Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation

Synopsis

Machine generated contents note: pt. I ORIGINS OF HOMELAND SECURITY AND CRITICAL INFRASTRUCTURE PROTECTION POLICY -- 1. Origins of Critical Infrastructure Protection -- 1.1. Recognition -- 1.2. Natural Disaster Recovery -- 1.3. Definitional Phase -- 1.4. Public-Private Cooperation -- 1.5. Federalism: Whole of Government -- 1.6. Infrastructure Protection within DHS -- 1.7. Implementing a Risk Strategy -- 1.7.1. Risk-Informed Decision-Making -- 1.7.2. Resilience-Informed Decision-Making -- 1.7.3. Prevention or Response? -- 1.8. Analysis -- 1.8.1. The PPP Conundrum -- 1.8.2. The Information-Sharing Conundrum -- 1.8.3. Climate Change Conundrum -- 1.8.4. The Funding Conundrum -- 1.8.5. Spend 80% on 20% of the Country -- 1.9. Exercises -- References -- pt. II THEORY AND FOUNDATIONS -- 2. Risk Strategies -- 2.1. EUT -- 2.1.1. Threat -- Asset Pairs -- 2.2. PRA and Fault Trees -- 2.2.1. An Example: Your Car -- 2.3. MBRA and Resource Allocation -- 2.3.1. Another Example: Redundant Power 2.4. PRA in the Supply Chain -- 2.5. Protection versus Response -- 2.6. Threat is an Output -- 2.7. Bayesian Belief Networks -- 2.8. A BN for Threat -- 2.9. Risk of a Natural Disaster -- 2.10. Earthquakes -- 2.11. Black Swans and Risk -- 2.12. Black Swan Floods -- 2.13. Are Natural Disasters Getting Worse? -- 2.14. Black Swan Al Qaeda Attacks -- 2.15. Black Swan Pandemic -- 2.16. Risk and Resilience -- 2.17. Exercises -- References -- 3. Theories of Catastrophe -- 3.1. NAT -- 3.2. Blocks and Springs -- 3.3. Bak's Punctuated Equilibrium Theory -- 3.4. TOC -- 3.4.1. The State Space Diagram -- 3.5. The U.S. Electric Power Grid -- 3.6. POE -- 3.6.1. The Great Recessions -- 3.6.2. Too Much Money -- 3.7. Competitive Exclusion -- 3.7.1. Gause's Law -- 3.7.2. The Self-Organizing Internet -- 3.7.3. A Monoculture -- 3.8. POR -- 3.9. Resilience of Complex Infrastructure Systems -- 3.9.1. Expected Utility and Risk -- 3.9.2. SOC -- 3.9.3. TOC -- 3.9.4. POE and nonlinearity -- 3.9.5. CEP and loss of redundancy -- 3.9.6. POR and percolation 3.10. Emergence -- 3.10.1. Opposing Forces in Emergent CIKR -- 3.11. Exercises -- References -- 4. Complex CIKR Systems -- 4.1. CIKR as Networks -- 4.1.1. Emergence -- 4.1.2. Classes of CIKR Networks -- 4.1.3. Self-Organized Networks -- 4.2. Cascading CIKR Systems -- 4.2.1. The Fundamental Resilience Equation -- 4.2.2. Targeted Attacks -- 4.3. Network Row Resilience -- 4.4. Paradox of Redundancy -- 4.4.1. Link Percolation and Robustness -- 4.4.2. Node Percolation and Robustness -- 4.4.3. Blocking Nodes -- 4.5. Network Risk -- 4.5.1. Crude Oil and KeystoneXL -- 4.5.2. MBRA Network Resource Allocation -- 4.6. Exercises -- Reference -- pt. III INDIVIDUAL SECTORS -- 5. Communications -- 5.1. Early Years -- 5.2. Regulatory Structure -- 5.3. The Architecture of the Communication Sector -- 5.3.1. Physical Infrastructure -- 5.3.2. Wireless Networks -- 5.3.3. Extraterrestrial Communication -- 5.3.4. LESs -- 5.3.5. Cellular Networks -- 5.3.6. Generations -- 5.3.7. Wi-Fi Technology -- 5.4. Risk Analysis -- 5.4.1. Importance of Carrier Hotels 5.4.2. Network Analysis -- 5.4.3. Flow Analysis -- 5.4.4. Robustness -- 5.4.5. HPM Attacks -- 5.5. Cellular Network Threats -- 5.5.1. Cyber Threats -- 5.5.2. HPM-Like Threats -- 5.5.3. Physical Threats -- 5.6. Analysis -- 5.7. Exercises -- References -- 6. Internet -- 6.1. Internet as a Disruptive Technology -- 6.2. The Autonomous System Network -- 6.2.1. The AS500 Network -- 6.3. Origins of TCP/IP -- 6.3.1. DNS Basics -- 6.4. Internet Standards -- 6.4.1. Email -- 6.4.2. TCP/IP -- 6.5. Toward Commercialization -- 6.6. The WWW -- 6.7. Internet