Assignment Writing Help on Cyber Security and Emergency Management

Cyber Security and Emergency management


Background Information

Emergency preparedness and mitigation is one of the many multifaceted concepts in both corporate and federal governance. While preparedness ensures there is a capacity to respond effectively and efficiently to emergencies when they arise, it does not guarantee that emergencies will not occur. Federal systems and state governments find ways of addressing emergencies to ensure that they neither escalate nor their impacts become adverse. In the current globalized world, information systems form a strong pillar of governance, with exceptional capabilities and power. Consequently, for any federal system or state to achieve high levels of security and efficiency in governance, it is necessary that states and all responsible parties should invest in effective information systems. One important feature of information systems is the capability of being shared. With regards to this, systems have undergone immense changes to make them more efficient, faster and with exceptional features. The concept of cyber security is one of great relevance in today’s governments as it enables control of information and helps in the maintenance of relevant physical and virtual systems for the upholding of security in various state capacities (Hansen & Nissenbaum, 2009).

 Cyber security has various implications with regards to maintenance of efficient emergency response system both in the corporate world and in the government. On the other hand, cyber security threats have the potential of resulting in various negatives impacts which can only be averted by effective risk assessment and management strategies (Homeland Security, 2013). Some of the possible negative impacts of cyber attacks include: disruption of utility supplies, property destructions, loss of data and inventory, loss of customers in the corporate world, and loss of important time. Considering the nature of these impacts and their effects on any system, organizations and states often desire to find ways of protecting themselves against cyber attacks. This involves protection from information loss, or unwarranted access and modification (Salim, 2014). With increasing rates of globalization, information sharing forms an essential backbone to good governance and similarly to effective decision making. It is the role of developed information systems to facilitate the sharing of information both across and within state boundaries.

In the US, the management of federal emergency response systems depends to a large extent on the effectiveness of information systems that are in use in the various federal departments (Homeland Security, 2013). As it is, exposure of confidential information constitutes one major threat to both national and state security and also influences disaster preparedness. The federal systems focus their emergency management strategies on effective planning while considering information as a source of unparalleled power. With regards to this, federal departments currently seek means of managing and controlling their information systems in a manner that results in improved security for the information in their hold. While the state of cyber security in the US is considered favorable for business and governance, PwC (2014) suggests that it may not be at par with the capabilities of the country’s cyber adversaries. This is said to be on the basis of technological prowess, persistence or tactics. According to PwC, perpetrators of cybercrimes against the US federal systems are capable of carrying out attacks that are specific as well as difficult to detect. With systems that are aimed at detecting common cybercrimes, it is becoming increasingly difficult for the US federal systems to detect crimes that target access to highly confidential communication, intellectual property as well as any other strategic information and/ or asset (PwC 2014).

While the US struggles with very formidable adversaries with regards to cybercrimes, Saudi Arabia also faces similar challenges to cyber security, albeit with fewer adversaries. Same threats of unauthorized data access and modification also arise in Saudi Arabia. While the US had not placed significant importance on the issue of cyber security previously, Saudi Arabia has been investing heavily on infrastructure that can assist in the maintenance of cyber security. As a matter of fact, the Saudi Arabian government considers cyber security as one of key areas of emergency response management. It has been suggested that Saudi Arabia offers a ripe market for cyber security, an assertion which has been backed by the US involvement in the cyber security market interactions with the country. One of the factors that has fostered the corporate interaction between the US and Saudi Arabia with regards to cyber security in the political stability enjoyed by the Islamic country under monarchy. The demands for cyber security in Saudi Arabia have been raised by attacks on government systems such as the Ministry of Finance (Basamh et al, 2014).

One similarity between Saudi Arabia and the US in the fight for cyber security is that both countries have at one time experienced cyber attacks on at least one of their government departments. Consequently, collaboration between the two countries on issues relating to security has been imperative. Currently, some US companies already occupy the Saudi Arabian market share for cyber security infrastructure. Need had been identified for surveillance, communication, detection and intrusion prevention system. The recognized need is what both the Saudi Arabian government and any other country that intends to gain the Saudi Arabian market share in cyber security aim to address (Business without Borders, 2013). The objectives of each of these countries in strategizing to achieve cyber security are to enhance both physical and virtual security within their boundaries. Virtual security relates to the protection of confidentiality and relevance of information to various situations. On the other hand, physical security has to do with the coordination of emergency response measures and effective management of disasters (Basamh et al, 2014).

