Cargando…
Critical infrastructure protection in homeland security : defending a networked nation /
" ... Excellent for use as a text in information assurance or cyber-security courses ... I strongly advocate that professors ... examine this book with the intention of using it in their programs." (Computing Reviews.com, March 22, 2007) "The book is written as a student textbook, but...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Hoboken, New Jersey :
John Wiley & Sons,
[2014]
|
| Edición: | 2nd edition. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation
- Copyright
- Contents
- Preface
- How to Use this Book
- Acknowledgment
- Part I Origins of Homeland Security and Critical Infrastructure Protection Policy
- Chapter 1 Origins of Critical Infrastructure Protection
- 1.1 Recognition
- 1.2 Natural Disaster Recovery
- 1.3 Definitional Phase
- 1.4 Public-Private Cooperation
- 1.5 Federalism: Whole of Government
- 1.6 Infrastructure Protection within DHS
- 1.7 Implementing a Risk Strategy
- 1.7.1 Risk-Informed Decision-Making
- 1.7.2 Resilience-Informed Decision-Making
- 1.7.3 Prevention or Response?
- 1.8 Analysis
- 1.8.1 The PPP Conundrum
- 1.8.2 The Information-Sharing Conundrum
- 1.8.3 Climate Change Conundrum
- 1.8.4 The Funding Conundrum
- 1.8.5 Spend 80% on 20% of the Country
- 1.9 Exercises
- References
- Part II Theory and Foundations
- Chapter 2 Risk Strategies
- 2.1 EUT
- 2.1.1 Threat-Asset Pairs
- 2.2 PRA and Fault Trees
- 2.2.1 An Example: Your Car
- 2.3 MBRA and Resource Allocation
- 2.3.1 Another Example: Redundant Power
- 2.4 PRA in the Supply Chain
- 2.5 Protection versus Response
- 2.6 Threat Is an Output
- 2.7 Bayesian Belief Networks
- 2.8 A BN for Threat
- 2.9 Risk of a Natural Disaster
- 2.10 Earthquakes
- 2.11 Black Swans and Risk
- 2.12 Black Swan Floods
- 2.13 Are Natural Disasters Getting Worse?
- 2.14 Black Swan al Qaeda Attacks
- 2.15 Black Swan Pandemic
- 2.16 Risk and Resilience
- 2.17 Exercises
- References
- Chapter 3 Theories of Catastrophe
- 3.1 NAT
- 3.2 Blocks and Springs
- 3.3 Bak's Punctuated Equilibrium Theory
- 3.4 TOC
- 3.4.1 The State Space Diagram
- 3.5 The U.S. Electric Power Grid
- 3.6 POE
- 3.6.1 The Great Recessions
- 3.6.2 Too Much Money
- 3.7 Competitive Exclusion
- 3.7.1 Gause's Law.
- 3.7.2 The Self-Organizing Internet
- 3.7.3 A Monoculture
- 3.8 POR
- 3.9 Resilience of Complex Infrastructure Systems
- 3.9.1 Expected Utility and Risk
- 3.9.2 SOC
- 3.9.3 TOC
- 3.9.4 POE and nonlinearity
- 3.9.5 CEP and loss of redundancy
- 3.9.6 POR and percolation
- 3.10 Emergence
- 3.10.1 Opposing Forces in Emergent CIKR
- 3.11 Exercises
- References
- Chapter 4 Complex CIKR Systems
- 4.1 CIKR as Networks
- 4.1.1 Emergence
- 4.1.2 Classes of CIKR Networks
- 4.1.3 Self-Organized Networks
- 4.2 Cascading CIKR Systems
- 4.2.1 The Fundamental Resilience Equation
- 4.2.2 Targeted Attacks
- 4.3 Network Flow Resilience
- 4.4 Paradox of Redundancy
- 4.4.1 Link Percolation and Robustness
- 4.4.2 Node Percolation and Robustness
- 4.4.3 Blocking Nodes
- 4.5 Network Risk
- 4.5.1 Crude Oil and KeystoneXL
- 4.5.2 MBRA Network Resource Allocation
- 4.6 Exercises
- Reference
- Part III Individual Sectors
- Chapter 5 Communications
- 5.1 Early Years
- 5.2 Regulatory Structure
- 5.3 The Architecture of the Communication Sector
- 5.3.1 Physical Infrastructure
- 5.3.2 Wireless Networks
- 5.3.3 Extraterrestrial Communication
- 5.3.4 LESs
- 5.3.5 Cellular Networks
- 5.3.6 Generations
- 5.3.7 Wi-Fi Technology
- 5.4 Risk Analysis
- 5.4.1 Importance of Carrier Hotels
- 5.4.2 Network Analysis
- 5.4.3 Flow Analysis
- 5.4.4 Robustness
- 5.4.5 HPM Attacks
- 5.5 Cellular Network Threats
- 5.5.1 Cyber Threats
- 5.5.2 HPM-Like Threats
- 5.5.3 Physical Threats
- 5.6 Analysis
- 5.7 Exercises
- References
- Chapter 6 Internet
- 6.1 Internet as a Disruptive Technology
- 6.2 The Autonomous System Network
- 6.2.1 The AS500 Network
- 6.3 Origins of TCP/IP
- 6.3.1 DNS Basics
- 6.4 Internet Standards
- 6.4.1 Email
- 6.4.2 TCP/IP
- 6.5 Toward Commercialization
- 6.6 The WWW
- 6.7 Internet Governance
- 6.7.1 IAB and IETF.
