Critical Infrastructure Protection and Resiliency

The concept of "critical infrastructure protection" (CIP), which came into being in the mid-1990s, was placed at the forefront of U.S. national security concerns after the events of 9/11. CIP methods and resources are intended to deter or mitigate incidents caused maliciously (by terrorists or criminals), by accident or human error (chemical spills, accidental release of hazardous materials), or as the result of a natural disaster (hurricanes, tornadoes, earthquakes, floods).

The debate initially was largely confined to the technical community, perhaps because of the technical knowledge requirements and inherently interdisciplinary nature of the subject. However, decisions are being made that may have far-reaching and unintended public policy consequences. For example, most control systems built for the energy industry were not designed with security in mind and now must be retooled. As well, policymakers need to be better informed about the technical considerations of CIP.

In 2007, in conjunction with the Control Systems Security Center at the Idaho National Laboratory (INL), IGCC and the Center for Science and Technology Policy at George Mason University produced a public policy-focused curriculum intended to help to implement a long-term security culture within the control system community.

The Critical Infrastructure and Control Systems Security Curriculum

Download the curriculum

This masters-level professional curriculum is designed to assist the teaching of a graduate-level course on the public policies, technical issues, and managerial principles required to achieve and sustain robustness and resilience of critical infrastructure services. Such services, whose continuity is at particular risk in times of disaster, are often made more vulnerable due to inappropriate economic and managerial policies.

With support from the Department of Homeland Security, the curriculum materials are offered to any individual or institution that would like to teach or develop a course devoted to the topic, or to use it as a policy research resource.  

Primary Audiences
Master’s students in policy, engineers needing policy background at the graduate level, and MBA students likely to need these skills in management of critical infrastructure enterprises.

Others who may find it useful are individuals responsible for managing the risks faced by critical infrastructures, either in the private sector or government, and who may undertake self-study using the curriculum materials or may wish to condense the material into a short course of on-the-job training.

Content
The course presents critical infrastructure vulnerability and risk as growing problems in democratic, market economies, requiring more sophisticated solutions through engineering, economic incentives and public-private institutional arrangements. An emphasis has been placed on control systems vulnerabilities.

Students without engineering backgrounds who complete the course will master the basic concepts underlying the technical functions and vulnerabilities and means of protection of control systems and SCADA software used to control production of hazardous products or to provide services essential to response to a disaster.

All should understand the economic drivers that are leading to the new and growing levels of vulnerability and be equipped to address policy issues governing decisions by private firms or public institutions to provide incentives, understanding that the public pays in either case.

They should also have acquired the background knowledge and tools needed to be able to advise senior government emergency officials and political leaders on the selection and implementation of policies, laws, and regulations for reducing the CI dimensions of disaster vulnerability in the nation.

Resources

Executive Orders
Executive Order 13231 on Critical Infrastructure Protection
Executive Order 13228 Establishing Office of Homeland Security
Executive Order 13130 National Infrastructure Assurance Council
Executive Order 13010 Critical Infrastructure Protection
 
Federal Documents and Websites
The National Infrastructure Advisory Council
Protected Critical Infrastructure Information (PCII) Program
National Strategy for the Physical Protection of Critical Infrastructures and Key Assets
Presidential Decision Directive/NSC-63: Subject: Critical Infrastructure Protection
Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems GAO-04-354
Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC)

Disaster Preparedness