Critical infrastructure protection

The Art of CIIP Strategy: Taking Stock of Content and Processes

by Myriam Dunn Cavelty

in: Javier Lopez, Roberto Setola, Stephen D. Wolthusen (eds), Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense (Springer 2012) (co-authored with Manuel Suter), pp. 15-38.

This chapter analyses and compares CI(I)P and cybersecurity strategies to discover key issues, developments, and... more This chapter analyses and compares CI(I)P and cybersecurity strategies to discover key issues, developments, and trends and to make recommendations about strategy making in the field of CIIP. To this end, it will first define CIP, CIIP and cybersecurity. It will then show what kind of protection goals – statements about a desired state of security of a particular object/asset that is seen in need of protection from one or a variety of threats – are defined and what kind of countermeasures are foreseen. Third, it will move from the content to the process and will make recommendations about how an optimal strategy process in the field of CIIP should look like

What is infrastructure made of? - a series

by Luke Bennett

An ongoing series that is probing the relationship between the materiality of the built environment and its... more An ongoing series that is probing the relationship between the materiality of the built environment and its service-providing systems and the cultural practices that ride alongside those physical 'things'. Blog-essays to date have included rumination on the definition of infrastructure, the imperatives of mobility in the face of railway suicides, metal theft's infrastructural impacts and the design drawing vs the as built motorway. All quite speculative at this stage - but nudging me somewhere.

Renzi_Infrastructure_Colloquium

by Alessandra Renzi

Alessandra Renzi "Infrastructure Must be Defended: biopolitics of mega events and the life of Homo Oeconomicus Canadensis after the 2008 financial crisis"

Paper given at the Colloquium “Foucault/Deleuze: A Neo-Liberal Diagram,” Ryerson University, Toronto, March 9, 2012.

Protecting Critical Infrastructure against Intentional Attack- A Two-Stage Game with Incomplete Information

by Chi Zhang

IIE Transactions (accepted for publication)

It is now paramount to protect critical infrastructures because of their significance for the economic development and... more It is now paramount to protect critical infrastructures because of their significance for the economic development and the social well-being of modern societies. One of the main threats to these networked systems is from intentional attackers, who are resourceful and inventive in selecting time, target and means of attack. Thus, attackers’ intelligence should be considered when developing intelligent and cost-effective protection strategies. In this research, critical infrastructures are modeled as network and the development of network protection strategies is modeled as a two-stage game between a protector and an attacker with incomplete information. Due to the complexity of critical infrastructures, there are usually a large number of combinations of potential protection and attack strategies leading to a computational challenge in finding the Pareto equilibrium solutions for the proposed game. To meet this challenge, this research develops an evolutionary algorithm to solve the proposed a transformation of the game into a multi-objective optimization model.

Cyber(Un)Sicherheit: Grundlagen, Trends und Herausforderungen

by Myriam Dunn Cavelty

politische bildung, Heft 1/2012, pp. 66-87. (Paper in German)

English: The security of cyberspace has not only gained importance for individual computer users in recent years, but... more English: The security of cyberspace has not only gained importance for individual computer users in recent years, but has also become a much discussed topic among states, who see cyber threats as a major threat to their national security. This chapter examines the technical basics and historical development of the problem and undertakes an assessment of the current and the future risk. It becomes apparent that cyber security is a major challenge for state actors, who have to redefine their role as guarantor of security in the information age.

Texas Regional Councils' Assessment of Security Vulnerabilities in Local Infrastructures

by Texas State PA Applied Research Projects

Cantu, Luci, "Texas Regional Councils' Assessment of Security Vulnerabilities in Local Infrastructures" (2004). Applied Research Projects, Texas State University-San Marcos. Paper 16.
http://ecommons.txstate.edu/arp/16

Since September 11, 2001 terrorism was the chief concern among US citizens. Government officials were concerned on how... more Since September 11, 2001 terrorism was the chief concern among US citizens. Government officials were concerned on how to protect their communities from terrorism and immediately created and implemented various strategies and policies. Security experts and government officials felt that a cohesive partnership between businesses, government officials, scholars, universities, and private citizens would foster lines of communication in combating terrorism. With the creation of U.S. Department of Homeland Security, various publications outlined strategies to protect critical infrastructures and key assets. These strategies foster the partnership between government officials, businesses, and private entities and provided ideas for proactive measures in securing critical infrastructures. These strategies provided an avenue for this study.

