|Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation
Ted G. Lewis
|Module 1 – Introduction to Critical Infrastructure
- Define critical infrastructure, protection, and resilience in the context of the National Infrastructure Protection Plan (NIPP).
- Describe critical infrastructure in communities and the impact Lifeline sector assets have on a community’s resiliency.
- Describe the processes that support critical infrastructure security and resilience.
- Identify strategies and methods for achieving results through critical infrastructure partnerships.
- Describe the roles and responsibilities of entities such as the DHS, sector-specific agencies, and state, local, tribal, and territorial governments.
- Discuss common standards bodies, such as the North American Electricity Reliability Council (NAERC) and the National Institute of Standards and Technology (NIST).
- Understand which certifications are required to protect critical infrastructure.
|Module 2 – Introduction to Control Systems & SCADA
- Describe the components and applications of industrial control systems.
- Describe the purpose and use of SCADA, DCS, and PCS systems.
- Describe the configuration and use of field devices used to measure critical infrastructure processes, such as flow rate, pressure, temperature, level, density, etc.
- Describe the use and application of Programmable Logic Controllers (PLCs) in automation.
|Module 3 – Technologies
- List several types of networking hardware and explain the purpose of each.
- List and describe the functions of common communications protocols and network standards used within CI.
- Identify new types of network applications and how they can be secured.
- Identify and understand the differences between IPv4 and IPv6.
- Discuss the unique challenges/characteristics of devices associated with industrial control systems.
- Explain how existing network administration principles can be applied to secure CIKR.
|Module 4 – Risk Management
- Describe basic security service principles (confidentiality, integrity, availability, and authentication) and their relative importance to CI systems.
- Explain basic risk management principles.
- Identify various risk management frameworks and standards, such as the NIST Cybersecurity Framework and the North American Electricity Reliability Council (NERC).
- Describe how to use the framework core process.
- Describe how to use the Framework Implementation Tiers to identify cybersecurity risk and the processes necessary to effectively manage that risk.
- Describe the Cybersecurity Framework Assessment Process Model.
- Demonstrate an understanding of how the framework process holistically manages risk.
|Module 5 – Threats
- Define threats and threat agents, and explain how risk assessment relates to understanding threats.
- Identify how different threats—including hijacking, denial-of-service attacks, malicious software, SMTP spam engines, Man-in-the-Middle (MITM) attacks, and social engineering—would apply to critical infrastructure.
- Identify different types of malware and their intended payloads.
- Describe social engineering psychological attacks.
- List and explain the different types of server-side web application and client-side attacks relevant to critical infrastructure.
- Describe overflow attacks and provide examples of the impact on CI systems.
- Provide examples of malware attacks, such as Flame, Stuxnet, BlackEnergy, Havex, and Duqu, and discuss their functionality and impact on critical infrastructure systems.
|Module 6 – Vulnerabilities
- Identify the common vulnerabilities associated with Control Systems (CS).
- Identify SCADA cyber vulnerabilities.
- Describe how an attacker may gain control of the SCADA system.
- Define vulnerability assessment and explain why it is important.
- Identify vulnerability assessment techniques and tools, such as CSET, Nessus, and other assessment tools.
- Explain the differences between vulnerability scanning and penetration testing.
|Module 7 – Risk Assessments
- Identify the different risk assessment frameworks.
- Discuss Supply Chain Risk Management (SCRM) principles.
- Explain how regulatory requirements are used in determining additional items to review in a risk assessment.
- Demonstrate an understanding of the CSET tool risk assessment functions.
- Apply the CSET tool to an IT general risk assessment.
- Develop a report using CSET.
- Apply the standard available in the CSET tool to an IT general risk assessment.
|Module 8 – Remediation
- Describe how risk management techniques control risk.
- Explain the concept of the Security Design Life Cycle (SDLC).
- List the types of security policies and how these relate to remediation.
- Describe how awareness and training can provide increased security.
- Identify remediation techniques in an ICS network, including routers, firewall technology, and tools for configuring firewalls and routers.
- Describe intrusion detection and prevention systems and web-filtering technologies.
- Explain the importance of digitally signed code for pushes of firmware and other updates to automated devices.
- Demonstrate the ability to evaluate and assess vulnerabilities in ICS networks.
- Explain and make recommendations for remediation strategies in an ICS network.
- Describe the hazards (do and don’ts) of the corporate network process vs. ICS network process.
|Module 9 – Incident Response
- List some common types of incidents that may occur in SCADA/ICS systems.
- Identify the phases of an Incident Response (IR), as described in the NIST SP 800-61.
- Define incident containment and describe how it is applied to an incident.
- Discuss the IR reaction strategies unique to each category of incident.
- Explain the components of an Incident Response Plan.
- Identify the 14 response core capabilities covered in the National Response Framework.
|Module 10 – Policy & Governance
- Identify information-sharing strategies and initiatives as established by the Department of Homeland Security (DHS).
- Describe threat intelligence information sharing among public and private partners, including Information Sharing and Analysis Centers (ISACs).
- Explain the roles that DHS’s National Cybersecurity and Communications Integration Center (NCCIC) and National Infrastructure Coordinating Center (NICC) play in infrastructure protection.
- Describe issues relevant to specific critical infrastructure sectors, such as HIPAA and other regulations and laws.
|Module 11 – Trends
- Identify emerging trends and demonstrate an understanding of emerging technologies.
- Understand the Internet of Things (IoT) and how it expands the cyber “attack surface.”
- Be able to make educated predictions of what the future might look like for the cybersecurity critical infrastructure framework.
- Discuss ethical issues that can arise in relation to new technology and new defense strategies.