Homeland Security and Cybersecurity

This course will examine the drinking water and electricity infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The drinking water and electricity infrastructures are two of fourteen subsectors comprising what are known as "lifeline infrastructure". The 2013 National Infrastructure Protection Plan identifies four lifeline infrastructure sectors: 1) water, 2) energy, 3) transportation, and 4) communications. These sectors are designated "lifeline" because many other infrastructures depend upon them. The drinking water subsector is part of the water sector, and the electricity subsector is part of the energy sector. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. The NIPP employs a five-step continuous improvement program called the Risk Management Framework. NIPP implementation is overseen by DHS-designated Sector-Specific Agencies staffed by various Federal departments. The Sector-Specific Agencies work in voluntary cooperation with industry representatives to apply the Risk Management Framework and document results in corresponding Sector-Specific Plans. The program began in 2007 and the most recent Sector-Specific Plans were published in 2016. In February 2013, President Obama issued Executive 13636 directing the National Institute of Standards and Technology to develop a voluntary set of recommendations for strengthening infrastructure cybersecurity measures. EO13636 also asked Federal agencies with regulating authority to make a recommendation whether the NIST Cybersecurity Framework should be made mandatory. The Environmental Protection Agency who is both the SSA and regulatory authority for the drinking water subsector recommended voluntary application of the NIST Cybersecurity Framework. The Department of Energy who is both the SSA and regulatory authority for the electricity subsector replied that it was already implementing the Electricity Subsector Cybersecurity Capability Maturity Model, which indeed was what the NIST Cybersecurity Framework was based on. The Department of Energy, though, recommended voluntary application of the ES-C2M2. This module will examine both the drinking water and electricity lifeline infrastructure subsectors, and elements and application of the NIST Cybersecurity Framework and ES-C2M2.

In this course we will examine the aviation and Internet infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The aviation and Internet infrastructures are also considered "lifeline infrastructure" as part of the transportation and communications sectors. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. SSA responsibility for the aviation subsector is shared between the Transportation Security Administration and Federal Aviation Administration under the auspices of the Department of Homeland Security and Department of Transportation respectively. The Department of Homeland Security retains sole responsibility as the Sector-Specific Agency for the Internet subsector. While TSA and FAA have regulatory over the aviation subsector, DHS has no regulatory authority whatsoever over the Internet. In response to Executive Order 13636 issued by President Obama in February 2013, both sets of SSAs recommended continuing with voluntary cybersecurity measures. TSA and FAA reported they were working to implement the Transportation Roadmap across all transportation subsectors, including aviation. DHS reported that it was working with Internet providers to implement the Cyber Assessment Risk Management Approach. Despite some differences, the Transportation Roadmap and CARMA are very similar to the NIST Cybersecrity Framework and ES-C2M2 examined previously. That is to say, they are predicated on a continuous improvement process that engages the whole organization in identifying and implementing incremental changes to enhance cybersecurity practices based on prevailing standards. This module will examine both the aviation and Internet lifeline infrastructure subsectors, and elements and application of the Transportation Roadmap and CARMA.

Welcome to Course 1 in CS4950, Homeland Security and Cybersecruity. In this course we examine the origins of homeland security and its connection with cybersecurity. Homeland security is about safeguarding the United States from domestic catastrophic destruction. Catastrophic destruction comes in two forms: natural and man-made. For most of history the man-made variety came in the form of warfare and required the combined resources of a nation state. All that changed March 20th, 1995. On that date, members of a quasi-religious cult in Japan attacked the Tokyo subway system using Sarin gas. It was the first deployment of a weapon of mass destruction my a non-state actor. The power of destruction once reserved to nation states was now available to small groups, even individuals. The incident was a wake up call for governments around the world. Defense establishments designed to keep rogue states in check were practically useless against non-state actors. Overnight, the number of potential enemies multiplied a hundred, maybe even a thousand-fold. In response to the Tokyo Subway Attacks, the United States took measures to protect itself from WMD attack by non-state actors. Those measures were still being enacted when the nation was attacked on 9/11. On September 11, 2001, nineteen hijackers inflicted as much damage as the Imperial Japanese Navy on December 7, 1941. The investigating 9/11 Commission noted the attacks for their "surpassing disproportion". The hijackers had achieved WMD effects without using WMD. They did this by subverting the nation's transportation infrastructure, turning passenger jets into guided missiles. Again, the security implications were profound. Non-state actors seeking to inflict domestic catastrophic destruction did not need to import, fabricate, or acquire WMD as the nation was surrounded by the means of its own destruction in the form of critical infrastructure. The vulnerability of critical infrastructure had not gone unnoticed. Again, in response to the Tokyo Subway attacks, which themselves had been an attack on Japanese infrastructure, President Clinton in 1996 commissioned a panel to investigate the threat to United States' infrastructure. The panel replied in 1997 that there was no immediate threat to US infrastructure, but they were concerned with the growing risk of cyber attack. The same cyber physical systems that fueled the explosive growth of the Internet were being incorporated into Industrial Control Systems that underpinned much of the nation's critical infrastructure. The panel noted that the knowledge and skills necessary to mount a cyber attack on the nation's infrastructure was growing. As a result of this observation, President Clinton in 1998 ordered the protection of US critical infrastructure, especially from cyber attack. Following 9/11, critical infrastructure protection and cybersecurity were designated core missions in the 2002 Homeland Security Act establishing the new Department of Homeland Security. They remain core missions to this day, but many don't see the connection. The connection is this: cybersecurity is essential to critical infrastructure protection, which is essential to homeland security, which is about safeguarding the United States from domestic catastrophic destruction. I look forward to working with you in the coming lessons. Best wishes and good luck! Course 1: Homeland Security & Cybersecurity Connection Course 2: Cybersecurity Policy for Water and Electricity Infrastructures Course 3: Cybersecurity Policy for Aviation and Internet Infrastructures Course 4: Homeland Security & Cybersecurity Future