| Description |
1 online resource |
| Contents |
Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation -- Copyright -- Contents -- Preface -- How to Use this Book -- Acknowledgment -- Part I Origins of Homeland Security and Critical Infrastructure Protection Policy -- Chapter 1 Origins of Critical Infrastructure Protection -- 1.1 Recognition -- 1.2 Natural Disaster Recovery -- 1.3 Definitional Phase -- 1.4 Public-Private Cooperation -- 1.5 Federalism: Whole of Government -- 1.6 Infrastructure Protection within DHS -- 1.7 Implementing a Risk Strategy -- 1.7.1 Risk-Informed Decision-Making -- 1.7.2 Resilience-Informed Decision-Making -- 1.7.3 Prevention or Response? -- 1.8 Analysis -- 1.8.1 The PPP Conundrum -- 1.8.2 The Information-Sharing Conundrum -- 1.8.3 Climate Change Conundrum -- 1.8.4 The Funding Conundrum -- 1.8.5 Spend 80% on 20% of the Country -- 1.9 Exercises -- References -- Part II Theory and Foundations -- Chapter 2 Risk Strategies -- 2.1 EUT -- 2.1.1 Threat-Asset Pairs -- 2.2 PRA and Fault Trees -- 2.2.1 An Example: Your Car -- 2.3 MBRA and Resource Allocation -- 2.3.1 Another Example: Redundant Power -- 2.4 PRA in the Supply Chain -- 2.5 Protection versus Response -- 2.6 Threat Is an Output -- 2.7 Bayesian Belief Networks -- 2.8 A BN for Threat -- 2.9 Risk of a Natural Disaster -- 2.10 Earthquakes -- 2.11 Black Swans and Risk -- 2.12 Black Swan Floods -- 2.13 Are Natural Disasters Getting Worse? -- 2.14 Black Swan al Qaeda Attacks -- 2.15 Black Swan Pandemic -- 2.16 Risk and Resilience -- 2.17 Exercises -- References -- Chapter 3 Theories of Catastrophe -- 3.1 NAT -- 3.2 Blocks and Springs -- 3.3 Bak's Punctuated Equilibrium Theory -- 3.4 TOC -- 3.4.1 The State Space Diagram -- 3.5 The U.S. Electric Power Grid -- 3.6 POE -- 3.6.1 The Great Recessions -- 3.6.2 Too Much Money -- 3.7 Competitive Exclusion -- 3.7.1 Gause's Law |
|
3.7.2 The Self-Organizing Internet -- 3.7.3 A Monoculture -- 3.8 POR -- 3.9 Resilience of Complex Infrastructure Systems -- 3.9.1 Expected Utility and Risk -- 3.9.2 SOC -- 3.9.3 TOC -- 3.9.4 POE and nonlinearity -- 3.9.5 CEP and loss of redundancy -- 3.9.6 POR and percolation -- 3.10 Emergence -- 3.10.1 Opposing Forces in Emergent CIKR -- 3.11 Exercises -- References -- Chapter 4 Complex CIKR Systems -- 4.1 CIKR as Networks -- 4.1.1 Emergence -- 4.1.2 Classes of CIKR Networks -- 4.1.3 Self-Organized Networks -- 4.2 Cascading CIKR Systems -- 4.2.1 The Fundamental Resilience Equation -- 4.2.2 Targeted Attacks -- 4.3 Network Flow Resilience -- 4.4 Paradox of Redundancy -- 4.4.1 Link Percolation and Robustness -- 4.4.2 Node Percolation and Robustness -- 4.4.3 Blocking Nodes -- 4.5 Network Risk -- 4.5.1 Crude Oil and KeystoneXL -- 4.5.2 MBRA Network Resource Allocation -- 4.6 Exercises -- Reference -- Part III Individual Sectors -- Chapter 5 Communications -- 5.1 Early Years -- 5.2 Regulatory Structure -- 5.3 The Architecture of the Communication Sector -- 5.3.1 Physical Infrastructure -- 5.3.2 Wireless Networks -- 5.3.3 Extraterrestrial Communication -- 5.3.4 LESs -- 5.3.5 Cellular Networks -- 5.3.6 Generations -- 5.3.7 Wi-Fi Technology -- 5.4 Risk Analysis -- 5.4.1 Importance of Carrier Hotels -- 5.4.2 Network Analysis -- 5.4.3 Flow Analysis -- 5.4.4 Robustness -- 5.4.5 HPM Attacks -- 5.5 Cellular Network Threats -- 5.5.1 Cyber Threats -- 5.5.2 HPM-Like Threats -- 5.5.3 Physical Threats -- 5.6 Analysis -- 5.7 Exercises -- References -- Chapter 6 Internet -- 6.1 Internet as a Disruptive Technology -- 6.2 The Autonomous System Network -- 6.2.1 The AS500 Network -- 6.3 Origins of TCP/IP -- 6.3.1 DNS Basics -- 6.4 Internet Standards -- 6.4.1 Email -- 6.4.2 TCP/IP -- 6.5 Toward Commercialization -- 6.6 The WWW -- 6.7 Internet Governance -- 6.7.1 IAB and IETF |
|
