Identify and protect critical infrastructure from a wide variety of threats
In Critical Infrastructure Resilience and Sustainability Reader, Ted G. Lewis delivers a clear and compelling discussion of what infrastructure requires protection, how to protect it, and the consequences of failure. Through the book, you’ll examine the intersection of cybersecurity, climate change, and sustainability as you reconsider and reexamine the resilience of your infrastructure systems.
The author walks you through how to conduct accurate risk assessments, make sound investment decisions, and justify your actions to senior executives. You’ll learn how to protect water supplies, energy pipelines, telecommunication stations, power grids, and a wide variety of computer networks, without getting into the weeds of highly technical mathematical models.
Critical Infrastructure Resilience and Sustainability Reader also includes: - A thorough introduction to the daunting challenges facing infrastructure and the professionals tasked with protecting it - Comprehensive explorations of the proliferation of cyber threats, terrorism in the global West, climate change, and financial market volatility - Practical discussions of a variety of infrastructure sectors, including how they work, how they’re regulated, and the threats they face - Clear graphics, narrative guides, and a conversational style that makes the material easily accessible to non-technical readers
Perfect for infrastructure security professionals and security engineering firms, Critical Infrastructure Resilience and Sustainability Reader will also benefit corporate security managers and directors, government actors and regulators, and policing agencies, emergency services, and first responders.
Table of Contents
Preface xiii
1 The Challenge 1
1.1 The Evolution of Critical Infrastructure Protection 2
1.1.1 In the Beginning 2
1.1.2 Natural Disaster Recovery 4
1.1.3 What Is Critical? 5
1.1.4 Public-Private Cooperation 7
1.1.5 Federalism: Whole of Government 8
1.2 Defining CIKR Risk and Resilience 11
1.2.1 Risk Strategy 12
1.2.2 Resilience Strategy 13
1.2.3 Sustainability Strategy 14
1.2.4 The Four Horsemen 15
1.3 Weather/Climate Change/Global Warming 16
1.3.1 The Carrington Event 17
1.3.2 Black Bodies 18
1.3.3 The Lightening Rod 19
1.4 Consequences 20
1.4.1 Accidents/Aging/Neglect 21
1.4.2 The Report Card 21
1.4.2.1 The Domino Effect 22
1.4.3 Terrorism/Extremists 22
1.4.4 Cyber Exploits/Criminals 25
1.4.4.1 Black Hats 25
1.4.4.2 Cybercrime Pays 26
1.4.5 The Soft War 27
1.4.6 Cyberattacks and CIKR 27
1.5 Discussion 29
References 29
2 What is a Catastrophe? 30
2.1 Theories of Collapse 31
2.1.1 Normal Accident Theory (NAT) 32
2.1.2 Punctuated Equilibrium Theory (PET) 33
2.1.3 How Uncertain are Avalanches? 33
2.1.4 Self-Organized Criticality 35
2.2 Complex Systems Theory 36
2.2.1 Tragedy of the Commons (TOC) 36
2.2.2 Paradox of Enrichment (POE) 38
2.2.3 Competitive Exclusion Principle (CEP) 41
2.2.4 Paradox of Redundancy (POR) 43
2.3 General Systems Theory 43
2.3.1 Emergence 43
2.3.2 Self-Organization 44
2.3.3 Preferential Attachment 44
2.4 Vulnerable Industrial Commons 46
2.4.1 TOC Failure 46
2.4.2 POE Failure 47
2.4.3 CEP Failure 47
2.4.4 POR Failure 47
2.5 Resilience Versus Sustainability 48
2.5.1 Black Swans 48
2.5.2 Catastrophe’s Long Tail 49
2.6 Discussion 49
References 49
3 Energy Transition 51
3.1 A Sector Under Transition 51
3.2 Energy Fundamentals 52
3.2.1 Understanding Units and Measures 53
3.2.2 Consumption 54
3.3 Regulatory Structure of the Energy Sector 55
3.3.1 Evolution of Energy Sector Regulation 55
3.3.2 Energy Pipeline Regulations 55
3.3.3 The Energy ISAC 56
3.4 Legacy Fuels 56
3.4.1 Coal 57
3.4.2 The Rise of Oil and the Automobile 57
3.4.3 Natural Gas Middlemen 58
3.4.4 Nuclear Fuel 58
