Foreword By Sen. Mark Warner xvForeword By Prof. Andrew Odlyzko xxiPreface xxxiiiHow to Use this Book xxxviiAbout the Companion Website xxxix1 Origins of Critical Infrastructure Protection 11.1 Recognition 31.2 Natural Disaster Recovery 41.3 Definitional Phase 51.4 Public-Private Cooperation 81.5 Federalism: Whole of Government 81.6 Rise of the Framework 101.7 Implementing a Risk Strategy 121.7.1 Risk-Informed Decision-Making 131.7.2 Resilience-Informed Decision-Making 141.7.3 Prevention or Response? 151.8 Analysis 161.8.1 The Public-Private Partnership (PPP) Conundrum 171.8.2 The Information Sharing Conundrum 171.8.3 Climate Change Conundrum 171.8.4 The Funding Conundrum 171.8.5 Spend 80% on 20% of the Country 181.9 Exercises 181.10 Discussions 19References 202 Risk Strategies 212.1 Expected Utility Theory 232.1.1 Threat-Asset Pairs 242.2 PRA and Fault Trees 242.2.1 An Example: Your Car 262.3 MRBA and Resource Allocation 262.3.1 Another Example: Redundant Power 272.4 Cyber Kill Chains are Fault Trees 282.5 PRA in the Supply Chain 292.6 Protection Versus Response 302.7 Threat is an Output 322.8 Bayesian Belief Networks 332.8.1 A Bayesian Network for Threat 332.8.2 Predictive Analytics 342.9 Risk of a Natural Disaster 352.9.1 Exceedence 352.9.2 EP vs. PML Risk 352.10 Earthquakes 362.11 Black Swans and Risk 362.12 Black Swan Floods 372.13 Are Natural Disasters Getting Worse? 382.14 Black Swan Al Qaeda Attacks 382.15 Black Swan Pandemic 392.16 Risk and Resilience 412.17 Exercises 422.18 Discussions 43References 433 Theories of Catastrophe 443.1 Normal Accident Theory (NAT) 453.2 Blocks and Springs 463.3 Bak's Punctuated Equilibrium Theory 483.4 Tragedy of the Commons (TOC) 513.4.1 The State Space Diagram 523.5 The US Electric Power Grid 523.6 Paradox of Enrichment (POE) 553.6.1 The Great Recessions 563.6.2 Too Much Money 563.7 Competitive Exclusion Principle (CEP) 573.7.1 Gause's Law 583.7.2 The Self-Organizing Internet 583.7.3 A Monoculture 593.8 Paradox of Redundancy (POR) 593.9 Resilience of Complex Infrastructure Systems 603.9.1 Expected Utility and Risk 603.9.2 Countering SOC 603.9.3 The TOC Test 613.9.4 POE and Nonlinearity 613.9.5 CEP and Loss of Redundancy 613.9.6 POR and Percolation 623.10 Emergence 623.10.1 Opposing Forces in Emergent CIKR 623.11 Exercises 633.12 Discussions 64References 644 Complex CIKR Systems 664.1 CIKR as Networks 694.1.1 Emergence 724.1.2 Classes of CIKR Networks 744.1.3 Self-Organized Networks 754.2 Cascading CIKR Systems 764.2.1 The Fundamental Resilience Line 804.2.2 Critical Factors and Cascades 814.2.3 Targeted Attacks 824.3 Network Flow Risk and Resilience 854.3.1 Braess's Paradox 864.3.2 Flow Network Resilience 874.4 Paradox of Redundancy 884.4.1 Link Percolation and Robustness 884.4.2 Node Percolation and Robustness 894.4.3 Blocking Nodes 894.5 Network Risk 914.5.1 Crude Oil and Keystone XL 924.5.2 MBRA Network Resource Allocation 924.6 The Fragility Framework 964.6.1 The Hodges Fragility Framework 964.6.2 The Hodges Fault Tree 974.7 Exercises 984.8 Discussions 99References 1005 Communications 1015.1 Early Years 1025.2 Regulatory Structure 1055.3 The Architecture of the Communications Sector 1065.3.1 Physical Infrastructure 1075.3.2 Wireless Networks 1085.3.3 Extraterrestrial Communication 1085.3.4 Land Earth Stations 1095.3.5 Cellular Networks 1105.3.6 Generations 1105.3.7 Wi-Fi Technology 1115.4 Risk and Resilience Analysis 1115.4.1 Importance of