- 6.7.2 ICANN Wars
- 6.7.3 ISOC
- 6.7.4 W3C
- 6.7.5 A Final Example
- 6.8 Analysis
- 6.9 Exercises
- References
- Chapter 7 Cyber Threats
- 7.1 Script Kiddies and Black-Hats
- 7.1.1 Script-Kiddies
- 7.1.2 Black-Hats
- 7.1.3 Weaponized Exploits
- 7.2 Tools of the Trade
- 7.2.1 The First Exploit
- 7.2.2 TCP/IP Flaws
- 7.2.3 Open Ports
- 7.2.4 Buffer Overflow Exploits
- 7.2.5 DDoS Attacks
- 7.2.6 E-mail Exploits
- 7.2.7 Flawed Application and System Software
- 7.3 Botnets
- 7.4 Cyber Risk Analysis
- 7.5 Cyber Infrastructure Risk
- 7.5.1 Blocking Node Analysis
- 7.6 Analysis
- 7.7 Exercises
- References
- Chapter 8 Information Technology
- 8.1 Principles of IT Security
- 8.2 Enterprise Systems
- 8.2.1 Loss of Service
- 8.2.2 Loss of Data
- 8.2.3 Loss of Security
- 8.3 Cyber Defense
- 8.3.1 Authenticate Users
- 8.3.2 TP
- 8.3.3 Inside the DMZ
- 8.4 Basics of Encryption
- 8.4.1 DES
- 8.4.2 3DES
- 8.4.3 AES
- 8.5 Asymmetric Encryption
- 8.5.1 Public Key Encryption
- 8.6 RSA Illustrated
- 8.7 PKI
- 8.7.1 Definition of PKI
- 8.7.2 Certificates
- 8.8 Countermeasures
- 8.9 Exercises
- References
- Chapter 9 Cybersecurity Policy
- 9.1 A National Priority and a (Familiar) Call to Arms
- 9.1.1 Infrastructure as Target: From Hypothetical Concern to a Growing Threat
- 9.1.2 A Difficult Terrain: Convergence, Attribution, and the Production of Cyber Weapons
- 9.2 Rewriting Cybersecurity Policy: The Difficulty of Reform
- 9.2.1 A False Start: The Cybersecurity Act of 2012
- 9.2.2 EO 13636: Improving Critical Infrastructure Cybersecurity
- 9.2.3 The NIST Framework: The Peril and the Promise of Voluntary Standards
- 9.2.4 ECS: The Possibilities and Limits of Information Sharing
- 9.3 Cybersecurity, Critical Infrastructure, and Public Policy: An Ongoing-and Difficult-Evolution.
- 9.3.1 Policy Options: Looking Forward
- 9.4 Exercises
- References
- Chapter 10 Supervisory Control and Data Acquisition
- 10.1 What Is SCADA?
- 10.2 SCADA versus Enterprise Computing Differences
- 10.3 Common Threats
- 10.4 Who Is in Charge?
- 10.5 SCADA Everywhere
- 10.6 SCADA Risk Analysis
- 10.7 San Francisco Public Utilities Commission SCADA Redundancy
- 10.7.1 Redundancy as a Resiliency Mechanism
- 10.7.2 Risk Reduction and Resource Allocation
- 10.8 Analysis
- 10.9 Exercises
- Chapter 11 Water and Water Treatment
- 11.1 From Germs to Terrorists
- 11.1.1 SDWA
- 11.1.2 The Water Information Sharing and Analysis Center
- 11.2 Foundations: SDWA of 1974
- 11.3 The Bioterrorism Act of 2002
- 11.3.1 Is Water for Drinking?
