Critical Infrastructure: Homeland Security and Emergency Preparedness

Introduction to Critical Infrastructure Assurance and Protection What Is Critical Infrastructure? What Is the Private Sector? What Is the Public Sector? What Is CIP? What Is CIA? What Are Public-Private Partnerships? Critical Infrastructure Functions Evolution of Critical Infrastructure Demand, Capacity, Fragility, and the Emergence of Networks What Are We Trying to Protect? The Concept of Capacity Demand: The Reason for Capacity At the Regional (Small System) Level Cyberterrorism Dissolution and Convergence: An Emerging Risk Marking the Journey Beyond National Frameworks Meeting the Dragons on the Map Who Owns the Treasure? What Value? Target Audiences Applying the NRF to National Response Efforts How Does the NRF Tie in with Local Activities? Areas of Potential Risk or Concern Public-Private Partnerships What Is a Public-Private Partnership (P)? The P Spectrum Establishment of New Capacity Maintenance of Existing Capacity Networked User Fees and the Need for Oversight Other Forms of Public-Private Cooperation and the Erosion of Governance Balancing Points The Reinvention of Information Sharing and Intelligence Data vs Information vs Intelligence The Importance of Background to Context Context Affecting Sensitivity Enter the Cloud The Cloud as an Amplifier Clouds and Concealed Conduits Linking the Trusted Computing Base and User Communities Barriers to Information Sharing The Rise of Open Sources Open-Source Information and Intelligence An Approach to Information Sharing-The Consequence-Benefit Ratio Emergency Preparedness and Readiness The Rise of Core Offices First Responder First Responder Classifications Guideline Classifications Example: North American Emergency Response Guidebook Awareness-Level Guidelines Performance-Level Guidelines Operational Levels Defined Level A: Operations Level Level B: Technician Level Know Protocols to Secure, Mitigate, and Remove HAZMAT Additional Protective Measures Understand the Development of the IAP Know and Follow Procedures for Protecting a Potential Crime Scene Know Department Protocols for Medical Response Personnel National Fire Prevention Association OSHA Hazardous Waste Operations and Emergency Response Skilled Support Personnel Specialist Employee DOT HAZMAT Classifications Importance of Implementing an Emergency Response Plan Security Vulnerability Assessment What Is a Risk Assessment? Methods of Assessing Risk Threat Risk Equations Comparison of Quantitative vs Qualitative Risk Assessments Challenges Associated with Assessing Risk Other Factors to Consider When Assessing Risk What Is an SVA? Reasons for Having an SVA What Is a Threat? What Is Vulnerability? Countermeasures Vulnerability Assessment Framework Reasons for Using the VAF Federal Information Systems Control Auditing Manual General Methodologies of FISCAM Auditing What Are General Controls? What Are Application Controls? Caveats with Using an SVA How the SVA Is Used Audience of an SVA Initial SVA Plan Necessary Steps of an SVA Critical Success Factors VAF Methodology Initial Steps of the VAF VAF Step 1: Establish the Organization MEI VAF Step 2: Gather Data to Identify MEI Vulnerabilities VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities Regulations The Role of Oversight The Effect of Globalization Conventions, Laws, and Regulations Guidance and Best Practices Prescriptive vs Performance Based Impact on Criminal, Administrative, and Civil Law Potential Abuses of Authority and Credibility Government vs Industry Self-Regulation Knowledge Gaps Arising from Performance-Based Regulation Predictability in Prescriptive Systems: A Systemic Vulnerability Information Sharing and Analysis Centers What Is a Critical Infrastructure Asset? What Is an ISAC? Advantages of Belonging to an ISAC Access to ISAC Information Expanded ISAC Services Surface Transportation ISAC Supply Chain ISAC Public Transit ISAC American Public Transportation Association Association of American Railroads Transportation Technology Center, Inc Railinc Water ISAC Association of State Drinking Water Administrators Water Environment Research Foundation Association of Metropolitan Water Agencies Association of Metropolitan Sewage Agencies National Association of Water Companies American Water Works Association AWWA Research Foundation Financial Services ISAC Science Applications International Corporation Electricity Sector ISAC Emergency Management and Response ISAC Information Technology ISAC National Coordinating Center for Telecommunications Communications Resource Information Sharing Government Emergency Telecommunications Service Telecommunications Service Priority Shared Resources High Frequency Radio Program Network Reliability and Interoperability Council National Security Telecommunications Advisory Committee Wireless Priority Services Alerting and Coordination Network Energy ISAC Energy Sector Security Consortium Chemical Sector ISAC Chemical Transportation Emergency Center (CHEMTREC(R)) Healthcare Services ISAC Highway ISAC Cargo Theft Information Processing System American Trucking Associations HighwayWatch(R) Food and Agriculture ISAC FoodSHIELD Food Marketing Institute Multistate ISAC ISAC Council Worldwide ISAC Real Estate ISAC The Real Estate Roundtable Research and Educational Networking ISAC Biotechnology and Pharmaceutical ISAC Maritime ISAC Maritime Security Council Marine Transportation System National Advisory Council Supervisory Control and Data Acquisition What Are Control Systems? Types of Control Systems Components of Control Systems Vulnerability Concerns about Control Systems Adoption of Standardized Technologies with Known Vulnerabilities Connectivity of Control Systems to Unsecured Networks Implementation Constraints of Existing Security Technologies Insecure Connectivity to Control Systems Publicly Available Information about Control Systems Control Systems May Be Vulnerable to Attack Consequences Resulting from Control System Compromises Wardialing Wardriving Warwalking Threats Resulting from Control System Attacks Issues in Securing Control Systems Methods of Securing Control Systems Technology Research Initiatives of Control Systems Security Awareness and Information Sharing Initiatives Process and Security Control Initiatives Securing Control Systems Implement Auditing Controls Develop Policy Management and Control Mechanisms Control Systems Architecture Development Segment Networks between Control Systems and Corporate Enterprise Develop Methodologies for Exception Tracking Define an Incident Response Plan Similarities between Sectors US Computer Emergency Readiness Team CSSP Control Systems Cyber Security Evaluation Tool (CSET) SCADA Community Challenges The Future of SCADA SCADA Resources Critical Infrastructure Information What Is Critical Infrastructure Information? How Does the Government Interpret CII? Exemption 3 of the FOIA Exemption 4 of the FOIA Section 214 of the Homeland Security Act Enforcement of Section 214 of the Homeland Security Act What Does "Sensitive but Unclassified" Mean? Information Handling Procedures Freedom of Information Act Need to Know "For Official Use Only" Enforcement of FOUO Information Reviewing Web Site Content Export-Controlled Information Enforcement of Export-Controlled Information Source Selection Data Enforcement of Source Selection Data Privacy Information Enforcement of Privacy Information Unclassified Controlled Nuclear Information Enforcement of UCNI Critical Energy Infrastructure Information Enforcement of CEII Controlled Unclassified Information Lessons Learned Programs InfraGard Sensitive Unclassified Nonsafeguards Information (SUNSI) Safeguards Information (SGI) Glossary Appendix Index