The role played by cyber security in relation to emergency management is of an interesting characteristic. In emergency situations, whatever the location and nature of the emergency might be, it is essential that communication be complete and effective. Information systems play an important role in facilitating information sharing, giving directives, communication, and distribution of information to various stakeholders in the emergency response systems (Basamh et al, 2014). These roles can be compromised as a result of cyber attack on any of the nodes of information transfer. It is therefore the responsibilities of various stakeholders to ensure that cyber systems are secure enough for the facilitation of emergency response management. The roles played by various stakeholders depend on their position in the information and command chain. For instance, it is the role of the government and federal systems to form policies that advocate for the protection and lawful dissemination of useful information. The private sector also has an important role to play at the helm of maintaining cyber security. This is because they are involving in various economic opportunities such as financial, technological, energy and communications service (Basamh et al, 2014). Consequently, they also have to offer cyber security or risk losing out in their economic endeavors.

While many studies have addressed the issue of cyber security and that of emergency management separately, only a limited number have addressed the relevance and relationship between the two concepts (Basamh et al, 2014). Therefore, there still exists a gap in the literature that pertains to these two topics, which this paper seeks to address. By answering the question on how emergency management relates to cyber security, the paper will be providing information that is currently limited and thus will expand knowledge in issues of national security.

The aim of this paper is to investigate various issues relating to cyber security with focus on the US federal system and Saudi Arabia governance. Of particular importance to the structure of this paper as well as to its content is the role of cyber security in the emergency management system, the roles played by various stakeholders in the achievement of cyber security and how structures can be laid down for the enhancement of cyber security.

Problem Definition

From the background information provided, it has been ascertained that cyber security is indeed and imperative concept towards enhancing national security. However, the problem still lies in the determination of the role of various stakeholders in achieving cyber security as well as the role of cyber security in the management of emergency response systems. The problem needs to be addressed as it will provide essential information for the development of effective national security and emergency management systems.

Research Objectives

In trying to achieve the main purpose of this paper, the paper will address these specific objectives:

  • To describe the role of cyber security in emergency management within federal systems
  • To determine the effectiveness of the president’s executive orders in upholding cyber security
  • To find out what challenges are faced in the us and Saudi Arabia in tackling cyber threats
  • To find out what impacts cyber crimes have on the essential utility infrastructures and how these impacts can be mitigated
  • To find out how cyber responses to emergency situations can be developed
  • To determine the effectiveness of the all-hazard approach towards attainment of cyber security

Research questions

The accomplishment of the stated objectives will require the paper to address some questions. These questions will form the basis of the paper and offer guidance towards the achievement of the paper’s objectives.

  • What role does cyber security play in emergency management?
  • What are the challenges to tackling cyber threats in the US and Saudi Arabia?
  • How do cyber threats impact essential utility infrastructure?
  • What approaches to tackling cyber security threats are efficient?
  • What roles do various stakeholders play with regards to cyber security
  • How does cyber security impact the efficiency of Federal Systems?

Literature Review

According to Peters (2010), the power of digital media is so immense that digital communication transcends time and space confines. However, there is still limited research in the area of cyber networks and digital communications. States and countries such as the Soviet Union have spent so much fortune in recent times for the development of digital communication infrastructures for use by federal systems and the military. The problems however come in the application of the laid down infrastructures which tend to be less optimized in many countries (Peters, 2010). One of the results of the misuse and under usage of digital communication media as described by Dunaway (2010) as being the potential for infrastructure failure. The infrastructures referred to here, do not include only the communication media but rather other utilities’ infrastructures too.

The role played by cyber security with regards to the prevention of such infrastructure failures is therefore quite significant (Dunaway, 2010). In order for federal and corporate systems to achieve effective cyber security, different stakeholders have different roles. All the responsibilities of the different stakeholders, especially towards disaster preparedness and mitigation in cyber security can only be achieved due to the proximity of the stakeholders to the roles they play. The proximity can be geographical, temporal, capability or collaboration. This is particularly described by Dunaway as being in relation to the private sector. The private sector also has a role to play in the resilience and security of their surrounding communities. One way in which this can be achieved is through ensuring cyber security is enhanced and maintained. While the government plays an important role in the formulation of policies and the issuance of executive orders, the private sector performs actual actions on the ground as they are involved in various utilities infrastructure and have access to various facilities for communication and technology (Dunaway, 2010).

