This 21 April 2017 CRS gem by Rita Tehan just came across my screen: Cybersecurity: Critical Infrastructure Authoritative Reports and Resources.
I did not see any Russian-language reports.
Here is a 2017 cybersecurity report from Forbes.
Download CRS_Cybersecurity_21April2017
Summary
Critical infrastructure is defined in the USA PATRIOT Act (P.L. 107-56, §1016(e)) as “systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.”
Presidential Decision Directive 63, or PDD-63, identified activities whose critical infrastructures should be protected: information and communications; banking and finance; water supply; aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency and law enforcement services; emergency, fire, and continuity of government services; public health services; electric power, oil and gas production; and storage. In addition, the PDD identified four activities in which the federal government controls the critical infrastructure: (1) internal security and federal law enforcement; (2) foreign intelligence; (3) foreign affairs; and (4) national defense.
In February 2013, the Obama Administration issued PPD-21, Critical Infrastructure Security and Resilience, which superseded HSPD-7 issued during the George W. Bush Administration. PPD-21 made no major changes in policy, roles and responsibilities, or programs, but did order an evaluation of the existing public-private partnership model, the identification of baseline data and system requirements for efficient information exchange, and the development of a situational awareness capability. PPD-21 also called for an update of the National Infrastructure Protection Plan, and a new Research and Development Plan for Critical Infrastructure, to be updated every four years.
This report serves as a starting point for congressional staff assigned to cover cybersecurity issues as they relate to critical infrastructure. Much is written about protecting U.S. critical infrastructure, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues. The annotated descriptions of these sources are listed in reverse chronological order with an emphasis on material published in the past several years. The report includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources.
Table 1 contains overview reports and resources
Table 2 lists energy resources, including electrical grid, Smart Grid, SCADA,
and Industrial Control Systems
Table 3 presents financial industry resources, including banks, insurance, SEC guidance, FFIEC, FDIC, FSOC, and IRS
Table 4 contains health, including Healthcare.gov, health insurance, Medicaid, and medical devices
Table 5 contains telecommunications and communications, including wired, wireless, Internet service providers, GPS, undersea cables, and public safety broadband networks
Table 6 features transportation, including Coast Guard, air traffic control, ports and maritime, and automobiles
The following CRS reports comprise a series that compiles authoritative reports and resources on these cybersecurity topics:
CRS Report R44405, Cybersecurity: Overview Reports and Links to Government, News, and Related Resources, by Rita Tehan
CRS Report R44406, Cybersecurity: Education, Training, and R&D Authoritative Reports and Resources, by Rita Tehan
CRS Report R44408, Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources, by Rita Tehan
CRS Report R43317, Cybersecurity: Legislation, Hearings, and Executive Branch Documents, by Rita Tehan
CRS Report R43310, Cybersecurity: Data, Statistics, and Glossaries, by Rita Tehan
CRS Report R44417, Cybersecurity: State, Local, and International Authoritative Reports and Resources, by Rita Tehan
For access to additional CRS reports and other resources, see the Science & Technology: Science for Security and Homeland Security & Immigration: Cybersecurity Issue Pages at http://www.crs.gov.
You can access CRS reports here (searchable) and here.
Enjoy!
“If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked.” ― Richard Clarke
Comments
You can follow this conversation by subscribing to the comment feed for this post.