Font Size: A A A

Home > Reviews > Critical Infrastructure Protection

Critical Infrastructure Protection

Author Kelley Cronin, and Nancy E Marion

ISBN No 9781498734905

Review date 24/06/2019

No of pages 366

Publisher CRC Press

Publisher URL https://www.crcpress.com/Critical-Infrastructure-Protection-Risk-Management-and-Resilience-A-Policy/Cronin-Marion/p/book/9781498734905

Year of publication 15/02/2017

Brief

Critical Infrastructure Protection, Risk Management, and Resilience: A Policy Perspective. CRC Press

Our Review

price

£ 49.99

If you want a book on homeland or related security management, you can go to one of many titles from the publisher CRC Press with profit, writes Mark Rowe.

And so it is with Critical Infrastructure Protection, Risk Management, and Resilience: A Policy Perspective, by Kelley Cronin, and Nancy E Marion. Note the title for what the book is, and isn't; it takes you through the policies that have made the US homeland security effort what it is today, about 15 years on from the shock of the September 11 attacks.

The authors sensibly right away define ‘critical infrastructure’; as ‘the framework of man-made networks and systems that provide needed goods and services to the public’. That includes banking, transport, water (and waste water), telecoms and the physical buildings, people and cyber that go into all of those.

Non-American readers may skip the earlier chapters that set out the Department of Homeland Security and other US agencies’ policies and changes since the 9-11 attacks sparked the US into spending billions a year on ‘homeland security’. Even readers from outside the United States and who have little to do with the US may find of interest the chapters ‘DHS perspective on risk’ and ‘methods of risk assessment’, to compare the US’ processes with their own.

The later three chapters that set out how various sectors specifically approach risk will be of interest to US and non-US readers alike. What threats the US faces, other countries’ equivalent sectors will face also. As an aside, it used to be said that what happened in the US, would come to Britain (or Europe or the rest of the world); thanks to the internet, what happens in one place can be taken up anywhere else, near instantly; such as ransomware and other cyber-attacks on healthcare systems. As the authors point out, ‘critical infrastructures do not operate alone’. A tornado or flood (to give US natural disaster examples) that knock out bridges means that farm and other produce cannot be transported; without clean water, factories and other businesses might not work. Interdependency, as the authors put it, is ‘bidirectional and multi-directional’; besides that physical reliance – materials have to flow, on a supply chain – there’s a cyber reliance, on information transfer; and a geographical element (your telecoms may go down even if the lines are sound in your neighbourhood, but a sub-station or network necessary for the whole goes down). And a disaster, whether man-made or natural, can throw up a dependency that you never suspected.

For all the presidential orders (from Bush to Obama alike) and budgets of billions and the sheer number of words thrown at ‘homeland security’, it’s sobering as the authors point out that a serious issue is not only terrorism or extreme weather, but the United States’ ageing and even literally decaying infrastructure, in need of repair: pipelines, railways, ports, roads, dams; many privately-owned. The US is evidently grappling with the competing need to share information about cyber and other risks, and whether voluntary schemes will be good enough, or timely enough. And do government departments, in the US or anywhere, share data well, either, let alone in a crisis such as Hurricane Katrina? The authors state that more than 80 per cent of the US’ critical infrastructure is under private sector control. As the authors say, ‘businesses need incentives to spend on their own protection measures’. The authors set out the challenges, such as getting to grips with the ‘increased nexus between cyber and physical security’; keeping up with such dynamic risks is, as the authors show, another matter.

For American readers in particular, this book set out the recent past, present and foreseeable future of securing critical infrastructure; for non-American readers, this is a useful guide to the American experience (so far) and a source of ideas.