VI

HLS 3302, American Homeland Security 1

Course Learning Outcomes for Unit VI At the end of this unit, you should be able to:

2. Evaluate the effectiveness of homeland security programs in counterterrorism efforts. 2.6 Identify critical infrastructure sectors designated by the Department of Homeland Security. 2.7 Analyze the role of the Cybersecurity and Infrastructure Security Agency and sector-specific

agencies in managing cyber and physical threats. Required Unit Resources Chapter 14: Critical Infrastructure Protection (UL0 2.6) Chapter 14 provides a comprehensive overview of the systems, assets, and networks deemed essential to national security, economic stability, and public health, collectively referred to as critical infrastructure. Alperen outlines the development of the U.S. infrastructure protection strategy, focusing on post-9/11 efforts to assess vulnerabilities, identify interdependencies, and build public-private partnerships. The chapter emphasizes the importance of resilience, risk management, and cybersecurity as foundational pillars for safeguarding infrastructure sectors, ranging from energy and transportation to water systems and financial services (14 pages). Chapter 24: Cyber (ULO 2.7) Chapter 24 examines the complex and evolving landscape of cybersecurity within the homeland security domain. Alperen outlines the threats posed by state-sponsored hackers, cybercriminals, and terrorist groups, while also highlighting vulnerabilities in both public and private sector networks. The chapter explains key concepts such as cyber hygiene, critical infrastructure interconnectivity, and the role of the Cybersecurity and Infrastructure Security Agency (CISA) in safeguarding the nation’s digital assets (6 pages). Unit Lesson Lesson: Protecting Critical Infrastructure and Cybersecurity (ULOs 2.6 and 2.7)

The Stakes of Infrastructure Protection The security and resilience of the United States’ critical infrastructure are central to homeland security. Infrastructure is more than bridges, pipelines, and power grids; it includes financial networks, public health systems, data centers, and communication platforms that underpin daily life. In this lesson, we examine how homeland security professionals assess risk, defend against threats, and build resilience within and across critical infrastructure sectors. With cyberattacks growing in frequency and sophistication, cybersecurity is now as essential as physical security in maintaining the operational continuity of national systems.

UNIT VI STUDY GUIDE Protecting Critical Infrastructure and Cybersecurity

HLS 3302, American Homeland Security 2

UNIT x STUDY GUIDE Title

Understanding Critical Infrastructure

The Department of Homeland Security defines critical infrastructure as systems and assets, whether physical or virtual, so vital that their incapacity or destruction would have a debilitating impact on national security, economic security, public health, or safety. The National Infrastructure Protection Plan (NIPP) identifies 16 critical infrastructure sectors, including energy, water, health care, transportation, information technology, and emergency services (Cybersecurity & Infrastructure Security Agency, n.d.).

Chemical Commercial Facilities

Communications Critical Manufacturing

Dams Defense Industrial Base

Emergency Services

Energy

Financial Services Food and Agriculture

Government Services and

Facilities

Health Care and Public Health

Information Technology

Nuclear Reactors, Materials, and

Waste

Transportation Systems

Water and Wastewater

Critical Infrastructure Sectors

HLS 3302, American Homeland Security 3

UNIT x STUDY GUIDE Title

Each sector has its own unique risks, vulnerabilities, and interdependencies. For instance, the energy sector powers everything from hospitals to financial institutions, while the communications sector enables the real- time information sharing that makes emergency response possible. This interconnectedness means that a failure in one sector often has cascading effects across others. Homeland security professionals must therefore take a systems-based, all-hazards approach to planning and protection.

Public-Private Partnerships and Sector-Specific Plans One of the distinctive challenges of infrastructure protection is that the majority of critical infrastructure in the United States is owned and operated by the private sector. As such, DHS does not directly control most critical assets but instead relies on collaborative partnerships between federal, state, and private stakeholders. Sector-specific agencies, such as the Department of Energy for the energy sector or the Department of Health and Human Services for health care, lead coordination efforts for their respective domains. Public-private partnerships are formalized through mechanisms such as the Critical Infrastructure Partnership Advisory Council (CIPAC) and the Information Sharing and Analysis Centers (ISACs). These frameworks allow industry stakeholders to share threat intelligence, vulnerability assessments, and best practices while maintaining operational autonomy. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) plays a key role in facilitating these collaborations and providing resources such as vulnerability scanning, cybersecurity assessments, and risk analysis tools (Cybersecurity and Infrastructure Security Agency, 2023).

