Dyson College of Arts and Sciences
Issue link: http://dysoncollege.uberflip.com/i/633753
seidenberg sChool of CoMPuter sCienCes and inforMation systeMs Moving Towards Resiliency: The 20 Critical Security Controls and Their Intersection with Physical Security Dr. James W. Gabberty, MBA, MS, Pace University, New York, U.S. 163 William Street, Room 217, NYC, NY, 10038, JGabberty@Pace.edu Abstract This paper discusses the recently available 'Top 20 Critical Security Controls' of information security and the framework's relatedness to both private and public firms in their continual pursuit to combat cyber security events (intentional and unintentional) that can potentially damage or otherwise cause denial-of-service conditions to various components of the natio n's critical infrastructure. By examining some of the recent, more highly publicized cyber-attacks against the backdrop of the 20 critical security controls and even more current successful cyber- attacks that resulted in sustaining actual physical damage, prescriptive suggestions for accelerating implementation of the controls is made to better defend the nation against a threat that like terrorism, has and will further permeate our society for the foreseeable future. Introduction So much of our modern society is based upon the continual processing of information that the question, "What happens if these systems stop functioning or become unavailable" seems implausible or impossible. All too often we take for granted that the Internet for example, just like our publically-switched telephone system, will always be there when needed just as it has been over preceding decades. But the question about continued future availability regarding the nation's information and communication infrastructure has merit, it turns out. Such was the case when [mostly] Western societies–led by the U.S.–contemplated the possible detrimental effects caused to these advanced economies (i.e., those which embraced computing and digital networks) would endure as the new millennium approached a little more than 15 years ago. That period in time is often referred to as Y2K (Year 2000). At the time, mass hysteria was avoided, but heightened global awareness and continuous calls for preparation to avoid the cataclysmic effects associated with the potential of non-functioning critical infrastructure components that might lead to inoperable dam/flood gates, electric power grids shutting down, water systems halting unexpectedly, air traffic control disruptions, bank vaults and ATM's ceasing to function, etc., skyrocketed. As midnight approached on December 31, 1999, global attention and accompanying public unease caused a frightened public to ponder how they got themselves into this situation to begin with. 57