The purpose of this study is threefold: (1) Identify and describe the potential cyber vulnerabilities and physical threats of water and energy infrastructures that are specified within documents outlined by the Department of Homeland Security (2) Identify and describe proactive measures in disaster recovery and information sharing that are specified within the literature review and documents outlined by the Department of Homeland Security and (3) Assess the Texas water and energy infrastructure vulnerability from the point of view of Texas Regional Council leaders.

Public Transportation Security, Volume 1: Communication of Threats: A Guide

by John P. Sullivan

Transit Cooperative Research Program (TCRP) Report 86, Vol. 1; co-authored with John N. Balog and Matthew G. Devost, Washington, DC: National Academy Press, 2002.

Rapid and accurate information sharing is a critical operational need for coping with threats against public... more Rapid and accurate information sharing is a critical operational need for coping with threats against public transportation systems. This first volume of TCRP Report 86: Public Transportation Security will be of interest to transit general managers, police and staff in security, operations, communications, information technology, training, and human resources. It will also be of interest to federal, state, and local law enforcement. This volume offers information on a variety of approaches to improving the sharing of threat information. Current practices, operational needs, technologies for threat information dissemination, and system functional requirements are discussed. Effective strategies for sharing analyzed and unanalyzed reports of suspicious activities and a path to an interoperable set of national, regional, and local threat-information forums are proposed.

Critical Infrastructure Protection Courses

by Devon Hardy

A George Mason University Center for Infrastructure Protection Announcement

The Center for Infrastructure Protection and Homeland Security (CIP/HS) at the George Mason University School of Law... more The Center for Infrastructure Protection and Homeland Security (CIP/HS) at the George Mason University School of Law is pleased to announce the availability of the curriculum for seven graduate courses in critical infrastructure protection. These courses cover topics in critical infrastructure protection such as resilience; risk management; information sharing; systems analysis; policies and strategies; and cybersecurity. The courses are intended to foster critical infrastructure education programs that produce and sustain the leaders and workforce required for the government and the private sector to effectively protect critical infrastructure.

CIP/HS, with input from external subject-matter experts from the public and private sectors as well as the academic community, developed these courses during the past year. As critical infrastructure protection spans numerous fields of study, including computer science, criminal justice, engineering, homeland security, global security, and public policy, these courses are made publicly available to the higher education community to provide a foundation for critical infrastructure education. These courses may be incorporated into the curriculum of any program and used by any institution.

Critical infrastructure protection and best practices in higher education both develop and evolve at a rapid rate. Therefore, we encourage feedback from professionals and programs who use these courses. External input ensures that the foundation with which these courses were created continues to build and thrive.

The syllabi for the courses are available at http://cip.gmu.edu/course-offerings.

For more information about the program, please see the article entitled “Education” in the August 2010 issue of The CIP Report, available at: http://cip.gmu.edu/archive/CIPHS_TheCIPReport_August2010_CIPHSUpdate.pdf.