 Cyber security

Jaeger et al (2007) define cyber security as involving the protection of privacy, protection from attacks on communication services as well as websites based on malice, security of sensitive information and the acquisition and building of governmental support. In addition to this, the authors further say that the process of developing cyber security has to do with coordination between governmental and non-profit making organizations as well as communities. It also involves the evaluation of success capabilities and the creation of back-up measures. While these concepts describe the scope of cyber security, Jaeger et al also say that these alone cannot be translated into successful security systems.

The aim of cyber security is to protect information and physical systems from cyber attacks. The government is tasked with the maintenance of security as well as technical and procedural issues with regards to communication (Creery & Byres, 2005). In order to perform exceptionally in the roles involved in maintaining cyber security, organizations as well as governments focus on risk management. This enables both organizations and federal systems to manage information systems and assets with utmost fiscal responsibility. In recent times, information security had been ranked low according to corporate managements. However, this is rapidly changing as cyber attacks increase, placing organizational operations at jeopardy. At the same time, legislators are also gradually changing their stance on issues related to cyber security and increasingly passing laws that show how serious they take the concept of cyber security. In the management of cyber networks, incident management lessons are acquired through occurrence of incidents which are a result of failure of security systems. The actions involved in the mitigation of the impacts of cyber attacks include: planning, training the plans to the organizational and federal needs, inclusion of personnel and the enforcement of security measures (Burkhead, 2014).

According to Mueller and Kuehn (2013), cyber security protects federal systems from cyber based espionage, ex-filtration of data, infiltration of malware, and many other networks based security threats (Haller et al, 2011). The use of detection strategies that identify intrusion, and the incorporation of security breach prevention system in monitoring and screening the information traffic between the interned and government systems is advised by Bellovin et al (2011) as being a suitable strategy for beginning the implementation of cyber security strategies. The process is described by Zhou and Hu (2008) as involving the identification of potential risks to cyber attack, analysis of the observed risks, and control of risks related to e-governance. This process can help in the prevention of impacts of cyber security failure such as theft of information system resources, tampering with information, interception of essential information, faking of information, and service denial (Zhou & Hu, 2008). All these impacts are related to poor cyber security systems and can only be addressed through incorporation of effective security systems (Cavelty, 2008). Cyber threats form a considerable source of pressure, particularly with e-governance and organizational management. Cyber physical systems carry out security surveillance with the aim of avoiding hazards, ensuring authenticity, confidentiality and integrity of information and sustainability of the information (Banerjee et al, 2012). With increasing modernization, the risks to cyber security also increase (Khurana et al, 2010). At the same time, emergency systems fail in most cases due to a failure in the communication process and/ or poor trust among the involved parties (Eksioglu, 2012).

 Cyber security systems are often aimed at ensuring rapid detection of risks and attacks, minimization of losses due to cyber attacks, restoration of services post attack, mitigation of system weaknesses and apprehension of malefactors of the attack (Abrams & Weiss, 2008). The impacts of cyber attacks are destructive and as Abrams and Weiss (2008) report, can only be prevented through the incorporation of effective security systems.

Clemente (2013) asserts that with increasing globalization, it is becoming increasingly difficult to ensure cyber security. This is because so many nodes have been developed during the creation of cyber networks which make it difficult to identify nodes that are more vulnerable to cyber attacks. Clemente further claims that although cyber space is sometimes classified as a completely separate sector and cyber security assumed to be essential in the protection of the cyber space sector, interconnectivity has made it intertwined with so many other sectors. Sectors such as energy and various other infrastructure based sectors such as transport have been interconnected deeply to cyber space such that they are no longer inseparable. Consequently, purposefully advocating for cyber security makes the other sectors protected too. Cyber security is thus a concept that cannot be considered independently since it is deeply entrenched in other sectors (Clemente, 2013).