Carrier Hotels 1135.4.2 Network Analysis 1145.4.3 Flow Analysis 1165.4.4 Robustness 1165.4.5 The Submarine Cable Network 1175.4.6 HPM Attacks 1175.5 Cellular Network Threats 1185.5.1 Cyber Threats 1195.5.2 HPM-Like Threats 1205.5.3 Physical Threats 1205.6 Analysis 1205.7 Exercises 1215.8 Discussions 122References 1226 Internet 1236.1 The Internet Monoculture 1256.1.1 The Original Sin 1276.1.2 How TCP/IP Works 1286.1.3 More Original Sin 1306.2 Analyzing The Autonomous System Network 1306.2.1 The AS500 Network 1306.2.2 Countermeasures 1326.3 The RFC Process 1336.3.1 Emergence of Email 1336.3.2 Emergence of TCP/IP 1336.4 The Internet of Things (IOT) 1346.4.1 Data Scraping 1356.4.2 IoT Devices 1356.4.3 More IoT Exploits 1366.5 Commercialization 1376.6 The World Wide Web 1376.7 Internet Governance 1386.7.1 IAB and IETF 1386.7.2 ICANN Wars 1406.7.3 ISOC 1416.7.4 W3C 1416.8 Internationalization 1426.9 Regulation and Balkanization 1426.10 Exercises 1436.11 Discussions 1447 Cyber Threats 1457.1 Threat Surface 1467.1.1 Script Kiddies 1487.1.2 Black-Hats 1497.1.3 Weaponized Exploits 1497.1.4 Ransomware and the NSA 1507.2 Basic Vulnerabilities 1517.2.1 The First Exploit 1527.2.2 TCP/IP Flaws 1537.2.3 Open Ports 1547.2.4 Buffer Overflow Exploits 1557.2.5 DDoS Attacks 1557.2.6 Email Exploits 1567.2.7 Flawed Application and System Software 1577.2.8 Trojans, Worms, Viruses, and Keyloggers 1587.2.9 Hacking the DNS 1597.3 Botnets 1597.3.1 Hardware Flaws 1607.4 Cyber Risk Analysis 1617.5 Cyber Infrastructure Risk 1617.5.1 Blocking Node Analysis 1637.5.2 Machine Learning Approach 1657.5.3 Kill Chain Approach 1657.6 Analysis 1667.7 Exercises 1667.8 Discussions 168References 1688 Information Technology (IT) 1698.1 Principles of IT Security 1718.2 Enterprise Systems 1718.2.1 Loss of Service 1728.2.2 Loss of Data 1728.2.3 Loss of Security 1728.3 Cyber Defense 1738.3.1 Authenticate Users 1738.3.2 Trusted Path 1748.3.3 Inside the DMZ 1758.4 Basics of Encryption 1768.4.1 DES 1778.4.2 3DES 1778.4.3 AES 1778.5 Asymmetric Encryption 1778.5.1 Public Key Encryption 1798.5.2 RSA Illustrated 1808.5.3 Shor's Algorithm 1808.6 PKI 1818.6.1 Definition of PKI 1828.6.2 Certificates 1828.6.3 Blockchain 1838.6.4 FIDO and WebAuth 1848.6.5 Mathematics of Passwords 1848.7 Countermeasures 1858.8 Exercises 1878.9 Discussions 188References 1889 Hacking Social Networks 1899.1 Web 2.0 and the Social Network 1909.2 Social Networks Amplify Memes 1939.3 Topology Matters 1949.4 Computational Propaganda 1949.5 The ECHO Chamber 1979.6 Big Data Analytics 1989.6.1 Algorithmic Bias 1999.6.2 The Depths of Deep Learning 2009.6.3 Data Brokers 2009.7 GDPR 2019.8 Social Network Resilience 2029.9 The Regulated Web 2039.9.1 The Century of Regulation 2039.10 Exercises 2049.11 Discussions 205References 20610 Supervisory Control and Data Acquisition 20710.1 What is SCADA? 20810.2 SCADA Versus Enterprise Computing Differences 20910.3 Common Threats 21010.4 Who is in Charge? 21110.5 SCADA Everywhere 21210.6 SCADA Risk Analysis 21310.7 NIST-CSF 21610.8 SFPUC SCADA Redundancy 21610.8.1 Redundancy as a Resiliency Mechanism 21810.8.2 Risk Reduction and Resource Allocation 22010.9 Industrial Control of Power Plants 22110.9.1 Maximum PML 22110.9.2 Recovery 22110.9.3 Node Resilience 22210.10 Analysis 22510.11 Exercises 22710.12 Discussions 22811 Water and Water Treatment 22911.1 From Germs to Terrorists 23011.1.1 Safe Drinking Water Act 23111.1.2 The WaterISAC 23111.2 Foundations: SDWA of 1974 23211.3 The Bioterrorism Act of 2002 23211.3.1 Is Water for Drinking? 