Cybersecurity: A Growing Homeland Security Frontier Cybersecurity has become one of the fastest evolving and most critical elements of infrastructure protection (Alperen, 2024). High-profile incidents like the 2017 WannaCry ransomware attack, the 2020 SolarWinds supply chain breach, and the 2021 Colonial Pipeline cyberattack have underscored the fragility of digital systems and the real-world consequences of cyber intrusions. These incidents have not only disrupted essential services but have also exposed sensitive data, eroded public trust, and sparked geopolitical tensions. CISA leads federal efforts in securing cyberspace, promoting resilience across both public and private digital networks. Key initiatives include the National Cybersecurity Strategy, the development of cyber incident reporting frameworks, and investment in cybersecurity workforce development. State and local governments are also increasingly targeted by cybercriminals and nation-state actors, making cybersecurity a shared responsibility across all levels of governance.

Resilience, Redundancy, and Risk Management Infrastructure protection is not just about prevention; it is equally about resilience. In homeland security, resilience refers to the ability of systems to absorb shocks, adapt to changing conditions, and recover quickly from disruptions. Building resilience involves implementing redundancies (such as backup power or mirrored servers), conducting risk assessments, engaging in continuity of operations planning (COOP), and developing incident response strategies. A key tool in this process is risk-based planning, which prioritizes investments and protections based on the likelihood and consequence of specific threats. Homeland security professionals must weigh the cost of security measures against potential losses and legal liabilities. This balancing act is especially complex in the cyber domain, where threats evolve faster than traditional planning cycles.

Critical Infrastructure Protection and Cybersecurity Case Examples Colonial Pipeline Ransomware Attack (2021) In May 2021, Colonial Pipeline, one of the largest fuel pipeline operators in the United States, fell victim to a ransomware attack orchestrated by the cybercriminal group DarkSide. The attackers infiltrated the company's billing system and demanded a ransom, leading Colonial to shut down pipeline operations preemptively. The

HLS 3302, American Homeland Security 4

UNIT x STUDY GUIDE Title

attack disrupted fuel supplies across the Southeastern United States, causing panic buying, fuel shortages, and a spike in gas prices (Hobbs, 2021). This incident underscored the vulnerabilities in critical energy infrastructure, particularly regarding incident response planning, and the risks of legacy IT systems. The attack also prompted the Department of Homeland Security and other federal agencies to reevaluate cybersecurity protocols and issue new directives for pipeline operators. Ukraine’s Power Grid Cyberattack (2015) On December 23, 2015, a sophisticated cyberattack targeted Ukraine’s power grid, resulting in power outages that affected approximately 230,000 people. This event marked the first known instance of a cyberattack causing a blackout. The attackers, believed to be part of the Russian-affiliated Sandworm group, used spear- phishing emails to deliver BlackEnergy malware, enabling remote access to the supervisory control and data acquisition (SCADA) systems controlling substations. The incident highlighted the vulnerabilities of operational technologies (OT) and industrial control systems (ICS), particularly when cyber and physical systems are deeply intertwined. It also signaled the emergence of cyberwarfare tactics designed to destabilize national infrastructure (Pollard, 2024). Costa Rica Ransomware Crisis (2022) In April 2022, Costa Rica experienced a crippling ransomware campaign led by the Conti group, which targeted the Ministry of Finance, affecting tax collection and customs processing. This evolved into a national crisis, with 27 government institutions compromised and the newly elected president declaring a state of emergency. This attack revealed how coordinated ransomware operations could threaten national stability and economic functioning. Costa Rica’s response, including a refusal to pay ransom and appeals for international cyber assistance, provided a cautionary tale for other nations regarding cyber resilience, data protection, and public trust in digital governance (Datta & Acton, 2022). WannaCry Ransomware Attack (2017) The global WannaCry ransomware attack in May 2017 affected more than 230,000 computers in 150 countries. The United Kingdom’s National Health Service (NHS) was one of the worst-hit institutions. Hospitals across the country were forced to cancel surgeries and revert to paper-based systems because of encrypted data and locked digital interfaces. The NHS’s reliance on outdated Windows systems and delayed software updates amplified the impact. The event demonstrated how cyberattacks can directly threaten human life by disrupting critical health care services. It also sparked reforms in IT governance and cybersecurity policy across the United Kingdom’s health sector (Mohurle & Patil, 2022). Oldsmar, Florida, Water Treatment Facility Cyberattack (2021) In February 2021, a hacker remotely accessed the Oldsmar, Florida water treatment system and attempted to increase the sodium hydroxide levels to dangerous levels. A vigilant employee noticed the changes and manually reversed the commands before any harm occurred. This breach exposed significant vulnerabilities in small municipal utilities, including the lack of multifactor authentication, outdated systems, and insufficient cybersecurity training. The incident emphasized the need for enhanced security protocols, particularly for under resourced infrastructure sectors such as water treatment (Cervini et al., 2022).