Governance -- 6.7.1. IAB and IETF -- 6.7.2. ICANN Wars -- 6.7.3. ISOC -- 6.7.4. W3C -- 6.7.5. A Final Example -- 6.8. Analysis -- 6.9. Exercises -- References -- 7. Cyber Threats -- 7.1. Script Kiddies and Black-Hats -- 7.1.1. Script-Kiddies -- 7.1.2. Black-Hats -- 7.1.3. Weaponized Exploits -- 7.2. Tools of the Trade -- 7.2.1. The First Exploit -- 7.2.2. TCP/IP Flaws -- 7.2.3. Open Ports -- 7.2.4. Buffer Overflow Exploits -- 7.2.5. DDoS Attacks -- 7.2.6. E-mail Exploits 7.2.7. Flawed Application and System Software -- 7.3. Botnets -- 7.4. Cyber Risk Analysis -- 7.5. Cyber Infrastructure Risk -- 7.5.1. Blocking Node Analysis -- 7.6. Analysis -- 7.7. Exercises -- References -- 8. Information Technology -- 8.1. Principles of IT Security -- 8.2. Enterprise Systems -- 8.2.1. Loss of Service -- 8.2.2. Loss of Data -- 8.2.3. Loss of Security -- 8.3. Cyber Defense -- 8.3.1. Authenticate Users -- 8.3.2. Tp -- 8.3.3. Inside the DMZ -- 8.4. Basics of Encryption -- 8.4.1. DES -- 8.4.2. 3DES -- 8.4.3. AES -- 8.5. Asymmetric Encryption -- 8.5.1. Public Key Encryption -- 8.6. RSA Illustrated -- 8.7. PKI -- 8.7.1. Definition of PKI -- 8.7.2. Certificates -- 8.8. Countermeasures -- 8.9. Exercises -- References -- 9. Cybersecurity Policy -- 9.1. A National Priority and a (Familiar) Call to Arms -- 9.1.1. Infrastructure as Target: From Hypothetical Concern to a Growing Threat -- 9.1.2. A Difficult Terrain: Convergence, Attribution, and the Production of Cyber Weapons -- 9.2. Rewriting Cybersecurity Policy: The Difficulty of Reform 9.2.1. A False Start: The Cybersecurity Act of 2012 -- 9.2.2. EO 13636: Improving Critical Infrastructure Cybersecurity -- 9.2.3. The NIST Framework: The Peril and the Promise of Voluntary Standards -- 9.2.4. ECS: The Possibilities and Limits of Information Sharing -- 9.3. Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing -- and Difficult -- Evolution -- 9.3.1. Policy Options: Looking Forward -- 9.4. Exercises -- References -- 10. Supervisory Control and Data Acquisition -- 10.1. What is SCADA? -- 10.2. SCADA versus Enterprise Computing Differences -- 10.3. Common Threats -- 10.4. Who is in Charge? -- 10.5. SCADA Everywhere -- 10.6. SCADA Risk Analysis -- 10.7. San Francisco Public Utilities Commission SCADA Redundancy -- 10.7.1. Redundancy as a Resiliency Mechanism -- 10.7.2. Risk Reduction and Resource Allocation -- 10.8. Analysis -- 10.9. Exercises -- 11. Water and Water Treatment -- 11.1. From Germs to Terrorists -- 11.1.1. SDWA -- 11.1.2. The Water Information Sharing and Analysis Center -- 11.2. Foundations: SDWA of 1974 -- 11.3. The Bioterrorism Act of 2002 11.3.1. Is Water for Drinking? -- 11.4. The Architecture of Water Systems -- 11.4.1. The Law of the River -- 11.5. The Hetch Hetchy Network -- 11.5.1. Betweenness Analysis -- 11.6. Cascade Analysis -- 11.6.1. Multidimensional Analysis -- 11.6.2. Blocking Nodes -- 11.7. Hetch Hetchy Investment Strategies -- 11.7.1. The Rational Actor Attacker -- 11.8. Hetch Hetchy Threat Analysis -- 11.8.1. Chem -- Bio Threats -- 11.8.2. Earthquake Threats -- 11.8.3. Allocation to Harden Threat -- Asset Pairs -- 11.9. Analysis -- 11.10. Exercises -- References -- 12. Energy -- 12.1. Energy Fundamentals -- 12.2. Regulatory Structure of the Energy Sector -- 12.2.1. Evolution of Energy Regulation -- 12.2.2. Other Regulation -- 12.2.3. The Electric Sector ISAC -- 12.3. Interdependent Coal -- 12.3.1. Interdependency with Transportation -- 12.4. The Rise of Oil and the Automobile -- 12.4.1. Oil -- 12.4.2. Ng -- 12.5. Energy Supply Chains -- 12.5.1. Petroleum Administration for Defense Districts -- 12.5.2. Refineries -- 12.5.3. Transmission -- 12.5.4. Transport4 