CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY

CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY DEFENDING A NETWORKED NATION Ted G. Lewis Naval Postgraduate School Monterey, California A JOHN WILEY & SONS, INC., PUBLICATION

CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY

CRITICAL INFRASTRUCTURE PROTECTION IN HOMELAND SECURITY DEFENDING A NETWORKED NATION Ted G. Lewis Naval Postgraduate School Monterey, California A JOHN WILEY & SONS, INC., PUBLICATION

Copyright # 2006 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com. Library of Congress Cataloging-in-Publication Data: Lewis, T. G. (Theodore Gyle), 1941 Critical infrastructure protection in homeland security: defending a networked nation/ted G. Lewis. p. cm. Published simultaneously in Canada. ISBN-13: 978-0-471-78628-3 ISBN-10: 0-471-78628-4 1. Computer networks Security measures United States. 2. Computer security United States Planning. 3. Terrorism United States Prevention. 4. Terrorism Government policy United States. 5. Civil defense United States. I. Title. QA76. 9. A25L5 2006 005.8 0973 dc22 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 2005026306

&CONTENTS Preface About the Author vii xi 1. Strategy 1 2. Origins 29 3. Challenges 49 4. Networks 71 5. Vulnerability Analysis 107 6. Risk Analysis 145 7. Water 193 8. SCADA 223 9. Power 249 10. Energy 291 11. Telecommunications 325 12. Internet 363 13. Cyber-Threats 397 14. Cyber-Security 429 v

&PREFACE This book explains why the various infrastructure sectors have evolved into today s critical infrastructures and then proposes several quantitative procedures for evaluating their vulnerability and establishing optimal policies for reducing these vulnerabilities. It is the first scientific study of the new field called critical infrastructure protection. By scientific I mean that I have tried to explain why infrastructure sectors as diverse as water supply systems and the Internet have surprisingly similar structures. Even more important, I propose a rigorous approach for studying these sectors that I believe is general enough to analyze fundamental sectors such as water, power, energy, telecommunications, and the Internet. The reader will learn how to apply quantitative vulnerability analysis to a variety of infrastructure sectors and then be able to decide the best way to allocate limited funding in such as way as to minimize overall risk. As far as I know, this is the first time anyone has tried to formalize and quantify the field of critical infrastructure protection. I have attempted to establish the foundations of a new discipline made necessary by the al-qaeda attacks on the United States on September 11, 2001 (9/11). Before 9/11, the security of infrastructure was taken for granted. It was unthinkable for anyone to purposely destroy power plants, cut off water supplies, disable voice and data communications, deny access to information-processing computers, and render the Internet useless. Consequently, these systems were optimized for profit, efficient operation, and low cost. Security was sacrificed for economy. This public policy in operation for more than a century has left nearly all infrastructure systems vulnerable to manmade destruction. The question addressed by this book is, what should be protected, and how? This question is nontrivial because of the enormous size and complexity of infrastructure in the United States. The solution is made even more challenging by the entangled regulatory and system interdependencies of the various infrastructure sectors. The answer is to allocate the nation s scarce resources to the most critical components of each infrastructure the so-called critical nodes. In short, the best way to protect infrastructure is to identify and protect (harden) the critical nodes of each sector. But what parts of these vast structures are critical? This question is key. I claim that the optimal policy for critical infrastructure protection is to identify and protect a handful of critical assets throughout the United States. For example, perhaps less than 100 essential servers maintain the World Wide Web. There are perhaps fewer than a dozen critical nodes in the nation s energy supply chain, and vii