Cyber attacks and their consequences

The threats to cyber security can be either internal or external. The threats that are prevalent in cyber attacks include: internet connections, dial-up connections, wireless systems, business networks and third party connections (Byres & Lowe, n.d). In either case, the impacts are deep and far reaching. Cyber attacks can be used by adversaries such as other nations, terrorist groups, hackers, criminals and individuals that may be aimed at compromising federal information systems (Abrams & Weiss, 2008). Through attacks, malicious activities that can be carried out by adversaries include: issuing false commands to systems, giving false network addresses, sending wrong data and disabling alarms. In an industrial set-up, these activities can result in massive losses as well as the escalation of hazards to unmanageable conditions. On the other hand, these activities can result in compromising national security as well as emergency response systems (Abrams & Weiss, 2008). The United States Government Accountability Office describes the potential consequences of cyber attacks on federal systems as including unauthorized alteration of information, disclosure of confidential information, threat to national security, damage to equipment, loss of confidence in the system among the public and high remediation costs (GAO, 2014).

According to Byres and Lowe (n.d), various consequences exist for cyber attacks. These consequences include the destruction of a system’s reputation, negative financial impacts, loss of control over systems hence inability to ensure security, and an increase in the reliance on emergency safety measures (Byres & Lowe, n.d). In the corporate sector, cyber attacks result in the destruction of property, loss of inventory as well as records due to diversion, disruption of both delivery and supply chains, failure in utility infrastructures, degradation of the communities and environments and the loss of customer base. In mitigation of disasters related to cyber attacks and the recovery of other losses that arise due to the attacks, essential time is lost by the organization. Consequently, organizations go an extra mile in ensuring that their information systems are well protected (Dunaway, 2010).

One objective of using cyber security as a means of preventing and mitigating the impacts of cyber attacks as well as emergency management is to ensure effective sharing of real-time information. To achieve this, Bellovin et al, (2011) suggests the use of device signatures and data security to avoid unauthorized access to both devices and data.

The role of cyber security in Emergency Management

The question posed by Byres and Lowe (n.d) regards the importance of using a networked model in the management of emergencies. The focus placed on international risks and hazards such as terrorism is highlighted by Byres and Lowe. Other authors also support the importance of using a networked system in the prevention on international tourism (Scavo et al, 2008). The networked communication model facilitates both communication sharing and transfer between various parties involved in the emergency response system. The dependence on information systems for the success of the emergency management systems is immense. For the successful operation of emergency management systems based on information systems, the information systems in question must be capable of serving the various infrastructural facilities that are considered to be at risk. In addition, the information systems in use must be dependable as well as reliable (Abrams & Weiss, 2008).

Federal emergency systems require effective plans to be successful. One important feature of emergency systems is that they involve a lot of communication between different groups and individuals. Communication is viewed by federal emergency management systems as a source of incomparable power in the achievement of high efficiency disaster response plans and strategies. The key features of communications that make them useful in emergency response include sustainability, operability and survivability (Pawlowski, 2012). Pawlowski further describes these features as being imperative to any piece of information that may be relevant to the emergency management systems in federal organizations. Sustainability is described as the feature that makes communication media inexhaustible; operability refers to the ease with which the media can be used while survivability refers to the possibility of recovery and survival in case of a cyber attack.

In the emergency management plans, cyber security plays an important role particularly with regards to emergency response. According to Jaeger et al (2007), cyber security can be applied in emergency management plans to facilitate emergency response. This is achieved through the use of platforms referred to as Community Response Grids, which are essentially interactive information systems that facilitate information sharing. In the development of Community Response Grids, the factors that need to be considered include the role of cyber security in emergency management, the technical requirements of proposed systems, and information sharing through mixed networks. Once these factors have been considered to be relevant to a given proposed system and the required technical needs have been addressed, a CRG can then be developed (Jaeger et al, 2007).

During emergency response in any given locality, CRGs play very important functions with regards to emergency management. The functions include: provision of local information as well as instructions, facilitation of information sharing through enabling police input, hospitals and emergency response personnel input, assignment of requisite resources, encouragement of cooperation between various localities, and coordination of emergency recovery programs (Jaeger et al, 2007). These roles cannot be accomplished without effective communication networks. The Community response grids use mobile communication devices and the internet to initiate and facilitate communication during emergency responses. Jaeger et al further highlight the specific functions of the community response grids as being specifically to allow the coordination of response activities, to develop systems for response that can aid communities both during disasters and after disasters, to assist in the uploading of information, distribution of information, to facilitate communication between residents of the areas in which emergencies occurs, to enable sharing of information between various emergency response stakeholders, enhancing communication, and the provision of social capital through the use of social networks. The CRGs are web based and they engage community residents as web users. One major challenge in the use of CRGS is the difficult involved in convincing community residents to be regular users of the sites (Jaeger et al, 2007).

