Certain
national infrastructures are so vital that their incapacity
or
destruction would have a debilitating impact on the
defense or economic security of the United States. These
critical infrastructures include telecommunications,
electrical power systems, gas and oil storage and transportation,
banking and finance, transportation, water supply systems,
emergency services (including medical, police, fire,
and rescue), and continuity of government.
Executive
Order 13010, July 15, 1996
Background
Critical infrastructure and the control systems that support our nation’s
infrastructure have not been an area of focus in the public policy
community up to now. The concept of "critical infrastructure protection" (CIP),
which came into being in the mid-1990s, was placed at the forefront
of U.S.
national security concerns after the events of 9/11. CIP methods
and resources
are intended to deter or mitigate incidents
caused maliciously (by
terrorists or criminals), by accident or human error (chemical spills, accidental
release of hazardous materials), or as the result of a natural
disaster (hurricanes, tornadoes, earthquakes, floods).
The debate has largely been confined to the technical community,
perhaps because of the technical knowledge requirements and inherently
interdisciplinary nature of the subject. However, decisions are
being made that may have far-reaching and unintended public policy
consequences. For example, most control systems built for the
energy industry
were not designed
with security
in mind and now must be retooled. As well, policymakers need to be better
informed about the technical considerations of CIP.
In conjunction with the
Control Systems Security Center at
the Idaho National Laboratory (INL), IGCC and the
Center for Science and Technology Policy at
George Mason University have produced a public policy-focused
curriculum intended to help to implement a long-term security culture within
the control system community.
The Critical Infrastructure and Control Systems
Security Curriculum
The primary audiences for the graduate-level curriculum are
masters students in policy, engineers needing policy background
at the graduate level,
and MBA
students likely to need these skills in management of critical
infrastructure enterprises.
Other who may find it useful are individuals responsible for managing the risks
faced by critical infrastructures, either in the private sector
or government, and who may undertake self study using the curriculum
materials
or may wish
to condense
the material into a short course of on-the-job training. The
course presents critical infrastructure vulnerability and
risk as growing problems in democratic, market economies, requiring more
sophisticated solutions through engineering, economic incentives and
public-private
institutional arrangements. An emphasis
has been placed on control systems vulnerabilities .
Threats
to . . . critical infrastructures fall into two categories:
physical threats to tangible property, . . . and threats
of electronic, radio-frequency, or computer-based
attacks on the information or communications components
that control critical infrastructures ("cyber threats").
Executive
Order 13010, July 15, 1996
Students without engineering backgrounds who complete the course will
master the basic concepts underlying the technical functions and
vulnerabilities and means of protection of control systems and SCADA
software used
to control
production of hazardous products or to provide services essential to
response to a disaster. All should understand the economic drivers
that
are leading to
the new and growing levels of vulnerability and be equipped to address
policy
issues
governing decisions by private firms or
public institutions to provide
incentives, understanding that the public pays
in either case.
and They should also have acquired
the background knowledge and tools needed to be able to
advise
senior government
emergency officials and political leaders on the selection and implementation
of policies,
laws, and regulations for reducing the CI dimensions of disaster vulnerability
in the nation.
A survey of similar course offerings from
other institutions found many rather narrow offerings on each of
three sets
of issues:
1) the technical details of control systems and their vulnerabilities;
2) the nature
of terrorism
and means for contending with terrorist threats; or 3) the problems
faced by first responders after the disaster has occurred. The
curriculum developed by IGCC and George Mason University attempts
to broaden knowledge across these issues in the following
ways:
It is specifically devoted to a range of critical
infrastructure services and their interdependencies.
It deals with "all
hazards," that is, not only
terrorism but natural disasters and the unintended consequences of accidents,
poor
management, results of inappropriate government regulatory policy, and
inadequate technology
and system designs.
It integrates the public policy tools for inducing
private firms to invest in mitigation of threats and increasing resilience.
It gets
into technical specifics about the vulnerabilities of critical
infrastructure service delivery, with
special emphasis on those services dependent on control systems reliability
and recoverability.
It recognizes the international dimensions of both
threats and solutions, and examines alternative public-private relationships
and
modes of governance.