viii PREFACE maybe as few as 1000 key links in the major power grids that all other sectors depend on so heavily. Chapter 1 surveys the national strategy and recommends five principles as guides for how to approach the protection of infrastructures. Although critical infrastructure protection is a massive problem, it turns out that a handful of principles can be applied to solve this problem, or at least to start the journey that will lead to a solution. Chapter 1 also analyzes the national strategy and points out several gaps between the ideal approach and the reality. In Chapter 2, I briefly review the history of infrastructure protection from the 1962 Cuban Missile Crisis to the formation of the U.S. Department of Homeland Security in 2003. This historical account of how the United States became aware of, and concerned for, infrastructures sets the stage for subsequent chapters. However, it does not offer any solutions to organizational and structural problems that plague government. I leave this challenge to another author. Chapter 3 surveys some challenges to protecting the nation s infrastructures and key assets. This necessity is preliminary so that the reader can put the challenges into perspective and understand why I have narrowed the study of infrastructures down to a much smaller subset than actually exists. I have attempted to carve out a small enough territory that it can be adequately covered in a single book. In Chapters 4 6, I establish the theory needed to master critical infrastructure protection as a scientific, formal discipline. I begin by claiming that all infrastructures of interest can be represented as a network of connected components called nodes. These nodes are connected by links. By simply counting the number of links at each node, I can identify the critical nodes. In most cases, there are one or two critical nodes, which reduces the problem of protection by several orders of magnitude. In this way, the concept of an infrastructure as a network is established and used to reduce the complexity of size a challenge we need to surmount because of the vastness of each critical infrastructure. Without network theory, the problem is too large we can never protect every mile of railroad, every power line, and every telephone pole. Only through network analysis can we reduce the problem of critical infrastructure protection to a workable (and solvable) problem! Chapters 5 and 6 describe a method of vulnerability analysis and risk assessment based on network theory and the reliability engineer s fault tree technology. In these two chapters, I present a five-step vulnerability and risk assessment process that uses estimates of the cost and probability of an attack to compute an investment strategy aimed at reducing risk in the most effective way. Chapter 5 is focused on modeling the infrastructure as a fault tree, and Chapter 6 is focused on computing the best way to allocate the risk reduction budget. The first step in the process described in Chapters 5 and 6 is to model the infrastructure as a network, find the critical nodes of this network, and then represent the structure of the critical node as a fault tree. The fault tree is converted into an event tree that enumerates all possible vulnerabilities and combinations of vulnerabilities. The fault and event trees identify the single- and multiple-combination events as well as the most-probable events that may occur because of threats.

PREFACE ix Chapter 6 describes a variety of risk assessment algorithms. The idea is to allocate limited resources (money) in an optimal fashion such that overall risk is minimized. But how is vulnerability and risk defined? And what is the objective of resource allocation? Is it to reduce risk, eliminate all vulnerabilities, or simply prevent the worst thing from happening? As it turns out, we must decide which strategy is best, from among several competing strategies. This method of assessment called model-based vulnerability analysis (MBVA) for obvious reasons is based on sound principles of logic, probability, and cost minimization. MBVA provides the policy maker with a scientific answer to the questions, what is worthwhile protecting, and by how much? MBVA is the only known method of vulnerability analysis and risk assessment that combines asset identification with quantitative analysis to reach a policy decision. It tells the decision maker how much money to spend on protecting the most critical components of the infrastructure. Chapters 7 14 simply apply the MBVA technique to level 1 infrastructures: water, power and energy, information (telecommunications, Internet, Web, and cyber-security), and the monitoring and management networks that control them (SCADA). Power and energy are treated separately because of their size and complexity. The information sector is discussed in several chapters because it is a large and important topic. Unfortunately, the remaining eight major sectors defined by the national strategy are not covered in this volume because of their shear size and complexity. There are several companions to this book: a website at http://www.chds.us, a CD containing audio and video lectures and articles, and the software described in this book. Both of these companions contribute more depth to the subject. The electronic media (Web and disk) contain executable programs for demonstrating concepts and reducing the mathematical labor during vulnerability analysis. Program FTplus.html",4>FTplus.html (FT.jar",4>FT.jar on the desktop), for example, performs the optimal resource allocation calculations described in Chapter 6. The RSA program calculates a public key and encrypts text automatically, thus providing the reader with hands-on tools for studying encryption. Other programs perform simulations, such as POWERGRAPH, which shows how a scale-free network emerges from a random network the basis for today s critical infrastructure architectures. A program called TERMITES reinforces one of the most important concepts of this book: how and why critical nodes are formed. TER- MITES illustrates clustering the concentration of assets around one or more critical nodes, which then become the most vulnerable components of all. A novel program called NetworkAnalysis.html (a.k.a. NA.jar on the desktop) uses complex adaptive system algorithms to allocate resources to networks that tend to fail by cascading, such as the power grid. This program computes the best way to protect an infrastructure by allocating resources optimally to critical components of the infrastructure. FTplus.html and NetworkAnalysis.html run from within any standard browser whether on a Microsoft Windows or Apple Macintosh computer. NA.jar and FT.jar run as stand-alone desktop applications and allow you to save your work