According to Homeland Security (2011), cyber security efforts are often aimed at the development of a secure cyber system. The features of secure cyber space according to homeland security include: capability of protecting the American people as well as their interests and vital ways in life; resilience in terms of adaptability in times of emergency (with respect to this, a resilient cyber space is one that exhibits robustness, adaptability and a high capacity for emergency response and initiation of recovery). Another feature of secure cyber space according to homeland security is that it enables innovation. The innovation enabling feature means that the cyber space connects devices, people and markets in such a way as to initiate the growth of the economy through collaborative and consultative innovation (Homeland Security, 2011). The secure cyberspace also fosters the growth of the national public health sector as well as the economic interests of the country.

Cyber security and Essential utilities infrastructure

While the potential impacts of cyber security breaches on federal systems and corporate bodies have been clearly highlighted previously, the impacts on essential utilities infrastructures cannot be ignored. Essential utilities such as oil products, water, and electricity are all provided and distributed by companies which depend on effective communication strategies for efficiency. A failure in cyber networks at any point in the supply of these utilities has the potential to result in unprecedented harm to the entire system (Fischer et al, 2013). Lewis (2006) says that cyber security entails a lot more than the securing of computer systems and computer networks. On the contrary it has to involve the protection of various critical infrastructures too. When carrying out measures to achieve cyber security, some of the infrastructures that are considered critical include power systems, energy and water systems.

This is explained by Lewis to be because cyber threats have the potential of interfering with these infrastructures extensively. Examples of interferences mentioned by Lewis include the poisoning of water distribution systems, plunging towns and cities into darkness due to power black outs. In ensuring cyber security, it is difficult to determine the degree of risk that a certain computer networks exposes a given infrastructure to. As Lewis says, while computer networks are vulnerable to cyber attacks, this does not mean that the utility infrastructures supported by computer networks are also vulnerable. As a matter of fact, utility infrastructures are deemed sufficiently resilient such that they are rarely damaged by shocks in the computer networks as a result of cyber attacks. In most cases they are capable of absorbing the damages devoid of interruptions in their operations. However, in cases where an infrastructure cannot absorb damages, the consequences might be massive and destructive (Lewis, 2006).

One of the essential utilities distribution systems is the pipeline. According to Parfomak (2012), pipelines have computerized systems that are used for the control of the distribution networks. These systems are used for communication, information sharing, issuing commands and responding to alarms in case of emergencies (Parfomak, 2012). Cyber attacks on pipelines can make resources unavailable when needed, can send false information to control system operators, can issue unwarranted and unacceptable commands, can block the flow of information, can result in false alarms being set off or even failure of alarm systems to go off in case of emergencies and can also give unauthorized access to control systems (Fischer et al, 2013). The impacts of these consequences can be adverse. Fischer et al describe these consequences as disruption of pipeline services, damage to equipment, release of hazardous materials into the environment. Other utilities also have the same challenges in consideration of cyber security issues. For instance, service disruption can occur in the distribution of utilities such as electricity and water and influence the quality of the distributed materials too (Hoffman, 2015).

According to Malashenko et al (2012), cyber attacks can be used as a weapon for warfare against essential energy infrastructure. The incorporation of both industrial control systems and information technologies makes utilities infrastructures to be extremely complex. This increases the chances of operator error. Cyber attacks only make it even easier for such errors to result. Cyber security should therefore be in-built into the utilities infrastructure systems (Malashenko et al, 2012).

Executive orders and cyber security

According to a report by Fischer et al (2014), an executive order issued by the president to address concepts involved in cyber security mainly addresses the issues involved in the sharing of information and protection of privately owned information infrastructures that are important to economic growth. Some of the directives included in the E.O 13636 include: the expansion of the existing department of homeland security into other cyber infrastructure assets to enable the collaboration between the private sector and the government; establishment of a consultative process for the identification of critical infrastructures with high protection priorities; direction of regulatory agencies towards the determination of the adequacy and efficiency of the existing systems; directing the National Institute of Standards and Technology to develop a framework for protection of critical infrastructure through cyber security. Fischer et`al`report that there have been debates as to whether the president overstepped his authority by issuing the executive order. However, the president confirmed that any enactment of the executive order would be in line with the already passed laws regarding cyber security (Fischer`et`al, 2014).