3.5 Legacy Energy Infrastructure 61
3.5.1 Oil Refineries 61
3.5.2 Oil Transmission and Distribution 62
3.5.3 Oil Storage 63
3.5.4 The Natural Gas Supply Chain 64
3.5.5 The Critical Gulf of Mexico Cluster 65
3.5.6 Critical Refineries 65
3.5.7 Critical Transmission Pipelines 66
3.6 Renewables 66
3.7 Solar - Photovoltaic (PV) 67
3.7.1 Wind 67
3.7.2 The Hydrogen Circle 68
3.7.3 Others 69
3.8 Batteries and Reservoirs 70
3.8.1 Modern Batteries 70
3.8.2 Grid Scale Storage - LDES 71
3.9 Discussion 71
References 72
4 The Vulnerable Powergrid 73
4.1 What Is the Grid? 74
4.2 The North American Grid 76
4.2.1 Grid Structure 77
4.2.2 ACE and Kirchhoff’s Law 78
4.2.3 Anatomy of a Blackout 78
4.3 Threat Analysis 80
4.3.1 Attack Scenario 1: Disruption of Fuel Supply to Power Plants 80
4.3.2 Attack Scenario 2: Destruction of Major Transformers 81
4.3.3 Attack Scenario 3: Disruption of SCADA Communications 81
4.3.4 Attack Scenario 4: Creation of a Cascading Transmission Failure 82
4.4 From Death Rays to Vertical Integration 83
4.4.1 Early Regulation 83
4.4.2 Deregulation and EPACT 1992 85
4.4.3 Electricity Sector ES-ISAC 85
4.5 Out of Orders 888 and 889 Comes Chaos 86
4.5.1 Economics Versus Physics 88
4.5.2 What Increases SOC? 89
4.5.3 NIMBY Versus Environmentalism 90
4.5.4 A Change of Heart 91
4.6 The Architecture of Twenty-First Century Grids 91
4.6.1 The Future Is Storage 92
4.6.2 SOC Is Reduced 94
4.6.3 Economics of Electrification 95
4.7 Discussion 96
References 96
5 Water and Water Treatment 97
5.1 A Vanishing Resource 97
5.1.1 From Germs to Terrorists 98
5.1.2 Safe Drinking Water Act 99
5.1.3 The WaterISAC 100
5.2 Foundations: SDWA of 1974 101
5.3 The Bio-Terrorism Act of 2002 102
5.3.1 Is Water for Drinking? 103
5.3.2 Climate Change and Rot - The New Threats 103
5.4 The Architecture of Water Systems 104
5.4.1 The Law of the River 105
5.4.2 Resiliency of Water Pipeline Networks 105
5.5 Hetch Hetchy Water 106
5.5.1 Risk Analysis 108
5.5.2 Resilience Analysis 108
5.6 Threat Analysis 108
5.6.1 The Rational Actor 109
5.6.2 Hetch Hetchy Threat Analysis 109
5.6.3 Chem-Bio 109
5.6.4 Earthquakes 110
5.7 Water Resilience 110
5.7.1 Save the Pineapple Express 110
5.7.2 Gray Water 112
5.7.3 Desalination 112
5.7.4 Exemplar Israel 113
5.8 Discussion 113
References 113
6 Transportation Renewed 114
6.1 Transitioning a Vast and Complex Sector 114
6.1.1 Government Leads the Way 115
6.1.2 Safety and Security 115
6.2 Roads at TOC Risk 116
6.2.1 The Road to Prosperity 119
6.2.2 Economic Impact 120
6.2.3 The National Highway System (NHS) 120
6.2.4 The Interstate Highway Network is Resilient 121
6.2.5 The NHS is Safer 121
6.2.6 The Future is Electric 122
6.3 Rail and Railroads 122
6.3.1 Birth of Regulation 123
6.3.2 Freight Trains 125
6.3.3 Passenger Rail 126
6.3.4 Terrorist Target Passenger Trains 127
6.3.5 Economics of Rail 127
6.4 Air Transportation 129
6.4.1 Resilience of the Hub-and-Spoke Network 130
6.4.2 Security of Commercial Air Travel 132
6.4.3 How Safe and Secure is Flying in the United States? 134
6.4.4 Drones 134
6.4.5 eVTOLs 135
6.4.6 Commercial Airline Impact on Global Warming 135
6.5 Discussion 135
References 136
7 Supply Chains 137
7.1 The World is Flat, but Tilted 139
7.1.1 Supply Side Supply 140
7.1.2 The Father of Containerization 140
7.1.3 The Perils of Efficient Supply Chains 141
7.2 The World Trade Web 144
7.2.1 WTW and Economic Contagions 145
7.2.2 Resilience Failures 147
7.3 Twic 148
7.3.1 Msram 148
7.3.2 Protect 150
7.4 Sustainable and Resilient Supply Chains 151
7.4.1 Greening of Ships 151
7.5 Are Supply Chains Secure? 151
7.5.1 Encapsulation Works 152
7.5.2 Who Owns the Trusted Path? 152
7.6 Discussion 152
References 153
8 Communications and the Internet 154
8.1 Early Years 156
8.1.1 The Natural Monopoly 157