x PREFACE as a local file. The source code is available as well, so you can modify it and do your own research. In addition, the website and disk contain several audio tracks of the materials covered in the book. The audio tracks may be downloaded into a computer and then into an MP-3 player for mobile learning. For example, the 2003 National Strategy for the Protection of Critical Infrastructure and Key Assets is available as a collection of several audio tracks. For history and political science students, the foundational presidential directives (PDD-39, PDD-63, and HSPD-7) have been similarly transcribed into an audio book and are available online and on the disk. This book is one component of blended learning the combination of text, audio/video disk, and Web page. Specifically, several electronic lectures have been produced for online and CD viewing. All you need is a browser and either access to http://www.chds.us or a copy of the companion CD. The audio/ video streaming lectures are tuned to this book, the website, and other content, such as the software for simulating various sectors and demonstrating vital concepts. In this way, the self-taught learner or classroom instructor can elect to learn by reading, listening, looking, or through participation in a traditional classroom setting. I began developing the ideas for this book in the fall of 2002 and published a draft textbook in 2003. The material was class-tested in 2004, revised, and republished in 2004 2005. This book, the website, and the associated electronic media have been used extensively to teach a course labeled, CS 3660 Critical Infrastructure: Vulnerability and Analysis one of a dozen courses given to military and civilian students enrolled in the Master of Arts in Security Studies, Homeland Defense, and Security curriculum at the Naval Postgraduate School, Monterey, CA. It is appropriate for upper division undergraduate and first-year graduate students majoring in national security, computing, and policy subjects where both policy and technical decisions are analyzed. Although it has been thoroughly class tested, it is still now without flaws. I take responsibility for any errors, inconsistencies, and exaggerations that may still exist in this edition. I would like to thank my students for their insights, feedback, and contributions to this work. They have taught me well! Additionally, I would like to thank Steve McNally of Bellevue University, Hilda Blanco, University of Washington, and her students, for giving feedback on early drafts of this book. Joe Weiss was invaluable as a careful reader and critic of the SCADA chapter. Rudy Darken made many important contributions to the ideas and delivery methods used over 2 years of class testing. TED G. LEWIS December 2005

&ABOUT THE AUTHOR Ted G. Lewis has a distinguished 35-year career as a computer scientist, author, businessman, and scholar. His undergraduate degree is in Mathematics from Oregon State University (1966), and his graduate degrees were awarded in 1970 (M.S. Computer Science) and 1971 (Ph.D. Computer Science) from Washington State University. Since 1971 he has participated in several significant firsts : In the late 1970s, he wrote the first personal computer book (How to Profit From Your Personal Computer); in 2002, he co-created, with Paul Stockton, the first graduate degree program in Homeland Security. In between, Lewis helped create the first Internet Car while serving as President and CEO of DaimlerChrysler Research and Technology, North America. During his technical career, he invented several important algorithms in software engineering (horizontal vertical algorithm for deadlock detection); parallel processing (static scheduling of parallel programs on arbitrary architectures); and the model-based vulnerability analysis method of critical infrastructure risk assessment. And now he has written the first textbook to establish the study of critical infrastructure protection as a formal, scientific discipline. He has over 100 publications, including over 30 books. In 1997 1999, his books, Friction-Free Economy and Microsoft Rising documented the technical and economic forces that shaped the Internet Bubble, and in March 2000, he predicted its precipitous fall (IEEE Computer Magazine, March 2000). He is perhaps best known to the members of the IEEE Computer Society for a series of provocative articles appearing in the Binary Critic column of IEEE Computer from 1995 to 2000. His management experience began in 1988 as Technical Director of the Oregon Advanced Computing Institute. During 1993 1997, he was chairman of the Computer Science Department at the Naval Postgraduate School, and during 1999 2000, he was CEO of DaimlerChrysler Research and Technology NA in Palo Alto, CA. From 2001 to 2002, he was Senior Vice President of Digital Development for the Eastman Kodak Company. Currently, he is professor of Computer Science and Academic Associate of the Homeland Defense and Security curriculum at the Naval Postgraduate School. With the much-awaited publication of Critical Infrastructure Protection in Homeland Security, Professor Ted Lewis has provided Homeland Security specialists, law enforcement personnel, emergency managers, critical infrastructure experts and those whose day-to-day duties involve infrastructure security and protection with a timely, relevant and invaluable resource for defending the very essence of the American homeland. Lucidly written, perceptively analyzed and exhaustively xi

