The Critical Infrastructure Higher Education Initiative (CI HEI) was a highly successful five year partnership between the Center for Infrastructure Protection and Homeland Security (CIP/HS) at George Mason University and the U.S. Department of Homeland Security, Office of Infrastructure Protection (OIP). In support of OIP’s efforts to construct a comprehensive higher education system to produce and sustain the nation’s critical infrastructure workforce, CI HEI created and disseminated critical infrastructure security and resilience (CISR) higher education materials including curricula, case studies, and reading resources. These interdisciplinary educational resources were completely free and available for use by academic institutions across the country and around the world.
Since its inception in 2012, CI HEI course materials have been used in 23 undergraduate and graduate courses by 15 colleges and universities across the country and in programs and disciplines as varied as engineering, business administration, homeland and national security, emergency management, urban planning, and public policy. A total of 28 course syllabi were developed – 13 standalone courses (including the Foundational of CISR modularize courses), 5 certificate courses, and 8 courses making up a Masters of Public Administration concentration. In addition, 6 case studies and 3 classroom/ table top exercises were created. All resources were developed through collaboration with external subject-matter experts from the public and private sectors as well as the academic community; the courses cover topics such as resilience, risk management, information sharing, cross-sector dependencies and interdependencies, and cybersecurity.
Though CI HEI ended in September 2017, the educational materials and resources are still freely available for download and use by any academic institution or training facility focused on critical infrastructure security and resilience. The staff of CI HEI is pleased that CHDS is housing these materials on this page. Please note, CHDS does not provide technical assistance related to CI HEI or its materials and will be unable to answer inquiries about the materials themselves.
Listed below are general descriptions of the available materials; for more specific information, please follow the links. All course materials are non-proprietary and available for free download on this page.
Foundations of Critical Infrastructure Resilience
Foundations of Critical Infrastructure Security and Resilience. Divided into thirteen individualized, self-contained lessons, the course can now be integrated at both undergraduate and graduate levels on an “as needed” basis. Each module provides lesson objectives, reading resources, and classroom activities that can be easily adjusted by an instructor depending on the need. These modules provide an introduction to the policy, strategy, and practical application of critical infrastructure security and resilience (CISR) from an all-hazards perspective.
Lesson 1 – Introduction to Critical Infrastructure Security and Resilience
Provides an introduction to critical infrastructure, an overview of national critical infrastructure security and resilience policies, and how these strategies have evolved as a function of the all-hazards risk environment
Lesson 2 – Defining and Achieving Critical Infrastructure Resilience
Examines the concepts of resilience and security and how they apply to the critical infrastructure through initiatives and strategies across all government levels and the private sector
Lesson 3 – Examining CISR in the Context of the 21st-Century Threat Environment
Classifies and evaluates the various threats and hazards that may impact critical infrastructure within and across different sectors and how these threats can be assessed using all-hazards risk management approach
Lesson 4 – Examining CISR Authorities, Roles, and Responsibilities: Federal, SLTT, and the Private Sector
Identifies the various key stakeholders within the critical infrastructure security and resilience mission space, the authorities, roles, and responsibilities of these stakeholders, and challenges stakeholders face in executing these responsibilities
Lesson 5 – Organizing and Partnering to Share Information
Discusses how CISR-related information is collected, warehoused, protected, and exchanged among various levels of government and the private sector and evaluates the barriers to information sharing and collaboration
Lesson 6 – Assessing Critical Infrastructure Risk in an Interdependent World
Defines the major elements of critical infrastructure risk in the context of its major components and investigates how risk drives management strategies, plans, and resource investment across government and the private sector
Lesson 7 – Enabling CISR, Managing Risk, and Measuring Performance: The Volunatry Approach
Discusses how risks are assessed and managed and how performance is measured in those sectors in which critical infrastructure security and resilience is not regulated by a government entity
Lesson 8 – Enabling CISR, Managing Risk, and Measuring Performance: The Regulatory Approach
Focuses on how risks are assessed and managed and how performance is measured in those sectors in which security, emergency preparedness, and emergency response are regulated by a government entity
Lesson 9 – Insider Threats and Cybersecurity and Supervisory Control and Data Acquisition (SCADA) Vulnerabilities
Examines the linkages between cybersecurity and CISR from an operational and security perspective and identifies the challenges presented by information technology and SCADA systems vulnerabilities
Lesson 10 – CISR: The International Dimension
Explores the international dimensions of CISR, including global supply chain security
Lesson 11 – Managing Impacts to Critical Infrastructure in an All-Hazards Environment
Provides an understanding of the National Incident Management System (NIMS) and the National Response Framework (NRF) as they apply to CISR in the context of incident management
Lesson 12 – CISR Incident Management Exercise (Student Activity)
Focus on the roles and responsibilities of and the interaction between FSLTT governments; the private sector; and the general public in the context of an emergent threat as well as an incident is in progress.
