SA

CYB 4303, Critical Infrastructure Protection in Cybersecurity 1

Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to:

3. Explain the current state of critical infrastructure protection (CIP) in the United States. 3.1 Describe the function of complex systems and their role in society.

5. Analyze vulnerabilities of critical infrastructure and key resources (CIKR).

5.1 Explain strategies to improve complex infrastructure resiliency. 5.2 Identify critical infrastructure interdependencies.

Required Unit Resources Chapter 4: Complex CIKR Systems Unit Lesson

Introduction The previous unit briefly introduced you to risk strategies and risk management applicable to most common events in our society. We covered the potential sources of risks and the difference between internal and external risks; however, many critical infrastructure sectors have unique sources of risks requiring specific methodologies for risk assessment. Proper risk assessment methodologies are indispensable for critical sectors in order to identify threats, assess vulnerabilities, and calculate the impact to systems or assets within those critical infrastructures. Furthermore, consideration must be as to the probability of occurrence of those events to specific sectors. Complexities do exist because the scope of these risks assessments is broader and must deal with research institutes, nationwide decision-making, and policy-making at the highest governmental levels. In other words, there is a significant differentiation between risk assessment methodologies based on the scope of the sectors, the audience, and the stakeholders involved in those decisions. The other important aspect of critical infrastructure, risk assessment methodologies, is that of networked infrastructures and the interdependencies between the different sectors. Rinaldi, et al. (2001) identified four types of critical infrastructure interdependencies.

1. Physical interdependencies are those in which one infrastructure depends on another for its input (e.g., the electrical grid in some aspects depends on the water system, for example, where dams are used to generate electricity).

2. Cyber dependencies are those in which most critical infrastructure sectors depend on the information provided by the information systems infrastructure (many sectors such as the electrical grid use the Internet to report metrics or control substations remotely).

3. Geographic dependencies are those in which environmental events affect other critical infrastructures (the presence of hurricanes endangers other infrastructures such as the energy, waterways, and transportation sectors).

4. Logical dependencies may be any dependency not characterized by physical, cyber, or geographic (These can be social, economic, political, and legal forces affecting one or multiple sectors. An example includes the economic collapse of an area affecting the maintenance of a critical sector such as waterways that could result in the deterioration of the water-retaining structures in dams, potentially causing a flood).

UNIT III STUDY GUIDE Infrastructure Protection: Risks and Threats, Part II

CYB 4303, Critical Infrastructure Protection in Cybersecurity 2

UNIT x STUDY GUIDE Title

Homeland Security Homeland security has been a critical topic at all levels of society in many countries. This is reflected in the different agencies tasked with the overall security of many nations. Homeland security refers to protecting and safeguarding a country’s internal environment from disruptive events or activities leading to critical disruptions, loss of lives, and destruction of public and/or private property. In the United States, specifically, the Department of Homeland Security (DHS) is the agency tasked with the oversight and coordination of the country’s critical infrastructure sectors. This is a daunting endeavor because the private sector owns and protects roughly 85 percent of the nation’s infrastructure (Government Accountability Office, 2006). The charter established in Homeland Security Presidential Directive 7 (HSPD-7) outlines the details and processes for CIKR safeguards (HSPD-7, 2003). HSPD-7 directives are a set of federal policies to enhance protection for the nation’s critical infrastructure sectors and specifically mandates a strategic plan that follows such policies. In this directive, the president appointed a secretary of homeland security as the “principal federal official to lead CIKR protection efforts among federal departments and agencies, state and local governments, and the private sector” (p. 12).