xii ABOUT THE AUTHOR researched, Critical Infrastructure Protection in Homeland Security is a work that reflects the concerns of our time while providing a viable blueprint for protecting our shared technological heritage. For those interested in critical infrastructure protection, Homeland Security and national defense, there is no better one-stop resource than this book. Read it, and you ll never be in the dark again when it comes to critical infrastructure protection. David Longshore, New York City Homeland Security Liaison Professor Lewis s definitive textbook on critical infrastructure protection is a fascinating study of one of the challenges facing the nation in combating terrorism. In clear and concise language he establishes the foundation for his theory that critical infrastructure sectors are networks of critical nodes and links. Through network analysis, he identifies the most critical components of water systems, telecommunication systems, power grids, energy supply chains, and cyber systems such as the Internet and the World Wide Web. This is a must-read for anyone who wants to understand how to protect the nation s most-valuable physical assets. Richard Elster, Provost, Naval Postgraduate School

&CHAPTER 1 Strategy What is the motivation for studying critical infrastructure protection? What are the central issues that need to be addressed to create a meaningful strategy for dealing with threats against infrastructure? Moreover, what is the national strategy? This chapter introduces the reader to the national strategy for the protection of critical infrastructure; identifies the roles and responsibilities of the federal, state, and local governments; lays out the approach being taken by the Department of Defense (DOD), and the newly created Department of Homeland Security (DHS), and then postulates five strategic principles of critical infrastructure. This chapter makes the following claims and arguments: 1. Protection of critical infrastructure such as water, power, energy, and telecommunications is vital because of the impact such destruction would have on casualties, the economy, the psychology, and the pride of the nation. 2. Homeland defense and homeland security differ: The DOD is responsible for defense; and federal, state, and local governments are responsible for security. This division of responsibility defines roles and responsibilities of each, but their intersection say along the borders and coastline remains blurred at this time. 3. Federalism dictates a division of labor across federal, state, and local jurisdictions. The DHS is responsible for cross-sector roles such as standardization, research, and education. Delegation of major responsibility for critical infrastructure protection to state and local government is suboptimal, because nearly all critical infrastructure spans counties, states, and regions of the country. 4. When it comes to critical infrastructure protection, we will learn that it takes a network to fight a network. The United States and its collaborating cities, states, and regional partners are organized as a hierarchical bureaucracy. In other words, the nation is not network-centric. On the other hand, the organizational architecture of terrorist organizations is a network, which means they can flex and react quickly much more quickly than hierarchical Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation, edited by Ted G. Lewis Copyright # 2006 John Wiley & Sons, Inc. 1

2 STRATEGY organizations. By understanding network architectures in general, we will be able to apply network theory to both organizational and physical structures. 5. Network-structured critical infrastructure sectors can be protected most effectively by identifying and securing the hubs, not the spokes of each infrastructure sector, Hence, the best strategy for infrastructure protection will be based on identification and protection of these hubs. It is called critical node analysis, because hubs will be shown to be the critical nodes. 1 6. The optimal strategy for critical infrastructure protection will follow the familiar 80 20% rule: 80% of our resources should be spent on 20% of the country. Although this national strategy is most effective for preventing attacks on infrastructure, it may not be politically feasible, because it does not distribute funding everywhere only where it can be used in the most effective manner. 7. In addition to an uneven distribution of funding to prevent failures in critical infrastructure, we must learn to think dual-purpose. Most critical infrastructure is in the hands of corporations whose first responsibility is to shareholders, and not to homeland security. Therefore, one way to coax the necessary investment from profit-making private sector corporations is to couple investments in security with productivity and efficiency enhancements. 8. Critical infrastructure is too vast and complex to protect it all. The attacker has the luxury of attacking anytime, anywhere, using any weapon. As defenders we have the duty to protect everything, all the time, with infinite funding. Assuming we have less-than-infinite resources, our only alternative is to think asymmetric. Asymmetric thinking means thinking of new ways to protect our vast and complex infrastructure from attack. It means we must be clever. 9. Perhaps the biggest claim made by the author in this chapter is that critical infrastructure responsibility has to reside at the federal level because intelligence gathering and analysis is controlled by federal organizations, most infrastructure is controlled by interstate commerce laws at the federal level and therefore not local, and local communities are ill-prepared to wage war on global terrorism. DEFINING CRITICAL INFRASTRUCTURE The phrase, critical infrastructure protection, did not appear in print until 1997, but the concept of infrastructure security has been evolving ever since the 1962 Cuban Missile Crisis, when President Kennedy and Premier Khrushchev had difficulty communicating with one another because of inadequate telecommunication technology. Therefore, telecommunications is the first sector to be considered critical. But it would take decades for the United States to become aware of the importance of other sectors an evolution described in more detail in Chapter 2. 1 Critical nodes will be synonymous with hubs, in this book.

