| PDD 63 Overview OrangeSec offers services
to organizations undertaking interdependency
asset analysis. See our certification support page for details or contact us for more information.
 Table of Contents
Introduction
Presidential
Decision Directive (PDD) 63 is a national effort
to protect the security of the nation's critical
infrastructures. Critical infrastructures are
those physical and cyber-based systems essential
to the basic operations of the economy and
government. They include, but are not limited to,
telecommunications, banking and finance, energy,
water systems and emergency services, and
transportation, both public and private.
In order for
this effort to succeed, a coordinated effort on
part of the public and private sector must be
achieved. Together they shall contribute to a
sectorial National Infrastructure Assurance Plan
by:
- assessing
the vulnerabilities of the public and
private sector to cyber or physical
attacks
- recommending
a plan to eliminate significant
vulnerabilities
- proposing a
system for identifying and preventing
attempted major attacks
- developing a plan for alerting, containing
and rebuffing an attack in progress and then, in coordination
with other federal agencies, as appropriate
- reconstituting
minimum essential capabilities in the
aftermath of an attack
OrangeSec has
developed a matrix to implement a comprehensive
IT strategy that will identify IT interdependency
vulnerabilities and strengthen system
infrastructure by increasing resistance to
attacks. See our links page for the PDD 63 outline.
No system is
completely safe from cyber or physical attacks;
however, through proper planning, education, and
effective use of safeguards, the chance of
encountering disaster is greatly reduced.
OrangeSec can
significantly reduce your organization's target
size as it appears in cyberspace.
The
Requirements
- The basic
subordinate tasks within PDD 63 include:
-
- Vulnerability
Analysis - For each sector of
the economy and government that is a
potential target of infrastructure
attack, there shall be an initial
vulnerability assessment, followed by
periodic updates. As appropriate, these
assessments shall also include the
minimum essential infrastructure for each
sector.
- Remedial
- Based upon the vulnerability
assessment, a remedial plan will be
recommended. This plan will identify
timelines for implementation,
responsibilities, and funding.
- Warning
- A national center that shall warn of
significant infrastructure attacks will
be established immediately. In addition,
an enhanced system for detecting and
analyzing such attacks, with maximum
possible participation of the private
sector, will also be instituted.
- Response
- A system designed to respond to a
significant infrastructure attack while
underway, with the goal of isolating and
minimizing damage.
- Reconstitution
- A system designed to handle varying
levels of successful infrastructure
attack while underway, with the goal of
isolating and minimizing damage.
- Education
and Awareness - There shall be
vulnerability awareness and education
programs within both the government and
private sector. These programs are
designed to sensitize, as well as train,
personnel regarding the importance of
security and security standards,
particularly regarding cyber systems.
Links
Visit www.ignet.gov to review a white paper
on PDD 63.
|