Critical Infrastructure Key Resources (CIKRs) CIKRs are of strategic importance for the nation as they encompass trade, economic, technological, and political interests. As noted in previous units, CIKRs include physical assets such as buildings and infrastructures as well as transportation and communication networks. According to the President’s National Strategy for Homeland Security, “Government at the federal, state, and local level must actively collaborate and partner with the private sector, which controls 85 percent of America’s infrastructure . . . the nation’s infrastructure protection effort must harness the capabilities of the private sector to achieve a prudent level of security without hindering productivity, trade, or economic growth” (Department of Justice, Bureau of Justice Assistance, 2005, p. viii). In Unit I, we expanded the number of critical sectors to 18. Homeland security in the United States is the task of many agencies, public and private. The number of CIKRs makes the protection of all these different sectors complex as it requires the coordination of the public and private sectors. Protection of CIKR assets from physical and cyberthreats requires communication, cooperation, coordination, and collaboration as these elements are critical between the public and private sectors. The Department of Homeland Security initiated and supports the Control System Security Program (CSSP) in order to reduce risks to the nation’s critical infrastructure sectors through partnerships with public and private sectors (McGurk, 2009). Furthermore, National Risk Assessments must be conducted frequently to identify and prepare for potential new vulnerabilities and threats specifically when it comes to cybersecurity in public and private sectors.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 3

UNIT x STUDY GUIDE Title

Threats and Vulnerabilities Protection The protection of CIKRs requires specific focus on not only physical infrastructures but on communication networks unique to the telecommunication, financial, and energy sectors. All CIKRs must constantly evaluate the risks and vulnerabilities to the assets from any threats along with the development of unique countermeasures and emergency contingency plans to preempt any attacks to the critical infrastructure. Although the protection of CIKRs is perceived as the sole responsibility of the federal government, it is also the responsibility of private sectors, thus, as already noted the need for public-private partnership is paramount.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 4

UNIT x STUDY GUIDE Title

Figure 1. Eighteen critical infrastructure and key resource (CIKR) sectors (Hart & Ramsay, 2011; 12019, 2012; Anne-Onyme, 2014; Breher, 2015; DerSilent, 2017; Katzenfreund, 2017; LEEROY Agency, 2014; lumix2004, 2016; McElroy, 2015; Muhummad, 2018; Olaf, 2013; Petra, 2009; Pexels, 2016; Photo Mix, 2018; PublicDomainPictures, 2013; skeeze, 2007a; skeeze, 2007b; skeeze, 2014; Skitterians &Skitterians, 2017)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 5

UNIT x STUDY GUIDE Title

Case Study Our textbook covers different theories on catastrophe. An additional example follows on how we can apply some of these theories to events that most of us have experienced. Financial Meltdown of 2008 We can apply Bak’s theory of self-organized criticality (SOC) to the financial meltdown of 2008. The theory posits that the criticality (meltdown) was caused by previous events. When the United States prevented the financial system from collapsing in 1997, it triggered the collapse of the tech market in 2001-02. Similarly, the actions of the federal government in preventing the tech market collapse in 2001-02 triggered the housing bubble, which burst in 2007-09. Thus, in essence, the process by which many complex systems go from stable to unstable is called self-organized criticality or SOC. Steps that are taken to prevent the system from collapsing create a feedback loop that causes the system to eventually collapse.

Observations

• Percolation increases SOC. • Risks increase with SOC. • Paradox of enrichment (too much of a good thing?)

o When exceeding the carrying capacity of an ecological system, you risk its collapse. • Sand pile effect (complex systems cause cascading and landslides)

As it pertains to CIKRs, actions/events can cause triggers for disasters. As an example:

• increasing the capacity of a network could reduce overall performance; • spreading more pesticides could increase the pest population; and • increasing the number of security personnel could amplify breaches.

Summary

As the world becomes more connected, threats and vulnerabilities increase to the nation’s CIKRs. The country’s state of homeland security continues to go through reforms in order to adapt to the ever-changing physical threats and cyberthreats. In order to keep up with the shifting landscape, the government must forge strategic partnerships with other countries and with private sectors to strengthen homeland security strategies.

Definitions Below are some definitions introduced in the unit lesson that you should take some time to review.

• Percolation increases risk by increasing the juxtaposition and structure (spectral radius) of a CIKR system represented as a network.

CORE CONCEPTS

Directives of Homeland Security Responsibility and Accountability

- Assign lead agencies for homeland security initiatives Mobilization of Society

- Be cognizant of the critical role state and local agencies, private institutions, and society play in securing the homeland.