Ethical and Legal Considerations As with other areas of homeland security, critical infrastructure protection and cybersecurity raise important ethical and legal questions. These include debates about privacy, data protection, surveillance authority, and

HLS 3302, American Homeland Security 5

UNIT x STUDY GUIDE Title

the role of the government in regulating private-sector cybersecurity standards. The question of liability, who is responsible when a critical asset is breached, also remains a major policy issue. For instance, legislation such as the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) now mandates that critical infrastructure entities report significant cyber incidents to CISA within a defined period. This legal framework seeks to improve response coordination, but it also demands clear definitions, compliance strategies, and privacy protections.

Building a Secure and Resilient Infrastructure Landscape Protecting the nation’s infrastructure from physical and cyberthreats is a dynamic and multidisciplinary challenge. Homeland security professionals must navigate technical, political, legal, and ethical landscapes to ensure continuity, protect the public, and foster national resilience. Understanding these complexities prepares students to lead in a world where power grids, hospital networks, and data systems are just as much a target as government buildings or transportation hubs.

References Alperen, M. J. (2024). Foundations of homeland security and emergency management: Law and policy (3rd

ed.). Wiley. https://online.vitalsource.com/#/books/9781394191611 Cervini, J., Rubin, A., & Watkins, L. (2022, March 17-18). Don’t drink the cyber: Extrapolating the possibilities

of Oldsmar’s water treatment cyberattack. In Proceedings of the 17th International Conference on Cyber Warfare and Security, (Vol. 17, No. 1, pp. 19–25). 9fdb6a160b248d9aa25523b77d5bbeb8753c.pdf

Cybersecurity & Infrastructure Security Agency. (n.d.). National Infrastructure Protection Plan (NIPP)—NIPP

2013: Partnering for critical infrastructure security and resilience. U.S. Department of Homeland Security. https://www.dhs.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and- resilience

Cybersecurity and Infrastructure Security Agency (2022, September 1). CISA Strategic Plan: 2023–2025.

https://www.cisa.gov/resources-tools/resources/cisa-strategic-plan-2023-2025 Datta, P. M., & Acton, T. (2022, December 29). Ransomware and Costa Rica’s national emergency: A

defense framework and teaching case. Journal of Information Technology Teaching Cases, 14(1), 56–67.

Hobbs, A. (2021, July 6). The Colonial Pipeline hack: Exposing vulnerabilities in U.S. cybersecurity [Case

study]. SAGE Publications: SAGE Business Cases Originals. https://sk.sagepub.com/cases/colonial- pipeline-hack-exposing-vulnerabilities-us-cybersecurity#_=_

Mohurle, S., & Patil, M. (2022, June 11). A brief study of Wannacry threat: Ransomware attack 2017.

