Rights Contact Login For More Details
- Wiley
More About This Title Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, Second Edition
English
"...excellent for use as a text in information assurance or cyber-security courses...I strongly advocate that professors...examine this book with the intention of using it in their programs." (Computing Reviews.com, March 22, 2007)
"The book is written as a student textbook, but it should be equally valuable for current practitioners...this book is a very worthwhile investment." (Homeland Security Watch, August 17, 2006)
While the emphasis is on the development of policies that lead to successful prevention of terrorist attacks on the nation’s infrastructure, this book is the first scientific study of critical infrastructures and their protection. The book models the nation’s most valuable physical assets and infrastructure sectors as networks of nodes and links. It then analyzes the network to identify vulnerabilities and risks in the sector combining network science, complexity theory, modeling and simulation, and risk analysis.
The most critical components become the focus of deeper analysis and protection. This approach reduces the complex problem of protecting water supplies, energy pipelines, telecommunication stations, Internet and Web networks, and power grids to a much simpler problem of protecting a few critical nodes. The new edition incorporates a broader selection of ideas and sectors and moves the mathematical topics into several appendices.
English
English
Preface xiv
How to Use this Book xvii
Acknowledgment xix
Part I Origins of Homeland Security and Critical Infrastructure Protection Policy 1
1 Origins of Critical Infrastructure Protection 3
1.1 Recognition, 4
1.2 Natural Disaster Recovery, 5
1.3 Definitional Phase, 7
1.4 Public–Private Cooperation, 9
1.5 Federalism: Whole of Government, 10
1.6 Infrastructure Protection within DHS, 11
1.7 Implementing a Risk Strategy, 12
1.8 Analysis, 16
1.9 Exercises, 18
References, 19
Part II Theory and Foundations 21
2 R isk Strategies 23
2.1 EUT, 25
2.2 PRA and Fault Trees, 27
2.3 MBRA and Resource Allocation, 28
2.4 PRA in the Supply Chain, 31
2.5 Protection versus Response, 31
2.6 Threat is an Output, 32
2.7 Bayesian Belief Networks, 33
2.8 A BN for Threat, 33
2.9 Risk of a Natural Disaster, 34
2.10 Earthquakes, 35
2.11 Black Swans and Risk, 36
2.12 Black Swan Floods, 36
2.13 Are Natural Disasters Getting Worse? 37
2.14 Black Swan Al Qaeda Attacks, 37
2.15 Black Swan Pandemic, 38
2.16 Risk and Resilience, 40
2.17 Exercises, 41
References, 42
3 Theories of Catastrophe 43
3.1 NAT, 44
3.2 Blocks and Springs, 46
3.3 Bak’s Punctuated Equilibrium Theory, 47
3.4 TOC, 50
3.5 The U.S. Electric Power Grid, 52
3.6 POE, 53
3.7 Competitive Exclusion, 56
3.8 POR, 58
3.9 Resilience of Complex Infrastructure Systems, 59
3.10 Emergence, 61
3.11 Exercises, 62
References, 63
4 Complex CIKR Systems 64
4.1 CIKR as Networks, 66
4.2 Cascading CIKR Systems, 73
4.3 Network Flow Resilience, 79
4.4 Paradox of Redundancy, 80
4.5 Network Risk, 83
4.6 Exercises, 88
Reference, 89
Part III Individua l Sectors 91
5 Communications 93
5.1 Early Years, 94
5.2 Regulatory Structure, 96
5.3 The Architecture of the Communication Sector, 98
5.4 Risk Analysis, 102
5.5 Cellular Network Threats, 108
5.6 Analysis, 109
5.7 Exercises, 109
References, 110
6 Internet 111
6.1 Internet as a Disruptive Technology, 113
6.2 The Autonomous System Network, 114
6.3 Origins of TCP/IP, 116
6.4 Internet Standards, 118
6.5 Toward Commercialization, 119
6.6 The WWW, 120
6.7 Internet Governance, 121
6.8 Analysis, 126
6.9 Exercises, 126
References, 127
7 Cyber Threats 128
7.1 Script Kiddies and Black-Hats, 129
7.2 Tools of the Trade, 130
7.3 Botnets, 138
7.4 Cyber Risk Analysis, 138
7.5 Cyber Infrastructure Risk, 140
7.6 Analysis, 142
7.7 Exercises, 143
