Critical Infrastructure: Homeland Security and Emergency Preparedness, Third Edition, 3rd Edition (Hardback) book cover

Critical Infrastructure

Homeland Security and Emergency Preparedness, Third Edition, 3rd Edition

By Robert S. Radvanovsky, Allan McDougall

CRC Press

283 pages

Purchasing Options:$ = USD
Hardback: 9781466503458
pub: 2013-04-11
eBook (VitalSource) : 9780429253287
pub: 2013-04-11
from $28.98

FREE Standard Shipping!


Since the initial inception of this book, there have been significant strides to safeguard the operations of our world’s infrastructures. In recent years, there has also been a shift to more fluid postures associated with resilience and the establishment of redundant infrastructure. In keeping with the fast-changing nature of this field, Critical Infrastructure: Homeland Security and Emergency Preparedness, Third Edition has been revised and updated to reflect this shift in focus and to incorporate the latest developments.

The book begins with the historical background of critical infrastructure and why it is important to society. It then explores the current trend in understanding the infrastructure’s sensitivity to impacts that flow through its networked environment. Embracing an "all-hazards approach" to homeland security, critical infrastructure protection and assurance, and emergency management, the authors examine:

  • The National Response Framework (NRF) and how it can be applied globally
  • The relationships between the public and private sectors, and the growing concept of public-private partnerships
  • The shift from the need-to-know paradigm to one based on information sharing, and the nature of necessary controls as this shift continues
  • The need for organizations to adopt resilient planning, implementation, and decision-making processes in order to respond to changes within the threat environment
  • What, where, why, and how risk assessments are to be performed, and why they are needed
  • The impact of new regulation, individually applied self-regulation, industry and government regulation, and law enforcement

In the final chapters, the book discusses current information sharing and analysis centers (ISACs), distributed control systems, and supervisory control and data acquisition (SCADA) systems and their challenges. It concludes by exploring current challenges associated with establishing a trusted network across various sectors—demonstrating how models of information can be categorized and communicated within trusted communities to better assure the public-private relationship.



Table of Contents

Introduction to Critical Infrastructure Assurance and Protection

What Is Critical Infrastructure?

What Is the Private Sector?

What Is the Public Sector?

What Is CIP?

What Is CIA?

What Are Public-Private Partnerships?

Critical Infrastructure Functions

Evolution of Critical Infrastructure

Demand, Capacity, Fragility, and the Emergence of Networks

What Are We Trying to Protect? The Concept of Capacity

Demand: The Reason for Capacity

At the Regional (Small System) Level


Dissolution and Convergence: An Emerging Risk

Marking the Journey

Beyond National Frameworks

Meeting the Dragons on the Map

Who Owns the Treasure?

What Value?

Target Audiences

Applying the NRF to National Response Efforts

How Does the NRF Tie in with Local Activities?

Areas of Potential Risk or Concern

Public-Private Partnerships

What Is a Public-Private Partnership (P)?

The P Spectrum

Establishment of New Capacity

Maintenance of Existing Capacity

Networked User Fees and the Need for Oversight

Other Forms of Public-Private Cooperation and the Erosion of Governance

Balancing Points

The Reinvention of Information Sharing and Intelligence

Data vs Information vs Intelligence

The Importance of Background to Context

Context Affecting Sensitivity

Enter the Cloud

The Cloud as an Amplifier

Clouds and Concealed Conduits

Linking the Trusted Computing Base and User Communities

Barriers to Information Sharing

The Rise of Open Sources

Open-Source Information and Intelligence

An Approach to Information Sharing—The Consequence-Benefit Ratio

Emergency Preparedness and Readiness

The Rise of Core Offices

First Responder

First Responder Classifications

Guideline Classifications

Example: North American Emergency Response Guidebook

Awareness-Level Guidelines

Performance-Level Guidelines

Operational Levels Defined

Level A: Operations Level

Level B: Technician Level

Know Protocols to Secure, Mitigate, and Remove HAZMAT

Additional Protective Measures

Understand the Development of the IAP

Know and Follow Procedures for Protecting a Potential Crime Scene

Know Department Protocols for Medical Response Personnel

National Fire Prevention Association

OSHA Hazardous Waste Operations and Emergency Response

Skilled Support Personnel

Specialist Employee

DOT HAZMAT Classifications

Importance of Implementing an Emergency Response Plan

Security Vulnerability Assessment

What Is a Risk Assessment?

Methods of Assessing Risk

Threat Risk Equations

Comparison of Quantitative vs Qualitative Risk Assessments

Challenges Associated with Assessing Risk

Other Factors to Consider When Assessing Risk

What Is an SVA?

Reasons for Having an SVA

What Is a Threat?

What Is Vulnerability?


Vulnerability Assessment Framework

Reasons for Using the VAF

Federal Information Systems Control Auditing Manual

General Methodologies of FISCAM Auditing

What Are General Controls?

What Are Application Controls?