23311.3.2 Climate Change and Rot: The New Threats 23411.4 The Architecture of Water Systems 23511.4.1 The Law of The River 23511.5 The Hetch Hetchy Network 23511.5.1 Bottleneck Analysis 23611.6 Risk Analysis 23811.6.1 Multidimensional Analysis 23811.6.2 Blocking Nodes 23911.7 Hetch Hetchy Investment Strategies 23911.7.1 The Rational Actor Attacker 24011.8 Hetch Hetchy Threat Analysis 24211.8.1 Chem/Bio Threats 24211.8.2 Earthquake Threats 24411.8.3 Allocation to Harden Threat-Asset Pairs 24411.9 Analysis 24511.10 Exercises 24611.11 Discussions 247References 24812 Energy 24912.1 Energy Fundamentals 25112.2 Regulatory Structure of the Energy Sector 25212.2.1 Evolution of Energy Regulation 25212.2.2 Other Regulations 25312.2.3 The Energy ISAC 25412.3 Interdependent Coal 25412.3.1 Interdependency with Transportation 25412.4 The Rise of Oil and the Automobile 25512.4.1 Oil 25512.4.2 Natural Gas 25612.5 Energy Supply Chains 25612.5.1 PADDs 25712.5.2 Refineries 25812.5.3 Transmission 25812.5.4 Transport4 25912.5.5 Storage 25912.5.6 Natural Gas Supply Chains 25912.5.7 SCADA 25912.6 The Critical Gulf of Mexico Cluster 25912.6.1 Refineries 26012.6.2 Transmission Pipelines 26012.6.3 Storage 26212.7 Threat Analysis of the Gulf of Mexico Supply Chain 26512.8 Network Analysis of the Gulf of Mexico Supply Chain 26612.9 The Keystonexl Pipeline Controversy 26712.10 The Natural Gas Supply Chain 26812.11 Analysis 27012.12 Exercises 27012.13 Discussions 271References 27213 Electric Power 27313.1 The Grid 27413.2 From Death Rays to Vertical Integration 27513.2.1 Early Regulation 27613.2.2 Deregulation and EPACT 1992 27813.2.3 Energy Sector ISAC 27813.3 Out of Orders 888 and 889 Comes Chaos 27913.3.1 Economics Versus Physics 28013.3.2 Betweenness Increases SOC 28113.4 The North American Grid 28113.4.1 ACE and Kirchhoff's Law 28313.5 Anatomy of a Blackout 28313.5.1 What Happened on August 14 28513.6 Threat Analysis 28613.6.1 Attack Scenario 1: Disruption of Fuel Supply to Power Plants 28613.6.2 Attack Scenario 2: Destruction of Major Transformers 28713.6.3 Attack Scenario 3: Disruption of SCADA Communications 28713.6.4 Attack Scenario 4: Creation of a Cascading Transmission Failure 28713.7 Risk Analysis 28813.8 Analysis of WECC96 28813.9 Analysis 29113.10 Exercises 29213.11 Discussions 294References 29414 Healthcare and Public Health 29514.1 The Sector Plan 29614.2 Roemer's Model 29714.2.1 Components of Roemer's Model 29814.3 The Complexity of Public Health 29914.4 Risk Analysis of HPH Sector 30014.5 Bioterrorism 30014.5.1 Classification of Biological Agents 30114.6 Epidemiology 30314.6.1 The Kermack-McKendrick Model 30314.6.2 SARS 30414.7 Predicting Pandemics 30414.7.1 The Levy Flight Theory of Pandemics 30614.8 Bio-Surveillance 30714.8.1 HealthMap 30714.8.2 Big Data 30714.8.3 GeoSentinel 30814.9 Network Pandemics 30914.10 The World Travel Network 31014.11 Exercises 31214.12 Discussions 313References 31315 Transportation 31415.1 Transportation Under Transformation 31615.2 The Road to Prosperity 31915.2.1 Economic Impact 31915.2.2 The National Highway System (NHS) 31915.2.3 The Interstate Highway Network Is Resilient 32015.2.4 The NHS Is Safer 32015.3 Rail 32015.3.1 Birth of Regulation 32215.3.2 Freight Trains 32315.3.3 Passenger Rail 32415.3.4 Commuter Rail Resiliency 32415.4 Air 32515.4.1 Resilience of the Hub-and-Spoke Network 32615.4.2 Security of Commercial Air Travel 32815.4.3 How Safe and Secure Is Flying in the United States? 