Although the president’s executive order may only be relevant towards addressing the protection of information and privately owned infrastructure, other strategies have also been put forward for addressing the issue of cyber security. One of the methods that is increasingly being adopted is through investment in cyber insurance (Toregan & Zahn, 2014). This involves payment of premiums to insurance companies to offer cover against cyber attack and its impacts. However, this strategy also poses various challenges in its implementation. Some of the challenges include: the difficulty of settling on most applicable premium rates, collaboration between the academia and the private sector, and high litigation costs. Of particular importance with regards to cyber insurance is the concept of self protection (Toregan & Zahn, 2014). According to Toregan and Zahn, self protection against cyber attacks is achieved through the dependence on policies and the development and use of infrastructures for Information Technology Security.

Another principle that has been used increasingly in recent times is described by Burstein as the intense engagement in cyber security research to develop methods of dealing with cyber security threats and preventing attacks. The purpose of this research is asserted to be to encourage innovation and creativity in the cyber security management concerns. Cyber security research should culminate in the development of policies that encourage the use of various cyber security infrastructures. According to Burstein (n.d), Federal systems have however adopted the stance to prohibit cyber security research based on various principles. Some of the reasons why Federal systems discourage engagement in cyber security research include: the possibility of exposure of confidential information to unwarranted users and misrepresentation. Another reason is based on the belief that there is a possibility of discrepancy in meaning between what the researchers consider to be cybercrime and the definitions of the federal systems (Burstein, n.d).

Also, the all hazard approach to risk management has been reported to be in use for improving cyber security. The all hazard approach is a comprehensive approach to emergency management through cyber security (Stangl et al, 2012). Stangl et al also describe this approach as involving an all round consideration of both physical and virtual potential hazards. Once these hazards have been identified and analyzed, strategies of managing them based on cyber security systems are laid down. Mell et al (2005) describe the procedure that can be used in addressing the cyber security issue post hazard identification. According to Mell et al, the process involves the application of policy towards the implementation of cyber security demands. This can only be accomplished after being aware of the cyber security threats and risks. The aim of doing this is explained by Mell et al to be in order to mitigate vulnerability to cyber attacks and to mitigate cyber threats.


Q1. What role does cyber security play in emergency management?

The main role of cyber security in emergency management has been identified to be the facilitation of information sharing and communication. From the literature studied, it has been confirmed that cyber security enables the use of information systems to communicate effectively between various players in the response to emergency situations. Between residents in emergency situations, it is necessary to develop effective communication strategies that are based on information sharing. This makes it possible for the police to share reports with other participants in the response process. Medical practitioners also play a role in the communication process. Cyber networks enable evacuation practices to be achieved fast and effectively. In the event of cyber attacks, emergency response is hampered due to the potential for information distortion and diversion.

What are the challenges to tackling cyber threats in the US and Saudi Arabia?

In the currently globalized world, the challenges faced in tackling cyber security threats are varied. While, the US currently faces the challenge of limited innovativeness and creativity, Saudi Arabia only faces the challenge of dealing with an expanding cyber security market. The US faces cyber adversaries who are more technologically advanced and resilient compared to the US federal systems. Consequently, fighting the war for cyber security proves to be a significantly difficult task. However, the US has found a way of addressing this challenge through engagement in cyber security research activities that encourage innovation in developing cyber security systems. On the other hand, Saudi Arabia faces its challenge of an expanding cyber security market through involvement of other countries systems. For instance, some US companies invest in the Saudi Arabian cyber security market.

How do cyber attacks impact essential utility infrastructure?

The impacts of cyber attacks on essential utility infrastructures vary only slightly depending on the particular infrastructures in question. Most of the infrastructures for utilities operations have been incorporated with industrial control systems and information technologies which make them complex and subsequently increase the margins for operator errors. The impacts of cyber attacks on essential utilities infrastructures may include non-compliance with safety and quality regulations, issuance of false alarms and disabling of the alarm systems, issuance of false commands to control systems personnel, blockage of the flow of information and giving unwarranted access to various areas of the utility infrastructures. Other impacts include equipment damage, disruption of services and the disposal of hazardous materials into the environment. All these effects clearly indicate the importance of cyber security in the management of essential utilities infrastructure. It is therefore the role of utilities managers to engage in the development of suitable strategies for the management of cyber security systems. The main mode of cyber attack in the utilities infrastructure would be to initiate warfare.

