The 2013 National Infrastructure Protection Plan identifies four lifeline infrastructure sectors: 1) water, 2) energy, 3) transportation, and 4) communications. These sectors are designated "lifeline" because many other infrastructures depend upon them. The drinking water subsector is part of the water sector, and the electricity subsector is part of the energy sector. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. The NIPP employs a five-step continuous improvement program called the Risk Management Framework. NIPP implementation is overseen by DHS-designated Sector-Specific Agencies staffed by various Federal departments. The Sector-Specific Agencies work in voluntary cooperation with industry representatives to apply the Risk Management Framework and document results in corresponding Sector-Specific Plans. The program began in 2007 and the most recent Sector-Specific Plans were published in 2016. In February 2013, President Obama issued Executive 13636 directing the National Institute of Standards and Technology to develop a voluntary set of recommendations for strengthening infrastructure cybersecurity measures. EO13636 also asked Federal agencies with regulating authority to make a recommendation whether the NIST Cybersecurity Framework should be made mandatory. The Environmental Protection Agency who is both the SSA and regulatory authority for the drinking water subsector recommended voluntary application of the NIST Cybersecurity Framework. The Department of Energy who is both the SSA and regulatory authority for the electricity subsector replied that it was already implementing the Electricity Subsector Cybersecurity Capability Maturity Model, which indeed was what the NIST Cybersecurity Framework was based on. The Department of Energy, though, recommended voluntary application of the ES-C2M2. This module will examine both the drinking water and electricity lifeline infrastructure subsectors, and elements and application of the NIST Cybersecurity Framework and ES-C2M2.
Course 2 of 4 in the Homeland Security and Cybersecurity Specialization.
Who is this class for: This course was designed for learners who currently work in the cybersecurity career field, are interested in working in the cybersecurity career field, or are just curious about the topic. While there are no specific prerequisites for this course, it does assume some common understanding about computers and the Internet. Similarly, while this is mostly a non-technical course, it does require analytical and problem-solving skills on the part of the learner. This course provides a general overview of cybersecurity as it relates to critical infrastructure protection and homeland security. In addition to examining various cybersecurity policies as they apply to the water, electricity, aviation, and Internet infrastructures, this course relates those practices to the broader mission of critical infrastructure protection identifying "who's who and what do they do". This course seeks to demonstrate the intimate relationship between homeland security and cybersecurity. If you are ready to pry open that Pandora's box, then this course is for you. I look forward to seeing you in the lectures. Cheers!
Module 5: Water Infrastructure & NIST Cybersecurity Framework
In this module we will examine the drinking water subsector and the NIST Cybersecurity Framework for strengthening this infrastructure's cybersecurity practices.
Module 6: Applied NIST Cybersecurity Framework
In this module we will take a closer look at the NIST Cybersecurity Framework and apply its tenets to different hypothetical situations. Also included in this module is course exam #3. Good luck!
Graded: Exam 3
Module 7: Electricity Infrastructure & ES-C2M2
In this module we will examine the North American electric grid and the Electricity Subsector Cyber Capability Maturity Model for strengthening this infrastructure's cybersecurity practices.
Module 8: Applied ES-C2M2
In this module we will take a closer look at the Electricity Subsector Cyber Capability Maturity Model and apply its tenets to different hypothetical situations. Also included in this module is course exam #4 and related project assignment. Good luck!
Graded: Exam 4
Graded: Starting a Cybersecurity Program