Systems Security Engineering (SSE) Project, Want updates about CSRC and our publications? Open Security Controls Assessment Language
The four designated lifeline functions and their affect across other sections 16 Figure 4-1. The ability to stand up to challenges, work through them step by step, and bounce back stronger than you were before. A .gov website belongs to an official government organization in the United States. Most infrastructures being built today are expected to last for 50 years or longer. cybersecurity framework, Laws and Regulations
All of the following statements refer directly to one of the seven NIPP 2013 core tenets EXCEPT: A. B. include a variety of public-private sector initiatives that cross-jurisdictional and/or sector boundaries and focus on prevention, protection, mitigation, response, and recovery within a defined geographic area. A. About the RMF
The next level down is the 23 Categories that are split across the five Functions. Release Search
108 0 obj<>
endobj
D. Support all Federal, State, local, tribal and territorial government efforts to effect national critical infrastructure security and resilience. Common framework: Critical infrastructure draws together many different disciplines, industries and organizations - all of which may have different approaches and interpretations of risk and risk management, as well as different needs. The rules commenced on Feb. 17, 2023, and allow critical assets that are currently optional a period of six months to adopt a written risk management plan and an additional 12-month period to . Through the use of an organizing construct of a risk register, enterprises and their component organizations can better identify, assess, communicate, and manage their cybersecurity risks in the context of their stated mission and business objectives using language and constructs already familiar to senior leaders. All of the following statements about the importance of critical infrastructure partnerships are true EXCEPT A.
Regional Consortium Coordinating Council (RC3) C. Federal Senior Leadership Council (FSLC) D. Sector Coordinating Councils (SCC), 15. NIPP 2013 builds upon and updates the risk management framework. NIST collaborates with public and private sector stakeholders to research and develop C-SCRM tools and metrics, producing case studies and widely used guidelines on mitigation strategies. 0000003603 00000 n
A blackout affecting the Northeast B. Disruptions to infrastructure systems that cause cascading effects over multiple jurisdictions C. Long-term risk management planning to address prolonged floods and droughts D. Cyber intrusions resulting in physical infrastructure failures and vice versa E. All of the above, 30. 12/05/17: White Paper (Draft)
To help organizations to specifically measure and manage their cybersecurity risk in a larger context, NIST has teamed with stakeholders in each of these efforts. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory that describes a CISA red team assessment of a large critical infrastructure organization with a mature cyber posture, with the goal of sharing its key findings to help IT and security professionals improve monitoring and hardening of networks. ) or https:// means youve safely connected to the .gov website. SP 1271
A.
28. Activities conducted during this step in the Risk Management Framework allow critical infrastructure community leaders to understand the most likely and severe incidents that could affect their operations and communities and use this information to support planning and resource allocation in a coordinated manner. Practical, step-by-step guidance from AWWA for protecting process control systems used by the water sector from cyberattacks. The Frameworks prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of An official website of the United States government, Security Testing, Validation, and Measurement, National Cybersecurity Center of Excellence (NCCoE), National Initiative for Cybersecurity Education (NICE), White Paper NIST Technical Note (TN) 2051, Comprehensive National Cybersecurity Initiative, Homeland Security Presidential Directive 7. 0000000016 00000 n
All Rights Reserved, Risk management program now mandatory for certain critical infrastructure assets, Subscribe to HWL Ebsworth Publications and Events, registering those critical assets with the Cyber and Infrastructure Security Centre(, Privacy, Data Protection and Cyber Security, PREVIOUS: Catching up with international developments in privacy: The Commonwealths Privacy Act Review 2022. About the Risk Management Framework (RMF) A Comprehensive, Flexible, Risk-Based Approach The Risk Management Framework provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) organizes basic cybersecurity activities at their highest level. White Paper (DOI), Supplemental Material:
Translations of the CSF 1.1 (web), Related NIST Publications:
A .gov website belongs to an official government organization in the United States. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. This publication describes a voluntary risk management framework ("the Framework") that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. C. Understand interdependencies. Coordinate with critical infrastructure owners and operators to improve cybersecurity information sharing and collaboratively develop and implement risk-based approaches to cybersecurity C. Implement an integration and analysis function to inform planning and operations decisions regarding critical infrastructure D. Enable effective information exchange by identifying baseline data and systems requirements for the Federal Government, 25. This publication describes a voluntary risk management framework (the Framework) that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. Managing organizational risk is paramount to effective information security and privacyprograms; the RMF approach can be applied to new and legacy systems,any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector. B 0000009206 00000 n
NISTs Manufacturing Profile (a tailored approach for the manufacturing sector to protect against cyber risk); available for multiple versions of the Cybersecurity Framework: North American Electric Reliability Corporations, TheTransportation Security Administration's (TSA), Federal Financial Institutions Examination Council's, The Financial Industry Regulatory Authority. Secretary of Homeland Security State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC) B. 0000004485 00000 n
The obligation to produce and comply with a critical infrastructure risk management program (CIRMP) for asset classes listed in the CIRMP Rules commenced 17 February 2023. A. The Cybersecurity Enhancement Act of 2014 reinforced NIST's EO 13636 role.
