USFA Critical Infrastructure Protection Center
Official Press Release

Homeland Defense E-Alerts Sign up now for e-mail instant updates of homeland defense and other terrorism info Enter Your E-Mail Address Recent Terrorism Stories 9/15: FBI: Terrorist Sleeper Cell Nabbed in Buffalo 9/15: First Responders in Second Wave of Proposed U.S. Smallpox Vaccine Plan 8/27: Gov't Offers Radiation Equipment 8/15: Pentagon Area Hit on 9/11 Reopens 8/13: Federal Center Trains for Terror Threats 7/17: Pentagon Considers New Weapons 7/16: Bush Releases Homeland Security Plan 7/16: California Boosts Security After Arrests 7/16: AL Residents Near Incinerator Get Help 7/5: FBI: Gunman Went to LAX Airport to Kill 7/4: Three Dead in LAX Airport Shooting 6/28: FBI Investigates Anthrax Researchers 6/26: 20,000 Gas Masks Ordered for Capitol WMD Prep Notes 12 Recommendations to Strengthen Preparedness Against Terrorist Attacks Definitions: Chemical Agent-Related 33 Random Decontamination Considerations Radiological Terrorism: Are we Prepared? List All Prep Notes Insider September 11th: Full Coverage Forward: E-Mail This Page to a Friend or Co-Worker Interact: Discuss This and Other Topics in the Firehouse Forums

"Change" is always present in those organizations seeking to excel.

When implemented after an outstanding needs assessment followed by open-minded deliberation and effective decision-making, "organizational change" is normally desirable and advantageous. However, this "change" can also inadvertently create weaknesses that leave departments vulnerable to physical or cyber attacks by their adversaries.

A vulnerability is a weakness in a critical infrastructure that renders the infrastructure susceptible to degradation or destruction from deliberate attacks by human adversaries, natural disasters, or HazMat accidents.

"One of the most formidable weapons in the terrorist arsenal is our own vulnerabilities," said Senator Bill Frist (R-TN).

It is inevitable that most federal, state, and local agencies will execute "organizational change" in the future. (For example, a large number of activities will eventually experience major changes with the development of the Department of Homeland Security.)

While busy applying and adjusting to the required changes, it is too easy to be distracted from CIP and information security best practices. Hence, the plans and operations of the changing organizations become especially vulnerable to exploitation, disruption, or destruction.

In view of this reality, the CIPIC encourages senior leaders to consider their vulnerabilities during any "organizational changes."

If necessary, eliminate the "terrorist’s tool" by dedicating time and personnel to ensure the protection of critical infrastructures and information. Do not permit an "organizational change" to become a vulnerability in and of itself.