International Journal of Advanced Research in Engineering and Technology, 8(5). https://www.researchgate.net/publication/361227407_A_brief_study_of_Wannacry_Threat_Ransomw are_Attack_2017

Pollard, M. (2024). A case study of Russian cyber-attacks on the Ukrainian power grid: Implications and best

practices for the United States. Pepperdine Policy Review, 16(Article 1), 1. https://digitalcommons.pepperdine.edu/ppr/vol16/iss1/1/

HLS 3302, American Homeland Security 1

Course Learning Outcomes for Unit VI At the end of this unit, you should be able to:

2. Evaluate the effectiveness of homeland security programs in counterterrorism efforts. 2.6 Identify critical infrastructure sectors designated by the Department of Homeland Security. 2.7 Analyze the role of the Cybersecurity and Infrastructure Security Agency and sector-specific

agencies in managing cyber and physical threats. Required Unit Resources Chapter 14: Critical Infrastructure Protection (UL0 2.6) Chapter 14 provides a comprehensive overview of the systems, assets, and networks deemed essential to national security, economic stability, and public health, collectively referred to as critical infrastructure. Alperen outlines the development of the U.S. infrastructure protection strategy, focusing on post-9/11 efforts to assess vulnerabilities, identify interdependencies, and build public-private partnerships. The chapter emphasizes the importance of resilience, risk management, and cybersecurity as foundational pillars for safeguarding infrastructure sectors, ranging from energy and transportation to water systems and financial services (14 pages). Chapter 24: Cyber (ULO 2.7) Chapter 24 examines the complex and evolving landscape of cybersecurity within the homeland security domain. Alperen outlines the threats posed by state-sponsored hackers, cybercriminals, and terrorist groups, while also highlighting vulnerabilities in both public and private sector networks. The chapter explains key concepts such as cyber hygiene, critical infrastructure interconnectivity, and the role of the Cybersecurity and Infrastructure Security Agency (CISA) in safeguarding the nation’s digital assets (6 pages). Unit Lesson Lesson: Protecting Critical Infrastructure and Cybersecurity (ULOs 2.6 and 2.7)

The Stakes of Infrastructure Protection The security and resilience of the United States’ critical infrastructure are central to homeland security. Infrastructure is more than bridges, pipelines, and power grids; it includes financial networks, public health systems, data centers, and communication platforms that underpin daily life. In this lesson, we examine how homeland security professionals assess risk, defend against threats, and build resilience within and across critical infrastructure sectors. With cyberattacks growing in frequency and sophistication, cybersecurity is now as essential as physical security in maintaining the operational continuity of national systems.

UNIT VI STUDY GUIDE Protecting Critical Infrastructure and Cybersecurity

HLS 3302, American Homeland Security 2

UNIT x STUDY GUIDE Title

Understanding Critical Infrastructure

The Department of Homeland Security defines critical infrastructure as systems and assets, whether physical or virtual, so vital that their incapacity or destruction would have a debilitating impact on national security, economic security, public health, or safety. The National Infrastructure Protection Plan (NIPP) identifies 16 critical infrastructure sectors, including energy, water, health care, transportation, information technology, and emergency services (Cybersecurity & Infrastructure Security Agency, n.d.).

Chemical Commercial Facilities

Communications Critical Manufacturing

Dams Defense Industrial Base

Emergency Services

Energy

Financial Services Food and Agriculture

Government Services and

Facilities

Health Care and Public Health

Information Technology

Nuclear Reactors, Materials, and

Waste

Transportation Systems

Water and Wastewater

Critical Infrastructure Sectors

HLS 3302, American Homeland Security 3

UNIT x STUDY GUIDE Title

Each sector has its own unique risks, vulnerabilities, and interdependencies. For instance, the energy sector powers everything from hospitals to financial institutions, while the communications sector enables the real- time information sharing that makes emergency response possible. This interconnectedness means that a failure in one sector often has cascading effects across others. Homeland security professionals must therefore take a systems-based, all-hazards approach to planning and protection.

Public-Private Partnerships and Sector-Specific Plans One of the distinctive challenges of infrastructure protection is that the majority of critical infrastructure in the United States is owned and operated by the private sector. As such, DHS does not directly control most critical assets but instead relies on collaborative partnerships between federal, state, and private stakeholders. Sector-specific agencies, such as the Department of Energy for the energy sector or the Department of Health and Human Services for health care, lead coordination efforts for their respective domains. Public-private partnerships are formalized through mechanisms such as the Critical Infrastructure Partnership Advisory Council (CIPAC) and the Information Sharing and Analysis Centers (ISACs). These frameworks allow industry stakeholders to share threat intelligence, vulnerability assessments, and best practices while maintaining operational autonomy. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) plays a key role in facilitating these collaborations and providing resources such as vulnerability scanning, cybersecurity assessments, and risk analysis tools (Cybersecurity and Infrastructure Security Agency, 2023).