This approach helps identify, analyze, evaluate, and address threats based on the potential impact each threat poses. %PDF-1.5
%
xref
0000007842 00000 n
Sponsor critical infrastructure security and resilience-related research and development, demonstration projects, and pilot programs C. Develop and coordinate emergency response plans with appropriate Federal and SLTT government authorities D. Establish continuity plans and programs that facilitate the performance of lifeline functions during an incident. 22. Which of the following is the PPD-21 definition of Security? trailer
Risk Management Framework. Subscribe, Contact Us |
Resources related to the 16 U.S. Critical Infrastructure sectors. A locked padlock Complete risk assessments of critical technology implementations (e.g., Cloud Computing, hybrid infrastructure models, and Active Directory). Official websites use .gov
Follow-on documents are in progress. 108 23
Distributed nature of critical infrastructure operations, supply and distribution systems C. Public and private sector partners work collaboratively to develop plans and policies D. Commuter use of Global Positioning Service (GPS) navigation to avoid traffic jams E. All of the above, 2. All of the following activities are categorized under Build upon Partnerships Efforts EXCEPT? E. All of the above, 4. Official websites use .gov The protection of information assets through the use of technology, processes, and training. From financial networks to emergency services, energy generation to water supply, these infrastructures fundamentally impact and continually improve our quality of life. The risk-based approach tocontrol selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. unauthorised access, interference or exploitation of the assets supply chain; misuse of privileged access to the asset by any provider in the supply chain; disruption of asset due to supply chain issues; and. risk management efforts that support Section 9 entities by offering programs, sharing Protecting and ensuring the continuity of the critical infrastructure and key resources (CIKR) of the United States is essential to the Nation's security, public health and safety, economic vitality, and way . ), Cybersecurity Framework Smart Grid Profile, (This profile helps a broad audience understand smart grid-specific considerations for the outcomes described in the NIST Cybersecurity Framework), Benefits of an Updated Mapping Between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards, The paper explains how the mapping can help organizations to mature and align their compliance and security programs and better manage risks. C. Restrict information-sharing activities to departments and agencies within the intelligence community. The image below depicts the Framework Core's Functions . U S Critical Infrastructure Risk Management Framework 4 Figure 3-1. Documentation
a stoppage or major slowdown of the function of the critical infrastructure asset for an unmanageable period; the substantive loss of access to, or deliberate or accidental manipulation of a critical component of the asset; an interference with the critical infrastructure assets operational technology or information communication technology essential to the functioning of the asset; the storage, transmission or processing of sensitive operational information outside Australia, including confidential or sensitive data about the asset; and. Following a period of consultation at the end of 2022, the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules ( CIRMP Rules) have now been registered under the Security of Critical Infrastructure Act 2018 (Cth) ( SOCI Act ). Implement Risk Management Activities C. Assess and Analyze Risks D. Measure Effectiveness E. Identify Infrastructure, 9. UNU-EHS is part of a transdisciplinary consortium under the leadership of TH Kln University of Applied Sciences that has recently launched a research project called CIRmin - Critical Infrastructures Resilience as a Minimum Supply Concept.Going beyond critical infrastructure management, CIRmin specifically focuses on the necessary minimum supplies of the population potentially affected in . Cybersecurity Framework v1.1 (pdf)
The primary audience for the IRPF is state, local, tribal, and territorial governments and associated regional organizations; however, the IRPF can be flexibly used by any organization seeking to enhance their resilience planning. Developing partnerships with private sector stakeholders is an option for consideration by government decision-makers ultimately responsible for implementing effective and efficient risk management. B. Australia's Critical Infrastructure Risk Management Program becomes law. The risk posed by natural disasters and terrorist attacks on critical infrastructure sectors such as the power grid, water supply, and telecommunication systems can be modeled by network risk. The THIRA process is supported by a Strategic National Risk Assessment (SNRA) that analyzes the greatest risks facing the Nation. 0000003403 00000 n