- Recognize that because of the complexity of protecting critical sectors, organizations outside of the government may take the lead in many of the protection efforts (HSPD-7, 2003).

CYB 4303, Critical Infrastructure Protection in Cybersecurity 6

UNIT x STUDY GUIDE Title

• Resilience is the ability to resist, absorb, recover from or successfully adapt to adversity or a change in conditions.

• Self-organized criticality is measured in terms of spectral radius, which is a measure of network structure and equates to fragility and nonresilience.

References 12019. (2012). Surgery operation hospital surgical team medicine [Photograph]. Pixabay.

https://pixabay.com/en/surgery-operation-hospital-79584/ Anne-Onyme. (2011). Mail newsletter home mailbox hiring gray home [Photograph]. Pixabay.

https://pixabay.com/en/mail-newsletter-home-mailbox-1048452/ Breher, T. (2015). Bank note Dollar USD US-dollar money funds bills [Photograph]. Pixabay.

https://pixabay.com/en/bank-note-dollar-usd-us-dollar-941246/ Department of Justice, Bureau of Justice Assistance. (2005). Engaging the private sector to promote

homeland security: Law enforcement-private security partnerships [Report NCJ 210678]. https://www.ncjrs.gov/pdffiles1/bja/210678.pdf

DerSilent. (2017). Faucet source refreshment water dispenser water [Photograph]. Pixabay.

https://pixabay.com/en/faucet-source-refreshment-2269335/ Government Accountability Office. (2006). Critical infrastructure protection.

https://www.gao.gov/products/GAO-07-39 Hart, S., & Ramsay, J. D. (2011). A guide for Homeland Security instructors preparing physical critical

infrastructure protection courses. Homeland Security Affairs, 7(1). https://search-proquest- com.libraryresources.columbiasouthern.edu/docview/1266215283/A832EE344ABD4142PQ/1?accou ntid=33337

Homeland Security. (2003). Homeland security presidential directive 7: Critical infrastructure identification,

prioritization, and protection. https://www.dhs.gov/homeland-security-presidential-directive-7 Katzenfreund, K. (2017). Nuclear power plant nuclear power atomic energy [Photograph]. Pixabay.

https://pixabay.com/en/nuclear-power-plant-nuclear-power-2854866/ LEEROY Agency. (2014). Antenna tower transmission communication [Photograph]. Pixabay.

https://pixabay.com/en/antenna-tower-transmission-498438/ lumix2004. (2016). Orchard apple apples fruit green nature tree [Photograph]. Pixabay.

https://pixabay.com/en/orchard-apple-apples-fruit-green-1872997/ McElroy, R. (2015). Dam river water landscape power hydroelectric [Photograph]. Pixabay.

https://pixabay.com/en/dam-river-water-landscape-power-929406/ McGurk, S. P. (2009). Statement for the record of Seán P. McGurk director, Control Systems Security

Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security [Testimony]. https://obamawhitehouse.archives.gov/files/documents/cyber/Congress%20- %20Sean%20McGurk%20-%20SmartGrid%20Testimony%20032409.pdf

Muhammad, F. (2018). Emergency room hospital ambulance rescue Houston [Photograph]. Pixabay.

https://pixabay.com/en/emergency-room-hospital-ambulance-3323451/ Olaf. (2013). Bulgaria Vratsa abandoned industry chemical plant [Photograph]. Pixabay.

https://pixabay.com/en/bulgaria-vratsa-abandoned-industry-1351947/

CYB 4303, Critical Infrastructure Protection in Cybersecurity 7

UNIT x STUDY GUIDE Title

Petra. (2009). Mi promotion Sasketchewan prairie oil production [Photograph]. Pixabay. https://pixabay.com/en/mi-promotion-sasketchewan-prairie-1044575/

Pexels. (2016). Train transportation platform railroad metro [Photograph]. Pixabay.

https://pixabay.com/en/train-transportation-platform-1285288/ Photo Mix. (2018). Under the roof shopping inside sale modern [Photograph]. Pixabay.

https://pixabay.com/en/under-the-roof-shopping-inside-sale-3175884/ PublicDomainPictures. (2013). Wire telephone poles poles workers [Photograph]. Pixabay.