Weaponisation of the Net

by Manoj Maharaj

Mobile security from an information warfare perspective

by Manoj Maharaj

Common criteria for the assessment of critical infrastructures

by Alexander Fekete

International Journal of Disaster Risk Science. 2/2011: 15-24 Volume 2, Number 1, 15-24, DOI: 10.1007/s13753-011-0002-y

Society is reliant on infrastructure services, such
as information and communication technology, energy, water,... more Society is reliant on infrastructure services, such
as information and communication technology, energy, water,
and food supply, but also on governmental, cultural, and
search and rescue organizations. The goal of project Kritis-
KAT at the Federal Office of Civil Protection and Disaster
Assistance in Germany is the development of generic criteria
for the identification and evaluation of infrastructures regarded
as “critical” for society. Acknowledging that full protection
against all threats and cascading effects is not possible, the
approach focuses on the impacts rather than the prevention
of threats. The development of generic criteria requires the
prioritization of infrastructures and identification of their key
characteristics for civil protection purposes, risk management
activities, and strategic proactive planning. For this purpose,
the development of a national critical infrastructure priority
inventory is based on a thorough examination of the range of
criteria typically used in similar approaches. The specific focus
of this paper is to identify and simplify essential characteristics
of infrastructure criticality. The main outcome of this study is
the development of common criteria generally applicable to a
variety of infrastructures.

Dependable integrated surveillance systems for the physical security of metro railways

by Alfio Pappalardo

Bocchetti G., Flammini F., Pappalardo A., Pragliola C.
Third ACM/IEEE International Conference on Distributed Smart Cameras (ICDSC ‘09), Como (Italy), 30 August - 2 September, 2009.

Rail-based mass transit systems are vulnerable to many criminal acts, ranging from vandalism to terrorism. In this... more Rail-based mass transit systems are vulnerable to many criminal acts, ranging from vandalism to terrorism. In this paper, we present the architecture, the main functionalities and the dependability related issues of a security system specifically tailored to metro railways. Heterogeneous intrusion detection, access control, intelligent video-surveillance and sound detection devices are integrated in a cohesive Security Management System (SMS). In case of emergencies, the procedural actions required to the operators involved are orchestrated by the SMS. Redundancy both in sensor dislocation and hardware apparels (e.g. by local or geographical clustering) improve detection reliability, through alarm correlation, and overall system resiliency against both random and malicious threats. Video-analytics is essential, since a small number of operators would be unable to visually control a large number of cameras. Therefore, the visualization of video streams is activated automatically when an alarm is generated by smart-cameras or other sensors, according to an event-driven approach. The system is able to protect stations (accesses, technical rooms, platforms, etc.), tunnels (portals, ventilation shafts, etc.), trains and depots. Presently, the system is being installed in the Metrocampania underground regional railway. To the best of our knowledge, this is the first subway security system featuring artificial intelligence algorithms both for video and audio surveillance. The security system is highly heterogeneous in terms not only of detection technologies but also of embedded computing power and communication facilities. In fact, sensors can differ in their inner hardware-software architecture and thus in the capacity of providing information security and dependability. The focus of this paper is on the development of novel solutions to achieve a measurable level of dependability for the security system in order to fulfill the requirements of the specific application.

Security for Critical Infrastructures: Security Metrics, Risk Assessment and Standards

by Sowmya Moily

A Holistic Method for Reliability Performance Assessment and Critical Components Detection in Complex Networks

by Chi Zhang

IIE Transactions, Vol. 43, No. 9, pp. 661-675

Many infrastructures are now considered to be critical for both the economic development and general functioning of... more Many infrastructures are now considered to be critical for both the economic development and general functioning of modern
societies. Thus, understanding their performance is important as a basis to develop intelligent and cost-effective ways to protect these networks. In this article, a critical infrastructure is modeled as a complex network for which a new metric is defined to understand its reliability. This metric called reliability Pi
describes the average reliability between every pair of nodes in a complex network. As such, it is related to the two-terminal reliability concept in the traditional network context. Furthermore, in an effort to identify the most critical components that affect reliability Pi
, a multi-objective optimization problem, known as the critical component detection problem, is introduced. The solution to this problem provides two important insights about the behavior of a complex network: (i) an
approximation to the set of optimal solutions that identifies the most critical components; and (ii) a quantitative assessment of how these failures affect the complete complex network.