You are previewing Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, 2nd Edition.
O'Reilly logo
Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, 2nd Edition

Book Description

"...excellent for use as a text in information assurance or cyber-security courses...I strongly advocate that professors...examine this book with the intention of using it in their programs." (Computing Reviews.com, March 22, 2007)

"The book is written as a student textbook, but it should be equally valuable for current practitioners...this book is a very worthwhile investment." (Homeland Security Watch, August 17, 2006)

While the emphasis is on the development of policies that lead to successful prevention of terrorist attacks on the nation's infrastructure, this book is the first scientific study of critical infrastructures and their protection. The book models the nation's most valuable physical assets and infrastructure sectors as networks of nodes and links. It then analyzes the network to identify vulnerabilities and risks in the sector combining network science, complexity theory, modeling and simulation, and risk analysis.

The most critical components become the focus of deeper analysis and protection. This approach reduces the complex problem of protecting water supplies, energy pipelines, telecommunication stations, Internet and Web networks, and power grids to a much simpler problem of protecting a few critical nodes. The new edition incorporates a broader selection of ideas and sectors and moves the mathematical topics into several appendices.

Table of Contents

  1. Cover
  2. Title page
  3. Copyright page
  4. Preface
  5. How to Use this Book
    1. References
  6. Acknowledgment
  7. Part I: Origins of Homeland Security and Critical Infrastructure Protection Policy
    1. 1 Origins of Critical Infrastructure Protection
      1. 1.1 Recognition
      2. 1.2 Natural Disaster Recovery
      3. 1.3 Definitional Phase
      4. 1.4 Public–Private Cooperation
      5. 1.5 Federalism: Whole of Government
      6. 1.6 Infrastructure Protection within DHS
      7. 1.7 Implementing a Risk Strategy
      8. 1.8 Analysis
      9. 1.9 Exercises
      10. References
  8. Part II: Theory and Foundations
    1. 2 Risk Strategies
      1. 2.1 EUT
      2. 2.2 PRA and Fault Trees
      3. 2.3 MBRA and Resource Allocation
      4. 2.4 PRA in the Supply Chain
      5. 2.5 Protection versus Response
      6. 2.6 Threat Is an Output
      7. 2.7 Bayesian Belief Networks
      8. 2.8 A BN for Threat
      9. 2.9 Risk of a Natural Disaster
      10. 2.10 Earthquakes
      11. 2.11 Black Swans and Risk
      12. 2.12 Black Swan Floods
      13. 2.13 Are Natural Disasters Getting Worse?
      14. 2.14 Black Swan al Qaeda Attacks
      15. 2.15 Black Swan Pandemic
      16. 2.16 Risk and Resilience
      17. 2.17 Exercises
      18. References
    2. 3 Theories of Catastrophe
      1. 3.1 NAT
      2. 3.2 Blocks and Springs
      3. 3.3 Bak’s Punctuated Equilibrium Theory
      4. 3.4 TOC
      5. 3.5 The U.S. Electric Power Grid
      6. 3.6 POE
      7. 3.7 Competitive Exclusion
      8. 3.8 POR
      9. 3.9 Resilience of Complex Infrastructure Systems
      10. 3.10 Emergence
      11. 3.11 Exercises
      12. References
    3. 4 Complex CIKR Systems
      1. 4.1 CIKR as Networks
      2. 4.2 Cascading CIKR Systems
      3. 4.3 Network Flow Resilience
      4. 4.4 Paradox of Redundancy
      5. 4.5 Network Risk
      6. 4.6 Exercises
      7. Reference
  9. Part III: Individual Sectors
    1. 5 Communications
      1. 5.1 Early Years
      2. 5.2 Regulatory Structure
      3. 5.3 The Architecture of the Communication Sector
      4. 5.4 Risk Analysis
      5. 5.5 Cellular Network Threats
      6. 5.6 Analysis
      7. 5.7 Exercises
      8. References
    2. 6 Internet
      1. 6.1 Internet as a Disruptive Technology
      2. 6.2 The Autonomous System Network
      3. 6.3 Origins of TCP/IP
      4. 6.4 Internet Standards
      5. 6.5 Toward Commercialization
      6. 6.6 The WWW
      7. 6.7 Internet Governance
      8. 6.8 Analysis
      9. 6.9 Exercises
      10. References
    3. 7 Cyber Threats
      1. 7.1 Script Kiddies and Black-Hats
      2. 7.2 Tools of the Trade
      3. 7.3 Botnets
      4. 7.4 Cyber Risk Analysis
      5. 7.5 Cyber Infrastructure Risk
      6. 7.6 Analysis
      7. 7.7 Exercises