https://pixabay.com/en/wire-telephone-poles-poles-workers-164966/ Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding and analyzing critical

infrastructure interdependencies. IEEE Control Systems Magazine, 21(6), 11-25. https://ieeexplore.ieee.org/document/969131/

skeeze. (2007a). Aircraft military jet F-18 Super Hornet [Photograph]. Pixabay. https://pixabay.com/en/aircraft-

jet-military-f-18-1066512/ skeeze. (2007b). Mount Rushmore monument landmark scenic [Photograph]. Pixabay.

https://pixabay.com/en/mount-rushmore-monument-landmark-902483/ skeeze. (2014). Supreme Court building USA Washington front [Photograph]. Pixabay.

https://pixabay.com/en/supreme-court-building-usa-546279/ Skitterians, R., & Skitterians, P. (2017). Machine mill industry steam milling machining [Photograph]. Pixabay.

https://pixabay.com/en/machine-mill-industry-steam-2881171/ Suggested Unit Resources In order to access the following resources, click the links below. Additional information relevant to the unit’s objectives can be found in the following links. There is a wealth of information related to homeland security found in governmental sites such as the dhs.gov and whitehouse.gov sites. Department of Homeland Security (n.d.) Critical infrastructure sectors. http://www.dhs.gov/critical-

infrastructure-sectors Department of Homeland Security (n.d.) Infrastructure security division. http://www.dhs.gov/office-

infrastructure-protection Department of Homeland Security (n.d.) Critical infrastructure and key resources support annex.

https://www.dhs.gov/critical-infrastructure-and-key-resources-support-annex Department of Homeland Homeland Security. (2003). Homeland Security Presidential Directive 7: Critical

infrastructure identification, prioritization, and protection. https://www.dhs.gov/homeland-security- presidential-directive-7

The White House, Office of the Press Secretary. (2013, Feb 12). Presidential policy directive – critical

infrastructure security and resilience [Press Release]. https://www.whitehouse.gov/the-press- office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil

CYB 4303, Critical Infrastructure Protection in Cybersecurity 1

Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to:

3. Explain the current state of critical infrastructure protection (CIP) in the United States. 3.1 Describe the function of complex systems and their role in society.

5. Analyze vulnerabilities of critical infrastructure and key resources (CIKR).

5.1 Explain strategies to improve complex infrastructure resiliency. 5.2 Identify critical infrastructure interdependencies.

Required Unit Resources Chapter 4: Complex CIKR Systems Unit Lesson

Introduction The previous unit briefly introduced you to risk strategies and risk management applicable to most common events in our society. We covered the potential sources of risks and the difference between internal and external risks; however, many critical infrastructure sectors have unique sources of risks requiring specific methodologies for risk assessment. Proper risk assessment methodologies are indispensable for critical sectors in order to identify threats, assess vulnerabilities, and calculate the impact to systems or assets within those critical infrastructures. Furthermore, consideration must be as to the probability of occurrence of those events to specific sectors. Complexities do exist because the scope of these risks assessments is broader and must deal with research institutes, nationwide decision-making, and policy-making at the highest governmental levels. In other words, there is a significant differentiation between risk assessment methodologies based on the scope of the sectors, the audience, and the stakeholders involved in those decisions. The other important aspect of critical infrastructure, risk assessment methodologies, is that of networked infrastructures and the interdependencies between the different sectors. Rinaldi, et al. (2001) identified four types of critical infrastructure interdependencies.

1. Physical interdependencies are those in which one infrastructure depends on another for its input (e.g., the electrical grid in some aspects depends on the water system, for example, where dams are used to generate electricity).

2. Cyber dependencies are those in which most critical infrastructure sectors depend on the information provided by the information systems infrastructure (many sectors such as the electrical grid use the Internet to report metrics or control substations remotely).

3. Geographic dependencies are those in which environmental events affect other critical infrastructures (the presence of hurricanes endangers other infrastructures such as the energy, waterways, and transportation sectors).