Lesson 13 – Understanding, Planning, and Addressing Long-Term and Enduring Risks to Critical Infrastructure and Course Wrap-up
Assesses the likely critical infrastructure future operating environment, with a particular focus on dependencies, interdependencies, and technology factors, and evaluates long-term and enduring threats to critical infrastructure and corresponding long-term strategies and resources to address them.
Stand-Alone Graduate Courses
These courses are designed to be inserted into the existing curriculum of a graduate program in business, policy, engineering, or any other field that would benefit from increased knowledge of critical infrastructure security and resilience. Each is constructed to be customized to the needs of the individual program, with extensive reading lists and course schedules that can be adjusted by the instructor and a course syllabus can serve as a template.
Introduction to Critical Infrastructure Security and Resilience
This course provides an introduction to the policy, strategy, and practical application of critical infrastructure security and resilience from an all-hazards perspective.
Information Sharing for Critical Infrastructure Security and Resilience
This course provides an overview of information sharing within the national security/homeland security enterprise with a focus on the interdependencies of critical infrastructure.
Risk Management for Critical Infrastructure Security and Resilience
This course provides an introduction to policies and strategies related to risk management and risk analysis for critical infrastructure from an all-hazards perspective.
Critical Infrastructure Security and Resilience Systems Analysis
This theoretical course builds on the learner’s prior knowledge of critical infrastructure sectors and focuses on a systems analysis approach to security and resilience.
Methods, Policies, and Strategies
This course emphasizes the national security and homeland security policies and strategies aimed at the prevention, mitigation, and response to adversary attacks against single or multiple critical infrastructure sectors.
Critical Infrastructure Security and Resilience – The Cyber Dimension
This course provides a careful examination of the methods necessary to identify and address risks to critical information infrastructures from a variety of cyber-related threats.
Critical Infrastructure Security and Resilience – Sector Approaches and Cross-Sector Interdependencies
This course compares and contrasts the different approaches vis-à-vis security and resilience utilized within the various critical infrastructure sectors, including those that operate within a defined regulatory space and those that do not. It further examines the nature of critical dependencies and interdependencies across the sectors, including a focus on organizational awareness and preparedness culture, supply chain security, and cyber-related issues.
Critical Infrastructure Security and Resilience – The International Dimension
This course compares and contrasts critical infrastructure security and resilience approaches of other nations, including those that operate within a defined regulatory space and those that do not.
Critical Infrastructure Security and Resilience – Identifying, Assessing, and Addressing Emergent Threats
This course explores the National Infrastructure Protection Plan (NIPP) and the challenges associated with a diverse spectrum of threats and hazards across critical infrastructure sectors and systems.
Designing Resilient Infrastructures
This course focuses on the development of critical thinking and analytical problem-solving skills within critical infrastructure contexts.
Critical Infrastructure Security and Resilience Capstone
This course fosters the development of advanced baseline knowledge and provides opportunities to apply this knowledge to “hands-on” critical infrastructure security and resilience strategy and plan development.
