Book/Printed Material Identifying and Prioritizing Systemically Important Entities : Advancing Critical Infrastructure Security and Resilience

Title

• Identifying and Prioritizing Systemically Important Entities : Advancing Critical Infrastructure Security and Resilience

Summary

• In response to the mounting specter of systemic cyber risks, the Cyberspace Solarium Commission recommended that Congress codify the concept of Systemically Important Critical Infrastructure--later renamed Systemically Important Entities (SIEs)--and that the Cybersecurity and Infrastructure Security Agency (CISA) be resourced to identify SIEs and support in the mitigation of their risks to support a broader national strategy of layered deterrence. In support of the CISA National Risk Management Center (NRMC), this report clarifies the concepts of SIEs and introduces a data-driven methodology for their identification and prioritization. Specifically, the authors identify SIEs by their potential to affect national critical functions (NCFs) and prioritize SIEs by measures of their size and interconnectedness. This report builds on existing work regarding Critical IT Products and Services and extending the researchers' analysis to federal agencies and firms that install potentially vulnerable software, in addition to firms that write software. This report further documents systemic risks and cyber risks in software supply chains, past and ongoing analytical support to CISA, and current limitations, and it outlines a path for future work.

Names

• Bordeaux, John, author
• Welburn, Jonathan W., author
• Romanosky, Sasha, author
• Boudreaux, Benjamin, author
• Strong, Aaron, author
• Prier, Shannon, author
• Montemayor, Cheryl K., author
• Williams, Jhacova, author
• Paige, Jessica Welburn, author
• Vermeer, Michael J. D., author
• Winkelman, Zev, author
• Rand Corporation. Homeland Security Operational Analysis Center
• Rand Corporation
• National Risk Management Center (U.S.)

Created / Published

• Santa Monica, CA : RAND, 2023.

Contents

• Chapter One: Introduction -- Chapter Two: Background and Motivation on Systemic Importance -- Chapter Three: Systemically Important Entities : Identification and Prioritization -- Chapter Four: Systemic Cyber Risk -- Chapter Five: Future Research -- Appendix A: Systemic Importance Analytic Model -- Appendix B: Cybersecurity and Infrastructure Security Agency Strategic Intent and National Risk Management Center Missions and Objectives -- Appendix C: Cyber Data and Software Dependencies -- Appendix D: Analytical Support for the Cybersecurity and Infrastructure Security Agency.

Headings

• -  Computer security--United States
• -  Computer networks--Security measures--United States
• -  Infrastructure (Economics)--United States
• -  Cyberterrorism--United States--Prevention
• -  Communication Systems
• -  Cybersecurity
• -  Data Science
• -  Terrorism Risk Management
• -  Sécurité informatique--États-Unis
• -  Réseaux d'ordinateurs--Sécurité--Mesures--États-Unis
• -  Computer networks--Security measures
• -  Computer security
• -  Cyberterrorism--Prevention
• -  Infrastructure (Economics)
• -  United States

Notes

• -  "HSOAC - Homeland Security Operational Analysis Center."
• -  Also available on the Internet as a PDF file.
• -  Includes bibliographical references (pages 81-86).
• -  Description based on print version record; resource not viewed.

Medium

• 1 online resource (xi, 86 pages) : illustrations.

Call Number/Physical Location

• QA76.9.A25

Digital Id

• https://hdl.loc.gov/loc.gdc/gdcebookspublic.2024739196

Library of Congress Control Number

• 2024739196

Rights Advisory

• This is non-restricted, fully open content that may be accessed on and off of the Library of Congress campus, with no restrictions, by an unlimited number of users

Access Advisory

• Unrestricted online access

Online Format

• image
• pdf

LCCN Permalink

• https://lccn.loc.gov/2024739196

Additional Metadata Formats

• MARCXML Record
• MODS Record
• Dublin Core Record