Critical Infrastructure System Security and Resiliency

Content: SECURITY RISK ASSESSMENT Introduction to Security Risk Assessment Security Risk Assessment Protection System Robustness Security System Resiliency System Approach for Security Risk Assessment Determine Undesired Events, Associated Critical Assets, and Available Resources Threat Analysis Assess Likelihood of Initiating Event Estimate Protection System Effectiveness Assess Consequences for Undesired Event Estimate Security Risk Upgrade the Protection System to Be Robust against Undesired Event Upgrade Security System to Be Resilient for Undesired Event Undesired Events, Associated Critical Assets, and Available Resources Critical Assets Logic Model Threat Analysis Malevolent Threats Type of Adversary Adversary Capability Design Basis Threat Natural Hazards Hurricane Earthquake Tornado Flood Accidents Likelihood of Initiating Events Malevolent Threat Outsider Threat Insider Threat Natural Hazard Threat Accident Threat Assess Consequences and Responses for Undesired Event Reference Table for Consequences Estimating Consequence Level for Undesired Events Assessment of Protection System Effectiveness Assessment of Protection System Effectiveness for Malevolent Threat Adversary Scenarios Effective Physical Protection System for the Malevolent Threat Physical Protection System Effectiveness Assessment Physical Protection System Effectiveness Assessment-Example Protection System Effectiveness against Blast Attacks Protection System Effectiveness for Blast Attacks Assessment-Example Mitigation of the Insider Threat Cyber Protection System Effectiveness Cyber Functions Cyber Protection System Effectiveness Assessment-Example Effectiveness for Natural Hazards Protection System Effectiveness Assessment for Natural Hazards-Example Protection System Effectiveness for Accidents Protection System Effectiveness Assessment for Accidents-Example Estimate Security Risk System Approach for Security Risk Assessment Determine Undesired Events, Associated Critical Assets, and Available Resources Threat Analysis Assess Likelihood of Initiating Event Estimate Protection System Effectiveness Assess Consequences for Undesired Event Estimate Security Risk Upgrade Protection System to Be Robust against Undesired Event Upgrade Security System to Be Resilient for Undesired Event EVALUATION AND DESIGN OF RESILIENT SYSTEMS Motivating Infrastructure Resilience Analysis Current State of Resilience Assessment Definitions of Resilience Domains Assessment Processes Structural Resilience Assessment Methodologies Performance-Based Measurement Hybrid Approaches Gaps and Limitations Infrastructure Resilience Analysis Methodology Definition of Resilience Measurement of Resilience Costs Systemic Impact Total Recovery Effort Resilience Cost Calculation Use and Interpretation of Recovery-Dependent Resilience Costs and Optimal Resilience Costs Quantities Additional Notes on Calculation of Resilience Costs Qualitative Structural Analysis Absorptive Capacity Adaptive Capacity Restorative Capacity Additional Notes on Resilience Capacities Applying the Infrastructure Resilience Analysis Methodology Case Studies Using the Infrastructure Resilience Analysis Framework Qualitative Resilience Analysis Case Study Define Systems Define Scenario Perform Structural Analysis Analysis Conclusions Quantitative Resilience Analysis Case Study Define Systems Define Scenario Define Metrics and Obtain Data Calculate Resilience Costs Perform Structural Analysis Case Study on Optimizing Resilient Recovery Strategies Define Systems Define Scenario Define Metrics Obtain Data and Calculate Resilience Costs Future Directions APPENDIX A: EXAMPLE USE OF FAULT TREES TO IDENTIFY CRITICAL ASSETS APPENDIX B: PHYSICAL PROTECTION FEATURES PERFORMANCE DATA INDEX
Abstract: ''Part l: Security risk assessment. Chapter 1. Introduction to Security Risk Assessment As our nation moves forward in the age of information and global economy, our dependencies on national infrastructure is greater than ever. Compromise of our critical infrastructures could disrupt the functions of our government, business, and our way of life. Catastrophic losses in terms of human casualties, property destruction, economic damages, and loss of public confidence could result from disruptions or degradation in our national infrastructure. ''Critical infrastructures are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof'' (U.S. Department of Homeland Security 2010). The Homeland Security Presidential Directive 7 (HSPD-7) (U.S. Department of Homeland Security 2010) identified 18 critical infrastructure sectors and a designated federal Sector-Specific Agency to lead protection and resilience-building programs and activities. The sectors include: - Agriculture and Food, - Banking and Finance, - Chemical, - Commercial Facilities, - Communications, - Critical Manufacturing, - Dams, - Defense Industrial Base, - Emergency Services, - Energy, - Government Facilities, - Healthcare and Public Health, - Information Technology, - National Monuments and Icons, - Nuclear Reactors, - Postal and Shipping, - Transportation Systems, and - Water''