Economics of Critical Infrastructure Security and Resilience
This 15-lesson graduate-level course provides an overview and applications of the economic aspects of critical infrastructure security and resilience (CISR) from an all-hazards perspective.
Critical Infrastructure Graduate/Professional Certificate
This five-course certificate program is designed to stand as a complete model for the creation of a graduate or professional certification program. These courses are designed with the mid-career professional in mind and could be adapted for use in other professional degree programs.
Foundations of Critical Infrastructure Security and Resilience
This course provides an introduction to the policies, strategies, and practical application of critical infrastructure security and resilience from an all-hazards perspective.
Partnering and Information Sharing for Critical Infrastructure Security and Resilience
This course provides an overview of partnerships and information sharing within the homeland security enterprise with a focus on the collaboration and information products, processes, and systems necessary to protect and enhance the resilience of the Nation’s critical infrastructure.
Assessing and Managing Risk to Critical Infrastructure Systems
This course provides an introduction to the policy, strategy, and practical application of all hazards risk assessment and management in the context of critical infrastructure security and resilience.
Critical Infrastructure Security and Resilience and Cybersecurity
This course provides an introduction to the policy, strategy, and operational environment of cyberspace in the context of the critical infrastructure security and resilience mission area.
Advanced Topics in Critical Infrastructure Security and Resilience
This course provides an advanced focus on critical infrastructure security and resilience policy, strategy, planning, and incident management operations in all-hazards context.
Master of Public Administration with Critical Infrastructure Concentration
The following courses comprise a full eight-course degree program for a Master of Public Administration with a concentration in Critical Infrastructure. We anticipate that these concentration courses would be supplemented by existing policy and administration electives offered by the host institution.
The Public Policy Process and Critical Infrastructure/Domestic Security Policy
This course provides an assessment of how public programs are developed through the policy making process, recognizing that the critical parameters for managers are set by the Congress, the President, interest groups, media and political parties, it is essential for any public manager to understand these institutions in depth. Specific concentration will focus on the policy making process for critical infrastructure security and resilience issues.
Third Party Governance and Critical Infrastructure Security and Resilience
This course focuses on the emerging trends for Federal use of “third parties” to implement national goals and programs. The course will focus on how critical infrastructure security and resilience programs use grants, contracts, regulations, and other governance tools to engage state and local governments, the private sector and even nonprofit entities in carrying out major national programs to secure infrastructure.
Infrastructure Security and Emergency Response: Interagency Communication and Coordination
This course will focus on how coordination and collaboration can be achieved in settings where numerous agencies, levels of government and sectors of the economy are summoned to work together on public goals. The course will tap the rich literature of intergovernmental management and inter-organizational relations to discern best practices and lessons learned for managers who must work in networked environments.
Organization Theory and Behavior: Organizing for Critical Infrastructure Security and Resilience
This course provides an analysis of how organizations are structured and managed to meet the expectations of various publics in the political and social environment. Models of organizational theory will be covered with the use of cases from critical infrastructure security and resilience areas.
Federal Budgeting and Critical Infrastructure
This course will analyze the Federal Budget process over time and what the future holds for Federal deficits, debt, and the allocation of resources across agencies and programs. It will also focus on how agencies and program officials formulate budget proposals and what fiscal and performance accountability requirements they face in implementing programs.
This course will provide students with a detailed understanding of tools and techniques for managing the implementation of large projects. Such a course is particularly vital for many infrastructure programs involving large investments of public and private funds and long time frames for planning, design, construction and operations.
Emergency Planning and Response
This course focuses on how managers at Federal, State, and local levels, as well as private sector, develop plans and protocols for emergencies, whether they be natural disasters, terrorism or other forces.
This course provides students with skills necessary to evaluate public programs. Building on general knowledge of statistics, students will be challenged to apply criteria for effectiveness, efficiency and equity to critical infrastructure security and resilience programs.