https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11, Webmaster | Contact Us | Our Other Offices, critical infrastructure, cybersecurity, cybersecurity framework, risk management, Barrett, M. CISA developed the Infrastructure Resilience Planning Framework (IRPF) to provide an approach for localities, regions, and the private sector to work together to plan for the security and resilience of critical infrastructure services in the face of multiple threats and changes. The Workforce Framework for Cybersecurity (NICE Framework) provides a common lexicon for describing cybersecurity work. 0000001302 00000 n
Which of the following activities that SLTT Executives Can Do support the NIPP 2013 Core Tenet category, Build upon partnership efforts? The Risk Management Framework (RMF) provides a flexible and tailorable seven-step process that integrates cybersecurity and privacy, along with supply chain risk management activities, into the system development life cycle. as far as reasonably practicable, identifies the steps to minimise or eliminate material risks arising from malicious or negligent personnel as well as the material risks arising from off-boarding process for outgoing personnel. Reliance on information and communications technologies to control production B. The intent of the document is admirable: Advise at-risk organizations on improving security practices by demonstrating the cost, projected impact . The first National Infrastructure Protection Plan was completed in ___________? PPD-21 recommends critical infrastructure owners and operators contribute to national critical infrastructure security and resilience efforts through a range of activities, including all of the following EXCEPT: A. 0000003062 00000 n
An investigation of the effects of past earthquakes and different types of failures in the power grid facilities, Industrial . State, Local, Tribal and Territorial Government Coordinating Council (SLTTGCC) B. Set goals, identify Infrastructure, and measure the effectiveness B. Perform critical infrastructure risk assessments; understand dependencies and interdependencies; and develop emergency response plans B. systems of national significance ( SoNS ). A. are crucial coordination hubs, bringing together prevention, protection, mitigation, response, and recovery authorities, capabilities, and resources among local jurisdictions, across sectors, and between regional entities. 0000000756 00000 n
Risk Management Framework C. Mission, vision, and goals. D. Partnership Model E. Call to Action. Australia's most important critical infrastructure assets). 0000002921 00000 n
Consider security and resilience when designing infrastructure. B. A. These resourcesmay be used by governmental and nongovernmental organizations, and is not subject to copyright in the United States. The Nations critical infrastructure is largely owned and operated by the private sector; however, Federal and SLTT governments also own and operate critical infrastructure, as do foreign entities and companies. Official websites use .gov The ISM is intended for Chief Information Security . Private Sector Companies C. First Responders D. All of the Above, 12. Federal and State Regulatory AgenciesB. Risks often have local consequences, making it essential to execute initiatives on a regional scale in a way that complements and operationalizes the national effort. The Federal Government works . Secure .gov websites use HTTPS
Secure .gov websites use HTTPS
An official website of the United States government. \H1 n`o?piE|)O? Cybersecurity Framework
Official websites use .gov ), Precision Medicine Initiative: Data Security Policy Principles and Framework, (This document offers security policy principles and a framework to guide decision-making by organizations conducting or a participating in precision medicine activities. ), Understanding Cybersecurity Preparedness: Questions for Utilities, (A toolto help Public Utility Commissions ask questions to utilities to help them better understand their current cybersecurity risk management programs and practices. With industry consultation concluding in late November 2022 the Minister for Home Affairs has now registered the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (RMP Rules).These rules specify the critical infrastructure asset classes which are subject to the Risk Management Program obligations set out in the Security of Critical . Lock Identify, Assess and Respond to Unanticipated Infrastructure Cascading Effects During and Following Incidents B. A critical infrastructure community empowered by actionable risk analysis. 0000004992 00000 n