DEFINING CRITICAL INFRASTRUCTURE 3 The Marsh Report (1997) and the subsequent executive order EO-13010 (1998) provided the first definition of infrastructure as a network of independent, mostly privately-owned, man-made systems that function collaboratively and synergistically to produce and distribute a continuous flow of essential goods and services. A critical infrastructure is, an infrastructure so vital that its incapacity or destruction would have a debilitating impact on our defense and national security. 2 Critical infrastructure could also have become known as vital infrastructure, according to this early definition. An infrastructure is considered critical because it is vital to national security, but the Marsh Report does not provide a concise definition of the term vital. Indeed, one primary challenge of critical infrastructure will be the determination of which assets should be protected and which ones should not. It is primarily an issue of resource allocation, or the process of committing dollars, people, equipment, and legal assets to the prevention of attacks on various sectors. Resource allocation goes beyond target hardening and encompasses the formulation of a strategy to protect vital assets. Today s definition of critical infrastructure includes 11 sectors and 5 key assets. This definition has grown out of an earlier definition that included only five sectors and is likely to expand even further over the next decade. According to the national strategy, critical infrastructure and key assets encompass the following sectors: 1. Agriculture and food 2. Water 3. Public health 4. Emergency services 5. Defense industrial base 6. Telecommunications 7. Energy 8. Transportation 9. Banking and finance 10. Chemicals and hazardous materials 11. Postal and shipping The key assets are as follows: 1. National monuments and icons (Statue of Liberty) 2. Nuclear power plants 3. Dams 4. Government facilities (offices and governmental departments) 5. Commercial key assets (major skyscrapers) 2 Critical Foundations: Protecting America s Infrastructures, The Report of the President s Commission on Critical Infrastructure Protection, October 1997.

4 STRATEGY Critical infrastructure protection is defined as the strategies, policies, and preparedness needed to protect, prevent, and when necessary, respond to attacks on these sectors and key assets. This definition, and how it evolved out of the Cuban Missile Crisis, is explored in greater detail in Chapter 2. THE IMPORTANCE OF STRATEGY The definition of critical infrastructure is evolving, and so is the strategy for protecting the various sectors that make up critical infrastructure. What is the national, state, city, and local level strategy for protection of these vital systems and services? Are the strategies adequate? Do they lead to a safer and more secure infrastructure? Answering these and related questions is the aim of this book. To reach the answer, however, it is necessary to understand the regulatory, technical, and dynamic structure of each sector. This task is daunting because of the enormous size and complexity of each individual sector. Furthermore, we know that each sector is interdependent with others, which complicates the problem even more. It is why we need an overarching strategy. Hence, the first step in the study of critical infrastructure protection is to establish a framework that will set a course for successful policies at the national, state, and local levels. We need to understand what we mean by strategy. Johnson and Scholes 3 define strategy as follows: Strategy is the direction and scope of an organization over the long-term: which achieves advantage for the organization through its configuration of resources within a challenging environment, to meet the needs of markets and to fulfill stakeholder expectations. Although this definition is aimed at business managers, it serves us well because the problems of critical infrastructure protection, like the problems of industry, are organizational, technical, and resource allocation problems. Similarly, strategy is a long-term plan, and we know that the war on terrorism is a long-term war. There will be no quick fixes to the problem of critical infrastructure protection. Additionally, the elements of infrastructure size and complexity exist in a challenging environment the challenge posed by terrorism. Finally, the American public has high expectations for success on the part of federal, state, and local governments in their efforts to protect the most valuable and essential components of modern life our water, power, energy, telecommunications, Internet, and other infrastructure sectors. Any strategy for securing these assets must be perfect; the citizens of the United States will not tolerate near-perfection. Strategy is important because it provides a roadmap for solving complex problems involving organizations, technologies, and resource allocation within a 3 G. Johnson and K. Scholes, Exploring Corporate Strategy: Text and Cases. Englewood Cliffs, NJ: Prentice-Hall, 2001.

