Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book offers a unique scientific approach to the new field of critical infrastructure protection: it uses network theory, optimization theory, and simulation software to analyze and understand how infrastructure sectors evolve, where they are vulnerable, and how they can best be protected. The author demonstrates that infrastructure sectors as diverse as water, power, energy, telecommunications, and the Internet have remarkably similar structures. This observation leads to a rigorous approach to vulnerability analysis in all of these sectors. The analyst can then decide the best way to allocate limited funds to minimize risk, regardless of industry sector.

Author(s): Ted G. Lewis
Publisher: Wiley-Interscience
Year: 2006

Language: English
Pages: 488

CONTENTS......Page 7
PREFACE......Page 9
ABOUT THE AUTHOR......Page 13
CHAPTER 1 Strategy......Page 15
DEFINING CRITICAL INFRASTRUCTURE......Page 16
THE IMPORTANCE OF STRATEGY......Page 18
DHS Strategy: Preparedness, Response, and Research......Page 19
HOMELAND SECURITY AND CRITICAL INFRASTRUCTURE......Page 20
It Takes a Network to Fight a Network......Page 26
Secure the Hubs, Not the Spokes......Page 30
Spend 80% on 20% of the Country......Page 31
Think Asymmetrically......Page 32
Think Dual-Purpose......Page 33
ANALYSIS......Page 35
EXERCISES......Page 37
CHAPTER 2 Origins......Page 43
THE DAWN OF CRITICAL INFRASTRUCTURE PROTECTION......Page 44
DAWN OF TERRORISM IN THE UNITED STATES......Page 45
WHAT IS A CRITICAL INFRASTRUCTURE?......Page 47
CIP IS RECOGNIZED AS BEING A CORE COMPONENT......Page 51
ANALYSIS......Page 53
EXERCISES......Page 56
CHAPTER 3 Challenges......Page 63
THE CHALLENGE OF SIZE......Page 64
THE CHALLENGE OF COMMAND: WHO IS IN CHARGE?......Page 65
THE CHALLENGE OF INFORMATION SHARING......Page 69
THE CHALLENGE OF INTERDEPENDENCIES......Page 70
Interagency Dependencies......Page 73
THE CHALLENGE OF INADEQUATE TOOLS......Page 74
THE THREAT IS ASYMMETRIC......Page 75
ANALYSIS......Page 78
EXERCISES......Page 81
CHAPTER 4 Networks......Page 85
CONCENTRATION OF ASSETS......Page 86
TERMITES......Page 87
A NETWORK NOTION......Page 91
Networks Defined......Page 92
PROPERTIES OF NETWORKS......Page 93
SCALE-FREE MEANS HUBS......Page 96
COUNTING LINKS......Page 98
Scale-Free Network Test......Page 99
INCREASING RETURNS......Page 100
AN EXAMPLE: HIGHWAYS AND RAILWAYS......Page 103
IT’S A SMALL WORLD......Page 104
Shortest Link Organizing Principle......Page 107
CRITICAL INFRASTRUCTURES ARE EMERGENT NETWORKS......Page 108
CASCADE NETWORKS......Page 110
FAULT-TOLERANT NETWORKS......Page 112
ANALYSIS......Page 115
EXERCISES......Page 118
CHAPTER 5 Vulnerability Analysis......Page 121
MODEL-BASED VULNERABILITY ANALYSIS......Page 122
Step 1: List Assets—Take Inventory......Page 124
Step 2: Perform Network Analysis—Identify Hubs......Page 125
Step 3: Build a Model Using a Fault Tree......Page 126
Step 4: Analyze the Fault Tree Model Using an Event Tree......Page 133
The Shared Bank Account Fault Tree......Page 134
Fault Distribution Histogram......Page 140
MATHEMATICAL PROPERTIES OF FAULT TREES......Page 142
Fault Tree Vulnerability Equals Event Tree......Page 143
AND-Tree Vulnerability Decreases with Number of Threats......Page 145
AND-Gates Are Most Effective at the Lowest Level......Page 146
EVENT MATRIX ANALYSIS......Page 148
ANALYSIS......Page 151
EXERCISES......Page 152
CHAPTER 6 Risk Analysis......Page 159
STEP 5: BUDGET ANALYSIS—COMPUTE OPTIMAL RESOURCE ALLOCATION......Page 160
Definitions......Page 162
NETWORK AVAILABILITY STRATEGY......Page 164
Allocation by Emergence......Page 166
Availability Point Organizing Principle......Page 167
Network Analysis......Page 168
Properties of Network Availability......Page 172
CRITICAL NODE VULNERABILITY REDUCTION......Page 176
Manual Risk Reduction......Page 179
Ranked Order Risk Reduction......Page 180
Optimal Risk Reduction......Page 181
Optimal Risk Reduction Organizing Principle......Page 182
Apportioned Risk Reduction......Page 186
VULNERABILITY REDUCTION......Page 187
FINANCIAL RISK REDUCTION......Page 191
PROGRAM FTplus/FAULT TREE ANALYSIS......Page 196
ANALYSIS......Page 200
EXERCISES......Page 202
CHAPTER 7 Water......Page 207
FROM GERMS TO TERRORISTS......Page 208
FOUNDATIONS: SDWA OF 1974......Page 210
MORE EXTENSIONS: THE BIO-TERRORISM ACT OF 2002......Page 212
IS WATER FOR DRINKING?......Page 213
THE CASE OF HETCH HETCHY......Page 215
MODEL-BASED VULNERABILITY......Page 216
CRITICAL NODE ANALYSIS......Page 217