4. Logical dependencies may be any dependency not characterized by physical, cyber, or geographic (These can be social, economic, political, and legal forces affecting one or multiple sectors. An example includes the economic collapse of an area affecting the maintenance of a critical sector such as waterways that could result in the deterioration of the water-retaining structures in dams, potentially causing a flood).

UNIT III STUDY GUIDE Infrastructure Protection: Risks and Threats, Part II

CYB 4303, Critical Infrastructure Protection in Cybersecurity 2

UNIT x STUDY GUIDE Title

Homeland Security Homeland security has been a critical topic at all levels of society in many countries. This is reflected in the different agencies tasked with the overall security of many nations. Homeland security refers to protecting and safeguarding a country’s internal environment from disruptive events or activities leading to critical disruptions, loss of lives, and destruction of public and/or private property. In the United States, specifically, the Department of Homeland Security (DHS) is the agency tasked with the oversight and coordination of the country’s critical infrastructure sectors. This is a daunting endeavor because the private sector owns and protects roughly 85 percent of the nation’s infrastructure (Government Accountability Office, 2006). The charter established in Homeland Security Presidential Directive 7 (HSPD-7) outlines the details and processes for CIKR safeguards (HSPD-7, 2003). HSPD-7 directives are a set of federal policies to enhance protection for the nation’s critical infrastructure sectors and specifically mandates a strategic plan that follows such policies. In this directive, the president appointed a secretary of homeland security as the “principal federal official to lead CIKR protection efforts among federal departments and agencies, state and local governments, and the private sector” (p. 12).

Critical Infrastructure Key Resources (CIKRs) CIKRs are of strategic importance for the nation as they encompass trade, economic, technological, and political interests. As noted in previous units, CIKRs include physical assets such as buildings and infrastructures as well as transportation and communication networks. According to the President’s National Strategy for Homeland Security, “Government at the federal, state, and local level must actively collaborate and partner with the private sector, which controls 85 percent of America’s infrastructure . . . the nation’s infrastructure protection effort must harness the capabilities of the private sector to achieve a prudent level of security without hindering productivity, trade, or economic growth” (Department of Justice, Bureau of Justice Assistance, 2005, p. viii). In Unit I, we expanded the number of critical sectors to 18. Homeland security in the United States is the task of many agencies, public and private. The number of CIKRs makes the protection of all these different sectors complex as it requires the coordination of the public and private sectors. Protection of CIKR assets from physical and cyberthreats requires communication, cooperation, coordination, and collaboration as these elements are critical between the public and private sectors. The Department of Homeland Security initiated and supports the Control System Security Program (CSSP) in order to reduce risks to the nation’s critical infrastructure sectors through partnerships with public and private sectors (McGurk, 2009). Furthermore, National Risk Assessments must be conducted frequently to identify and prepare for potential new vulnerabilities and threats specifically when it comes to cybersecurity in public and private sectors.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 3

UNIT x STUDY GUIDE Title

Threats and Vulnerabilities Protection The protection of CIKRs requires specific focus on not only physical infrastructures but on communication networks unique to the telecommunication, financial, and energy sectors. All CIKRs must constantly evaluate the risks and vulnerabilities to the assets from any threats along with the development of unique countermeasures and emergency contingency plans to preempt any attacks to the critical infrastructure. Although the protection of CIKRs is perceived as the sole responsibility of the federal government, it is also the responsibility of private sectors, thus, as already noted the need for public-private partnership is paramount.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 4

UNIT x STUDY GUIDE Title

Figure 1. Eighteen critical infrastructure and key resource (CIKR) sectors (Hart & Ramsay, 2011; 12019, 2012; Anne-Onyme, 2014; Breher, 2015; DerSilent, 2017; Katzenfreund, 2017; LEEROY Agency, 2014; lumix2004, 2016; McElroy, 2015; Muhummad, 2018; Olaf, 2013; Petra, 2009; Pexels, 2016; Photo Mix, 2018; PublicDomainPictures, 2013; skeeze, 2007a; skeeze, 2007b; skeeze, 2014; Skitterians &Skitterians, 2017)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 5

