Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, Second Edition
Buy Rights Online Buy Rights

Rights Contact Login For More Details

More About This Title Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, Second Edition

English

"...excellent for use as a text in information assurance or cyber-security courses...I strongly advocate that professors...examine this book with the intention of using it in their programs." (Computing Reviews.com, March 22, 2007)

"The book is written as a student textbook, but it should be equally valuable for current practitioners...this book is a very worthwhile investment." (Homeland Security Watch, August 17, 2006)

While the emphasis is on the development of policies that lead to successful prevention of terrorist attacks on the nation’s infrastructure, this book is the first scientific study of critical infrastructures and their protection. The book models the nation’s most valuable physical assets and infrastructure sectors as networks of nodes and links. It then analyzes the network to identify vulnerabilities and risks in the sector combining network science, complexity theory, modeling and simulation, and risk analysis.

The most critical components become the focus of deeper analysis and protection. This approach reduces the complex problem of protecting water supplies, energy pipelines, telecommunication stations, Internet and Web networks, and power grids to a much simpler problem of protecting a few critical nodes. The new edition incorporates a broader selection of ideas and sectors and moves the mathematical topics into several appendices.

English

Ted Lewis has over 35 published books to his credit, and extensive experience in both industry and academia. He served as a senior executive in DaimlerChrysler Corp, Eastman Kodak Company, and Oregon Advanced Computing Institute, as well as a professor of computer science at the University of Missouri-Rolla, University of Louisiana, Oregon State University, and the Naval Postgraduate School. Lewis was Editor-in-Chief of IEEE Software Magazine, IEEE Computer Magazine, and founded several of its periodicals.

English

Preface xiv

How to Use this Book xvii

Acknowledgment xix

Part I Origins of Homeland Security and Critical Infrastructure Protection Policy 1

1 Origins of Critical Infrastructure Protection 3

1.1 Recognition, 4

1.2 Natural Disaster Recovery, 5

1.3 Definitional Phase, 7

1.4 Public–Private Cooperation, 9

1.5 Federalism: Whole of Government, 10

1.6 Infrastructure Protection within DHS, 11

1.7 Implementing a Risk Strategy, 12

1.8 Analysis, 16

1.9 Exercises, 18

References, 19

Part II Theory and Foundations 21

2 R isk Strategies 23

2.1 EUT, 25

2.2 PRA and Fault Trees, 27

2.3 MBRA and Resource Allocation, 28

2.4 PRA in the Supply Chain, 31

2.5 Protection versus Response, 31

2.6 Threat is an Output, 32

2.7 Bayesian Belief Networks, 33

2.8 A BN for Threat, 33

2.9 Risk of a Natural Disaster, 34

2.10 Earthquakes, 35

2.11 Black Swans and Risk, 36

2.12 Black Swan Floods, 36

2.13 Are Natural Disasters Getting Worse? 37

2.14 Black Swan Al Qaeda Attacks, 37

2.15 Black Swan Pandemic, 38

2.16 Risk and Resilience, 40

2.17 Exercises, 41

References, 42

3 Theories of Catastrophe 43

3.1 NAT, 44

3.2 Blocks and Springs, 46

3.3 Bak’s Punctuated Equilibrium Theory, 47

3.4 TOC, 50

3.5 The U.S. Electric Power Grid, 52

3.6 POE, 53

3.7 Competitive Exclusion, 56

3.8 POR, 58

3.9 Resilience of Complex Infrastructure Systems, 59

3.10 Emergence, 61

3.11 Exercises, 62

References, 63

4 Complex CIKR Systems 64

4.1 CIKR as Networks, 66

4.2 Cascading CIKR Systems, 73

4.3 Network Flow Resilience, 79

4.4 Paradox of Redundancy, 80

4.5 Network Risk, 83

4.6 Exercises, 88

Reference, 89

Part III Individua l Sectors 91

5 Communications 93

5.1 Early Years, 94

5.2 Regulatory Structure, 96

5.3 The Architecture of the Communication Sector, 98

5.4 Risk Analysis, 102

5.5 Cellular Network Threats, 108

5.6 Analysis, 109

5.7 Exercises, 109

References, 110

6 Internet 111

6.1 Internet as a Disruptive Technology, 113

6.2 The Autonomous System Network, 114

6.3 Origins of TCP/IP, 116

6.4 Internet Standards, 118

6.5 Toward Commercialization, 119

6.6 The WWW, 120

6.7 Internet Governance, 121

6.8 Analysis, 126

6.9 Exercises, 126

References, 127

7 Cyber Threats 128

7.1 Script Kiddies and Black-Hats, 129

7.2 Tools of the Trade, 130

7.3 Botnets, 138

7.4 Cyber Risk Analysis, 138

7.5 Cyber Infrastructure Risk, 140

7.6 Analysis, 142

7.7 Exercises, 143

References, 144

8 Information Technology 145

8.1 Principles of IT Security, 146

8.2 Enterprise Systems, 147

8.3 Cyber Defense, 148

8.4 Basics of Encryption, 151

8.5 Asymmetric Encryption, 153

8.6 RSA Illustrated, 156

8.7 PKI, 157

8.8 Countermeasures, 159

8.9 Exercises, 161

References, 162

9 Cybersecurity Policy 163

9.1 A National Priority and a (Familiar) Call to Arms, 164

9.2 Rewriting Cybersecurity Policy: The Difficulty of Reform, 167

9.3 Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing—and Difficult—Evolution, 174