- 11.4 The Architecture of Water Systems
- 11.4.1 The Law of the River
- 11.5 The Hetch Hetchy Network
- 11.5.1 Betweenness Analysis
- 11.6 Cascade Analysis
- 11.6.1 Multidimensional Analysis
- 11.6.2 Blocking Nodes
- 11.7 Hetch Hetchy Investment Strategies
- 11.7.1 The Rational Actor Attacker
- 11.8 Hetch Hetchy Threat Analysis
- 11.8.1 Chem-Bio Threats
- 11.8.2 Earthquake Threats
- 11.8.3 Allocation to Harden Threat-Asset Pairs
- 11.9 Analysis
- 11.10 Exercises
- References
- Chapter 12 Energy
- 12.1 Energy Fundamentals
- 12.2 Regulatory Structure of the Energy Sector
- 12.2.1 Evolution of Energy Regulation
- 12.2.2 Other Regulation
- 12.2.3 The Electric Sector ISAC
- 12.3 Interdependent Coal
- 12.3.1 Interdependency with Transportation
- 12.4 The Rise of Oil and the Automobile
- 12.4.1 Oil
- 12.4.2 NG
- 12.5 Energy Supply Chains
- 12.5.1 Petroleum Administration for Defense Districts
- 12.5.2 Refineries
- 12.5.3 Transmission
- 12.5.4 Transport4
- 12.5.5 Storage
- 12.5.6 NG Supply Chains
- 12.5.7 SCADA
- 12.6 The Critical Gulf of Mexico Cluster
- 12.6.1 Refineries.
- 12.6.2 Transmission Pipelines
- 12.6.3 Storage
- 12.7 Threat Analysis of the Gulf of Mexico Supply Chain
- 12.8 Network Analysis of the Gulf of Mexico Supply Chain
- 12.9 The KeystoneXL Pipeline Controversy
- 12.10 The NG Supply Chain
- 12.11 Analysis
- 12.12 Exercises
- References
- Chapter 13 Electric Power
- 13.1 The Grid
- 13.2 From Death Rays to Vertical Integration
- 13.2.1 Early Regulation
- 13.2.2 Deregulation and EPACT 1992
- 13.2.3 Energy Sector ISAC
- 13.3 Out of Orders 888 and 889 Comes Chaos
- 13.3.1 Economics versus Physics
- 13.3.2 Betweenness Increases SOC
- 13.4 The North American Grid
- 13.4.1 ACE and Kirchhoff's Law
- 13.5 Anatomy of a Blackout
- 13.5.1 What Happened on August 14th, 2003
- 13.6 Threat Analysis
- 13.6.1 Attack Scenario 1: Disruption of Fuel Supply to Power Plants
- 13.6.2 Attack Scenario 2: Destruction of Major Transformers
- 13.6.3 Attack Scenario 3: Disruption of SCADA Communications
- 13.6.4 Attack Scenario 4: Creation of a Cascading Transmission Failure
- 13.7 Risk Analysis
- 13.8 Analysis of WECC
- 13.9 Analysis
- 13.10 Exercises
- References
- Chapter 14 Healthcare and Public Health
- 14.1 The Sector Plan
- 14.2 Roemer's Model
- 14.2.1 Components of Roemer's Model
- 14.3 The Complexity of Public Health
- 14.4 Risk Analysis of HPH Sector
- 14.5 Bioterrorism
- 14.5.1 Classification of Biological Agents
- 14.6 Epidemiology
- 14.6.1 The Kermack-McKendrick Model
- 14.6.2 SARS
- 14.7 Predicting Pandemics
- 14.7.1 The Levy Flight Theory of Pandemics
- 14.8 Biosurveillance
- 14.8.1 Healthmap
- 14.8.2 Big Data
- 14.8.3 GeoSentinel
- 14.9 Network Pandemics
- 14.10 The World Travel Network
- 14.11 Exercises
- References
- Chapter 15 Transportation
- 15.1 Transportation under Transformation
- 15.2 The Road to Prosperity
- 15.2.1 Economic Impact
- 15.2.2 The NHS.