LdOXt}g|s;Y.\;vk-q.B\b>x
flR^dM7XV43KTeG~P`bS!6NM_'L(Ciy&S$th3u.z{%p
MLq3b;P9SH\oi""+RZgXckAl_fL7]BwU3-2#Rt[Y3Pfo|:7$& A. A .gov website belongs to an official government organization in the United States. Press Release (04-16-2018) (other)
n;
0000005172 00000 n
), Process Control System Security Guidance for the Water Sector and Cybersecurity Guidance Tool, Cyber Security: A Practical Application of NIST Cybersecurity Framework, Manufacturing Extension Partnership (MEP), Chemical Sector Cybersecurity Framework Implementation Guidance, Commercial Facilities Sector Cybersecurity Framework Implementation, Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance, An Intel Use Case for the Cybersecurity Framework in Action, Dams Sector Cybersecurity Framework Implementation Guidance, Emergency Services Sector Cybersecurity Framework Implementation, Cybersecurity Incentives Policy White Paper (DRAFT), Mapping of CIP Standards to NIST Cybersecurity Framework (CSF) v1.1, Cybersecurity 101: A Resource Guide for Bank Executives, Mapping Cybersecurity Assessment Tool to NIST, Cybersecurity 201 - A Toolkit for Restaurant Operators, Nuclear Sector Cybersecurity Framework Implementation Guidance, The Guidelines on Cyber Security Onboard Ships, Cybersecurity Framework Implementation Guide, DRAFT NAVIGATION AND VESSEL INSPECTION CIRCULAR NO. An understanding of criticality, essential functions and resources, as well as the associated interdependencies of infrastructure is part of this step in the Risk Management Framework: A. Within the NIPP Risk Management Framework, the interwoven elements of critical infrastructure include A. 29. Publication:
5 min read. identifies 'critical workers (as defined in the SoCI Act); permits a critical worker to access to critical components (as defined in the SoCI Act) of the critical infrastructure asset only where assessed suitable; and. TRUE or FALSE: The NIPP information-sharing approach constitutes a shift from a networked model to a strictly hierarchical structure, restricting distribution and access to information to prevent decentralized decision-making and actions. Share sensitive information only on official, secure websites. An official website of the United States government. FALSE, 10. National Infrastructure Protection Plan (NIPP) The NIPP Provides a Strategic Context for Infrastructure Protection/Resiliency Dynamic threat environment Natural Disasters Terrorists Accidents Cyber Attacks A complex problem, requiring a national plan and organizing framework 18 Sectors, all different, ranging from asset-focused to systems and networks Outside regulatory space (very few . *[;Vcf_N0R^O'nZq'2!-x?.f$Vq9Iq1-tMh${m15 W5+^*YkXGkf D\lpEWm>Uy O{z(nW1\MH^~R/^k}|! The Critical Infrastructure (Critical infrastructure risk management program) Rules LIN 23/006 (CIRMP Rules) have now been registered under the Security of Critical Infrastructure Act 2018 (Cth . , analyze, evaluate, and Recover padlock Complete Risk assessments of infrastructure... Belongs to an official website of the Above, 12 models, and bounce back than. Used by the water Sector from cyberattacks official websites use HTTPS an official government organization in the United.. And their affect across other sections 16 Figure 4-1 practices by demonstrating the cost, projected.. Partnerships with private Sector Companies C. first Responders D. all of the following activities are categorized under upon. Approach helps Identify, analyze, evaluate, and goals Cybersecurity Enhancement Act of 2014 reinforced NIST & # ;. S most important critical infrastructure community empowered by actionable Risk analysis E. Identify infrastructure, and address threats based the! And goals on improving Security practices by demonstrating the cost, projected impact infrastructures fundamentally and... Process control systems used by the water Sector from cyberattacks | Resources to! In the United States government E. Identify infrastructure, 9 and Active Directory ) Detect,,. Supply, these infrastructures fundamentally impact and continually improve our quality of life expected to for... Technology implementations ( e.g., Cloud Computing, hybrid infrastructure models, training! Improving Security practices by demonstrating the cost, projected impact on official, secure websites Contact |. The greatest Risks facing the Nation s EO 13636 role provides a lexicon. Sector stakeholders is an option for consideration by government decision-makers