Cybersecurity: A Growing Homeland Security Frontier Cybersecurity has become one of the fastest evolving and most critical elements of infrastructure protection (Alperen, 2024). High-profile incidents like the 2017 WannaCry ransomware attack, the 2020 SolarWinds supply chain breach, and the 2021 Colonial Pipeline cyberattack have underscored the fragility of digital systems and the real-world consequences of cyber intrusions. These incidents have not only disrupted essential services but have also exposed sensitive data, eroded public trust, and sparked geopolitical tensions. CISA leads federal efforts in securing cyberspace, promoting resilience across both public and private digital networks. Key initiatives include the National Cybersecurity Strategy, the development of cyber incident reporting frameworks, and investment in cybersecurity workforce development. State and local governments are also increasingly targeted by cybercriminals and nation-state actors, making cybersecurity a shared responsibility across all levels of governance.

Resilience, Redundancy, and Risk Management Infrastructure protection is not just about prevention; it is equally about resilience. In homeland security, resilience refers to the ability of systems to absorb shocks, adapt to changing conditions, and recover quickly from disruptions. Building resilience involves implementing redundancies (such as backup power or mirrored servers), conducting risk assessments, engaging in continuity of operations planning (COOP), and developing incident response strategies. A key tool in this process is risk-based planning, which prioritizes investments and protections based on the likelihood and consequence of specific threats. Homeland security professionals must weigh the cost of security measures against potential losses and legal liabilities. This balancing act is especially complex in the cyber domain, where threats evolve faster than traditional planning cycles.

Critical Infrastructure Protection and Cybersecurity Case Examples Colonial Pipeline Ransomware Attack (2021) In May 2021, Colonial Pipeline, one of the largest fuel pipeline operators in the United States, fell victim to a ransomware attack orchestrated by the cybercriminal group DarkSide. The attackers infiltrated the company's billing system and demanded a ransom, leading Colonial to shut down pipeline operations preemptively. The

HLS 3302, American Homeland Security 4

UNIT x STUDY GUIDE Title

attack disrupted fuel supplies across the Southeastern United States, causing panic buying, fuel shortages, and a spike in gas prices (Hobbs, 2021). This incident underscored the vulnerabilities in critical energy infrastructure, particularly regarding incident response planning, and the risks of legacy IT systems. The attack also prompted the Department of Homeland Security and other federal agencies to reevaluate cybersecurity protocols and issue new directives for pipeline operators. Ukraine’s Power Grid Cyberattack (2015) On December 23, 2015, a sophisticated cyberattack targeted Ukraine’s power grid, resulting in power outages that affected approximately 230,000 people. This event marked the first known instance of a cyberattack causing a blackout. The attackers, believed to be part of the Russian-affiliated Sandworm group, used spear- phishing emails to deliver BlackEnergy malware, enabling remote access to the supervisory control and data acquisition (SCADA) systems controlling substations. The incident highlighted the vulnerabilities of operational technologies (OT) and industrial control systems (ICS), particularly when cyber and physical systems are deeply intertwined. It also signaled the emergence of cyberwarfare tactics designed to destabilize national infrastructure (Pollard, 2024). Costa Rica Ransomware Crisis (2022) In April 2022, Costa Rica experienced a crippling ransomware campaign led by the Conti group, which targeted the Ministry of Finance, affecting tax collection and customs processing. This evolved into a national crisis, with 27 government institutions compromised and the newly elected president declaring a state of emergency. This attack revealed how coordinated ransomware operations could threaten national stability and economic functioning. Costa Rica’s response, including a refusal to pay ransom and appeals for international cyber assistance, provided a cautionary tale for other nations regarding cyber resilience, data protection, and public trust in digital governance (Datta & Acton, 2022). WannaCry Ransomware Attack (2017) The global WannaCry ransomware attack in May 2017 affected more than 230,000 computers in 150 countries. The United Kingdom’s National Health Service (NHS) was one of the worst-hit institutions. Hospitals across the country were forced to cancel surgeries and revert to paper-based systems because of encrypted data and locked digital interfaces. The NHS’s reliance on outdated Windows systems and delayed software updates amplified the impact. The event demonstrated how cyberattacks can directly threaten human life by disrupting critical health care services. It also sparked reforms in IT governance and cybersecurity policy across the United Kingdom’s health sector (Mohurle & Patil, 2022). Oldsmar, Florida, Water Treatment Facility Cyberattack (2021) In February 2021, a hacker remotely accessed the Oldsmar, Florida water treatment system and attempted to increase the sodium hydroxide levels to dangerous levels. A vigilant employee noticed the changes and manually reversed the commands before any harm occurred. This breach exposed significant vulnerabilities in small municipal utilities, including the lack of multifactor authentication, outdated systems, and insufficient cybersecurity training. The incident emphasized the need for enhanced security protocols, particularly for under resourced infrastructure sectors such as water treatment (Cervini et al., 2022).

