Sample Syllabus
Critical Infrastructure Cybersecurity
Course Description:
Students will address basic security concepts as they apply to critical infrastructure systems. Concepts addressed in the course will include Industrial Control Systems (ICS), such as Supervisory and Data Acquisition (SCADA) systems, Process Control Systems (PCS), and Distributed Control Systems (DCS), national standards for the protection of critical infrastructure, and risk management concepts and tools for critical infrastructure systems. Students will perform a risk assessment of a specific critical infrastructure sector using an appropriate risk assessment framework and tools, identifying threats and vulnerabilities specific to the sector, and making appropriate recommendations for mitigating risk.
Prerequisites:
Students should have completed an introductory security course, such as CompTIA’s Security+, or otherwise have knowledge of basic network and computer security concepts and technologies.
Technology Requirements:
Students must be able to access and subscribe to the FEMA education portal and the CISA Virtual Learning Portal.
It is recommended that users meet the minimum system hardware and software requirements prior to installing CSET. This includes:
- Pentium dual core 2.2 GHz processor (Intel x86 compatible)
- 6 GB free disk space
- 4 GB of RAM
- Microsoft Windows 10 or higher
- Microsoft .NET Core 5.0 Runtime (included in CSET installation)
- SQL Server 2019 Express LocalDB (included in CSET installation)
- A Portable Document Format (PDF) reader such as Adobe Reader is required to view supporting documentation.
Course Objectives:
Topics addressed in the course include:
- Critical infrastructure (CI) and critical infrastructure security and resilience (CISR), including the 16 critical infrastructure sectors, as defined by the Department of Homeland Security (DHS) and identified in Presidential Policy Directive 21 (PPD-21: Critical Infrastructure Security and Resilience).
- Industrial Control Systems (ICS) such as SCADA, PCS, and DCS.
- Risk Management Frameworks applicable to CI systems.
- Cybersecurity services, such as confidentiality, integrity, availability, and authentication, as they apply to CI systems.
- Cybersecurity threats, risks, vulnerabilities, and attacks as they apply to CI systems.
- Vulnerability assessments and tools applicable to CI systems.
- CI systems risk management strategies.
- Trends in cybersecurity impacting CI sectors.
Student Outcomes:
At the conclusion of the course, students will be able to:
- Identify CI sectors and the legislation and standards addressing CI protection. (Understand)
- Define common terms and concepts associated with CI, including ICS, SCADA, PCS, and DCS. (Understand)
- Identify the components and process of implementing a CISR risk management program. (Understand)
- Describe cybersecurity services such as confidentiality, integrity, availability, and authentication as they apply to CI systems. (Understand)
- Select appropriate vulnerability assessment frameworks and tools as part of a risk assessment of a CI system. (Evaluate)
- Identify and describe cybersecurity threats, risks, vulnerabilities, and attacks as they apply to CI systems. (Understand)
- Select an appropriate risk management strategy for CISR. (Evaluate)
Schedule
| Week | Module | Topic | Activities |
|---|---|---|---|
| 1 | Module 1 | Introduction to Critical Infrastructure |
|
| 2 | Module 2 | Introduction to Control Systems and SCADA |
|
| 3 | Module 3 | Technologies |
|
| 4 | Module 4 | Risk Assessment |
|
| 5 | Module 5 | Threats |
|
| 6 | Module 6 | Vulnerabilities |
|
| 7 | Mid-Term Exam | ||
| 8 | Module 7 | Risk Assessments |
|
| 9 | Module 8 | Remediation |
|
| 10 | Module 9 | Incident Response |
|
| 11 | Module 10 | Policy & Governance |
|
| 12 | Module 11 | Trends |
|
| 13 | Module 12 | Sector Report Outs |
|
| 14 | Final Exam |
Supplemental Materials & Resources
Books
American Psychological Association. Publication Manual of the American Psychological Association. 7th edition. Washington, DC: American Psychological Association, 2020.
Lewis, Ted G. Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, 3rd Ed. Hoboken, NJ: Wiley Publishing, 2020. 978-1-119-61453-1. The book has a companion website.
Manoj, K.S. Cyber Security for Critical Infrastructure: Redefining National Security Concepts Paperback, Notion Press. ISBN: 979-8-88503-639-9, 2022.
Miller, Stephen, and Clark, Richard H. Framework for SCADA Cybersecurity. Smashwords Edition, eBook ISBN 978-1310-30996-0.
Parfomak, Paul W. Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options. CRS Report for Congress, RL33206. Updated September 12, 2008.
Videos
Cyber War: Cybercrimes with Ben Hammersley. BBC News, 2016. 6 episodes. Videos may be available through the Films on Demand service of Infobase (check with your institutional library).
Government Resources for Training
Critical Infrastructure Security and Resilience Courses (FEMA), Department of Homeland Security.
Training Available through CISA (ICS-CERT), Department of Homeland Security. Instructor-led and web-based training events on industrial control systems cybersecurity.
Online Tools
CSET Risk Assessment Tool. The Cyber Security Evaluation Tool (CSET) is a CISA product that assists organizations in protecting their key national cyber assets. Older versions are available on GitHub.
Oracle VM VirtualBox. This cross-platform virtualization software makes it possible to set up a virtual PC on a Mac so you can install and run CSET. Documentation in how to use VirtualBox is also available.
SCADA Hacker’s Toolset. This webpage lists online resources and tools for control system security testing and is published by Joel Langill, the Director of Critical Infrastructure and SCADA representative for the Cyber Security Forum Initiative.
VMware Workstation. This application makes it possible to run multiple operating systems as virtual machines on a single PC. A free trial of the software can be obtained by clicking the “Get Free Trial” option under Product Resources.