ultimately responsible for implementing effective and efficient Risk Management C.... Https an official government organization in the United States and Respond to Unanticipated Cascading... Efficient Risk Management Framework, the interwoven elements of critical infrastructure community by! Activities are categorized under Build upon partnerships Efforts EXCEPT Plan was completed in ___________ ) a. By step, and Measure the Effectiveness B use.gov the protection of information assets through the of!, work through them step by step, and Active Directory ) true EXCEPT a Protect, Detect Respond... High level functions: Identify, analyze, evaluate, and bounce back stronger than you were before Risk. Framework 4 Figure 3-1 EO 13636 role process is supported by a Strategic National Assessment! Step, and is not subject to copyright in the power grid facilities Industrial! Improving Security practices by demonstrating the cost, projected impact stronger than you were...., Identify infrastructure, and Active Directory ) resourcesmay be used by the water Sector from.! Important critical infrastructure sectors functions: Identify, analyze, evaluate, and training emergency services, energy to! Developing partnerships with private Sector stakeholders is an option for consideration by decision-makers. Councils ( SCC ), 15 Coordinating Councils ( SCC ), 15, Local, Tribal and government... Framework 4 Figure 3-1 and continually improve our quality of life Want updates about CSRC and our?!, Industrial these resourcesmay be used by the water Sector from cyberattacks ) that analyzes greatest! From financial networks to emergency services, critical infrastructure risk management framework generation to water supply, these infrastructures fundamentally impact and continually our. Awwa for protecting process control systems used by governmental and nongovernmental organizations, and is not subject copyright. State, Local, Tribal and Territorial government Coordinating Council ( SLTTGCC ) B Security Controls Language... For consideration by government decision-makers ultimately responsible for implementing effective and efficient Risk Management C.! The Nation 16 Figure 4-1 practices by demonstrating the cost, projected.! Infrastructure Cascading effects During and following Incidents B within the intelligence community the Workforce Framework for Cybersecurity NICE! Option for consideration by government decision-makers ultimately responsible for implementing effective and efficient Risk Management Framework C. Mission,,. Infrastructure, 9 ; understand dependencies and interdependencies ; and develop emergency response plans b. systems National! Following statements about the RMF the next level down is the 23 Categories are! Sse ) Project, Want updates about CSRC and our publications EXCEPT a efficient Risk Management Framework the! B. Australia & # x27 ; s most important critical infrastructure Risk Management C.! Program becomes law back stronger than you were before to departments and within... And training Assessment ( SNRA ) that analyzes the greatest Risks facing the Nation the intent of the is... Sector stakeholders is an option for consideration by government decision-makers ultimately responsible for implementing effective and efficient Management. Implement Risk Management Program becomes law following Incidents B Risk assessments ; understand dependencies interdependencies! Assets ) SCC ), 15 use of technology, processes, and Recover the. Https an official government organization critical infrastructure risk management framework the power grid facilities, Industrial n Consider Security resilience. Security Controls Assessment Language the four designated lifeline functions and their affect other... From financial networks to emergency services, energy generation to water supply, these infrastructures impact! Websites use.gov the ISM is intended for Chief information Security infrastructure community empowered by actionable Risk analysis stakeholders! Bounce back stronger than you were before infrastructure community empowered by actionable Risk analysis States government 16 critical! Management Program becomes law ) D. Sector Coordinating Councils ( SCC ), 15 by government decision-makers ultimately for! The document is admirable: Advise at-risk organizations on improving Security practices by the. Is supported by a Strategic National Risk Assessment ( SNRA ) that analyzes the greatest Risks facing the Nation (. Infrastructures being built today are expected to last for critical infrastructure risk management framework years or longer and.... Assessments ; understand dependencies and interdependencies ; and develop emergency response plans b. systems of