6.7.2 ICANN Wars -- 6.7.3 ISOC -- 6.7.4 W3C -- 6.7.5 A Final Example -- 6.8 Analysis -- 6.9 Exercises -- References -- Chapter 7 Cyber Threats -- 7.1 Script Kiddies and Black-Hats -- 7.1.1 Script-Kiddies -- 7.1.2 Black-Hats -- 7.1.3 Weaponized Exploits -- 7.2 Tools of the Trade -- 7.2.1 The First Exploit -- 7.2.2 TCP/IP Flaws -- 7.2.3 Open Ports -- 7.2.4 Buffer Overflow Exploits -- 7.2.5 DDoS Attacks -- 7.2.6 E-mail Exploits -- 7.2.7 Flawed Application and System Software -- 7.3 Botnets -- 7.4 Cyber Risk Analysis -- 7.5 Cyber Infrastructure Risk -- 7.5.1 Blocking Node Analysis -- 7.6 Analysis -- 7.7 Exercises -- References -- Chapter 8 Information Technology -- 8.1 Principles of IT Security -- 8.2 Enterprise Systems -- 8.2.1 Loss of Service -- 8.2.2 Loss of Data -- 8.2.3 Loss of Security -- 8.3 Cyber Defense -- 8.3.1 Authenticate Users -- 8.3.2 TP -- 8.3.3 Inside the DMZ -- 8.4 Basics of Encryption -- 8.4.1 DES -- 8.4.2 3DES -- 8.4.3 AES -- 8.5 Asymmetric Encryption -- 8.5.1 Public Key Encryption -- 8.6 RSA Illustrated -- 8.7 PKI -- 8.7.1 Definition of PKI -- 8.7.2 Certificates -- 8.8 Countermeasures -- 8.9 Exercises -- References -- Chapter 9 Cybersecurity Policy -- 9.1 A National Priority and a (Familiar) Call to Arms -- 9.1.1 Infrastructure as Target: From Hypothetical Concern to a Growing Threat -- 9.1.2 A Difficult Terrain: Convergence, Attribution, and the Production of Cyber Weapons -- 9.2 Rewriting Cybersecurity Policy: The Difficulty of Reform -- 9.2.1 A False Start: The Cybersecurity Act of 2012 -- 9.2.2 EO 13636: Improving Critical Infrastructure Cybersecurity -- 9.2.3 The NIST Framework: The Peril and the Promise of Voluntary Standards -- 9.2.4 ECS: The Possibilities and Limits of Information Sharing -- 9.3 Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing-and Difficult-Evolution |
|
9.3.1 Policy Options: Looking Forward -- 9.4 Exercises -- References -- Chapter 10 Supervisory Control and Data Acquisition -- 10.1 What Is SCADA? -- 10.2 SCADA versus Enterprise Computing Differences -- 10.3 Common Threats -- 10.4 Who Is in Charge? -- 10.5 SCADA Everywhere -- 10.6 SCADA Risk Analysis -- 10.7 San Francisco Public Utilities Commission SCADA Redundancy -- 10.7.1 Redundancy as a Resiliency Mechanism -- 10.7.2 Risk Reduction and Resource Allocation -- 10.8 Analysis -- 10.9 Exercises -- Chapter 11 Water and Water Treatment -- 11.1 From Germs to Terrorists -- 11.1.1 SDWA -- 11.1.2 The Water Information Sharing and Analysis Center -- 11.2 Foundations: SDWA of 1974 -- 11.3 The Bioterrorism Act of 2002 -- 11.3.1 Is Water for Drinking? -- 11.4 The Architecture of Water Systems -- 11.4.1 The Law of the River -- 11.5 The Hetch Hetchy Network -- 11.5.1 Betweenness Analysis -- 11.6 Cascade Analysis -- 11.6.1 Multidimensional Analysis -- 11.6.2 Blocking Nodes -- 11.7 Hetch Hetchy Investment Strategies -- 11.7.1 The Rational Actor Attacker -- 11.8 Hetch Hetchy Threat Analysis -- 11.8.1 Chem-Bio Threats -- 11.8.2 Earthquake Threats -- 11.8.3 Allocation to Harden Threat-Asset Pairs -- 11.9 Analysis -- 11.10 Exercises -- References -- Chapter 12 Energy -- 12.1 Energy Fundamentals -- 12.2 Regulatory Structure of the Energy Sector -- 12.2.1 Evolution of Energy Regulation -- 12.2.2 Other Regulation -- 12.2.3 The Electric Sector ISAC -- 12.3 Interdependent Coal -- 12.3.1 Interdependency with Transportation -- 12.4 The Rise of Oil and the Automobile -- 12.4.1 Oil -- 12.4.2 NG -- 12.5 Energy Supply Chains -- 12.5.1 Petroleum Administration for Defense Districts -- 12.5.2 Refineries -- 12.5.3 Transmission -- 12.5.4 Transport4 -- 12.5.5 Storage -- 12.5.6 NG Supply Chains -- 12.5.7 SCADA -- 12.6 The Critical Gulf of Mexico Cluster -- 12.6.1 Refineries |
|