Case Studies and Classroom Exercises
Case Study – Collapse: A Case Study of the Minneapolis I-35 W Bridge Disaster
This case highlights the challenges of planning and response in a high-vulnerability, multi-threat environment that is a nexus of multiple infrastructure modes. The exercises model robust critical thinking and small group processes to provide a blueprint for tackling the types of challenges faced by Critical Infrastructure Security and Resilience professionals. They also reinforce the learners’ ability to recognize critical infrastructure, identify man-made and natural threats and vulnerabilities, prioritize hypotheses, pinpoint potential secondary affects, and think creatively to adapt risk management principles to a changing environment.
Case Study – Blackout: A Case Study of the 2003 North American Power Outage with Exercises
The 2003 North American Blackout was a widespread incident that serves as a robust case study of the Energy Sector, illustrating the unique characteristics of the Electricity Subsector and the effects of cascading failures and interdependencies for critical infrastructure security and resilience (CISR) professionals. Given the importance of planning activities for CISR professionals, the exercises center on strategy and planning activities in an interdependency-rich environment.
Case Study – Derailed: A Case Study of the 2001 Howard Street Tunnel Fire
The 2001 Howard Street Tunnel freight train derailment in Baltimore is a compelling case study that illustrates the central role that information sharing plays in CISR. The multi-modal and multi-sector consequences— particularly due to the cascading effects of fire, flood, traffic disruptions, and communications and power outages associated with this prolonged event—present a rich opportunity for learners to think critically about how information sharing strategies can be developed and implemented to mitigate risks and improve response.
Case Study – Aging Infrastructure, DC Water; Blue Plains Wastewater Treatment Plant Sustainability
Case Study – Hell or High Water Waldo Canyon
This case study investigates the Waldo Canyon Fire which occurred in June and July of 2012 in the Colorado Springs, Colorado area, the rainfall events which occurred in the year after the fire as well as the community response to these events.
Case Study – Target Breach
Exercise – Expansion of Lifeline Services in Colorado Springs, CO
This case study is an exercise in describing and assessing the current state of three lifeline infrastructures in Colorado Springs, Colorado. Colorado Springs, CO was selected as the target community because it is a metropolitan region that is large enough to challenge the students but not so large as to overwhelm them. Additionally, there are many regions of similar size that face similar challenges throughout the nation so it provides a classroom exercise that prepares them for something they might actually do after graduation. The same case study could be adapted to any city or metropolitan area by simply changing out the reference data and changing the script to reflect the new location.
Exercise – ACME Amazium Refinery All Hazards Performance Profile
This case study is an exercise in writing an all-hazards performance profile for a fictitious facility in Memphis Tennessee using the Department of Homeland Security’s Threat and Hazard Identification and Risk Assessment (THIRA) process (Department of Homeland Security, 2013) The introductory section offers a brief discussion of resilience and the elements of the all-hazards environment.
Exercise – Critical Infrastructure Incident Table top Exercise
The Critical Infrastructure Incident Management Exercise is an interactive, discussion-based table top exercise (TTX) driven by a complex, physical-cyber terrorism-based scenario—one of the most challenging hybrid threats currently facing the infrastructure security and resilience mission area. This scenario will consist of three modules of play, (1) Emergent Threat, (2) Response, and (3) Extended Response and Recovery, portraying a series of cyber and physical attacks against critical infrastructure target sets across facilities and systems in multiple regions of the United States.
Critical Infrastructure Protection Educational Resources
To assist both educators and learners in locating relevant CISR instruction, CIP/HS has compiled a comprehensive electronic listing of historical and professional reading materials from multiple government, industry, and academic sources. It contains links to over 600 sources, arranged by topic. In addition to sector-specific topics, the library has categories devoted to bridges, disaster and emergency management, education, Federal budgeting and CISR, general CIP, information sharing, interdependencies, international CIP, policy, program management, resilience, risk analysis, supply chain security, and terrorism.