Ethical and Legal Considerations As with other areas of homeland security, critical infrastructure protection and cybersecurity raise important ethical and legal questions. These include debates about privacy, data protection, surveillance authority, and

HLS 3302, American Homeland Security 5

UNIT x STUDY GUIDE Title

the role of the government in regulating private-sector cybersecurity standards. The question of liability, who is responsible when a critical asset is breached, also remains a major policy issue. For instance, legislation such as the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) now mandates that critical infrastructure entities report significant cyber incidents to CISA within a defined period. This legal framework seeks to improve response coordination, but it also demands clear definitions, compliance strategies, and privacy protections.

Building a Secure and Resilient Infrastructure Landscape Protecting the nation’s infrastructure from physical and cyberthreats is a dynamic and multidisciplinary challenge. Homeland security professionals must navigate technical, political, legal, and ethical landscapes to ensure continuity, protect the public, and foster national resilience. Understanding these complexities prepares students to lead in a world where power grids, hospital networks, and data systems are just as much a target as government buildings or transportation hubs.

References Alperen, M. J. (2024). Foundations of homeland security and emergency management: Law and policy (3rd

ed.). Wiley. https://online.vitalsource.com/#/books/9781394191611 Cervini, J., Rubin, A., & Watkins, L. (2022, March 17-18). Don’t drink the cyber: Extrapolating the possibilities

of Oldsmar’s water treatment cyberattack. In Proceedings of the 17th International Conference on Cyber Warfare and Security, (Vol. 17, No. 1, pp. 19–25). 9fdb6a160b248d9aa25523b77d5bbeb8753c.pdf

Cybersecurity & Infrastructure Security Agency. (n.d.). National Infrastructure Protection Plan (NIPP)—NIPP

2013: Partnering for critical infrastructure security and resilience. U.S. Department of Homeland Security. https://www.dhs.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and- resilience

Cybersecurity and Infrastructure Security Agency (2022, September 1). CISA Strategic Plan: 2023–2025.

https://www.cisa.gov/resources-tools/resources/cisa-strategic-plan-2023-2025 Datta, P. M., & Acton, T. (2022, December 29). Ransomware and Costa Rica’s national emergency: A

defense framework and teaching case. Journal of Information Technology Teaching Cases, 14(1), 56–67.

Hobbs, A. (2021, July 6). The Colonial Pipeline hack: Exposing vulnerabilities in U.S. cybersecurity [Case

study]. SAGE Publications: SAGE Business Cases Originals. https://sk.sagepub.com/cases/colonial- pipeline-hack-exposing-vulnerabilities-us-cybersecurity#_=_

Mohurle, S., & Patil, M. (2022, June 11). A brief study of Wannacry threat: Ransomware attack 2017.

International Journal of Advanced Research in Engineering and Technology, 8(5). https://www.researchgate.net/publication/361227407_A_brief_study_of_Wannacry_Threat_Ransomw are_Attack_2017

Pollard, M. (2024). A case study of Russian cyber-attacks on the Ukrainian power grid: Implications and best

practices for the United States. Pepperdine Policy Review, 16(Article 1), 1. https://digitalcommons.pepperdine.edu/ppr/vol16/iss1/1/