12.5.5. Storage -- 12.5.6. NG Supply Chains -- 12.5.7. SCADA -- 12.6. The Critical Gulf of Mexico Cluster -- 12.6.1. Refineries -- 12.6.2. Transmission Pipelines -- 12.6.3. Storage -- 12.7. Threat Analysis of the Gulf of Mexico Supply Chain -- 12.8. Network Analysis of the Gulf of Mexico Supply Chain -- 12.9. The KeystoneXL Pipeline Controversy -- 12.10. The NG Supply Chain -- 12.11. Analysis -- 12.12. Exercises -- References -- 13. Electric Power -- 13.1. The Grid -- 13.2. From Death Rays to Vertical Integration -- 13.2.1. Early Regulation -- 13.2.2. Deregulation and EPACT 1992 -- 13.2.3. Energy Sector ISAC -- 13.3. Out of Orders 888 and 889 Comes Chaos -- 13.3.1. Economics versus Physics -- 13.3.2. Betweenness Increases SOC -- 13.4. The North American Grid -- 13.4.1. ACE and Kirchhoff's Law -- 13.5. Anatomy of a Blackout -- 13.5.1. What Happened on August 14th, 2003 -- 13.6. Threat Analysis -- 13.6.1. Attack Scenario 1: Disruption of Fuel Supply to Power Plants -- 13.6.2. Attack Scenario 2: Destruction of Major Transformers 13.6.3. Attack Scenario 3: Disruption of SCADA Communications -- 13.6.4. Attack Scenario 4: Creation of a Cascading Transmission Failure -- 13.7. Risk Analysis -- 13.8. Analysis of WECC -- 13.9. Analysis -- 13.10. Exercises -- References -- 14. Healthcare and Public Health -- 14.1. The Sector Plan -- 14.2. Roemer's Model -- 14.2.1. Components of Roemer's Model -- 14.3. The Complexity of Public Health -- 14.4. Risk Analysis of HPH Sector -- 14.5. Bioterrorism -- 14.5.1. Classification of Biological Agents -- 14.6. Epidemiology -- 14.6.1. The Kermack -- McKendrick Model -- 14.6.2. SARS -- 14.7. Predicting Pandemics -- 14.7.1. The Levy Right Theory of Pandemics -- 14.8. Biosurveillance -- 14.8.1. Healthmap -- 14.8.2. Big Data 16.1.3. The Perils of Efficient Supply Chains -- 16.2. The WTW -- 16.2.1. Economic Contagions -- 16.3. Risk Assessment -- 16.3.1. MSRAM -- 16.3.2. PROTECT -- 16.4. Analysis -- 16.5. Exercises -- References -- 17. Banking and Finance -- 17.1. The Financial System -- 17.1.1. Federal Reserve versus U.S. Treasury -- 17.1.2. Operating the System -- 17.1.3. Balancing the Balance Sheet -- 17.1.4. Paradox of Enrichment -- 17.2. Financial Networks -- 17.2.1. FedWire -- 17.2.2. TARGET -- 17.2.3. SWIFT -- 17.2.4. Credit Card Networks -- 17.2.5. 3-D Secure Payment -- 17.3. Virtual Currency -- 17.4. Hacking the Financial Network -- 17.5. Hot Money -- 17.5.1. The Dutch Disease -- 17.6. The End of Stimulus? -- 17.7. Fractal Markets -- 17.7.1. EMH -- 17.7.2. FMH -- 17.7.3. Predicting Collapse -- 17.8. Exercises -- References -- Appendix A Math: Probability Primer -- A.1. A Priori Probability -- A.2. A Posteriori Probability A.3. Random Networks -- A.4. Conditional Probability -- A.5. Bayesian Networks -- A.6. Bayesian Reasoning -- References -- Further Reading -- Appendix B Math: Risk and Resilience -- B.1. EUT -- B.1.1. Fault Trees -- B.1.2. Fault Tree Minimization -- B.1.3. XOR Fault Tree Allocation Algorithm -- B.2. Bayesian Estimation -- B.2.1. Bayesian Networks -- B.3. Exceedence Probability and Probable Maximum Loss Risk -- B.3.1. Modeling EP -- B.3.2. Estimating EP from Data -- B.3.3. How to Process Time-Series Data -- B.4. Network Risk -- B.5. MBRA -- B.5.1. Network Resource Allocation -- B.5.2. Simulation -- B.5.3. Cascade Risk -- B.5.4. Flow Risk -- References -- Appendix C Math: Spectral Radius -- C.1. Network as Matrix -- C.2. Matrix Diagonalization -- C.3. Relationship to Risk and Resilience -- C.3.1. Equation 1 -- C.3.2. Equation 2 -- Appendix D Math: Tragedy of the Commons -- D.1. Lotka -- Volterra Model -- D.2. Hopf -- Holling Model. Ted G. Lewis. Includes bibliographical references and index.