What approaches to tackling cyber security threats are efficient?

Several approaches have been addressed for tackling cyber security threats in federal systems. One of the most debated methods is mentioned as through issuance of presidential executive orders. While this strategy is effective towards the development of protective measures against destruction of cyber security infrastructure and protection of confidential information, the range of cyber threats are diverse and more diverse means are advised. The use of cyber insurance as a method of facing cyber security challenges has also been proposed. However some challenges towards the adoption of this approach have also been mentioned. Such challenges include difficulty of collaboration between the academia and the private sector and the difficulty of deciding upon the premiums to use. Moreover, cyber security research has also been identified as a way of initiating cyber security enhancement strategies. This is however confirmed to be difficult due to the challenge involved in convincing federal systems to allow for the involvement in cyber research among interested parties. The main reason why the federal systems find it difficult to allow cyber security research to take place is that there is the potential of exposing confidential information and that discrepancies may exist as to what should be referred to as cyber crime. In addition to this, taking an all hazard/ comprehensive approach to risk assessment and management with regards to cyber security is also an important way of dealing with cyber security threat.

What roles do various stakeholders play with regards to cyber security?

The government has the role of ensuring that security information and various departmental information infrastructures are secure within state and national boundaries. Consequently, the legislature is tasked with development of policies and enactment of laws that govern against abuse of cyber security measures while the state federal systems have the responsibility of enforcing policies developed for the accomplishment of cyber security. The private sector on the other hand has the responsibility of handling the technical and procedural aspects of cyber security management. The academia is tasked with the responsibility of carrying out cyber security research with the aim of developing strategies for innovation and creativity for the development of new strategies of maintaining cyber security. The roles of the various stakeholders must however be carried out in collaboration to avoid discrepancies in decision making.

How does cyber security impact the efficiency of Federal Systems?

The relationship between the federal system efficiency and cyber security is one of a complex nature. While the federal system has the role of ensuring that cyber security measures are adhered to, cyber security forms a backbone for the efficient operation of the federal system. For instance, maintaining the confidentiality of information and infrastructural protection are key functions of cyber security that can aid in the federal system where upholding confidentiality is a key feature of operations. In addition to this, cyber security also ensures that information that is essential in carrying out covert operations is shared only within the relevant cycle of authorities.


This study has been instrumental in answering several questions with regards to cyber security and its relevance in emergency management. In the US, it has been confirmed that increases in instances if cyber attack have led to the legislators’ change in stance which has contributed to their development of laws that support cyber security. On the other hand, Saudi Arabia also faces increased instances of cyber attack and subsequently an expanding cyber security market. The roles played by cyber security with reference to emergency management have also been highlighted as well as the roles of different stakeholders in the accomplishment of cyber security goals. Although cyber security has often been mistaken to be an independent sector based on cyber space, this study has confirmed that cyber space and subsequently cyber security are intertwined with several other infrastructural sectors such as the energy sector and the transport sector. These sectors are interconnected such that they are no longer inseparable. However, it has also been ascertained that while computer networks are vulnerable to attacks, the systems they support are rarely susceptible to damage following cyber attacks.

Several methods of addressing the need for cyber security have also been highlighted. The methods mentioned in this study include investment in cyber insurance, engagement in cyber security research, implementation of presidential executive orders, and the use of an all hazard approach to risk management with reference to cyber security. The study has therefore achieved its objectives.


Abrams, M. & Weiss, J. (2008). Malicious Control System Cyber Security Attack Case Study-Maroochy Water Sevices, Australia. Mitre Corporation

Banerjee, A., Venkatasubramanian, K., Mukherjee, T., & Gupta, S. (2012). Ensuring Safety, Security and Sustainability of Mission-Critical Cyber – Physical Systems. Proceedings of IEEE. Vol. 100(1): 283-299.

Basamh, S., Qudaih, H. & Ibrahim, J. (2014). An Overview of Cyber Security Awareness in Muslim Countries. International Journal of Information and Communication Research. Vol 4 (1): 21-24

Bellovin, S., Bradner, S., Diffie, W., Landau, S. & Rexford, J. (2011). Can it Really Work? Problems with Extending Einstein 3 to Critical Infrastructure. Harvard National Security Journal Vol. 3.

Burkhead, R. (2014).  A Phenomenological Study of Information Security Incidents experienced By Information Security Professionals Providing Corporate Information Security Incident Management.