HETCH HETCHY FAULT TREE MODEL......Page 220
Chem/Bio-Threat to Reservoirs......Page 221
Earthquake Threat to Crystal Springs Tunnel......Page 222
Threat of Pipe Failure......Page 223
Risk Analysis......Page 224
ALLOCATION OF RESOURCES......Page 225
Manual Allocation Strategy......Page 226
Ranked Order Allocation Strategy......Page 228
Optimal (Minimal) Allocation Strategy......Page 229
ANALYSIS......Page 230
EXERCISES......Page 231
CHAPTER 8 SCADA......Page 237
WHAT IS SCADA?......Page 238
WHO IS IN CHARGE?......Page 240
SCADA EVERYWHERE......Page 242
SCADA VULNERABILITY ANALYSIS......Page 244
CASE STUDY: SFPUC SCADA UPGRADE......Page 247
Redundancy as a Preventive Mechanism......Page 248
Before Redundancy Was Added......Page 251
Adding Redundancy......Page 253
ANALYSIS......Page 255
ANALYSIS......Page 256
EXERCISES......Page 258
CHAPTER 9 Power......Page 263
FROM DEATH RAYS TO VERTICAL INTEGRATION......Page 264
OUT OF ORDERS 888 AND 889 COMES CHAOS......Page 270
THE GRID......Page 273
PROGRAM PowerGridSim......Page 277
PRELUDE TO VULNERABILITY ANALYSIS......Page 279
PROGRAM RNet: AVAILABILITY BELONGS IN THE MIDDLE......Page 280
Attack Scenario 1: Disruption of Fuel Supply to Electric Generation Plants......Page 285
Attack Scenario 3: Disruption of Communications in SCADA......Page 286
FAULT TREE AND EVENT MATRIX......Page 287
RESOURCE ALLOCATION......Page 289
VULNERABILITY ANALYSIS OF THE EASTERN INTERCONNECT......Page 291
CASE STUDY: THE EASTERN GRID BLACKOUT OF 2003......Page 292
What Happened on August 14th......Page 293
Phases 5, 6, and 7......Page 295
ANALYSIS......Page 296
EXERCISES......Page 298
CHAPTER 10 Energy......Page 305
THE RISE OF OIL AND AUTOMOBILES......Page 307
PADDs......Page 310
Refineries......Page 311
Transmission......Page 313
Natural Gas Supply Chains......Page 314
REGULATORY STRUCTURE......Page 315
VULNERABILITY ANALYSIS......Page 317
Concentration of Refineries......Page 318
Case 1: Gulf of Mexico Oil Field Network......Page 320
Case 2: Critical Transmission Nodes in Southern California......Page 322
Case 3: The NG Pipeline Cluster in Virginia......Page 325
Cove Point Intersection......Page 327
Case 4: Colonial Pipeline and Linden Station Storage Facilities......Page 329
ANALYSIS......Page 332
EXERCISES......Page 334
CHAPTER 11 Telecommunications......Page 339
ORIGINS......Page 340
REGULATORY STRUCTURE......Page 345
DHS, NCS, NCC, AND NCC-ISAC......Page 347
ARCHITECTURE OF THE NETWORK......Page 349
Extraterrestrial Communication......Page 351
MEO Satellites......Page 353
LEO Satellites......Page 354
Land Earth Stations......Page 355
CELLULAR NETWORKS......Page 356
Access Methods......Page 357
Generations......Page 358
Battle for Standards......Page 359
The Wireless IEEE 802.11 Technology......Page 360
VULNERABILITY ANALYSIS......Page 361
SCALE-FREE NETWORK ANALYSIS......Page 363
Telecom Hotels......Page 365
Threats from HPM Attacks......Page 367
Cellular Network Threats......Page 368
ANALYSIS......Page 371
EXERCISES......Page 372
Discussion Questions......Page 375
CHAPTER 12 Internet......Page 377
COMPUTING 101......Page 380
ORIGINS OF TCP/IP......Page 384
DNS Basics......Page 386
RFC......Page 387
TCP/IP......Page 388
THE WORLD WIDE WEB......Page 390
INTERNET GOVERNANCE......Page 392
IAB and IETF......Page 393
ICANN Wars......Page 395
W3C......Page 397
IT-ISAC......Page 398
INTERNET AND WWW TECHNOLOGY......Page 399
VULNERABILITY ANALYSIS......Page 402
ANALYSIS......Page 404
EXERCISES......Page 406
CHAPTER 13 Cyber-Threats......Page 411
SCRIPT KIDDIES AND BLACK-HATS......Page 412
Take Inventory......Page 415
Reveal the Sector’s Architecture......Page 417
TOOLS OF THE BLACK-HAT TRADE......Page 419
TCP/IP Flaws......Page 421
Buffer Overflow Exploits......Page 424
DDoS Attacks......Page 426
E-mail Exploits......Page 427
Flawed Application and System Software......Page 428
InternetVirus SIMULATOR......Page 429
Build Fault Tree Model of Vulnerabilities......Page 432
Resource Allocation......Page 434
ANALYSIS......Page 435
EXERCISES......Page 437
CHAPTER 14 Cyber-Security......Page 443
Loss of Service......Page 445
Loss of Data......Page 446
Loss of Security......Page 448
DEFENSE......Page 449
Authenticate Users......Page 450
Inside the DMZ......Page 451
BASICS OF ENCRYPTION......Page 454
DES......Page 455
Asymmetric Encryption......Page 457
Public Key Encryption......Page 460
PROGRAM RSA......Page 463
PKI......Page 464
Definition of PKI......Page 465
Certificates......Page 466
COUNTER-MEASURES......Page 468
EXERCISES......Page 473
INDEX......Page 477