It explores the management and organizational experience
of firms that have learned how to provide consistently high
reliability in their service
delivery.
With support from the Department of Homeland Security, the curriculum materials
are offered to any individual or institution that would like to teach
or develop a course devoted to the topic,
or to use it as a policy research resource. The project team plans
a continual refinement of the curriculum based on user feedback.
Project Team
Lewis
M. Branscomb holds faculty appointments
in the School of International Relations and Pacific Studies and
in the Scripps Institution
of Oceanography at UC San Diego. He is also
Professor Emeritus of Public Policy and Corporate Management
Director Emeritus of the Science, Technology, and Public Policy
Program in the Center for Science
and International Affairs at Harvard University's Kennedy School of Government.
Prof. Branscomb graduated summa cum
laude from Duke University in 1945 and received his Ph.D.
in physics from Harvard University in 1949. A
research physicist at the U.S. National Bureau of Standards, U.S.
Department of Commerce,
(now the National Institute of Standards and Technology) from 1951
to 1969, he was appointed director of NBS in 1969 by
President Nixon.
He left NBS in 1972 to become vice president and chief scientist of the
IBM Corporation, serving until 1986, when he joined the faculty
at Harvard.
President
Johnson named
Branscomb to the President's Science Advisory Committee in 1964, and he
chaired the subcommittee on Space Science and Technology during
Project
Apollo. President
Carter appointed him to the National Science Board, and he served as chairman
of the NSB during the presidency of Ronald Reagan. Branscomb was the
co-chairman of the project of the National Academies of Science
and of Engineering and
the Institute of Medicine that authored the report Making
the Nation Safer: Science and Technology for Countering Terrorism (National
Academies Press, 2002). He has been actively engaged in promoting bilateral
cooperation in counter-terrorism with India, Russia, Japan, and Korea.
He is a member of the Control Systems Security Program (CSSP) for
the
National Cyber
Security Division (NCSD) of the Department of Homeland Security.
Principal
Investigator Susan Shirk is director of IGCC and professor
of political science in the School of International Relations
and Pacific Studies
at UC San Diego. From 1997 to 2000, Shirk served as Deputy
Assistant Secretary of State in the Bureau of East Asia and Pacific Affairs,
with responsibility
for the People’s Republic of China, Taiwan, Hong Kong, and
Mongolia.
Prof. Shirk founded in 1993 and continues to lead the Northeast
Asia Cooperation Dialogue (NEACD), a “track two,” or
unofficial, forum for discussions of security issues among defense
and foreign ministry officials and academics from the United States,
Japan, China, Russia, South Korea, and North Korea.
Prof. Shirk’s publications include her books How China
Opened Its Door: The Political Success of the PRC’s Foreign Trade
and Investment Reforms; The Political Logic of Economic Reform in
China; and Competitive Comrades: Career Incentives and
Student Strategies in China. Her latest book, China: Fragile
Superpower, will be published
by Oxford University Press in 2007.
Shirk served as a member of the U.S. Defense Policy Board,
the Board of Governors for the East–West Center (Hawaii),
the Board of Trustees of the U.S.–Japan Foundation, and the
Board of Directors of the National Committee on United States-China
Relations. She is a member of the Council on Foreign Relations,
and an emeritus member of the Aspen Strategy Group. As senior advisor
to the Albright Group, Prof. Shirk advises private-sector clients
on China and East Asia. She received her B.A. in political science
from Mount Holyoke College, her M.A. in Asian studies from the University
of California, Berkeley, and her Ph.D. in political science from
the Massachusetts Institute of Technology.
Project
Manager Raymond A. Clark is program
manager for IGCC's "Public Policy and Biological Threats" (PPBT)
program. Clark joined IGCC in early 2005 after serving as a policy
analyst with the Office of Government
and Community Relations at UC San Diego. He has a Ph.D. in cardiovascular physiology
and previously worked as a research associate in molecular cardiology
in the UC San Diego School of
Medicine. In addition to managing and expanding the PPBT program, Clark is
involved in developing several IGCC programs in homeland security,
national security, and
public health security. He is also a founding board member of the National
Postdoctoral Association and has been influential in formulating
policy for the scientific
workforce in the United States.