Caveats with Using an SVA

How the SVA Is Used

Audience of an SVA

Initial SVA Plan

Necessary Steps of an SVA

Critical Success Factors

VAF Methodology

Initial Steps of the VAF

VAF Step 1: Establish the Organization MEI

VAF Step 2: Gather Data to Identify MEI Vulnerabilities

VAF Step 3: Analyze, Classify, and Prioritize Vulnerabilities


The Role of Oversight

The Effect of Globalization

Conventions, Laws, and Regulations

Guidance and Best Practices

Prescriptive vs Performance Based

Impact on Criminal, Administrative, and Civil Law

Potential Abuses of Authority and Credibility

Government vs Industry Self-Regulation

Knowledge Gaps Arising from Performance-Based Regulation

Predictability in Prescriptive Systems: A Systemic Vulnerability

Information Sharing and Analysis Centers

What Is a Critical Infrastructure Asset?

What Is an ISAC?

Advantages of Belonging to an ISAC

Access to ISAC Information

Expanded ISAC Services

Surface Transportation ISAC

Supply Chain ISAC

Public Transit ISAC

American Public Transportation Association

Association of American Railroads

Transportation Technology Center, Inc


Water ISAC

Association of State Drinking Water Administrators

Water Environment Research Foundation

Association of Metropolitan Water Agencies

Association of Metropolitan Sewage Agencies

National Association of Water Companies

American Water Works Association

AWWA Research Foundation

Financial Services ISAC

Science Applications International Corporation

Electricity Sector ISAC

Emergency Management and Response ISAC

Information Technology ISAC

National Coordinating Center for Telecommunications

Communications Resource Information Sharing

Government Emergency Telecommunications Service

Telecommunications Service Priority

Shared Resources High Frequency Radio Program

Network Reliability and Interoperability Council

National Security Telecommunications Advisory Committee

Wireless Priority Services

Alerting and Coordination Network

Energy ISAC

Energy Sector Security Consortium

Chemical Sector ISAC

Chemical Transportation Emergency Center (CHEMTREC®)

Healthcare Services ISAC

Highway ISAC

Cargo Theft Information Processing System

American Trucking Associations


Food and Agriculture ISAC


Food Marketing Institute

Multistate ISAC

ISAC Council

Worldwide ISAC

Real Estate ISAC

The Real Estate Roundtable

Research and Educational Networking ISAC

Biotechnology and Pharmaceutical ISAC

Maritime ISAC

Maritime Security Council

Marine Transportation System National Advisory Council

Supervisory Control and Data Acquisition

What Are Control Systems?

Types of Control Systems

Components of Control Systems

Vulnerability Concerns about Control Systems

Adoption of Standardized Technologies with Known Vulnerabilities

Connectivity of Control Systems to Unsecured Networks

Implementation Constraints of Existing Security Technologies

Insecure Connectivity to Control Systems

Publicly Available Information about Control Systems

Control Systems May Be Vulnerable to Attack

Consequences Resulting from Control System Compromises




Threats Resulting from Control System Attacks

Issues in Securing Control Systems

Methods of Securing Control Systems

Technology Research Initiatives of Control Systems

Security Awareness and Information Sharing Initiatives

Process and Security Control Initiatives

Securing Control Systems

Implement Auditing Controls

Develop Policy Management and Control Mechanisms

Control Systems Architecture Development

Segment Networks between Control Systems and Corporate Enterprise

Develop Methodologies for Exception Tracking

Define an Incident Response Plan

Similarities between Sectors

US Computer Emergency Readiness Team CSSP

Control Systems Cyber Security Evaluation Tool (CSET)

SCADA Community Challenges

The Future of SCADA

SCADA Resources

Critical Infrastructure Information

What Is Critical Infrastructure Information?

How Does the Government Interpret CII?

Exemption 3 of the FOIA

Exemption 4 of the FOIA

Section 214 of the Homeland Security Act

Enforcement of Section 214 of the Homeland Security Act

What Does "Sensitive but Unclassified" Mean?

Information Handling Procedures

Freedom of Information Act

Need to Know

"For Official Use Only"

Enforcement of FOUO Information

Reviewing Web Site Content

Export-Controlled Information

Enforcement of Export-Controlled Information

Source Selection Data

Enforcement of Source Selection Data

Privacy Information

Enforcement of Privacy Information

Unclassified Controlled Nuclear Information

Enforcement of UCNI

Critical Energy Infrastructure Information

Enforcement of CEII

Controlled Unclassified Information

Lessons Learned Programs


Sensitive Unclassified Nonsafeguards Information (SUNSI)

Safeguards Information (SGI)




About the Authors

Bob Radvanovsky is an active professional in the United States with knowledge in security, risk management, business continuity, disaster recovery planning, and remediation. He has significantly contributed to establishing several certification programs, specifically on the topics of critical infrastructure protection and critical infrastructure assurance. Bob has special interests and knowledge in matters of critical infrastructure, and has published a number of articles and white papers regarding this topic. He has worked with several professional accreditation and educational institutions, specifically on the topics of homeland security and critical infrastructure protection and assurance.

Allan McDougall is recognized as a technical expert in the corporate security management domain and has participated in a number of emerging endeavors, including the Strategic Leadership in Government Security and other courses. Within the private sector, his desire to look toward sound and innovative solutions has him involved in efforts to professionalize critical infrastructure protection, including the development of certification level training. He is certified as a Professional in Critical Infrastructure Protection, Certified Master Antiterrorism Specialist, and Certified Information Systems Security Professional. Allan’s primary focus is on the transportation sector, where he works within a number of communities.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Security / General
HOUSE & HOME / Security
LAW / Forensic Science
SOCIAL SCIENCE / Disasters & Disaster Relief