Mr. Krebs then read about the following list of candidate performance areas that have been suggested as the formal benchmarks/standards to be used to perform indexing comparisons:
• Cyber security
• Physical security
• Personnel security
• Information sharing
• Risk and vulnerability assessments
• Emergency planning
• Restoration strategies
• Recovery strategies
• Readiness exercises
• Public-private partnerships
As a result, Mr. Krebs has tasked the CIRRUS Division to provide a point paper to his staff discussing the concept of “indexing performance areas” as it relates to critical infrastructure; specifically, is the above listing correct or are one or more modifications — add(s), delete(s), reword(s) — to the above list needed to make the identified “indexing performance areas” better aligned to provide the proper level of security and resilience to current critical infrastructure assets.
Therefore, I’d like to discuss this topic of “indexing performance areas” as it relates to critical infrastructure security and resilience; I’ll use your discussion inputs and comments to develop a point paper back to Mr. Krebs’ staff for action closure.
Discuss the concept of “indexing performance areas” as identified in the list above in the context of whether these potential indexing performance areas should be used to adequately evaluate the performance of various critical infrastructure projects/efforts in a standardized, benchmarked manner.
Does the above list provide the “right” indexing performance areas? Do any of the indexing performance areas need to be deleted or modified? Do any “new” indexing performance areas need to be added? Should there be two separate lists associated with indexing performance areas — one list for cyber-related critical infrastructure project/efforts and a different list for physical-related critical infrastructure projects/efforts? Request you provide your rationale for each suggestion/recommendation