      8. References
    4. 8 Information Technology
      1. 8.1 Principles of IT Security
      2. 8.2 Enterprise Systems
      3. 8.3 Cyber Defense
      4. 8.4 Basics of Encryption
      5. 8.5 Asymmetric Encryption
      6. 8.6 RSA Illustrated
      7. 8.7 PKI
      8. 8.8 Countermeasures
      9. 8.9 Exercises
      10. References
    5. 9 Cybersecurity Policy
      1. 9.1 A National Priority and a (Familiar) Call to Arms
      2. 9.2 Rewriting Cybersecurity Policy: The Difficulty of Reform
      3. 9.3 Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing—and Difficult—Evolution
      4. 9.4 Exercises
      5. References
    6. 10 Supervisory Control and Data Acquisition
      1. 10.1 What Is SCADA?
      2. 10.2 SCADA versus Enterprise Computing Differences
      3. 10.3 Common Threats
      4. 10.4 Who Is in Charge?
      5. 10.5 SCADA Everywhere
      6. 10.6 SCADA Risk Analysis
      7. 10.7 San Francisco Public Utilities Commission SCADA Redundancy
      8. 10.8 Analysis
      9. 10.9 Exercises
    7. 11 Water and Water Treatment
      1. 11.1 From Germs to Terrorists
      2. 11.2 Foundations: SDWA of 1974
      3. 11.3 The Bioterrorism Act of 2002
      4. 11.4 The Architecture of Water Systems
      5. 11.5 The Hetch Hetchy Network
      6. 11.6 Cascade Analysis
      7. 11.7 Hetch Hetchy Investment Strategies
      8. 11.8 Hetch Hetchy Threat Analysis
      9. 11.9 Analysis
      10. 11.10 Exercises
      11. References
    8. 12 Energy
      1. 12.1 Energy Fundamentals
      2. 12.2 Regulatory Structure of the Energy Sector
      3. 12.3 Interdependent Coal
      4. 12.4 The Rise of Oil and the Automobile
      5. 12.5 Energy Supply Chains
      6. 12.6 The Critical Gulf of Mexico Cluster
      7. 12.7 Threat Analysis of the Gulf of Mexico Supply Chain
      8. 12.8 Network Analysis of the Gulf of Mexico Supply Chain
      9. 12.9 The KEYSTONEXL Pipeline Controversy
      10. 12.10 The NG Supply Chain
      11. 12.11 Analysis
      12. 12.12 Exercises
      13. References
    9. 13 Electric Power
      1. 13.1 The Grid
      2. 13.2 From Death Rays to Vertical Integration
      3. 13.3 Out of Orders 888 and 889 Comes Chaos
      4. 13.4 The North American Grid
      5. 13.5 Anatomy of a Blackout
      6. 13.6 Threat Analysis
      7. 13.7 Risk Analysis
      8. 13.8 Analysis of WECC
      9. 13.9 Analysis
      10. 13.10 Exercises
      11. References
    10. 14 Healthcare and Public Health
      1. 14.1 The Sector Plan
      2. 14.2 Roemer's Model
      3. 14.3 The Complexity of Public Health
      4. 14.4 Risk Analysis of HPH Sector
      5. 14.5 Bioterrorism
      6. 14.6 Epidemiology
      7. 14.7 Predicting Pandemics
      8. 14.8 Biosurveillance
      9. 14.9 Network Pandemics
      10. 14.10 The World Travel Network
      11. 14.11 Exercises
      12. References
    11. 15 Transportation
      1. 15.1 Transportation under Transformation
      2. 15.2 The Road to Prosperity
      3. 15.3 Rail
      4. 15.4 Air
      5. 15.5 Airport Games
      6. 15.6 Exercises
      7. References
    12. 16 Supply Chains
      1. 16.1 The World Is Flat but Tilted
      2. 16.2 The WTW
      3. 16.3 Risk Assessment
      4. 16.4 Analysis
      5. 16.5 Exercises
      6. References
    13. 17 Banking and Finance
      1. 17.1 The Financial System
      2. 17.2 Financial Networks
      3. 17.3 Virtual Currency
      4. 17.4 Hacking the Financial Network
      5. 17.5 Hot Money
      6. 17.6 The End of Stimulus?
      7. 17.7 Fractal Markets
      8. 17.8 Exercises
      9. References
  10. Appendix A: Math: Probability Primer
    1. A.1 A Priori Probability
    2. A.2 A Posteriori Probability
    3. A.3 Random Networks
    4. A.4 Conditional Probability
    5. A.5 Bayesian Networks
    6. A.6 Bayesian Reasoning
    7. References
    8. Further Reading
  11. Appendix B: Math: Risk and Resilience
    1. B.1 EUT
    2. B.2 Bayesian Estimation
    3. B.3 Exceedence Probability and Probable Maximum Loss Risk
    4. B.4 Network Risk
    5. B.5 MBRA
    6. References
  12. Appendix C: Math: Spectral Radius
    1. C.1 Network as Matrix
    2. C.2 Matrix Diagonalization
    3. C.3 Relationship to Risk and Resilience
  13. Appendix D: Math: Tragedy of the Commons
    1. D.1 Lotka–Volterra Model
    2. D.2 Hopf–Holling Model
  14. Appendix E: Glossary
  15. Index
  16. End User License Agreement