MGT405: Critical Infrastructure Protection
Good overview of how different types of cyber attacks and examples of how CI can be physically or virtually impacted.
The critical infrastructure of a nation is the system of highly complex and interdependent physical and cyber-based assets essential to the minimum operations of a nation's economy and government. It includes, but is not limited to, communications, energy, banking and finance, transportation, water supply, and emergency services. It could be owned and operated by the government or the private sector, or both. Much of our nation's critical infrastructure has historically been physically and logistically separated; they were systems that had little interdependence. But as a result of advances in information technology over the past several decades and the necessity of improved efficiency, these systems and assets have become increasingly automated and interlinked. Unfortunately, these same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks. Addressing these vulnerabilities requires flexible and evolutionary approaches that span both the public and private sectors and protect both domestic and international security.
Because of imbalances in military strengths, our future enemies - including nations, groups, or individuals - may seek to harm us in non-traditional ways, such as attacks within our country against our critical infrastructure. Our economy is increasingly reliant upon interdependent and cyber-supported infrastructures, making attacks on our infrastructure and information systems capable of significantly harming both our military power and our economy. This new threat is visible in the terrorist attacks on the World Trade Center in 1993 and 2001, Timothy McVeigh's truck bomb attack on the Alfred P. Murrah Federal Building in Oklahoma City in 1995, natural events (such as category five hurricanes), and the growing number of cyber espionage attacks against the military, civil government, and the private sector in the past few years.
This course begins by examining in depth the events of the past 20 years, including the lessons learned about the interdependencies of the critical infrastructures following the Oklahoma City bombing and the terrorist attacks against the World Trade Center and what we learned in the aftermath of hurricanes Katrina and Rita in the summer of 2005. While there are many cross-sector interdependencies to consider, we will focus on the dependence of the various infrastructure sectors on the Internet and the impact of highly complex computer controlled systems. We will also discuss the creation of the US Department of Homeland Security and its role in protecting the nation's critical infrastructures from cyber intrusions.
Authored and presented by one of the nation's leading experts on critical infrastructure protection and cyber warfare, you will receive detailed explanations of specific pervasive Internet technical problems and conduct in-depth examinations of the types of attacks that might do the most harm to your organization and your infrastructure sector. We will take a comprehensive look at the current Internet governance model, and you will learn how to develop business continuity and disaster recovery plans to counter current cyber threats and threat actors that take advantage of this model. You will also gain knowledge about the new directions being taken by criminals, terrorists, spies, and nation states and what our nation is planning to do for the defense of our critical infrastructure against these new threats. Finally, you will learn how to protect your networks from the dangers lurking in cyberspace while developing a full understanding of emerging techniques used to detect and contain outbreaks of malicious activity on the Internet.
This class is designed to give the student a full examination of the scope of critical infrastructure vulnerabilities, the dependence of critical infrastructures on the Internet, and Internet security problems. No laptop is required, but the subject material requires at least a working knowledge of computer networks and business decision making. The ideal student is a manager, supervisor, senior engineer, or other professional with a strong working knowledge of plant operations or a government official with responsibilities for CIP policy development wanting to learn more about the interdependence of critical infrastructures and the dangers posed by the global Internet.
Proof of Eligibility
Note: Due to the sensitivity of the course subject and the focus on the North American critical infrastructure, this course is only available to citizens of the United States or Canada currently living and working in those countries and government employees of Australia, New Zealand, and the United Kingdom.
Proof of eligibility will be required when checking in at the training event as well as when entering the classroom. Documents that can be used to prove citizenship or government employment include:
US and Canadian Participants:
- Documentation showing that you are a resident of the US or Canada (such as a state/province driver's license or a utility bill addressed to your home) AND
- Proof of US or Canadian citizenship via one of the following:
- Current US or Canadian military, federal, state, or province government employee ID card
- US or Canadian passport
- Birth certificate issued by a US or Canadian hospital
- Voter registration card from a US or Canadian voting authority
- Certificate of naturalization
- Other document that can prove US or Canadian citizenship (driver's licenses DO NOT prove citizenship but can be used to prove residency)
Australia, New Zealand, and United Kingdom Participants:
Students will need to provide proof of citizenship and employment in the government in order to attend class.
- Current military or civilian government employee ID card and a passport issued by Australia, New Zealand, or the United Kingdom
What You Will Receive
In this course, you will receive the following:
- MP3 audio files of the complete course lecture
*CPE/CMU credits not offered for the SelfStudy delivery method