates the implementation of cyber-security.
References
“Critical infrastructure security” (n.d.). Department of Homeland Security. https://www.dhs.gov/topic/critical-infrastructure-security
Ajayi, E.F.G. (2016). Challenges to enforcement of cyber-crimes laws and policy. Journal of Internet and Information Systems, 6(1), 1-12. https://academicjournals.org/journal/JIIS/article-full-text-pdf/930ADF960210
Beers, R. (2011, April). Risk management fundamentals: Homeland security risk management doctrine. Department of Homeland Security. https://www.dhs.gov/xlibrary/assets/rma-risk-management-fundamentals.pdf
Homeland Security: Applying risk management principles to guide federal investments (n.d.). Diane Publishing. ISBN: 1422313573, 9781422313572
Jamieson, K.H. (2018, October 22). How Russia cyber attacks helped Trump to the U.S. presidency. The Guardian. https://www.theguardian.com/commentisfree/2018/oct/22/russia-cyber-theft-trump-us-election-president-clinton
McAleenan, K. (2019, September). Department of homeland security strategic framework for countering terrorism and targeted violence. U.S. Department of Homeland Security. https://www.dhs.gov/sites/default/files/publications/19_0920_plcy_strategic-framework-countering-terrorism-targeted-violence.pdf
Transforming the department of Homeland security through mission-based budgeting: hearing (n.d.). Diane publishing. ISBN: 1422323951, 9781422323953.