References, 144
8 Information Technology 145
8.1 Principles of IT Security, 146
8.2 Enterprise Systems, 147
8.3 Cyber Defense, 148
8.4 Basics of Encryption, 151
8.5 Asymmetric Encryption, 153
8.6 RSA Illustrated, 156
8.7 PKI, 157
8.8 Countermeasures, 159
8.9 Exercises, 161
References, 162
9 Cybersecurity Policy 163
9.1 A National Priority and a (Familiar) Call to Arms, 164
9.2 Rewriting Cybersecurity Policy: The Difficulty of Reform, 167
9.3 Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing—and Difficult—Evolution, 174
9.4 Exercises, 176
References, 176
10 Supervisory Control and Data Acquisition 179
10.1 What is SCADA? 180
10.2 SCADA versus Enterprise Computing Differences, 181
10.3 Common Threats, 182
10.4 Who is in Charge? 183
10.5 SCADA Everywhere, 184
10.6 SCADA Risk Analysis, 185
10.7 San Francisco Public Utilities Commission SCADA Redundancy, 189
10.8 Analysis, 192
10.9 Exercises, 194
11 Water and Water Treatment 195
11.1 From Germs to Terrorists, 196
11.2 Foundations: SDWA of 1974, 198
11.3 The Bioterrorism Act of 2002, 199
11.4 The Architecture of Water Systems, 200
11.5 The Hetch Hetchy Network, 201
11.6 Cascade Analysis, 203
11.7 Hetch Hetchy Investment Strategies, 204
11.8 Hetch Hetchy Threat Analysis, 207
11.9 Analysis, 210
11.10 Exercises, 210
References, 212
12 Energy 213
12.1 Energy Fundamentals, 214
12.2 Regulatory Structure of the Energy Sector, 216
12.3 Interdependent Coal, 218
12.4 The Rise of Oil and the Automobile, 218
12.5 Energy Supply Chains, 220
12.6 The Critical Gulf of Mexico Cluster, 223
12.7 Threat Analysis of the Gulf of Mexico Supply Chain, 229
12.8 Network Analysis of the Gulf of Mexico Supply Chain, 230
12.9 The KeystoneXL Pipeline Controversy, 232
12.10 The NG Supply Chain, 232
12.11 Analysis, 234
12.12 Exercises, 234
References, 235
13 Electric Power 236
13.1 The Grid, 237
13.2 From Death Rays to Vertical Integration, 238
13.3 Out of Orders 888 and 889 Comes Chaos, 241
13.4 The North American Grid, 244
13.5 Anatomy of a Blackout, 246
13.6 Threat Analysis, 249
13.7 Risk Analysis, 251
13.8 Analysis of WECC, 252
13.9 Analysis, 254
13.10 Exercises, 255
References, 257
14 Healthcare and Public Health 258
14.1 The Sector Plan, 259
14.2 Roemer’s Model, 260
14.3 The Complexity of Public Health, 262
14.4 Risk Analysis of HPH Sector, 263
14.5 Bioterrorism, 263
14.6 Epidemiology, 266
14.7 Predicting Pandemics, 267
14.8 Biosurveillance, 270
14.9 Network Pandemics, 272
14.10 The World Travel Network, 273
14.11 Exercises, 274
References, 276
15 Transportation 277
15.1 Transportation under Transformation, 279
15.2 The Road to Prosperity, 281
15.3 Rail, 284
15.4 Air, 288
15.5 Airport Games, 292
15.6 Exercises, 294
References, 295
16 Supply Chains 296
16.1 The World is Flat but Tilted, 297
16.2 The WTW, 301
16.3 Risk Assessment, 304
16.4 Analysis, 307
16.5 Exercises, 308
References, 308
17 Banking and Finance 310
17.1 The Financial System, 312
17.2 Financial Networks, 316
17.3 Virtual Currency, 318
17.4 Hacking the Financial Network, 320
17.5 Hot Money, 320
17.6 The End of Stimulus?, 323
17.7 Fractal Markets, 323
17.8 Exercises, 327
References, 329
Appendix A: Math: Probability Primer 330
A.1 A Priori Probability, 330
A.2 A Posteriori Probability, 332
A.3 Random Networks, 334
A.4 Conditional Probability, 334
A.5 Bayesian Networks, 335
A.6 Bayesian Reasoning, 336
References, 338
Further Reading, 338
Appendix B: Math: Risk and Resilience 340
B.1 EUT, 340
B.2 Bayesian Estimation, 342
B.3 Exceedence Probability and Probable Maximum Loss Risk, 344
B.4 Network Risk, 347
B.5 MBRA, 349
References, 353
Appendix C: Math: Spectral Radius 355
C.1 Network as Matrix, 355
C.2 Matrix Diagonalization, 355
C.3 Relationship to Risk and Resilience, 357
Appendix D: Math: Tragedy of the Commons 359
D.1 Lotka–Volterra Model, 359
D.2 Hopf–Holling Model, 359
Appendix E: Glossary 361
Index 363