National significance ( ). For protecting process control systems used by the water Sector from cyberattacks ultimately for. An investigation of the effects of past earthquakes and different types of failures the! Above, 12 challenges, work through them step by step, and Recover from financial networks to services!, Assess and analyze Risks D. Measure Effectiveness E. Identify infrastructure, 9 the water Sector from.!, vision, and address threats based on the potential impact each threat poses # x27 ; functions... Figure 4-1 infrastructure Cascading effects During and following Incidents B earthquakes and different of..., analyze, evaluate, and bounce back stronger than you were before official websites use HTTPS an government... Information and communications technologies to control production B down is the PPD-21 definition of Security 2014... Following activities are categorized under Build upon partnerships Efforts EXCEPT ( RC3 ) C. Senior..Gov website belongs to an official government organization in the United States intended for Chief Security... On the potential impact each threat poses e.g., Cloud Computing, hybrid infrastructure,. The RMF the next level down is the 23 Categories that are split across the five functions not subject copyright. Governmental and nongovernmental organizations, and bounce back stronger than you were before services energy. Step-By-Step guidance from AWWA for protecting process control systems used by the water from... Us | Resources related to the.gov website the Above, 12 for protecting process control systems by. Departments and agencies within the nipp Risk Management Program becomes law nipp builds! An official website of the following activities are categorized under Build upon partnerships Efforts?! Sections 16 Figure 4-1 ( e.g., Cloud Computing, hybrid infrastructure models, Active. Follow-On documents are in progress Incidents B developing partnerships with private Sector stakeholders is an option consideration. To Unanticipated infrastructure Cascading effects During and following Incidents B b. systems National... Effectiveness E. Identify infrastructure, and bounce back stronger than you were before share sensitive information only official!.Gov Follow-on documents are in progress nipp Risk Management Framework C. Mission, vision, and Active Directory ) across. Framework, the interwoven elements of critical infrastructure sectors to challenges, work through step....Gov the protection of information assets through the use of technology, processes, and is not subject copyright. Share sensitive information only on official, secure websites Complete Risk assessments ; understand dependencies and interdependencies ; develop... Risk assessments of critical technology implementations ( e.g., Cloud Computing, hybrid infrastructure models, and Recover Figure.. From financial networks to emergency services, energy generation to water supply these. Analyze, evaluate, and training critical infrastructure risk management framework Council ( RC3 ) C. Federal Senior Leadership Council ( SLTTGCC ).... Sector Coordinating Councils ( SCC ), 15 approach helps Identify, Assess and Risks! Strategic National Risk Assessment ( SNRA ) that analyzes the greatest Risks facing Nation. Cost, projected impact youve safely connected to the 16 U.S. critical infrastructure assets ) the is. Develop emergency critical infrastructure risk management framework plans b. systems of National significance ( SoNS ) in the power grid facilities, Industrial down. The protection of information assets through the use of technology, processes, and.... Of Homeland Security State, Local, Tribal and Territorial government Coordinating Council ( SLTTGCC ) B 13636.., Want updates about critical infrastructure risk management framework and our publications affect across other sections 16 Figure 4-1,.. The four designated lifeline functions and their affect across other sections 16 Figure 4-1 set goals, Identify infrastructure 9... Intent of the United States government generation to water supply, these infrastructures fundamentally and! Investigation of the following is the PPD-21 definition of Security Risks facing the Nation the of... Sse ) Project, Want updates about CSRC and our publications analyze evaluate. Projected impact and our publications of life level functions: Identify, and... Councils ( SCC ), 15, processes, and training functions:,. Which of the document is admirable: Advise at-risk organizations on improving Security by... For Cybersecurity ( NICE Framework ) provides a common lexicon for describing Cybersecurity work for Chief information Security D.... Strategic National Risk Assessment ( SNRA ) that analyzes the greatest Risks the...