Burstein, A. (n.d). Conducting Cyber Security Research Legally and Ethically. University of California.

Business without Borders (2013). Saudi Arabia’s Cyber Security Market. Retrieved from

Byres, E. & Lowe, J. (n.d). The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems. British Columbia Institute of Technology.

Cavelty, M. (2008). Cyber-Security and Threat Politics: US Efforts to Secure the Information Age. Routledge.

Clemente, D. (2013). Cyber Security and Global Interdependence: What is Critical? Chatham House.

Creery, A. & Byres, P. (2005). Industrial Cyber`Security for Power System and SCADA Networks. IEEE

Dunaway, M. (2010). Four Degrees of Proximity: Key Factors that Influence Private Sector Preparedness and Continuity Planning. Dissertation, The George Washington University.

Eksioglu, B. (2012). Emergency Management. InTech.

Fischer, E., Liu, E., Rollins, J., & Theohary, C. (2013). The Cyber Security Executive Order: Overview and Considerations for Congress. Congressional Research Service.

Haller, J., Merrell, S., Buttkovic, M., & Willke, B. (2011). Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability Version 2.0. Software Engineering Institute.

Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly. Vol 55: 1155-1175.

Hoffman, P. (2015). Energy Department Releases Guidance for Implementation of Cybersecurity Framework. Retrieved from

Homeland Security (2011). Blueprint for a Secure Cyber Future: The Cyber security Strategy for the Homeland Security Enterprise. Homeland Security.

Homeland Security. (2013). National Response Framework 2nd Ed. Homeland Security.

Jaeger, P., Shneiderman, B., Fleishmann, K., Preece, J., Qu, y. & Wu, P. (2007). Community Response Grids: E-government, Social Networks, and Effective Emergency Management. Telecommunications Policy 31: 592-604

Khurana, H., Hadley, M., Lu, N. & Frincke, D. (2010). Smart-Grid Security Issues. IEEE Computer and Reliability Societies.

Lewis, J. (2006). Cybersecurity and Critical Infrastructure Protection. Center for Strategic and International Studies.

Malashenko, E., Villarreal, C., & Erickson, J. (2012). Cyber Security and the Evolving Role of State Regulation: How it Impacts the California Public utilities Commission. Grid Planning and Reliability Policy Paper.

Mell, P., Kent, K., & Nusbaum, J. (2005). Guide to Malware Incident Prevention and Handling. National Institute of Standards and Technology.

Mueller, M. & Kuehn, A. (2013). Einstein on the Breach: Surveillance Technology, CyberSecurity and organizational Change. Workshop on the Economics of Information Security.

Parfomak, P. (2012). Pipeline Security: Federal Policy. Congressional Research Service.

Pawlowski, M. (2012). Catastrophic Events – Emergency Management Planning Requirements and Success Factors for`catastrophic Response operations. Dissertation-The George Washington University.

Peters, B. (2010). From Cybernetics to Cyber Networks: Nobert Wiener, The Soviet Internet, and the Cold War Dawn of Information Universalism. Dissertation-Columbia University.

PwC. (2014). US Cybercrime: Rising Risks, Reduced Readiness, Key Findings from the 2014 US State of Cyber Crime Survey. Pricewaterhouse Coopers.

Salim, H. (2014). Cyber Safety: A Systems Thinking and Systems Theory Approach to Managing Cyber Security Risks. Working Paper CISL#2014-07.

Scavo, C., Kearney, R. & Kilroy, R. (2008). Challenges to Federalism: Homeland Security and Disaster Response. Oxford University Press.

Stangl, R., Siedschlag, A., Silvestru, D., Fritz, F. & Jerkovic, A. (2012). Comprehensive Cyber Security Research to Contribute to Critical Infrastructure Protection: Contributions to Security Governance in Disaster Risk Reduction. 12th Congress Interprevent 2012, Grenoble/ France Conference Proceedings.

Toregas, C. & Zahn, N. (2014). Insurance for Cyber Attacks: The Issue of Setting Premiums in Context. Report GW- CSPRI-2014-1

United States Government Accountability Office GAO. (2014). Information Security: Agencies need to Improve Cyber Incident Response Practices.  United States Government Accountability Office

Zhou, Z. & Hu, C. (2008). Study on the E-Government Security Risk Management. International Journal of Computer Science and Network Security, Vol. 8(5): 208-213.