12.6.2 Transmission Pipelines -- 12.6.3 Storage -- 12.7 Threat Analysis of the Gulf of Mexico Supply Chain -- 12.8 Network Analysis of the Gulf of Mexico Supply Chain -- 12.9 The KeystoneXL Pipeline Controversy -- 12.10 The NG Supply Chain -- 12.11 Analysis -- 12.12 Exercises -- References -- Chapter 13 Electric Power -- 13.1 The Grid -- 13.2 From Death Rays to Vertical Integration -- 13.2.1 Early Regulation -- 13.2.2 Deregulation and EPACT 1992 -- 13.2.3 Energy Sector ISAC -- 13.3 Out of Orders 888 and 889 Comes Chaos -- 13.3.1 Economics versus Physics -- 13.3.2 Betweenness Increases SOC -- 13.4 The North American Grid -- 13.4.1 ACE and Kirchhoff's Law -- 13.5 Anatomy of a Blackout -- 13.5.1 What Happened on August 14th, 2003 -- 13.6 Threat Analysis -- 13.6.1 Attack Scenario 1: Disruption of Fuel Supply to Power Plants -- 13.6.2 Attack Scenario 2: Destruction of Major Transformers -- 13.6.3 Attack Scenario 3: Disruption of SCADA Communications -- 13.6.4 Attack Scenario 4: Creation of a Cascading Transmission Failure -- 13.7 Risk Analysis -- 13.8 Analysis of WECC -- 13.9 Analysis -- 13.10 Exercises -- References -- Chapter 14 Healthcare and Public Health -- 14.1 The Sector Plan -- 14.2 Roemer's Model -- 14.2.1 Components of Roemer's Model -- 14.3 The Complexity of Public Health -- 14.4 Risk Analysis of HPH Sector -- 14.5 Bioterrorism -- 14.5.1 Classification of Biological Agents -- 14.6 Epidemiology -- 14.6.1 The Kermack-McKendrick Model -- 14.6.2 SARS -- 14.7 Predicting Pandemics -- 14.7.1 The Levy Flight Theory of Pandemics -- 14.8 Biosurveillance -- 14.8.1 Healthmap -- 14.8.2 Big Data -- 14.8.3 GeoSentinel -- 14.9 Network Pandemics -- 14.10 The World Travel Network -- 14.11 Exercises -- References -- Chapter 15 Transportation -- 15.1 Transportation under Transformation -- 15.2 The Road to Prosperity -- 15.2.1 Economic Impact -- 15.2.2 The NHS |
| Summary |
" ... Excellent for use as a text in information assurance or cyber-security courses ... I strongly advocate that professors ... examine this book with the intention of using it in their programs." (Computing Reviews.com, March 22, 2007) "The book is written as a student textbook, but it should be equally valuable for current practitioners ... this book is a very worthwhile investment." (Homeland Security Watch, August 17, 2006) While the emphasis is on the development of policies that lead to successful prevention of terrorist attacks on the nation's infrastructure, this book is the first scientific study of critical infrastructures and their protection. The book models the nation's most valuable physical assets and infrastructure sectors as networks of nodes and links. It then analyzes the network to identify vulnerabilities and risks in the sector combining network science, complexity theory, modeling and simulation, and risk analysis. The most critical components become the focus of deeper analysis and protection. This approach reduces the complex problem of protecting water supplies, energy pipelines, telecommunication stations, Internet and Web networks, and power grids to a much simpler problem of protecting a few critical nodes. The new edition incorporates a broader selection of ideas and sectors and moves the mathematical topics into several appendices |
| Notes |
Includes index |
| Bibliography |
Includes bibliographical references and index |
| Notes |
Print version record and CIP data provided by publisher |
| Subject |
Computer networks -- Security measures -- United States
|
|
Computer security -- United States -- Planning
|
|
Terrorism -- United States -- Prevention
|
|
Terrorism -- Government policy -- United States
|
|
Civil defense -- United States.
|
|
Public utilities -- Protection -- United States
|
|
COMPUTERS -- Networking -- Security.
|
|
Civil defense
|
|
Computer networks -- Security measures
|
|
Terrorism -- Government policy
|
|
Terrorism -- Prevention
|
|
United States
|
| Form |
Electronic book
|
| LC no. |
2014019059 |
| ISBN |
9781118817704 |
|
1118817702 |
|
9781118817667 |
|
1118817664 |
|
9781118817643 |
|
1118817648 |
|
111881763X |
|
9781118817636 |
|