LLNL Advisor Brian Lopez is a
computer scientist at Lawrence Livermore National Laboratory (LLNL). For
the past eight years, he has led
LLNL's Vulnerability
and Risk Assessment Program (VRAP) which provides in-depth, multidisciplinary
assessments of threat, vulnerability, and consequence. Past projects include
work in twenty-six U.S. states and internationally across a variety of sectors
such as electric power, oil, gas, water, chemical, aviation, rail,
maritime, telecommunications,
national icons, and classified sites. He assembled and led security teams
for the 2002 Winter Olympics, the California energy crisis, and
9/11 response. Currently
he is leading a comprehensive assessment of a thirty-four-city region for
the Department of Homeland Security. His previous work has been
in the
areas of nuclear
material tracking, secure systems design, knowledge management,
and counter-terrorism.
Consultant Michael J. Kleeman is an independent
consultant working in technology and health- related areas.
He served as the chief technology officer for Catenas, a network
of professional services firms, and Aerie Networks, a new long-distance
provider in the United
States. Previously he was a senior technology partner in a global consulting
firm, specializing in the telecommunications, Internet and computer/information
areas. Kleeman has more than twenty-five years of experience in telecommunications
and information systems-related business strategy, technology design,
economic analysis and
complex project management. He has also worked on the design and
implementation of networks
for voice and data communications, including carrier and private networks,
in both domestic and international arenas. He has extensive industry
expertise in
the technology/computer, commercial, government, financial, and health areas,
both as a consultant and as an operating manager. His background includes work
for local and inter-exchange carriers, network and computer hardware and software
vendors, user organizations, and national agencies.
Kleeman has been the lead
designer and project manager for numerous telecommunications projects, for
a wide range of user, carrier, and vendor organizations. In addition
to these specific
activities he has worked with numerous clients on new business strategy (especially
new market entry or product launch), technology planning, LBO/restructuring
of technology firms, contingent planning in dynamic markets, and
international communications
IGCC
is a non-profit, nonpartisan institute with official 501(c)(3) status. We welcome
your tax-deductible donations to help support our work, and encourage you
to contact
us about our programs and activities.
Copyright 2001–2008 by the Regents of the University of California on
behalf of IGCC.
Principal
Investigator Susan Shirk is director of IGCC and professor
of political science in the School of International Relations
and Pacific Studies
at UC San Diego. From 1997 to 2000, Shirk served as Deputy
Assistant Secretary of State in the Bureau of East Asia and Pacific Affairs,
with responsibility
for the People’s Republic of China, Taiwan, Hong Kong, and
Mongolia. 
Project
Manager Raymond A. Clark is program
manager for IGCC's "Public Policy and Biological Threats" (PPBT)
program. Clark joined IGCC in early 2005 after serving as a policy
analyst with the Office of Government
and Community Relations at UC San Diego. He has a Ph.D. in cardiovascular physiology
and previously worked as a research associate in molecular cardiology
in the UC San Diego School of
Medicine. In addition to managing and expanding the PPBT program, Clark is
involved in developing several IGCC programs in homeland security,
national security, and
public health security. He is also a founding board member of the National
Postdoctoral Association and has been influential in formulating
policy for the scientific
workforce in the United States.
Consultant Michael J. Kleeman is an independent
consultant working in technology and health- related areas.
He served as the chief technology officer for Catenas, a network
of professional services firms, and Aerie Networks, a new long-distance
provider in the United
States. Previously he was a senior technology partner in a global consulting
firm, specializing in the telecommunications, Internet and computer/information
areas. Kleeman has more than twenty-five years of experience in telecommunications
and information systems-related business strategy, technology design,
economic analysis and
complex project management. He has also worked on the design and
implementation of networks
for voice and data communications, including carrier and private networks,
in both domestic and international arenas. He has extensive industry
expertise in
the technology/computer, commercial, government, financial, and health areas,
both as a consultant and as an operating manager. His background includes work
for local and inter-exchange carriers, network and computer hardware and software
vendors, user organizations, and national agencies.