UNIT x STUDY GUIDE Title

Case Study Our textbook covers different theories on catastrophe. An additional example follows on how we can apply some of these theories to events that most of us have experienced. Financial Meltdown of 2008 We can apply Bak’s theory of self-organized criticality (SOC) to the financial meltdown of 2008. The theory posits that the criticality (meltdown) was caused by previous events. When the United States prevented the financial system from collapsing in 1997, it triggered the collapse of the tech market in 2001-02. Similarly, the actions of the federal government in preventing the tech market collapse in 2001-02 triggered the housing bubble, which burst in 2007-09. Thus, in essence, the process by which many complex systems go from stable to unstable is called self-organized criticality or SOC. Steps that are taken to prevent the system from collapsing create a feedback loop that causes the system to eventually collapse.

Observations

• Percolation increases SOC. • Risks increase with SOC. • Paradox of enrichment (too much of a good thing?)

o When exceeding the carrying capacity of an ecological system, you risk its collapse. • Sand pile effect (complex systems cause cascading and landslides)

As it pertains to CIKRs, actions/events can cause triggers for disasters. As an example:

• increasing the capacity of a network could reduce overall performance; • spreading more pesticides could increase the pest population; and • increasing the number of security personnel could amplify breaches.

Summary

As the world becomes more connected, threats and vulnerabilities increase to the nation’s CIKRs. The country’s state of homeland security continues to go through reforms in order to adapt to the ever-changing physical threats and cyberthreats. In order to keep up with the shifting landscape, the government must forge strategic partnerships with other countries and with private sectors to strengthen homeland security strategies.

Definitions Below are some definitions introduced in the unit lesson that you should take some time to review.

• Percolation increases risk by increasing the juxtaposition and structure (spectral radius) of a CIKR system represented as a network.

CORE CONCEPTS

Directives of Homeland Security Responsibility and Accountability

- Assign lead agencies for homeland security initiatives Mobilization of Society

- Be cognizant of the critical role state and local agencies, private institutions, and society play in securing the homeland.

- Recognize that because of the complexity of protecting critical sectors, organizations outside of the government may take the lead in many of the protection efforts (HSPD-7, 2003).

CYB 4303, Critical Infrastructure Protection in Cybersecurity 6

UNIT x STUDY GUIDE Title

• Resilience is the ability to resist, absorb, recover from or successfully adapt to adversity or a change in conditions.

• Self-organized criticality is measured in terms of spectral radius, which is a measure of network structure and equates to fragility and nonresilience.

References 12019. (2012). Surgery operation hospital surgical team medicine [Photograph]. Pixabay.

https://pixabay.com/en/surgery-operation-hospital-79584/ Anne-Onyme. (2011). Mail newsletter home mailbox hiring gray home [Photograph]. Pixabay.

https://pixabay.com/en/mail-newsletter-home-mailbox-1048452/ Breher, T. (2015). Bank note Dollar USD US-dollar money funds bills [Photograph]. Pixabay.

https://pixabay.com/en/bank-note-dollar-usd-us-dollar-941246/ Department of Justice, Bureau of Justice Assistance. (2005). Engaging the private sector to promote

homeland security: Law enforcement-private security partnerships [Report NCJ 210678]. https://www.ncjrs.gov/pdffiles1/bja/210678.pdf

DerSilent. (2017). Faucet source refreshment water dispenser water [Photograph]. Pixabay.

https://pixabay.com/en/faucet-source-refreshment-2269335/ Government Accountability Office. (2006). Critical infrastructure protection.

https://www.gao.gov/products/GAO-07-39 Hart, S., & Ramsay, J. D. (2011). A guide for Homeland Security instructors preparing physical critical

infrastructure protection courses. Homeland Security Affairs, 7(1). https://search-proquest- com.libraryresources.columbiasouthern.edu/docview/1266215283/A832EE344ABD4142PQ/1?accou ntid=33337

Homeland Security. (2003). Homeland security presidential directive 7: Critical infrastructure identification,

prioritization, and protection. https://www.dhs.gov/homeland-security-presidential-directive-7 Katzenfreund, K. (2017). Nuclear power plant nuclear power atomic energy [Photograph]. Pixabay.