9.4 Exercises, 176

References, 176

10 Supervisory Control and Data Acquisition 179

10.1 What is SCADA? 180

10.2 SCADA versus Enterprise Computing Differences, 181

10.3 Common Threats, 182

10.4 Who is in Charge? 183

10.5 SCADA Everywhere, 184

10.6 SCADA Risk Analysis, 185

10.7 San Francisco Public Utilities Commission SCADA Redundancy, 189

10.8 Analysis, 192

10.9 Exercises, 194

11 Water and Water Treatment 195

11.1 From Germs to Terrorists, 196

11.2 Foundations: SDWA of 1974, 198

11.3 The Bioterrorism Act of 2002, 199

11.4 The Architecture of Water Systems, 200

11.5 The Hetch Hetchy Network, 201

11.6 Cascade Analysis, 203

11.7 Hetch Hetchy Investment Strategies, 204

11.8 Hetch Hetchy Threat Analysis, 207

11.9 Analysis, 210

11.10 Exercises, 210

References, 212

12 Energy 213

12.1 Energy Fundamentals, 214

12.2 Regulatory Structure of the Energy Sector, 216

12.3 Interdependent Coal, 218

12.4 The Rise of Oil and the Automobile, 218

12.5 Energy Supply Chains, 220

12.6 The Critical Gulf of Mexico Cluster, 223

12.7 Threat Analysis of the Gulf of Mexico Supply Chain, 229

12.8 Network Analysis of the Gulf of Mexico Supply Chain, 230

12.9 The KeystoneXL Pipeline Controversy, 232

12.10 The NG Supply Chain, 232

12.11 Analysis, 234

12.12 Exercises, 234

References, 235

13 Electric Power 236

13.1 The Grid, 237

13.2 From Death Rays to Vertical Integration, 238

13.3 Out of Orders 888 and 889 Comes Chaos, 241

13.4 The North American Grid, 244

13.5 Anatomy of a Blackout, 246

13.6 Threat Analysis, 249

13.7 Risk Analysis, 251

13.8 Analysis of WECC, 252

13.9 Analysis, 254

13.10 Exercises, 255

References, 257

14 Healthcare and Public Health 258

14.1 The Sector Plan, 259

14.2 Roemer’s Model, 260

14.3 The Complexity of Public Health, 262

14.4 Risk Analysis of HPH Sector, 263

14.5 Bioterrorism, 263

14.6 Epidemiology, 266

14.7 Predicting Pandemics, 267

14.8 Biosurveillance, 270

14.9 Network Pandemics, 272

14.10 The World Travel Network, 273

14.11 Exercises, 274

References, 276

15 Transportation 277

15.1 Transportation under Transformation, 279

15.2 The Road to Prosperity, 281

15.3 Rail, 284

15.4 Air, 288

15.5 Airport Games, 292

15.6 Exercises, 294

References, 295

16 Supply Chains 296

16.1 The World is Flat but Tilted, 297

16.2 The WTW, 301

16.3 Risk Assessment, 304

16.4 Analysis, 307

16.5 Exercises, 308

References, 308

17 Banking and Finance 310

17.1 The Financial System, 312

17.2 Financial Networks, 316

17.3 Virtual Currency, 318

17.4 Hacking the Financial Network, 320

17.5 Hot Money, 320

17.6 The End of Stimulus?, 323

17.7 Fractal Markets, 323

17.8 Exercises, 327

References, 329

Appendix A: Math: Probability Primer 330

A.1 A Priori Probability, 330

A.2 A Posteriori Probability, 332

A.3 Random Networks, 334

A.4 Conditional Probability, 334

A.5 Bayesian Networks, 335

A.6 Bayesian Reasoning, 336

References, 338

Further Reading, 338

Appendix B: Math: Risk and Resilience 340

B.1 EUT, 340

B.2 Bayesian Estimation, 342

B.3 Exceedence Probability and Probable Maximum Loss Risk, 344

B.4 Network Risk, 347

B.5 MBRA, 349

References, 353

Appendix C: Math: Spectral Radius 355

C.1 Network as Matrix, 355

C.2 Matrix Diagonalization, 355

C.3 Relationship to Risk and Resilience, 357

Appendix D: Math: Tragedy of the Commons 359

D.1 Lotka–Volterra Model, 359

D.2 Hopf–Holling Model, 359

Appendix E: Glossary 361

Index 363

loading