8.1.2 The Communications Act of 1996 158
8.2 Regulatory Structure 158
8.2.1 The Most Important Person in Modern History 159
8.2.2 The First (Modern) Critical Infrastructure 159
8.3 The Architecture of the Communications Sector 160
8.3.1 Physical Infrastructure 161
8.3.2 Wireless Networks 163
8.3.3 Extra-Terrestrial Communication 163
8.3.4 Land Earth Stations 165
8.3.5 Cellular Networks 165
8.3.6 Cell Phone Generations 166
8.3.7 Wi-Fi Technology 166
8.4 Risk and Resilience Analysis 167
8.4.1 Importance of Carrier Hotels 168
8.4.2 The Submarine Cable Network 169
8.4.3 HPM Threats 169
8.4.4 Cellular Network Threats 170
8.4.5 Physical Threats 171
8.5 The Monoculture Internet 171
8.5.1 The Internet Self-Organized 172
8.5.2 The Original Sins 173
8.5.2.1 The DNS 174
8.5.2.2 More Original Sin 175
8.5.3 The Hierarchical Internet 176
8.5.4 Too Many Open Ports 177
8.6 Internet Governance 177
8.6.1 IAB and IETF 178
8.6.2 ICANN Wars 179
8.6.3 Isoc 180
8.6.4 W3c 180
8.6.5 Internationalization 181
8.6.6 Regulation and Balkanization 182
8.6.6.1 Rise of Regulation 182
8.6.6.2 Criticality of the Internet 183
8.7 Green Communications 183
8.7.1 Solar Computing 183
8.7.2 Quantum Communications 184
8.7.3 Adiabatic Logic 184
8.8 Discussion 184
References 185
9 Cyber Threats 186
9.1 Threat Surface 188
9.1.1 Script-kiddies 191
9.1.2 Black Hats 191
9.1.3 Weaponized Exploits 192
9.1.4 Ransomware and the NSA 193
9.2 Basic Vulnerabilities 194
9.2.1 The First Exploit 195
9.2.2 TCP/IP Flaws 196
9.2.3 Open Ports 198
9.2.4 Buffer Overflow Exploits 199
9.2.5 DDoS Attacks 200
9.2.6 Email Exploits 201
9.2.7 Flawed Application and System Software 201
9.2.8 Trojans, Worms, Viruses, and Keyloggers 202
9.2.9 Hacking the DNS 203
9.2.10 Hardware Flaws 203
9.2.11 Botnets 204
9.3 Cyber Risk Analysis 205
9.3.1 Kill Chain Approach 206
9.3.2 Machine-learning Approach 206
9.4 Analysis 207
9.5 Discussion 208
References 208
10 Social Hacking 209
10.1 Web 2.0 and the Social Network 211
10.2 Social Networks Amplify Memes 213
10.3 Topology Matters 215
10.4 Computational Propaganda 217
10.5 Beware the Echo Chamber 218
10.6 Big Data Analytics 219
10.6.1 Algorithmic Bias 220
10.6.2 The Depths of Deep Learning 221
10.6.3 Data Brokers 221
10.7 Gdpr 222
10.8 Social Network Resilience 223
10.9 The Sustainable Web 224
10.9.1 The Century of Regulation 225
10.9.2 The NetzDG 225
10.10 Discussion 226
References 227
11 Banking and Finance 228
11.1 The Financial System 231
11.1.1 Federal Reserve Versus US Treasury 232
11.1.2 Operating the System 233
11.1.3 Balancing the Balance Sheet 233
11.1.4 Paradox of Enrichment 234
11.2 Financial Networks 235
11.2.1 FedWire 235
11.2.2 Target 236
11.2.3 Swift 236
11.2.4 Credit Card Networks 237
11.2.5 3-D Secure Payment 237
11.3 Virtual Currency 238
11.3.1 Intermediary PayPal 238
11.3.2 ApplePay 239
11.3.3 Cryptocurrency 239
11.3.3.1 Nakamoto’s Revenge 240
11.3.3.2 Double Spend Problem 240
11.3.3.3 Crypto Challenges 241
11.4 Hacking a Financial Network 242
11.5 Hot Money 244
11.5.1 Liquidity Traps 244
11.5.2 The Dutch Disease 245
11.6 The End of Stimulus? 246
11.7 Fractal Markets 246
11.7.1 Efficient Market Hypothesis (EMH) 247
11.7.2 Fractal Market Hypothesis (FMH) 248
11.7.3 Predicting Collapse 248
11.8 The Threat is Existential 250
11.9 Discussion 250
References 250
12 Strategies for a Changing World 251
12.1 Whole of Government 252
12.2 Risk and Resilience 253
12.3 Complex and Emergent CIKR 255
12.3.1 Communications and IT 255
12.3.2 Internet and Cybersecurity 256
12.4 Surveillance Capitalism 256
12.5 Industrial Control Systems 257
12.6 Global Pandemics 257
12.7 Transportation and Supply Chains 258
12.8 Banking and Finance 258
12.9 An Integrated Infrastructure Strategy 259
12.9.1 What to Do? 259
12.9.2 The Plan 260
12.9.3 Issues 260
12.10 Discussion 261
Index 262