32915.5 Airport Games 33015.5.1 GUARDS 33015.5.2 Bayesian Belief Networks 33115.6 Exercises 33115.7 Discussions 332References 33216 Supply Chains 33416.1 The World Is Flat, But Tilted 33516.1.1 Supply-Side Supply 33616.1.2 The Father of Containerization 33716.1.3 The Perils of Efficient Supply Chains 33716.2 The World Trade Web 34016.2.1 Economic Contagions 34216.3 Risk Assessment 34416.3.1 MSRAM 34416.3.2 PROTECT 34516.4 Analysis 34616.5 Exercises 34716.6 Discussions 347References 34817 Banking and Finance 34917.1 The Financial System 35117.1.1 Federal Reserve vs. US Treasury 35217.1.2 Operating the System 35317.1.3 Balancing the Balance Sheet 35317.1.4 Paradox of Enrichment 35417.2 Financial Networks 35517.2.1 FedWire 35517.2.2 TARGET 35617.2.3 SWIFT 35617.2.4 Credit Card Networks 35617.2.5 3-D Secure Payment 35717.3 Virtual Currency 35817.3.1 Intermediary PayPal 35817.3.2 ApplePay 35817.3.3 Cryptocurrency 35917.4 Hacking The Financial Network 36117.5 Hot Money 36317.5.1 The Dutch Disease 36417.6 The End of Stimulus? 36417.7 Fractal Markets 36517.7.1 Efficient Market Hypothesis (EMH) 36617.7.2 Fractal Market Hypothesis (FMH) 36617.7.3 Predicting Collapse 36717.8 Exercises 36917.9 Discussions 370References 37018 Strategies for a Networked Nation 37118.1 Whole of Government 37218.2 Risk and Resilience 37318.3 Complex and Emergent CIKR 37318.4 Communications and the Internet 37418.5 Information Technology (IT) 37518.6 Surveillance Capitalism 37518.7 Industrial Control Systems 37618.8 Energy and Power 37618.9 Global Pandemics 37718.10 Transportation and Supply Chains 37718.11 Banking and Finance 37818.12 Discussions 378Appendix A: Math: Probability Primer 379A.1 A Priori Probability 379A.2 A Pori Probability 381A.3 Random Networks 382A.4 Conditional Probability 383A.5 Bayesian Networks 384A.6 Bayesian Reasoning 385References 387Further Reading 388Appendix B: Math: Risk and Resilience 389B.1 Expected Utility Theory 390B.1.1 Fault Trees 390B.1.2 Fault Tree Minimization 391B.1.3 XOR Fault Tree Allocation Algorithm 392B.2 Bayesian Estimation 392B.2.1 Bayesian Networks 392B.3 Exceedence and PML Risk 394B.3.1 Modeling EP 394B.3.2 Estimating EP From Data 395B.3.3 How to Process Time-Series Data 396B.4 Network Risk 397B.5 Model-Based Risk Analysis (MBRA) 398B.5.1 Network Resource Allocation 401B.5.2 Simulation 402B.5.3 Cascade Risk 402B.5.4 Flow Risk 402References 403Appendix C: Math: Spectral Radius 404C.1 Network as Matrix 404C.2 Matrix Diagonalization 404C.3 Relationship to Risk and Resilience 406C.3.1 Equation 1 406C.3.2 Equation 2 407Reference 407Appendix D: Math: Tragedy of the Commons 408D.1 Lotka-Volterra Model 408D.2 Hopf-Holling Model 408Appendix E: Math: The DES and RSA Algorithm 410E.1 DES Encryption 410E.2 RSA Encryption 410Appendix F: Glossary 412Index 414

Ted G. Lewis has over 35 published books to his credit, and extensive experience in both industry and academia. He served as a senior executive in DaimlerChrysler Corp, Eastman Kodak Company, and Oregon Advanced Computing Institute, as well as a professor of computer science at the University of Missouri-Rolla, University of Louisiana, Oregon State University, and the Naval Postgraduate School. Lewis was Editor-in-Chief of IEEE Software Magazine, IEEE Computer Magazine, and founded several of its periodicals.