THE IMPORTANCE OF STRATEGY 5 challenging environment. This description accurately describes the situation with respect to homeland security. But, the question is, what is a winning strategy for the United States? What is the current national strategy, and is it adequate? Actually, there are several strategies in play at this time. First, there is a difference between homeland defense and homeland security. The DOD has responsibility for homeland defense, which the author defines as all defense activities outside of the country, or when called upon and under civilian control, within the country. 4 Nonetheless, the strategy of the DOD is instructive because it provides an example that illustrates the division of roles and responsibilities between civilian and military organizations. It also illustrates one of the most vexing organizational problems in the war on global terrorism that of establishing who is in control and of what they are controlling. DOD Strategy: Layered Defense The homeland defense strategy articulated by the DOD is called a layered defense. The term layered means different approaches are applied to different layers regions of the world, depending on the geopolitical environment. The goal of this strategy is to suppress and deter threats from as far away as possible, first and foremost, and then suppress and deter the threat layer by layer, as the threat approaches our borders. The first layer starts with other countries (Afghanistan and Iraq). The next layer is on the High Seas (Navy), within a 300-mile buffer for commercial shipping, then at the 12-mile zone with the Coast Guard, and finally at the border, with the cooperation of U.S. Customs. If called in by civilian authorities, the DOD s role is to provide assistance within the border through a newly formed Northern Command. Layered defense is a well-known ancient strategy. It was used by Rome to hold the barbarians at bay. The strategy is as effective today as it was then, as long as the threat is the same. Unfortunately, the threat of chemical, biological, radiological, nuclear, and asymmetric explosive attacks is radically different today than 2000 years ago. Asymmetric conflict brings the battle home, inside the borders. Hence, the layered strategy of DOD is only part of the answer. A domestic strategy is needed, because the global war on terrorism is not restricted to the other side of the border. DHS Strategy: Preparedness, Response, and Research The DHS was legally created in 2002 and physically implemented in 2003 to address the problem of security within our borders. The roles and responsibilities of the DHS 4 At the time of this writing, homeland defense was undergoing revision. In an Army document dated April 1999, the term was described as follows: There is currently no definition of homeland defense. The proposed definition shows the Army s mission to protect our territory, population, and critical infrastructure by; deterring/defending against foreign and domestic threats, supporting civil authorities for crisis and consequence management, and helping to ensure the continuance [of] critical national assets. http://www.fas.org/spp/starwars/program/homeland/executive-overview.htm.

6 STRATEGY are still evolving, but at a minimum, its responsibility is to protect the citizens of the United States through bolstering of:. Intelligence and warning. Border and transportation security. Domestic counter-terrorism. Critical infrastructures and key assets. Defending against catastrophic terrorism. Emergency preparedness and response Indeed, the terrorist attack of September 11, 2001 (9/11) was an attack on banking and finance, using the transportation sector. Therefore, two critical infrastructure sectors have already been attacked or involved in a major attack. The devastation of 9/11 demonstrates that attacks on infrastructure can result in massive casualties, sizeable economic, political, and psychological damage, not to mention damage to the American psyche. These are collectively called attacks on the American Way of Life and because of the potential to disrupt an entire society, critical infrastructure protection must be one pillar of the homeland security strategy. The importance of infrastructure protection has steadily risen over the past 40 years, as described in Chapter 2. The importance of a national strategy for the protection of critical infrastructure and key assets has yet to mature. The components of a national strategy are in the process of evolving starting with the Stafford Act of 1988, which established the Federal Emergency Management Agency (FEMA) for coping with natural disasters; to the Nunn-Lugar-Domenici Act of 1999, which provided for defense against weapons of mass destruction (WMDs); and finally, to the DHS (HSPD-7) declaration by President Bush in late 2003. Therefore, by 2004, the outlines of a national strategy were known, but not fully implemented. In the next section, we dissect the national strategy for homeland security as it pertains to the protection of infrastructure. The final section of this chapter will go one step further and describe a set of strategic principles for guiding future policies. HOMELAND SECURITY AND CRITICAL INFRASTRUCTURE What are the roles and responsibilities of the federal government? What are the responsibilities of state and local governments? These questions were addressed (if not fully answered) by the 2003 National Strategy, which is summarized here as follows: 1. Take stock of our most critical facilities, systems, and functions and monitor their preparedness across sectors and governmental jurisdictions. The first step in any vulnerability analysis is to take inventory find out what you have, and how it works. This process was started in 2003 and continues today. State and local governments are required to perform an analysis of critical infrastructure every 3 years. But this requirement is problematic, because at this stage, it is