https://pixabay.com/en/nuclear-power-plant-nuclear-power-2854866/ LEEROY Agency. (2014). Antenna tower transmission communication [Photograph]. Pixabay.

https://pixabay.com/en/antenna-tower-transmission-498438/ lumix2004. (2016). Orchard apple apples fruit green nature tree [Photograph]. Pixabay.

https://pixabay.com/en/orchard-apple-apples-fruit-green-1872997/ McElroy, R. (2015). Dam river water landscape power hydroelectric [Photograph]. Pixabay.

https://pixabay.com/en/dam-river-water-landscape-power-929406/ McGurk, S. P. (2009). Statement for the record of Seán P. McGurk director, Control Systems Security

Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security [Testimony]. https://obamawhitehouse.archives.gov/files/documents/cyber/Congress%20- %20Sean%20McGurk%20-%20SmartGrid%20Testimony%20032409.pdf

Muhammad, F. (2018). Emergency room hospital ambulance rescue Houston [Photograph]. Pixabay.

https://pixabay.com/en/emergency-room-hospital-ambulance-3323451/ Olaf. (2013). Bulgaria Vratsa abandoned industry chemical plant [Photograph]. Pixabay.

https://pixabay.com/en/bulgaria-vratsa-abandoned-industry-1351947/

CYB 4303, Critical Infrastructure Protection in Cybersecurity 7

UNIT x STUDY GUIDE Title

Petra. (2009). Mi promotion Sasketchewan prairie oil production [Photograph]. Pixabay. https://pixabay.com/en/mi-promotion-sasketchewan-prairie-1044575/

Pexels. (2016). Train transportation platform railroad metro [Photograph]. Pixabay.

https://pixabay.com/en/train-transportation-platform-1285288/ Photo Mix. (2018). Under the roof shopping inside sale modern [Photograph]. Pixabay.

https://pixabay.com/en/under-the-roof-shopping-inside-sale-3175884/ PublicDomainPictures. (2013). Wire telephone poles poles workers [Photograph]. Pixabay.

https://pixabay.com/en/wire-telephone-poles-poles-workers-164966/ Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding and analyzing critical

infrastructure interdependencies. IEEE Control Systems Magazine, 21(6), 11-25. https://ieeexplore.ieee.org/document/969131/

skeeze. (2007a). Aircraft military jet F-18 Super Hornet [Photograph]. Pixabay. https://pixabay.com/en/aircraft-

jet-military-f-18-1066512/ skeeze. (2007b). Mount Rushmore monument landmark scenic [Photograph]. Pixabay.

https://pixabay.com/en/mount-rushmore-monument-landmark-902483/ skeeze. (2014). Supreme Court building USA Washington front [Photograph]. Pixabay.

https://pixabay.com/en/supreme-court-building-usa-546279/ Skitterians, R., & Skitterians, P. (2017). Machine mill industry steam milling machining [Photograph]. Pixabay.

https://pixabay.com/en/machine-mill-industry-steam-2881171/ Suggested Unit Resources In order to access the following resources, click the links below. Additional information relevant to the unit’s objectives can be found in the following links. There is a wealth of information related to homeland security found in governmental sites such as the dhs.gov and whitehouse.gov sites. Department of Homeland Security (n.d.) Critical infrastructure sectors. http://www.dhs.gov/critical-

infrastructure-sectors Department of Homeland Security (n.d.) Infrastructure security division. http://www.dhs.gov/office-

infrastructure-protection Department of Homeland Security (n.d.) Critical infrastructure and key resources support annex.

https://www.dhs.gov/critical-infrastructure-and-key-resources-support-annex Department of Homeland Homeland Security. (2003). Homeland Security Presidential Directive 7: Critical

infrastructure identification, prioritization, and protection. https://www.dhs.gov/homeland-security- presidential-directive-7

The White House, Office of the Press Secretary. (2013, Feb 12). Presidential policy directive – critical

infrastructure security and resilience [Press Release]. https://www.whitehouse.gov/the-press- office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil