Critical Infrastructure Resilience and

Sustainability Reader Ted G. Lewis

Visit to download the full and correct content document:
https://ebookmass.com/product/critical-infrastructure-resilience-and-sustainability-rea
der-ted-g-lewis/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Critical Infrastructure Protection, Risk Management,

and Resilience: A Policy Perspective – Ebook PDF
Version

https://ebookmass.com/product/critical-infrastructure-protection-
risk-management-and-resilience-a-policy-perspective-ebook-pdf-
version/

Economic Policies for Sustainability and Resilience

https://ebookmass.com/product/economic-policies-for-
sustainability-and-resilience/

Supporting Inclusive Growth and Sustainable Development

in Africa - Volume 1: Sustainability in Infrastructure
Development Elena G. Popkova

https://ebookmass.com/product/supporting-inclusive-growth-and-
sustainable-development-in-africa-volume-1-sustainability-in-
infrastructure-development-elena-g-popkova/

Engineering Economic Analysis: Fourth Canadian Edition

Ted G. Eschenbach (Author) Donald G. Newnan (Author)

https://ebookmass.com/product/engineering-economic-analysis-
fourth-canadian-edition-ted-g-eschenbach-author-donald-g-newnan-
author/
Cyberwarfare: Threats to Critical Infrastructure
Kristan Stoddart

https://ebookmass.com/product/cyberwarfare-threats-to-critical-
infrastructure-kristan-stoddart/

Concise Guide to Critical Thinking 1st Edition Lewis

Vaughn

https://ebookmass.com/product/concise-guide-to-critical-
thinking-1st-edition-lewis-vaughn/

Sustainability and Interprofessional Collaboration:

Ensuring Leadership Resilience in Collaborative Health
Care 1st ed. Edition Dawn Forman

https://ebookmass.com/product/sustainability-and-
interprofessional-collaboration-ensuring-leadership-resilience-
in-collaborative-health-care-1st-ed-edition-dawn-forman/

Consequences of Maritime Critical Infrastructure

Accidents: Environmental Impacts Modeling-
Identification-Prediction-Optimization-Mitigation
Magdalena Bogalecka
https://ebookmass.com/product/consequences-of-maritime-critical-
infrastructure-accidents-environmental-impacts-modeling-
identification-prediction-optimization-mitigation-magdalena-
bogalecka/

Supporting Inclusive Growth and Sustainable Development

in Africa - Volume II: Transforming Infrastructure
Development 1st Edition Elena G. Popkova

https://ebookmass.com/product/supporting-inclusive-growth-and-
sustainable-development-in-africa-volume-ii-transforming-
infrastructure-development-1st-edition-elena-g-popkova/
Critical Infrastructure Resilience
and Sustainability Reader
Critical Infrastructure Resilience
and Sustainability Reader

Ted G. Lewis
Naval Postgraduate School (ret.)
Montery, California, USA
Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act,
without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-­copy fee to the Copyright
Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-­8400, fax (978) 750-­4470, or on the web at www.copyright.com.
Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street,
Hoboken, NJ 07030, (201) 748-­6011, fax (201) 748-­6008, or online at http://www.wiley.com/go/permission.

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United
States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners.
John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no
representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied
warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written
sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where
appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was
written and when it was read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including
but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the
United States at (800) 762-­2974, outside the United States at (317) 572-­3993 or fax (317) 572-­4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats.
For more information about Wiley products, visit our website at www.wiley.com.

Library of Congress Cataloging-­in-­Publication Data applied for:

ISBN: 9781394179527 (PB); 9781394179534 (ePDF); 9781394179541 (epub)

Cover Design: Wiley

Cover Image: © Bim/Getty Images

Set in 9.5/12.5pt STIXTwoText by Straive, Pondicherry, India

 v

Contents

Preface xiii

1 The Challenge 1
1.1 The Evolution of Critical Infrastructure Protection 2
1.1.1 In the Beginning 2
1.1.2 Natural Disaster Recovery 4
1.1.3 What Is Critical? 5
1.1.4 Public–Private Cooperation 7
1.1.5 Federalism: Whole of Government 8
1.2 Defining CIKR Risk and Resilience 11
1.2.1 Risk Strategy 12
1.2.2 Resilience Strategy 13
1.2.3 Sustainability Strategy 14
1.2.4 The Four Horsemen 15
1.3 Weather/Climate Change/Global Warming 16
1.3.1 The Carrington Event 17
1.3.2 Black Bodies 18
1.3.3 The Lightening Rod 19
1.4 Consequences 20
1.4.1 Accidents/Aging/Neglect 21
1.4.2 The Report Card 21
1.4.2.1 The Domino Effect 22
1.4.3 Terrorism/Extremists 22
1.4.4 Cyber Exploits/Criminals 25
1.4.4.1 Black Hats 25
1.4.4.2 Cybercrime Pays 26
1.4.5 The Soft War 27
1.4.6 Cyberattacks and CIKR 27
1.5 Discussion 29
References 29

2 What is a Catastrophe? 30
2.1 Theories of Collapse 31
2.1.1 Normal Accident Theory (NAT) 32
2.1.2 Punctuated Equilibrium Theory (PET) 33
2.1.3 How Uncertain are Avalanches? 33
2.1.4 Self-Organized Criticality 35
2.2 Complex Systems Theory 36
2.2.1 Tragedy of the Commons (TOC) 36
2.2.2 Paradox of Enrichment (POE) 38
2.2.3 Competitive Exclusion Principle (CEP) 41
vi Contents

2.2.4 Paradox of Redundancy (POR) 43

2.3 General Systems Theory 43
2.3.1 Emergence 43
2.3.2 Self-Organization 44
2.3.3 Preferential Attachment 44
2.4 Vulnerable Industrial Commons 46
2.4.1 TOC Failure 46
2.4.2 POE Failure 47
2.4.3 CEP Failure 47
2.4.4 POR Failure 47
2.5 Resilience Versus Sustainability 48
2.5.1 Black Swans 48
2.5.2 Catastrophe’s Long Tail 49
2.6 Discussion 49
References 49

3 Energy Transition 51
3.1 A Sector Under Transition 51
3.2 Energy Fundamentals 52
3.2.1 Understanding Units and Measures 53
3.2.2 Consumption 54
3.3 Regulatory Structure of the Energy Sector 55
3.3.1 Evolution of Energy Sector Regulation 55
3.3.2 Energy Pipeline Regulations 55
3.3.3 The Energy ISAC 56
3.4 Legacy Fuels 56
3.4.1 Coal 57
3.4.2 The Rise of Oil and the Automobile 57
3.4.3 Natural Gas Middlemen 58
3.4.4 Nuclear Fuel 58
3.5 Legacy Energy Infrastructure 61
3.5.1 Oil Refineries 61
3.5.2 Oil Transmission and Distribution 62
3.5.3 Oil Storage 63
3.5.4 The Natural Gas Supply Chain 64
3.5.5 The Critical Gulf of Mexico Cluster 65
3.5.6 Critical Refineries 65
3.5.7 Critical Transmission Pipelines 66
3.6 Renewables 66
3.7 Solar – Photovoltaic (PV) 67
3.7.1 Wind 67
3.7.2 The Hydrogen Circle 68
3.7.3 Others 69
3.8 Batteries and Reservoirs 70
3.8.1 Modern Batteries 70
3.8.2 Grid Scale Storage – LDES 71
3.9 Discussion 71
References 72

4 The Vulnerable Powergrid 73

4.1 What Is the Grid? 74
4.2 The North American Grid 76
 Contents vii

4.2.1 Grid Structure 77

4.2.2 ACE and Kirchhoff’s Law 78
4.2.3 Anatomy of a Blackout 78
4.3 Threat Analysis 80
4.3.1 Attack Scenario 1: Disruption of Fuel Supply to Power Plants 80
4.3.2 Attack Scenario 2: Destruction of Major Transformers 81
4.3.3 Attack Scenario 3: Disruption of SCADA Communications 81
4.3.4 Attack Scenario 4: Creation of a Cascading Transmission Failure 82
4.4 From Death Rays to Vertical Integration 83
4.4.1 Early Regulation 83
4.4.2 Deregulation and EPACT 1992 85
4.4.3 Electricity Sector ES-ISAC 85
4.5 Out of Orders 888 and 889 Comes Chaos 86
4.5.1 Economics Versus Physics 88
4.5.2 What Increases SOC? 89
4.5.3 NIMBY Versus Environmentalism 90
4.5.4 A Change of Heart 91
4.6 The Architecture of Twenty-First Century Grids 91
4.6.1 The Future Is Storage 92
4.6.2 SOC Is Reduced 94
4.6.3 Economics of Electrification 95
4.7 Discussion 96
References 96

5 Water and Water Treatment 97

5.1 A Vanishing Resource 97
5.1.1 From Germs to Terrorists 98
5.1.2 Safe Drinking Water Act 99
5.1.3 The WaterISAC 100
5.2 Foundations: SDWA of 1974 101
5.3 The Bio-Terrorism Act of 2002 102
5.3.1 Is Water for Drinking? 103
5.3.2 Climate Change and Rot – The New Threats 103
5.4 The Architecture of Water Systems 104
5.4.1 The Law of the River 105
5.4.2 Resiliency of Water Pipeline Networks 105
5.5 Hetch Hetchy Water 106
5.5.1 Risk Analysis 108
5.5.2 Resilience Analysis 108
5.6 Threat Analysis 108
5.6.1 The Rational Actor 109
5.6.2 Hetch Hetchy Threat Analysis 109
5.6.3 Chem-Bio 109
5.6.4 Earthquakes 110
5.7 Water Resilience 110
5.7.1 Save the Pineapple Express 110
5.7.2 Gray Water 112
5.7.3 Desalination 112
5.7.4 Exemplar Israel 113
5.8 Discussion 113
References 113
viii Contents

6 Transportation Renewed 114

6.1 Transitioning a Vast and Complex Sector 114
6.1.1 Government Leads the Way 115
6.1.2 Safety and Security 115
6.2 Roads at TOC Risk 116
6.2.1 The Road to Prosperity 119
6.2.2 Economic Impact 120
6.2.3 The National Highway System (NHS) 120
6.2.4 The Interstate Highway Network is Resilient 121
6.2.5 The NHS is Safer 121
6.2.6 The Future is Electric 122
6.3 Rail and Railroads 122
6.3.1 Birth of Regulation 123
6.3.2 Freight Trains 125
6.3.3 Passenger Rail 126
6.3.4 Terrorist Target Passenger Trains 127
6.3.5 Economics of Rail 127
6.4 Air Transportation 129
6.4.1 Resilience of the Hub-and-Spoke Network 130
6.4.2 Security of Commercial Air Travel 132
6.4.3 How Safe and Secure is Flying in the United States? 134
6.4.4 Drones 134
6.4.5 eVTOLs 135
6.4.6 Commercial Airline Impact on Global Warming 135
6.5 Discussion 135
References 136

7 Supply Chains 137

7.1 The World is Flat, but Tilted 139
7.1.1 Supply Side Supply 140
7.1.2 The Father of Containerization 140
7.1.3 The Perils of Efficient Supply Chains 141
7.2 The World Trade Web 144
7.2.1 WTW and Economic Contagions 145
7.2.2 Resilience Failures 147
7.3 TWIC 148
7.3.1 MSRAM 148
7.3.2 PROTECT 150
7.4 Sustainable and Resilient Supply Chains 151
7.4.1 Greening of Ships 151
7.5 Are Supply Chains Secure? 151
7.5.1 Encapsulation Works 152
7.5.2 Who Owns the Trusted Path? 152
7.6 Discussion 152
References 153

8 Communications and the Internet 154

8.1 Early Years 156
8.1.1 The Natural Monopoly 157
8.1.2 The Communications Act of 1996 158
8.2 Regulatory Structure 158
8.2.1 The Most Important Person in Modern History 159
 Contents ix

8.2.2 The First (Modern) Critical Infrastructure 159

8.3 The Architecture of the Communications Sector 160
8.3.1 Physical Infrastructure 161
8.3.2 Wireless Networks 163
8.3.3 Extra-Terrestrial Communication 163
8.3.4 Land Earth Stations 165
8.3.5 Cellular Networks 165
8.3.6 Cell Phone Generations 166
8.3.7 Wi-Fi Technology 166
8.4 Risk and Resilience Analysis 167
8.4.1 Importance of Carrier Hotels 168
8.4.2 The Submarine Cable Network 169
8.4.3 HPM Threats 169
8.4.4 Cellular Network Threats 170
8.4.5 Physical Threats 171
8.5 The Monoculture Internet 171
8.5.1 The Internet Self-Organized 172
8.5.2 The Original Sins 173
8.5.2.1 The DNS 174
8.5.2.2 More Original Sin 175
8.5.3 The Hierarchical Internet 176
8.5.4 Too Many Open Ports 177
8.6 Internet Governance 177
8.6.1 IAB and IETF 178
8.6.2 ICANN Wars 179
8.6.3 ISOC 180
8.6.4 W3C 180
8.6.5 Internationalization 181
8.6.6 Regulation and Balkanization 182
8.6.6.1 Rise of Regulation 182
8.6.6.2 Criticality of the Internet 183
8.7 Green Communications 183
8.7.1 Solar Computing 183
8.7.2 Quantum Communications 184
8.7.3 Adiabatic Logic 184
8.8 Discussion 184
References 185

9 Cyber Threats 186

9.1 Threat Surface 188
9.1.1 Script-kiddies 191
9.1.2 Black Hats 191
9.1.3 Weaponized Exploits 192
9.1.4 Ransomware and the NSA 193
9.2 Basic Vulnerabilities 194
9.2.1 The First Exploit 195
9.2.2 TCP/IP Flaws 196
9.2.3 Open Ports 198
9.2.4 Buffer Overflow Exploits 199
9.2.5 DDoS Attacks 200
9.2.6 Email Exploits 201
9.2.7 Flawed Application and System Software 201
x Contents

9.2.8 Trojans, Worms, Viruses, and Keyloggers 202

9.2.9 Hacking the DNS 203
9.2.10 Hardware Flaws 203
9.2.11 Botnets 204
9.3 Cyber Risk Analysis 205
9.3.1 Kill Chain Approach 206
9.3.2 Machine-learning Approach 206
9.4 Analysis 207
9.5 Discussion 208
References 208

10 Social Hacking 209

10.1 Web 2.0 and the Social Network 211
10.2 Social Networks Amplify Memes 213
10.3 Topology Matters 215
10.4 Computational Propaganda 217
10.5 Beware the Echo Chamber 218
10.6 Big Data Analytics 219
10.6.1 Algorithmic Bias 220
10.6.2 The Depths of Deep Learning 221
10.6.3 Data Brokers 221
10.7 GDPR 222
10.8 Social Network Resilience 223
10.9 The Sustainable Web 224
10.9.1 The Century of Regulation 225
10.9.2 The NetzDG 225
10.10 Discussion 226
References 227

11 Banking and Finance 228

11.1 The Financial System 231
11.1.1 Federal Reserve Versus US Treasury 232
11.1.2 Operating the System 233
11.1.3 Balancing the Balance Sheet 233
11.1.4 Paradox of Enrichment 234
11.2 Financial Networks 235
11.2.1 FedWire 235
11.2.2 TARGET 236
11.2.3 SWIFT 236
11.2.4 Credit Card Networks 237
11.2.5 3-D Secure Payment 237
11.3 Virtual Currency 238
11.3.1 Intermediary PayPal 238
11.3.2 ApplePay 239
11.3.3 Cryptocurrency 239
11.3.3.1 Nakamoto’s Revenge 240
11.3.3.2 Double Spend Problem 240
11.3.3.3 Crypto Challenges 241
11.4 Hacking a Financial Network 242
11.5 Hot Money 244
11.5.1 Liquidity Traps 244
11.5.2 The Dutch Disease 245
 Contents xi

11.6 The End of Stimulus? 246

11.7 Fractal Markets 246
11.7.1 Efficient Market Hypothesis (EMH) 247
11.7.2 Fractal Market Hypothesis (FMH) 248
11.7.3 Predicting Collapse 248
11.8 The Threat is Existential 250
11.9 Discussion 250
References 250

12 Strategies for a Changing World 251

12.1 Whole of Government 252
12.2 Risk and Resilience 253
12.3 Complex and Emergent CIKR 255
12.3.1 Communications and IT 255
12.3.2 Internet and Cybersecurity 256
12.4 Surveillance Capitalism 256
12.5 Industrial Control Systems 257
12.6 Global Pandemics 257
12.7 Transportation and Supply Chains 258
12.8 Banking and Finance 258
12.9 An Integrated Infrastructure Strategy 259
12.9.1 What to Do? 259
12.9.2 The Plan 260
12.9.3 Issues 260
12.10 Discussion 261

Index 262
 xiii

Preface

I wrote this book as a companion to the third edition of Critical Infrastructure Protection in Homeland Security: Defending
a Networked Nation, 2020. It is intended to be a more casual compendium suitable for the curious reader interested in the
broad issues of critical infrastructure rather than a formal and rigorous textbook. I hope the reader agrees.
During the 20-­year evolution of critical infrastructure studies, from the fear of terrorism, to the daunting problems of
cybersecurity, and finally to the challenges of rouge nation-­states and domestic terrorism, infrastructure became a national
security concern for an entirely different reason – climate change. The world is now facing an existential crisis posed by the
byproducts of the industrial revolution – pollution. We have come to the end of the 150-­year trail. Now it is time to address
the challenge of climate change precipitated by pollution. There is simply too much greenhouse gas (GHG) being emitted
into the atmosphere and too much pollution (plastics, etc.) spewing into our water and soil. We are in danger of extinction
by our own hands!
As it turns out, most of the problem lands squarely on critical infrastructure systems. According to the US EPA, in 2020,
the United States emitted nearly six billion metric tons of GHGs. Carbon dioxide accounted for the largest percentage
(79%), followed by methane (11%), nitrous oxide (7%), and other GHGs (3%). Total US emissions for 2019 totaled 6558 mil-
lion metric tons of CO2 and net emissions, taking sinks into account, totaled 5769 million metric tons of CO2 equivalent.
Greenhouse gases are emitted by all sectors of the economy, including electric power (25% of total), transportation (29%),
industry (23%), residential and commercial (13%), and agriculture (10%).1
While all sectors emit GHG, it is interesting to note that a handful of critical infrastructure sectors account for the major-
ity of emissions: electric power, transportation, and agriculture combined account for nearly two-­thirds! Thus, the problem
may be manageable by addressing a rather narrow – but large – segment of the economy. This is the good news. The bad
news is that it is an enormous challenge to turn around such a large entrenched ship!
My strategy is to advocate for circular economics in each of the main sectors that contribute the most to climate change.
Circular economics is the economics of recycling and reusing materials and processes. It involves the use of renewable
energy to power the planet and greater efficiencies in production, transportation, and consumption. I show that in each
instance it is possible to turn the tide by carefully thinking about how to “recycle” and replenish the Earth’s assets while at
the same time building on the ever-­expanding need for energy, transportation, and agriculture.
We are now at the stage of development where it is entirely possible – even profitable – to implement circular eco-
nomics in every sector. Within the United States, we are on the verge of a 10–20-­year revision of the most critical of all
­infrastructures – energy, transportation, and agriculture. This will have a ripple effect on adjacent infrastructure systems
such as water and water systems, banking and finance, supply chains, and cybersecurity.
Circular economics requires different thinking. In particular, we must concern ourselves with externalities like the
impact of dumping industrial byproducts into the river and pumping byproducts of industrial processes into the air. What
once was “free,” is no longer free. These externalities must be paid for or eliminated. For example, petroleum-­powered
automobiles produce CO2, which is no longer free. It extracts a price in terms of global warming, illnesses, and social
unrest. And while the solution is to electrify transportation, electrification is not free, either. Electrification creates a long
supply chain, each stage at which, there is an opportunity to adopt a circular economy – or not! This is the central theme
of resilience and sustainability.

1 https://www.c2es.org/content/u-s-emissions.
xiv Preface

The passage of the Inflation Reduction Act (IRA) commits the United States to billions of dollars to address aging
­infrastructure systems, signals the beginning of the Great Sustainability Movement, and accelerates the transition to resil-
ient and sustainable infrastructure systems. It will unfold dramatically over the following years and be characterized by
sorely needed resilience – the ability to absorb and recover from faults – and sustainability – a property of infrastructure
that allows it to operate and last for an indefinite length of time.
Second, the threat posed by cybercriminals will only intensify as ultra-­sophisticated technologies such as artificial intel-
ligence (AI), machine learning (ML), and large language models (LLM) become commonplace. Abuse of social networks
and online interaction pales compared with the potential abuses of these powerful technologies. Ultimately, they must be
tamed by regulation, but that will not stop criminals and enemies of the state from using them. We must prepare ourselves
by mastering and taming cybersecurity. Hence, the emphasis of this edition of critical infrastructure protection is on cyber-
security as well as resilience and sustainability.
The theme of this edition is resilience and sustainability in the age of existential risk due to climate change. The oppor-
tunity is in the Great Sustainability Movement of revising critical infrastructures for the twenty-­first century and beyond.

Ted G. Lewis
March 2023
 1

The Challenge

CHAPTER MENU
1.1 T­ he Evolution of Critical Infrastructure Protection, 2
1.1.1 In the Beginning, 2
1.1.2 Natural Disaster Recovery, 4
1.1.3 What Is Critical?, 5
1.1.4 Public–Private Cooperation, 7
1.1.5 Federalism: Whole of Government, 8
1.2 ­Defining CIKR Risk and Resilience, 11
1.2.1 Risk Strategy, 12
1.2.2 Resilience Strategy, 13
1.2.3 Sustainability Strategy, 14
1.2.4 The Four Horsemen, 15
1.3 ­Weather/Climate Change/Global Warming, 16
1.3.1 The Carrington Event, 17
1.3.2 Black Bodies, 18
1.3.3 The Lightening Rod, 19
1.4 ­Consequences, 20
1.4.1 Accidents/Aging/Neglect, 21
1.4.2 The Report Card, 21
1.4.2.1 The Domino Effect, 22
1.4.3 Terrorism/Extremists, 22
1.4.4 Cyber Exploits/Criminals, 25
1.4.4.1 Black Hats, 25
1.4.4.2 Cybercrime Pays, 26
1.4.5 The Soft War, 27
1.4.6 Cyberattacks and CIKR, 27
1.5 ­Discussion, 29
­References, 29

Before the terrorist attacks of 9/11 infrastructure both critical and otherwise was of interest only to civil engineers,
­planners, and a handful of regulators. Afterward, infrastructure became critical and the media began to show interest.
It became even more interesting when global warming and climate change became an acceptable topic at cocktail
­parties. Even the politicians fought over it, leading up to the Inflation Reduction Act of 2022, which was essentially a
global warming act. Infrastructure became mainstream.
This chapter provides definitions of CIKR (Critical Infrastructure and Key Resources), threat, vulnerability, consequence,
risk, resilience, and sustainability. In addition, it identifies the challenges due to vastness, political willpower, NIMBY

Critical Infrastructure Resilience and Sustainability Reader, First Edition. Ted G. Lewis.
© 2024 John Wiley & Sons, Inc. Published 2024 by John Wiley & Sons, Inc.
2 1 The Challenge

(not in my back yard), and the exceptional long-­term effort needed to protect and maintain resilience and sustainable
­infrastructures. The emphasis is on resilience and sustainability under increasing stress due to climate change, and the
exponentially increasing threat of cyberattacks, although other threats are considered.
CIKR manifests as systems – collections of interacting or connected assets that act according to a set of rules to form a
unified whole. They form a community or industrial commons much like the military-­industrial complex of yore. While
the plumbing is real or virtual, CIKR is embedded in a complex collection of public and private organizations with rules
and regulations spelled out in detail.
CIKR systems respond to stresses placed on them by nature and humans. These are qualitatively or quantitatively spelled
out in terms of risk, resilience, and sustainability:
●● Risk: expected loss due to a CIKR fault or system failure.
●● Resilience: the ability of a CIKR system to resist, absorb, adapt, and recover from a fault or system failure under stress.
●● Sustainability: the ability to maintain or support a process continuously over time.
We start with a history lesson: how did critical infrastructure begin and evolve into a major responsibility of government?
Then we identify the major threats and consequences confronting infrastructures in America. The focus is on climate
change, the prominent challenge of the twenty-­first century, followed by cybersecurity.
At the top of the list of threats is extreme weather due to climate change, because it threatens civilization as well as CIKR
across the globe. Secondary threats are cyberattacks, accidents/neglect/aging, and terrorists. These are the four horsemen
of CIKR sustainability and resilience.

1.1 ­The Evolution of Critical Infrastructure Protection

CIKR (Critical Infrastructure and Key Resources) systems are considered critical because of their importance to modern
life. They could just as well be defined as essential because without them, civilization as we know it is not possible. Modern
society is dependent on roads, bridges, communication systems, food production and delivery, drinking water and waste-
water management, energy and power, transportation, medical and emergency services, etc. Without them, society would
devolve back to a more primitive state.
CIKR systems have evolved over a long period of time, accelerating in sophistication with technology. But the ­definition
of CIKR, along with the realization of its importance and fragility, reaches back to World War II and the Korean conflict,
when the United States realized that fuels used to power transportation was a critical asset. Without gasoline and oil, the
United States would have been unable to fight.
The criticality of CIKR systems after WWII was soon forgotten until the terrorist attacks leading up to 9/11. The trauma of
9/11 led to the development of plans and procedures for protecting CIKR from accidents, terrorists, cybercriminals, and climate
change. As the threat evolves, so does the doctrine of protection in homeland security. The following is a brief introduction and
description of this evolution.

1.1.1 In the Beginning

In 1942, the United States was in deep trouble. With the Japanese attack on Pearl Harbor came the prospect of an energy
supply shortage. In particular, petroleum products such as gasoline were about to run low or even run out. This prompted
the Petroleum Administration for War to create the Petroleum Administration for Defense Districts, aka PADDs – Executive
Order 9276 – “to assure for the prosecution of the war the conservation and most effective development and utilization of
petroleum in the United States and its territories and possessions.”1 This was better known as “gas rationing,” because, to
some people, it meant going without gasoline.
The reaction was interesting: some people turned to walking, bicycling, and simply staying at home. A few turned to
inventing electric bicycles. One worker borrowed a 12-­V battery from a car and an electric motor from a washing machine,
put them in his bicycle, and rode to work in what was perhaps the first electric bike.

1 https://www.presidency.ucsb.edu/documents/executive-order-9276-establishing-the-petroleum-administration-for-war.
 1.1 ­The Evolution of Critical Infrastructure Protectio 3

Creation of PADDs was the first attempt at critical infrastructure protection in homeland security by the United States.
Conservation of gasoline and oil in the face of Nazi attacks on oil tankers in the Atlantic meant producing more in PADD
3 and consuming less in the other PADDs. PADDs have been with Americans ever since.
EO-­9276 divided the country into five districts:
PADD 1:
A. New England states
B. Central Atlantic states
C. Lower Atlantic states
PADD 2: Midwest states
PADD 3: Gulf Coast states
PADD 4: Rocky Mountain states
PADD 5: West Coast, Alaska, and Hawaiian Island states
Most of the domestic oil came from PADD 3, and refined products like gasoline came from PADD 2. PADD 1 was then,
and still is, the largest consumer of oil products. PADDs were no longer needed at the end of WWII, but they were revived
again in 1950 because of the Korean War. Eventually, two more PADDs – 6 and 7 – were added, but by 1954, the Petroleum
Administration for War was abolished, and along with it, the need for PADDs! So, why are they still used?
Paragraph (e) states an additional purpose that is still with us today:

Compile data and make continuing surveys with respect to the effect of the prices charged for petroleum upon the
efficient wartime operations of the petroleum industry and the maintenance of adequate supplies of petroleum for
war and essential industrial and civilian uses. On the basis of such surveys, the Petroleum Administrator shall
­consult with and recommend to the Administrator, Office of Price Administration, such upward or downward
adjustments in the schedule of prices charged for petroleum as will, in the judgment of the Petroleum Administrator,
assure the efficient wartime operation of the petroleum industry and the maintenance of adequate supplies of
­petroleum for war, and essential industrial and civilian uses. In order to enable the Petroleum Administrator to
make appropriate recommendations, the Price Administrator shall advise with the Petroleum Administrator prior
to the establishment or alteration by the Price Administrator of any schedule of prices to be charged for petroleum.

Recognition of the energy sector of the US economy as critical faded as gasoline shortages abated. Americans went about
their business as usual until the second major event in the history of critical infrastructure occurred2:

In October [1962], President John F. Kennedy, on national television, revealed that the Soviets had placed nuclear
missiles in Cuba. As a result of this aggressive action, he ordered quarantine on all offensive military equipment
under shipment to Cuba until the Soviets removed their weapons . . . . For nearly a week, the Nation was transfixed
by the actions of Soviet Premier Nikita Khrushchev and President Kennedy. During this time, ineffective communica-
tions were hampering the efforts of the leaders to reach a compromise. Without the ability to share critical informa-
tion with each other using fax, e-­mail, or secure telephones such as we have today, Premier Khrushchev and President
Kennedy negotiated through written letters. Generally, Washington and Moscow cabled these letters via their embas-
sies. As the crisis continued, hours passed between the time one world leader wrote a letter and the other received it.
Tensions heightened. On October 27 and 28, when urgency in communications became paramount, Premier
Khrushchev bypassed the standard communication channels and broadcast his letters over Radio Moscow.
Following the crisis, President Kennedy, acting on a National Security Council recommendation, signed a
Presidential memorandum establishing the NCS. The new system’s objective was “to ­provide necessary communica-
tions for the Federal Government under all conditions ranging from a normal situation to national emergencies and
international crises, including nuclear attack.”
At its inception on August 21, 1963, the NCS was a planning forum composed of six Federal agencies. Thirty-­five
years later, it is a vital institution comprising 23 member organizations that ensure NS/EP (National Security/
Emergency Preparedness) telecommunications across a wide spectrum of crises and emergencies. … During the
1980s and 1990s, the NCS expanded its focus to develop Government wide NS/EP procedures and enhancements to
the Nation’s public networks and information infrastructures.

2 http://www.ncs.gov/about.html.
4 1 The Challenge

The role of the communications infrastructure grew more important as the United States entered the information age. In
1978, two communication regulatory agencies (Department of Commerce Office of Telecommunications and the
Whitehouse Office of Telecommunications) were combined into the National Telecommunications and Information
Administration (NTIA) by Executive Order 12046. NTIA handled the process of selling spectrum to telephone, radio, and
TV networks. It also has the distinction of being the federal agency that oversaw the commercialization of the Internet in
1998–1999. The National Communications System (NCS) was formally assigned responsibility for the telecommunications
infrastructure in 1984 by Executive Order 12472.
In 1982, President Reagan established the National Security Telecommunications Advisory Committee (NSTAC) by
Executive Order 12382. This important Presidential advisory body is made up of the CEOs of major telecommunications
companies. NSTAC is perhaps the first organization to advise a President on critical infrastructure protection.
The Petroleum Administration, NCS, and NSTAC were the first critical infrastructure agencies within the US government.
Twenty years would pass before the term critical infrastructure was defined and the entire US population became aware of
its importance in their daily lives. The Department of Homeland Security (DHS) absorbed NCS in February 2003, but the
NSTAC still reports to the President of the United States.

1.1.2 Natural Disaster Recovery

While the NCS and NSTAC were active throughout the 1970s and 1980s, disaster response – both human-­caused and
­natural – was still on the back burner as far as critical infrastructure protection was concerned. The Federal Emergency
Management Agency (FEMA) was created in 1978–1979 to respond to hurricanes and earthquakes.3 Soon after its creation,
FEMA was assigned the (temporary) responsibility of responding to terrorist attacks by Executive Order 12148 in 19794:

All functions vested in the President that have been delegated or assigned to the Defense Civil Preparedness Agency,
Department of Defense, are transferred or reassigned to the Director of the Federal Emergency Management Agency.
All functions vested in the President that have been delegated or assigned to the Federal Disaster Assistance
Administration, Department of Housing and Urban Development, are transferred or reassigned to the Director of
the Federal Emergency Management Agency, including any of those functions re-­delegated or reassigned to the
Department of Commerce with respect to assistance to communities in the development of readiness plans for
severe weather-­related emergencies.
All functions vested in the President that have been delegated or assigned to the Federal Preparedness Agency,
General Services Administration, are transferred or reassigned to the Director of the Federal Emergency
Management Agency.
All functions vested in the President by the Earthquake Hazards Reduction Act of 1977 (42 U.S.C. 7701 et seq.),
including those functions performed by the Office of Science and Technology Policy, are delegated, transferred, or
reassigned to the Director of the Federal Emergency Management Agency . . . . For purposes of this Order, “civil emer-
gency” means any accidental, natural, man-­caused, or wartime emergency or threat thereof, which causes or may cause
substantial injury or harm to the population or substantial damage to or loss of property.

FEMA was confronted by perhaps the first major terrorist attack on US soil in Oregon in 1984. Members of the politico-­
religious commune founded by Bhagwan Shree Rajneesh5 attempted to influence a political election by poisoning voters
with salmonella.6

In a bizarre plot to take over local government, followers of Bhagwan Shree Rajneesh poisoned salad bars in 10 res-
taurants in The Dalles in 1984, sickening 751 people with salmonella bacteria. Forty-­five of whom were hospitalized.

3 Presidential Reorganization Plan No. 3 issued by President Carter in 1978 established the Federal Emergency Management Agency (FEMA),
which went into effect on 1 April 1979.
4 http://www.archives.gov/federal_register/codification/executive_order/12148.html.
5 http://www.religioustolerance.org/rajneesh.htm.
6 “The group settled on the 65,000 acre ‘Big Muddy Ranch’ near Antelope, Oregon, which his sannyasins had bought for six million dollars. The ranch
was renamed Rajneeshpuram (‘Essence of Rajneesh’). This ‘small, desolate valley twelve miles from Antelope, Oregon was transformed into a thriving
town of 3,000 residents, with a 4,500 foot paved airstrip, a 44 acre reservoir, an 88,000 square foot meeting hall…’ ” http://www.clui.org/clui_4_1/lotl/
lotlv10/rajneesh.html.
 1.1 ­The Evolution of Critical Infrastructure Protectio 5

It is still the largest germ warfare attack in U.S. history. The cult reproduced the salmonella strain and slipped it into
salad dressings, fruits, vegetables, and coffee creamers at the restaurants. They also were suspected of trying to kill
a Wasco County executive by spiking his water with a mysterious substance. Later, Jefferson County District Attorney
Michael Sullivan also became ill after leaving a cup of coffee unattended while Rajneeshees lurked around the
­courthouse. Eventually, Ma Anand Sheela, personal secretary of the Bhagwan, was accused of attempted murder,
conspiracy, arson, and other crimes and disowned by the Bhagwan. Convicted of the charges against her, she spent
29 months in federal prison, then moved to Switzerland.7

The salmonella incident in Oregon was an attack on one of the many infrastructure sectors identified as critical over the
past decade: Agriculture. But in 1984 there was no generally accepted definition of infrastructure, nor any recognition of
what sectors belonged to the list of national critical infrastructures.
The importance of infrastructure began to dawn on the federal government when in 1988 President Reagan issued
Executive Order 12656. This order alludes to “essential resources” and places responsibility for their protection in the
hands of federal departments:

The head of each Federal department and agency, within assigned areas of responsibility shall:
Sec. 204. Protection of Essential Resources and Facilities.

1) Identify facilities and resources, both government and private, essential to the national defense and national
welfare, and assess their vulnerabilities and develop strategies, plans, and programs to provide for the security of
such facilities and resources, and to avoid or minimize disruptions of essential services during any national secu-
rity emergency;
2) Participate in interagency activities to assess the relative importance of various facilities and resources to essen-
tial military and civilian needs and to integrate preparedness and response strategies and procedures;
3) Maintain a capability to assess promptly the effect of attack and other disruptions during national security
emergencies.

This executive order contains a number of objectives that remain problematic even today. It calls for identification of
public and private facilities that are essential to national welfare – a task that remains unfulfilled today, as political and
socioeconomic forces complicate the definition of “essential” and “national welfare.” A bridge in one county may be con-
sidered essential by voters in that county, but not essential in an objective sense, because of alternative routes. Moreover,
when limited resources are considered and there is funding for only one bridge, objective selection of which bridge is saved
or repaired quickly enters the political realm instead of the rational realm.
Part two of President Reagan’s executive order calls for interagency cooperation to address military and civilian needs.
When a severe emergency such as a devastating superstorm or terrorist attack happens, however, interagency cooperation
often vanishes, and the military takes over. Civil-­military relations theoretically mean that the military takes orders from
civilians, but in practice, only the military has the capacity to deal with major catastrophes. This inequality between the
authority of local law enforcement agencies and the readiness of federal troops is revealed over and over again whenever
major incidents such as Hurricane Katrina and New Orleans spin out of control.
Finally, the third part of the executive order remains problematic because state and local agencies often do not or cannot
afford to maintain capabilities to meet the need. For example, a smallpox outbreak in Manhattan – population eight
­million – would quickly overwhelm public health and safety agencies in New York. The state and local authorities would
have to maintain 40,000 trained emergency responders to head off the spread of smallpox. Forest fires in California quickly
overwhelmed firefighters in 2018 and illustrated the importance of interagency and interregional (reciprocal) response
agreements in the Department of Interior.

1.1.3 What Is Critical?

Even in the early 1990s, the trend toward greater awareness of human-­made and natural disasters was subtle – it had not
reached a point where it was of national concern. But by 1993–1995, the rate and severity of acts of terror, for example, were

7 https://www.grunge.com/355888/the-story-behind-the-largest-bioterrorist-attack-in-u-s-history.
6 1 The Challenge

increasing and becoming more alarming to the federal government. The 1993 attack on the World Trade Center led by
Ramzi Yousef, the acts and eventual capture of the Unabomber (1995), the devastating attack on the Federal Building in
Oklahoma City, Oklahoma (1995), and the Sarin gas attack in a Tokyo subway in 1995, suggested a trend. Acts of violence
by nongovernmental organizations (NGOs) were increasing, and as a byproduct, raising the level of public awareness. Soon
these acts would be attributed to terrorists and move from the back to the front page of the media. Within a short period of
5–6 years, response to unlawful terrorism would become known as the Global War on Terrorism (GWOT) and reached a
threshold that deserved national attention.
The importance of infrastructure for the safety and security of the US population began to take shape. But the threat was
still confined to human-­initiated acts of terror. One of the earliest concerns was the fragility and vulnerability of the sys-
tems we depend on daily, such as roads, bridges, stadiums, schools, shopping malls, and office buildings. These facilities
accommodate many people and yet they are completely open and unprotected. The communication systems, health care,
energy, and power systems that run cities and enable modern society to function were also open and unprotected. The
emergency response systems and public health services taken for granted for decades were suddenly exposed as poorly
prepared. Modern life depended on them, and yet, these essential systems were vulnerable to attacks by both humans and
Mother Nature.
The modern origin of homeland security, and one of its pillars, critical infrastructure protection, can be placed some-
where between 1993 and late 1995. In fact, 1995 is a reasonable start date because of the flurry of activity aimed at protect-
ing national infrastructure and key assets (CIKR) after 1995. Presidential Decision Directive 39 (PDD-­39) issued by
President Clinton in 1995 set the stage for what was to come – a new Federal Department of Homeland Security. PDD-­39
essentially declared war on terrorists8:

It is the policy of the United States to deter, defeat and respond vigorously to all terrorist attacks on our territory
and against our citizens, or facilities, whether they occur domestically, in international waters or airspace or on
foreign territory. The United States regards all such terrorism as a potential threat to national security as well as
a criminal act and will apply all appropriate means to combat it. In doing so, the U.S. shall pursue vigorously
efforts to deter and preempt, apprehend and prosecute, or assist other governments tov prosecute, individuals
who perpetrate or plan to perpetrate such attacks.
We shall work closely with friendly governments in carrying out our counterterrorism policy and will support
Allied and friendly governments in combating terrorist threats against them. Furthermore, the United States shall
seek to identify groups or states that sponsor or support such terrorists, isolate them and extract a heavy price for
their actions. It is the policy of the United States not to make concessions to terrorists.

The criticality of national infrastructure and associated key assets became an important issue when President Clinton
issued executive order EO-­13010 in 1996. This executive order established a Presidential Commission on Critical
Infrastructure Protection (PCCIP). The commission was chaired by Robert Marsh, and subsequently became known as the
Marsh Report [1]. It defined critical infrastructure in terms of “energy, banking and finance, transportation, vital human
services, and telecommunications.” The Marsh Report was the first publication to use the term critical infrastructure and
has become one of the foundational documents of critical infrastructure protection.
The Marsh Report and executive order EO-­13010 provided the first formal definition of infrastructure as “a network
of independent, mostly privately-­owned, man-­made systems that function collaboratively and synergistically to pro-
duce and distribute a continuous flow of essential goods and services.” And critical infrastructure is, “an infrastructure
so vital that its incapacity or destruction would have a debilitating impact on our defense and national security.”
According to Executive Order 130109:

Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact
on the defense or economic security of the United States. These critical infrastructures include telecommunica-
tions, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water
supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government.
Threats to these critical infrastructures fall into two categories: physical threats to tangible property (“physical

8 http://www.fas.org/irp/offdocs/pdd39.htm.
9 http://www.fas.org/irp/offdocs/eo13010.htm.
 1.1 ­The Evolution of Critical Infrastructure Protectio 7

threats”), and threats of electronic, radio frequency, or computer-­based attacks on the information or
­communications ­components that control critical infrastructures (“cyber threats”). Because many of these critical
infrastructures are owned and operated by the private sector, it is essential that the government and private sector
work together to develop a strategy for protecting them and assuring their continued operation.

The work of the PCCIP resulted in PDD-­63 (Presidential Decision Directive of 1998), which defined critical infrastruc-
ture more specifically and identified basic sectors of CIKR. According to PDD-­63:

Critical infrastructures are those physical and cyber-­based systems essential to the minimum operations of the
economy and government. They include, but are not limited to, telecommunications, energy, banking and finance,
transportation, water systems and emergency services, both governmental and private.10

The definition of critical infrastructure in PDD-­63 went through rapid evolution and expansion after the attacks of 9/11.
The office of the President of the United States released the National Strategy for Homeland Security in July 2002 and then
rapidly followed up with an expansion of the definition of critical infrastructure sectors in February 2003 with the release of
The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets [2].
According to the 2003 strategy document, the objectives of CIKR protection include:
●● Identifying and assuring the protection of those infrastructures and assets that we deem most critical in terms of national-­
level public health and safety, governance, economic and national security, and public confidence consequences;
●● Providing timely warning and assuring the protection of those infrastructures and assets that face a specific, imminent
threat; and
●● Assuring the protection of other infrastructures and assets that may become terrorist targets over time by pursuing spe-
cific initiatives and enabling a collaborative environment in which federal, state, and local governments and the private
sector can better protect the infrastructures and assets they control.
In addition, the 2003 National Strategy lists five key resources (KR):
●● National Monuments and Icons
●● Nuclear Power Plants
●● Dams
●● Government Facilities
●● Commercial Key Assets
1998 was a year of ramping up counterterrorism programs. Major initiatives besides PDD-­62 (Countering Terrorism),
PDD-­63 (Critical Infrastructure Protection), and PDD-­67 (Continuity of Government) were the creation of a variety of
programs:
●● National Infrastructure Protection Center established in the Department of Justice
●● Chemical Safety Board formed
●● National Domestic Preparedness Office created in Department of Justice
●● Critical Infrastructure Analysis Office (CIAO) established
●● Counterterror Coordination Unit in National Security Council formed
●● Congress earmarks $17 M for Special Equipment and Training Grants
●● Attorney General announces creation of National Domestic Prep. Office (NDPO)

1.1.4 Public–Private Cooperation

By 1999 some experts believed that most infrastructure in the United States was owned by the private sector – not
­government. The Internet was commercialized in 1998, and the Communications and Electrical Power sectors were in the
process of being deregulated. Control of most public utilities was in the hands of corporations. It appeared that the private

10 http://www.fas.org/irp/offdocs/pdd/pdd-63.htm.
8 1 The Challenge

sector owned or operated most infrastructure considered “critical.”11 Thus, in 1999 President Clinton established NIAC
(National Infrastructure Assurance Council) to bring industry and government closer together. According to Executive
Order 13130, NIAC was established to facilitate the partnership through PS-­ISAC (Public Sector Information Sharing and
Analysis Centers)12:

By the authority vested in me as President by the Constitution and the laws of the United States of America, includ-
ing the Federal Advisory Committee Act, as amended (5 U.S.C. App.), and in order to support a coordinated effort
by both government and private sector entities to address threats to our Nation’s critical infrastructure, it is hereby
ordered as follows:
Section 1. Establishment.
a) There is established the National Infrastructure Assurance Council (NIAC). The NIAC shall be composed of not
more than 30 members appointed by the President. The members of the NIAC shall be selected from the private
sector, including private sector entities representing the critical infrastructures identified in Executive Order 13010,
and from State and local government. The members of the NIAC shall have expertise relevant to the functions of
the NIAC and shall not be full-­time officials or employees of the executive branch of the Federal Government.
b) The President shall designate a Chairperson and Vice-­Chairperson from among the members of the NIAC.
c) The National Coordinator for Security, Infrast­ructure Protection and Counter-­Terrorism at the National Security
Council (National Coordinator) will serve as the Executive Director of the NIAC.
d) The Senior Director for Critical Infrastructure Protection at the National Security Council will serve as the
NIAC’s liaison to other agencies.
e) Individuals appointed by the President will serve for a period of 2 years. Service shall be limited to no more than
3 consecutive terms.
Section 2. Functions.
a) The NIAC will meet periodically to:
1) enhance the partnership of the public and private sectors in protecting our critical infrastructure and provide
reports on this issue to the President as appropriate;
2) propose and develop ways to encourage private industry to perform periodic risk assessments of critical pro-
cesses, including information and telecommunications systems; and
3) monitor the development of Private Sector Information Sharing and Analysis Centers (PS-­ISACs) and provide
recommendations to the National Coordinator and the National Economic Council on how these organizations
can best foster improved cooperation among the PS-­ISACs, the National Infrastructure Protection Center
(NIPC), and other Federal Government entities.
b) The NIAC will report to the President through the Assistant to the President for National Security Affairs, who
shall assure appropriate coordination with the Assistant to the President for Economic Policy.
c) The NIAC will advise the lead agencies with critical infrastructure responsibilities, sector coordinators, the
NIPC, the PS-­ISACs and the National Coordinator on the subjects of the NIAC’s function in whatever manner
the Chair of the NIAC, the National Coordinator, and the head of the affected entity deem appropriate.

1.1.5 Federalism: Whole of Government

The National Strategy document of 2003 declares that homeland security, and CIKR in particular, are “whole of government”
responsibilities. “Homeland security, particularly in the context of critical infrastructure and key asset protection, is a
shared responsibility that cannot be accomplished by the federal government alone. It requires coordinated action on the
part of federal, state, local, and tribal governments; the private sector; and concerned citizens across the country.”13
But in practice, the strategy places most of the power – and all of the funding – in the hands of the federal government.
For example, all responsible agencies are federal government agencies instead of state, local, or tribal agencies. The federal
government assumed this responsibility even before the creation of the DHS in 2003. The President’s Critical Infrastructure

11 The source of this claim has never been found, but a popular meme of the time was that the private sector owned or operated 85% of the
critical infrastructure in the United States.
12 http://www.archives.gov/federal_register/executive_orders/1999.html#13130.
 1.1 ­The Evolution of Critical Infrastructure Protectio 9

Protection Board (PCIPB) was one of the earliest federal government agencies created as a consequence of 9/11. It was fol-
lowed by a flurry of additional government bureaucracies created to counter terrorism and natural disasters – incidents
that appeared to be rising exponentially.
By Executive Order 13231 (October 2001), President Bush created the President’s Critical Infrastructure Protection Board
(PCIPB), with primary responsibility to develop policies to protect the information infrastructure of the federal govern-
ment. EO-­13231 recognized the growing importance of telecommunications and Internet infrastructure as well as its inter-
dependency with other sectors. Without information systems, the US Federal Government could not continue to operate
in the event of an attack:

Consistent with the responsibilities noted in section 4 of this order, the Board shall recommend policies and
coordinate programs for protecting information systems for critical infrastructure, including emergency preparedness
communications, and the physical assets that support such systems.

In 2002 President Bush signed the Homeland Security Bill, establishing the new DHS. It began operation in February
2003 and incorporated 22 agencies that were scattered throughout the federal bureaucracy. This included the NCS, CIAO,
and Department of Justice Office of Domestic Preparedness, along with a number of other large agencies such as the TSA,
INS, Border Patrol, and Coast Guard. Protection of critical infrastructure continued to expand and become one of the major
responsibilities of the DHS.
Presidential directive HSPD-­5 (February 2003) and its companion, HSPD-­8 (December 2003) authorized the Secretary of
DHS, “to prevent, prepare for, respond to, and recover from terrorist attacks, major disasters, and other emergencies.”13 In
December 2003 President Bush replaced PDD-­63 with HSPD-­7 (Homeland Security Presidential Directive #7). It rewrote
the list of sectors and sector-­specific agencies responsible.
HSPD-­7 does not specify who is responsible for several of the sectors previously identified as “critical.” It appears that
HSPD-­7 was written to address in-­fighting among departments and agencies that may have felt left out of the National
Strategy. Alternatively, the purpose of HSPD-­7 may have been to include departments and agencies that have expertise in
fields such as cyber, chemical, and nuclear security. For whatever reason, HSPD-­7 leaves some responsibilities unspecified
and spreads others across multiple departments.
For the first time, HSPD-­7 declared that it is impractical to protect everything and focused effort on major incidents –
ones that cause mass casualties comparable to the effects of using weapons of mass destruction:

While it is not possible to protect or eliminate the vulnerability of all critical infrastructure and key resources
throughout the country, strategic improvements in security can make it more difficult for attacks to succeed and can
lessen the impact of attacks that may occur. In addition to strategic security enhancements, tactical security improve-
ments can be rapidly implemented to deter, mitigate, or neutralize potential attacks … Consistent with this directive,
the [DHS] Secretary will identify, prioritize, and coordinate the protection of critical infrastructure and key resources
with an emphasis on critical infrastructure and key resources that could be exploited to cause catastrophic health
effects or mass casualties comparable to those from the use of a weapon of mass destruction. [3]

By 2009, the number of sectors and KR had expanded even more, culminating in 18 CIKR: critical manufacturing was
added, and Information Technology and Communications were separated into two sectors.14 In less than a decade, the
number of CIKR expanded from 8 to 18. At this pace, CIKR would embrace just about every aspect of society, from
­communications, power, and health care, to the food we eat, water we drink, and work we do. If CIKR embraces nearly
everything, perhaps it means nothing. What then is the main goal of CIP?
HSPD-­5/HSPD-­8 were expanded by President Obama on 30 March 2011, to strengthen, “… the security and resilience of
the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation,
including acts of terrorism, cyberattacks, pandemics, and catastrophic natural disasters.”15 President Obama pared down
the number of CIKR in HSPD-­7 to 16 sectors and key resources in PPD-­21 (2013), see Table 1.1. Postal and shipping was
folded into Transportation and National Monuments and Icons was removed. In addition, the sector-­specific agencies

13 HSPD-5 (2003).
14 National Infrastructure Protection Plan (NIPP): Partnering to enhance protection and resiliency, 2009.
15 PPD-8 (2011).
10 1 The Challenge

Table 1.1 CIKR as defined by PPD-­21 (2013).

Sector Sector-­specific agency

Chemical Department of Homeland Security

Commercial facilities Department of Homeland Security
Communications Department of Homeland Security
Critical manufacturing Department of Homeland Security
Dams Department of Homeland Security
Defense industrial base Department of Defense
Emergency services Department of Homeland Security
Energy Department of Energy
Financial services Department of the Treasury
Food and agriculture U.S. Department of Agriculture and Department of
Health and Human Services
Government facilities Department of Homeland Security and General Services
Administration
Health care and public health Department of Health and Human services
Information technology Department of Homeland Security
Nuclear reactors, materials, and waste Department of Homeland Security
Transportation systems Department of Homeland Security and Department of
Transportation
Water and wastewater systems Environmental Protection Agency

responsible for each CIKR were sharpened with more authority given to the DHS. Thus, the long-­term definition of critical
infrastructure was established, but it emphasized physical assets more than cyber assets. This changed in 2018.
A series of events precipitated a major re-­alignment within DHS in late 2018. Major information security breaches of
NSA (National Security Agency) documents by Edward Snowden in 2013, followed by Wiki leaks releasing emails and
documents exfiltrated from the Democratic National Committee during the 2016 US Presidential election campaign,
and misinformation campaigns waged by the Russian Internet Research Agency attempting to influence the 2016 US
Presidential election precipitated a renewed focus on cyber as well as physical security within the DHS. The 2018 CISA
legislation created the CISA organization.
On 16 November 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018
(CISA). This legislation emphasized cybersecurity for the first time and replaced the National Protection and Programs
Directorate (NPPD) with the Cybersecurity and Infrastructure Security Agency also referred to as CISA.
CISA’s Cybersecurity Division works with government and private sector customers to ensure the security and resilience
of the nation’s cyber infrastructure. The division includes the National Cybersecurity Communications Integration
Center (NCCIC).
The Emergency Communications Division enhances public safety interoperable communications at all levels of
­government, providing training, coordination, tools, and guidance to help partners across the country develop their
emergency communications capabilities.
The Infrastructure Security Division coordinates security and resilience efforts using trusted partnerships across the
private and public sectors and delivers training, technical assistance, and assessments to federal stakeholders as well as
to infrastructure owners and operators nationwide.
The National Risk Management Center (NRMC) works to identify and address the most significant risks to our nation’s
critical infrastructure.
The CISA leads the national effort to defend critical infrastructure against the threats of today while working with
­partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow.
 1.2 ­Defining CIKR Risk and Resilienc 11

1.2 ­Defining CIKR Risk and Resilience

A number of competing and sometimes overlapping frameworks exist for organizing efforts to protect critical infrastruc-
ture systems. These frameworks can be roughly categorized as political, qualitative, quantitative, and regulatory/
legal. It is important to note that other frameworks exist in both theory and practice. Frameworks are used as a lens
through which the practitioner views his or her job.
Political frameworks have existed since the beginning of government’s recognition of CIKR as a federal, state, local, and
tribal responsibility. For example, the first allocation of resources formula to combat terrorist attacks on CIKR was based
on a mix of population and politics. Each region was allocated funding regardless of the need. Emergency response facili-
ties such as firefighting equipment were funded regardless of risk or the likelihood of threats. Politically, this made sense,
because large population centers are where the voters are. However, the embarrassing reality is that some of the most
­critical assets such as the largest nuclear power plant in the nation are located far from population centers. Threats are
more likely to be high where critical infrastructure assets are high valued or high impact, regardless of population or risk.
Qualitative frameworks such as the National Institute of Standards and Technology (NIST) cybersecurity framework
began to appear as checklists and recommendations to owners and operators of industrial control systems, power grids,
and water system Supervisory Control and Data Acquisition (SCADA). Executive order EO-­13636, Improving Critical
Infrastructure Cybersecurity (February 2013) and the Cybersecurity Enhancement Act of 2014 (CEA) established the role of
the NIST in identifying and developing cybersecurity risk frameworks (CSF) for use by critical infrastructure owners and
operators. NIST claims the CSF is, “a prioritized, flexible, repeatable, performance-­based, and cost-­effective approach,
including information security measures and controls that may be voluntarily adopted by owners and operators of critical
infrastructure to help them identify, assess, and manage cyber risks.”
Version 1.1 (April 2018) of the CSF prescribes a five-­step process along with checklists of recommended practices:

1) Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and
capabilities. Understanding the business context, the resources that support critical functions, and the related cyberse-
curity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and
business needs.
2) Protect: Develop and implement appropriate safeguards to ensure delivery of critical services. This step supports the
ability to limit or contain the impact of a potential cybersecurity event.
3) Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
4) Respond: Support the ability to contain the impact of a potential cybersecurity incident.
5) Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities
or services that were impaired due to a cybersecurity incident.
The framework is a hierarchical checklist for computer system owners and operators. For example, the Protect step
might be further decomposed into sub-­steps:
User credential verification, revocation, and device authorization
Physical access permissions
Remote access permissions
Network configuration and integrity
Personnel awareness and training
Data security – at rest and in transit
Data capacity assurance
Separation of development systems from operational systems
Configuration change controls
Backup maintenance
Response and recovery plans are tested
Vulnerability management plan in place
Audit records implemented and maintained
Removable media is protected
Communications and control networks are protected
Failsafe, load-­balancing mechanisms implemented for resilience
12 1 The Challenge

While NIST claims CSF is a risk-­based approach to managing cybersecurity risk, the framework does not define risk or
resilience and offers no specific risk assessment methodology or model. Users are left to their own definition of risk and
resilience, which is often qualitative rather than quantitative.
Quantitative frameworks – the use of formulas and equations to quantify risk and resilience – have become known as
risk-­informed decision-­making within DHS. This is a rigorous and disciplined approach that assigns numbers to assets rep-
resenting probabilities and consequences. For example, the USCG MSRAM quantifies risk in terms of threat probability,
vulnerability probability, and consequence or cost due to damage. This rigorous approach assigns numbers to each attack
scenario on a port, and then ranks them for the purpose of funding improvements.
Regulatory/legal frameworks follow a similar process. However, for most of its history, DHS has deferred to other agen-
cies when it comes to tying CIKR security to regulations and legal requirements. Generally, regulation has been applied
more to safety and environmental protections than security. However, this remains a largely untapped potential source of
CIKR protection. For example, the vulnerability of the communications sector is heavily dependent on regulation and the
1996 Tele­communications Act, which created the highly critical carrier hotels and concentrated assets vulnerable to both
physical and cyberattacks.

1.2.1 Risk Strategy

The purpose of a risk strategy is to allocate resources optimally, according to some criterion. Specifically, infrastructure is
too vast, complex, and expensive to protect everything, and expertise among sector-­specific agencies is generally nonexist-
ent. This called for a narrower definition of objectives and operational definitions of goals, e.g. government had to define
what is critical in a critical infrastructure, and both public and private parties had to agree upon metrics for prioritizing
projects. Before a CIKR policy can be implemented, goals and objectives must be defined rigorously enough to imple-
ment them.
Policy stated the obvious – protect infrastructure from hazards such as terrorists, storms, and earthquakes. Protection
included both hardening and response when something bad happens. Funding is inadequate to protect everything, so
implementation depended on prioritization of critical infrastructure assets, which in turn depended on the definition of
criticality.
Two approaches were initially attempted. The first prioritization strategy was called risk-­informed and the second was
called resilience-­informed. Risk-­informed decision-­making means applying risk assessments to prioritize funding of pro-
jects to harden critical infrastructure assets. Resilience-­informed decision-­making means applying various methods to
enhance the resilience of infrastructure assets. Rather than hardening assets, resilience-­informed decision-­making attempts
to make assets adaptable and anti-­fragile. Both approaches have their strengths and weaknesses.
The fundamental question posed by a risk-­informed strategy is this: given limited resources of the federal government,
how should resources (funding) be allocated to reduce risk? How should priorities be set? Once again, we turn to the DHS
for definitions and guidance:
Threat/hazard: A human attack poses a threat while a weather event poses a hazard. Both terms are used to describe some-
thing that can harm CIKR, e.g. a terrorist with a bomb or a hurricane-­force wind to power lines.
Vulnerability: A weakness in a CIKR that may be exploited or lead to failure due to a threat or hazard.
Qualitative risk: The potential for an unwanted outcome resulting from threat/hazard – an incident, event, or occurrence, as
determined by its likelihood and the associated consequences.
Quantitative risk: Expected loss, i.e. the probability of a damaging threat/hazard multiplied by its consequences.
Risk-­informed decision-­making: The determination of a course of action predicated on the assessment of risk, the expected
impact of that course of action on that risk, and other relevant factors.
Risk management framework: A planning methodology that outlines the process for setting goals and objectives; identifying
assets, systems, and networks; assessing risks; prioritizing and implementing protection programs and resiliency strategies;
measuring performance; and taking corrective action.
The era of risk-­informed decision-­making evolved slowly from politically motivated allocation of resources to the quan-
tifiable and measurable five-­step process described above. Instead of dividing funding according to pressures from politi-
cians, risk-­informed decision-­making allocates funding according to the likelihood and consequence of an event. Risk is
defined in different ways by different sector-­specific agencies, but given a rigorous definition of risk, agencies can allocate
funds according to their impact on risk reduction.
 1.2 ­Defining CIKR Risk and Resilienc 13

1.2.2 Resilience Strategy Normal Collapse Recovery

P0
The vastness of single sectors makes it impossible to pro-
Triangle
tect everything. When multiplied by the large number of Performance
sectors and key assets, the challenge becomes insurmount-
able without some kind of prioritization. Furthermore, Pc
the concept of “100% security” began to vanish and be
replaced by an elusive concept – resilience. Instead of an
unyielding goal of 100% security, resilience was an intan-
Time
gible property of CIKR somewhere between absolute
t0 tr
security and absolute vulnerability. Instead of a secure
infrastructure, a resilient infrastructure was able to bounce Figure 1.1 A resilience triangle is formed by a collapse
back after being attacked or damaged by a storm, earth- followed by gradual recovery.
quake, terrorist attack, cyberattack, etc.
The February 2003 National Strategy document contained the word resilience three times. The NIPP 2009 document
mentions resilience 15 times. The 2013 PPD-­21 directive from President Obama incorporates resilience in its title and uses
the word 44 times.16 By 2013, the focus of CIKR had shifted from counterterrorism and all-­hazards preparedness to build-
ing resilience in both infrastructure and the population. With the rising awareness of global warming as a major hazard,
resilience and sustainability became a dominant theme. The era of resilient and sustainable infrastructure began, and
­terrorism, all-­hazards response, and weapons of mass destruction faded into the background.
Even a variety of qualitative definitions of resilience make it difficult to measure and apply. Vurgin et al. surveyed the
concept of resilience in infrastructure systems and offered a number of definitions [4]. Generally, resilience and sustaina-
bility are properties of a system – not a single asset. For example,

Given the occurrence of a particular disruptive event (or set of events), the resilience of a system to that event
(or events) is the ability to efficiently reduce both the magnitude and duration of the deviation from targeted system
performance levels. [4]

This definition is difficult to put into practice because it lacks quantifiable specifics. Bruneau et al. proposed a measura-
ble and operational model of resilience as shown pictorially in Figure 1.1. Damage to a system in the form of magnitude
and duration is represented by a triangular area notched out of the performance-­versus-­time diagram shown in Figure 1.1.
The resilience triangle represents loss due to a drop in performance followed by a recovery period that eventually restores
the system to its previous level of performance.
The difference between full performance and diminished performance represented by the resilience triangle defines the
system’s resilience. Smaller triangular areas represent greater resilience. The size of the triangular area is reduced by reduc-
ing: (i) recovery time, (ii) precipitous drop in performance, or (iii) both. In addition, the likelihood of a precipitous drop in
performance increases the frequency of collapses over time. Thus, reducing the size of the resilience triangle increases
resilience:
1) Speedup recovery: (tr−t0).
2) Reduce performance drop: (P0−Pc) and.
3) Decrease the probability of failure, V.
This metric quantifies the qualitative definition of resilience proposed in the NIPP 2009:

Resilience: The ability to resist, absorb, recover from, or successfully adapt to adversity or a change in conditions
(pp. 111).
More generally, resilience is the ability of a CIKR system to resist, absorb, adapt, and recover from a fault or
­system failure under stress.

16 Presidential Policy Directive-21 – Critical Infrastructure Security and Resilience.

14 1 The Challenge

But the resilience triangle model does not address resistance, absorption, adaptation, and recovery factors loosely defined by the
NIPP. How does a CIKR resist, absorb, or recover from adversity? How is the ability to resist, absorb, or adapt to adversity meas-
ured? These complex properties are addressed by a complex adaptive systems model of CIKR, described in more detail in Chapter 2.
In this book, risk and resilience will be defined in stochastic terms. The probability of a collapse of random size and dura-
tion becomes a problem of statistical analysis. Just as the probability or frequency of hurricanes of an uncertain size are
stochastic events, so is the ability to resist, adapt, and recover. The full story depends on at least a rudimentary understand-
ing of probability and statistics – a topic beyond the scope of this book.
Instead of a rigorous definition of resilience, we opt for defining measures that enhance resilience or processes that
reduce resilience. In general, resilience is a property of CIKR systems rather than single components, buildings, roads, or
computer systems. CIKR systems are stressed by a variety of threats and are plagued by a variety of weaknesses called vul-
nerabilities. These are described in the next chapter.

1.2.3 Sustainability Strategy

Along with increased interest and concern for global warming and its impact on CIKR, the US DHS began emphasizing
sustainability as a goal. Once again, a clear and concise definition is lacking. Qualitatively, sustainability is defined some-
what loosely as:

Sustainability: the ability to maintain or support a process continuously over time.

This simple definition belies the difficulty of building systems that are sustainable for extremely long periods of time.
Automobiles require replacement parts and eventually wear out over 20–30 years. And where can a 30-­year replacement
part be found? Sustainability implies a robust support system that defies wear-­and-­tear, obsolescence, and constantly sup-
plying “infinite” resources.
The 10,000-­year clock project initiated by Danny Hillis is an extreme example of the challenge of sustainability.17
According to its website, “[Hillis] wanted to build a clock that ticks once every year and decade, the century hand advances
once every 100 years, and the cuckoo comes out on the millennium. The vision was, and still is, to build a clock that will
keep time for the next 10,000 years.”
Building a durable clock is the least of Hillis’ problems. Where does one obtain replacement parts, say, 1000 years from
now? To be sustainable, the clock must be made of sustainable materials. Hillis favored rust-­proof metal and wood. Metal
does not rust or wear out, but it can break. So, Hillis had to accommodate repairing the sustainable clock. Wood is grown
in a nearby forest so that when wooden parts need to be replaced, workmen can chop down a tree. Hillis assumed that
humans will still be around 10,000 years from now!
The clock is located inside a mountain in West Texas to protect it against the weather. An orrery is included – a small physi-
cal model of Earth’s solar system. At the time of this writing, the clock has not been started on its 10,000-­year journey.

Carved into the mountain are five room-­sized anniversary chambers: 1-­year, 10-­year, 100-­year, 1,000-­year, and
10,000-­year anniversaries. The one-­year anniversary chamber is a special orrery. In addition to the planets and the
Earth’s moon, it includes the interplanetary probes launched during the 20th century. The Clock will activate and
run the orrery once a year on a pre-­determined date at solar noon.

The 10,000-­year clock is a good example of sustainability. However, CIKR is not designed to last 10,000 years, but perhaps
it should last hundreds of years.
The 10,000-­year clock is an extreme illustration of sustainability, and yet it does not get to the heart of the matter. To more
fully understand sustainability, we need to consider thermodynamics – the study of energy and energy transformation in a
working system. An adiabatic process occurs without transferring heat or mass between the system and its surroundings.
That is, it is closed. All systems are either adiabatic or diabatic, meaning there is a loss of mass or energy during operation.
Diabatic systems typically discard energy in the form of heat or light.
In general, CIKR are open diabatic systems with loss, while only a few Earth processes approximate the adiabatic ideal.
How might diabatic systems be constructed to approximate the adiabatic ideal? This is the challenge of sustainability
because an adiabatic system can theoretically run forever without wearing out or running down.

17 https://www.10000yearclock.net/learnmore.html
 1.2 ­Defining CIKR Risk and Resilienc 15

A circular economy is one that attempts to achieve adiabatic perfection. It is called circular because products of a ­circular
economy are recycled. Recycling consumes more energy, of course, so circular economies are approximations of adiabatic
systems that preserve energy and mass – an unrealistic goal. Instead, a circular economy attempts sustainability by recy-
cling and/or reusing mass and energy.
Contemporary examples of circular economies, i.e. sustainability – are cogeneration (the production of electricity using
waste heat from an industrial process or the use of steam from electric power generation as a source of heat), regenerative
braking in an electric car, and recycling of household garbage. Recycling solar panels makes electricity production circular,
as does the production of electricity from windmills when the windmills are recycled after they wear out. Sustainability
includes circular reuse of greenhouse gas (GHG) CO2 scooped out of the air, chemically combined with water to produce
kerosine that produces CO2 when burned to power, say, an airplane. Hence the cycle is completed.
Thus, sustainability is a goal defined as follows:
Sustainability goal: the goal of sustainability is to produce goods and services using processes as close to adiabatic as pos-
sible and employing circular economy principles where diabatic processes are used. In the context of CIKR, the goal is to
improve CIKR sustainability using circular economy principles.
Societal investments in six key green technologies could yield massive and lasting benefits for the US economy:
●● Advanced nuclear power generation
●● Clean steel production
●● Direct air CO2 capture
●● Mass adoption of electric vehicles
●● Green hydrogen as a natural gas replacement and for use in fuel cells
●● Long-­duration or grid-­scale energy storage
Together, a future green economy can have a market value of $2 trillion a year by 2050, equal to roughly 10% of current
US gross domestic product. This is the challenge for the twenty-­first century.

1.2.4 The Four Horsemen

The DHS recognizes the following threats/hazards18:
●● Climatological events (extreme temperatures, drought, wildfires)
●● Hydrological events (floods)
●● Meteorological events (tropical cyclones, severe convective storms, severe winter storms)
●● Geophysical events (earthquakes, tsunamis, volcanic eruptions)
●● Pandemics (global disease outbreaks)
●● Space eeather events (geomagnetic storms)
●● Technological and industrial accidents (structural failures, industrial fires, hazardous substance releases, chemi-
cal spills)
●● Unscheduled disruptions (aging infrastructure, equipment malfunction, large-­scale power outages)
●● Criminal incidents and terrorist attacks (vandalism, theft, property damage, active shooter incidents, kinetic attacks)
●● Cyber incidents (denial-­of-­service attacks, malware, phishing)
●● Supply chain attacks (exploiting vulnerabilities to cause system or network failure)
●● Foreign influence operations (to spread misinformation or undermine democratic processes)
●● Untrusted investment (to potentially give foreign powers undue influence over American critical infrastructure)
This extensive list would fill a dozen books! Instead, we will examine four major groups, beginning with weather/climate
change/global Warming:
●● Weather/climate change/global warming
●● Accidents/aging/neglect
●● Terrorism/extremists
●● Cyber exploits/criminals

18 https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security-Resilience-110819-508v2.pdf
16 1 The Challenge

1.3 ­Weather/Climate Change/Global Warming

Global warming has become a controversial topic. Often weaponized for political purposes, the argument is moot –
the Earth is getting warmer, which leads to greater risk, especially to CIKR systems. Climate change is responsible
for storms, winds, fires, and perhaps even earthquakes of greater magnitude and duration than ever before – at least
as far back as we can tell. The impact on CIKR is obvious – we experience larger events more often and with greater
consequences.
Hence, a thorough understanding of climate change is a prerequisite to understanding the threat/hazard surface. The
following is a survey of climate change and its impact on risk and resilience of infrastructures [5]. Hopefully, the skeptical
reader will find answers to the following questions:

1) How do we know the Earth is warming up?

2) Hasn’t it happened before, so why worry?
3) Is it caused by humans, if so, can we do anything about it?
4) Is global warming just a passing bump in the weather road?

Life on Earth has been threatened so many times before that reports of existential near misses have become rather rou-
tine. For example, the Carboniferous Rainforest Collapse (CRC) 305 million years ago sent Earth into a short ice age that
eliminated dense vegetation in Europe and America. CRC created vast coal seams that we now burn as power plant fuel.
Some scientists claim it was the result of very large volcanic plumes that blotted out the sun. Others say it was caused by a
swarm of asteroids attacking all at once.
An even more serious event called the Permian–Triassic Extinction (Great Dying) occurred 252 million years ago, and
nearly ended us before we had a chance to begin. The Great Dying wiped out 96% of marine animals and 70% of terres-
trial life. It took 10 million years to recover! Again, the calamity was due to an abrupt climate change – a sudden release
of methane, which is a GHG. These gases are thought to have
North pole emanated from fires and volcanoes.
More recently, scientists using archeological traces found in
Greenland rocks, soils, and trees have evidence of abrupt cooling. The
Alaska
Younger Dryas Stadial event 12,000 years ago is known as the Big
Russia Freeze because immediately after the event, Earth’s temperature
suddenly dropped. This cold spell lasted for 1300 years and
United States Europe established the Siberian land bridge that opened the door
China between Asia and North America so humans could migrate into
the Western Hemisphere.
The Big Freeze might have been caused by a shift in the jet
India
Africa stream or an extreme solar flare, but a more likely explana-
tion is that spillage from Lake Agassiz stalled the meridional
South America overturning circulation (MOC) system of ocean currents that
Australia
warms the Northern Hemisphere. MOC is also a kind of ther-
mohaline circulation system that moves water and heat from
the southern to the northern hemisphere. But MOC and
thermohaline circulation are mouthfuls, so many people call
Antarctica
the North American thermohaline circulation system the
Figure 1.2 The Atlantic conveyor is part of the global Atlantic conveyor because it works like a heat conveyor belt
circulation system of water currents called moving warm water northward and cold water southward,
Thermohaline Circulation – the movement of oceans
see Figure 1.2. The Atlantic conveyor controls the tempera-
from the Southern Hemisphere to the North. Warmer
water flows from the Indian Ocean, around South Africa, ture of the entire planet much like a thermostat ­controls a
up the Gulf Stream bordering Eastern United States, and room’s temperature.
to Greenland. It distributes its heat to North America Earth’s temperature has never traveled in a straight line. It
and Europe and then cools in the North Atlantic. The
seems to oscillate from one extreme to another extreme.
cooler water sinks below the surface, and returns back
to the Antarctic and Indian Ocean, where the cycle Dansgaard–Oeschger (D–O) Events are periodic warming epi-
repeats. Source: Adapted from NASA/JPL [6]. sodes lasting a few decades followed by longer cooling periods.
 1.3 ­Weather/Climate Change/Global Warmin 17

The last one was 11,500 years ago. Greenland warmed by 4 °C within a relatively short 40 years, and then cooled down
only to warm up again.
Large sheets of ice, called glaciers, can also change the Earth’s temperature by melting and freezing. Bond Events are
warming-­cooling oscillations that occur about every 1470, plus or minus 500, years. They mostly happen in the North
Atlantic. Nine cycles have been observed so far. Fred Singer and Dennis Avery report, “The Earth has been in the
Modern Warming portion of the current cycle since about 1850, following a Little Ice Age from about 1300 to 1850. It
appears likely that warming will continue for some time into the future, perhaps 200 years or more, regardless of
human activity.”19
Recorded history of global warming and cooling suggests that the current warming period is just another natural event
and there is nothing to worry about. The difference now is that warming is happening at the speed and intensity never before
experienced. There is very little time to plan and adapt. Critical infrastructure must be protected now, and there is not much
time. Climate change is different this time because it is made by humans and it is happening fast.

1.3.1 The Carrington Event

Early in the morning of 1 September 1859, amateur astronomer Richard Carrington cranked open the dome of
his private observatory to scan the bright London sky. The sunspots attracted his attention, so he aimed his nine-
teenth century telescope toward the sun and began sketching what he saw, “two patches of intensely bright and
white light” erupting from the sunspots.20 The flares vanished almost as suddenly as they appeared, but within
hours, their impact was felt across the entire globe. Later that day, telecommunications (telegraph) began to fail
around the world. Some machines showered operators with sparks and set papers on fire. Bright and colorful aurora
borealis “light shows” appeared all over the planet. Some birds and people thought it was the beginning of a new day
and set about chirping and going to work. Other animals and people thought it was the Big One and began preparing
to meet their creator.
Carrington observed the largest known solar flare – a massive solar explosion with the energy of 10 billion atomic bombs.
Traveling at the speed of light across the 93 million miles between the sun and Earth, the flare eventually reached Earth.
Its electrified gas and subatomic particles produced a geomagnetic storm – dubbed the Carrington Event. Geomagnetic
storms contain highly charged EMP (electromotive potential) particles that play havoc with electronic systems. In 1883,
this meant telegraphy. But in 2023, messing with electronics means messing with just about everything we depend on for
modern life.
Ice core samples confirm that the Carrington Event was twice as big as any other solar storm in the last 500 years. A 2008
report from the National Academy of Sciences claims it could cause “extensive social and economic disruptions” due to its
impact on power grids, satellite communications, and GPS systems [7].
Power grid engineers are concerned that a Carrington Event might melt the copper wires in power lines and scramble
circuits in control computers. The impact could be enormous because modern life depends on electrical power to run the
Internet, transportation systems, factories, offices, and food and water supply systems. For example, a geomagnetic storm
in March 1989 left six million people in Quebec, Canada, without power for nine hours.
While scientists have been measuring Earth’s evolving and complex nature for perhaps hundreds of years, the Carrington
Event marks the beginning of climatology – the study of Earth’s climate. It embraces elements from atmospheric sciences,
physical geography, oceanography, and biogeochemistry. Moreover, Carrington’s hand-­drawn sketches of sunspots mark
the beginning of a new idea – that Earth is part of an ecosystem that extends beyond land, sea, and air.
Climatology is about systems and how they interact in complex ways. And as Earth’s ecosystem evolves, it changes the
very life it spawned. Humans are a product of this ecosystem. As it changes, so must we. The Carrington Event illustrates
the stochastic nature of catastrophic events – they are unpredictable, and their impact can be relatively small or
black swans.

19 The Physical Evidence of Earth’s Unstoppable 1,500-Year Climate Cycle. S. Fred Singer President, Science and Environmental Policy Project,
Adjunct Scholar National Center for Policy Analysis, and Dennis T. Avery, Senior Fellow, Hudson Institute. NCPA Policy Report No. 279
September 2005 ISBN #1-56-808-149-9.
20 http://www.thetruthdenied.com/news/2012/12/10/geomagnetic-storms-and-their-impacts-on-the-u-s-power-grid-pole-shift/.
18 1 The Challenge

1.3.2 Black Bodies

A few decades before Carrington discovered sunspots from observations made using his personal telescope, a Scottish
engineer named William Thomson was knighted for his role in laying the first transatlantic cable connecting Europe with
the new world. Sir William Thomson, Baron Kelvin of Largs, Lord Kelvin of Scotland (1824–1907) is better known for his
breakthrough paper, On an Absolute Thermometric Scale, an even greater contribution to science. Lord Kelvin calculated
the temperature of the coldest thing in the Universe, and established the yardstick used today to measure global tempera-
ture. Absolute zero is the temperature of matter when not a single molecule moves. Zero is −273 °C to you and me. It is
273 °C below the ­temperature of frozen ice. One-­degree K is equal to 1 °C, but measurements begin at zero in the Kelvin
scale, denoted by K.
All life on Earth depends on radiant energy from the sun, as shown in Figure 1.3. That energy is quickly turned into heat
to keep the oceans circulating, the air cycling, and plants and animals growing. Accordingly, the Earth must maintain a bal-
anced energy budget – an accounting system whereby heat arriving on Earth must also leave because if any heat is trapped
here on Earth, it contributes to a gradual (or abrupt) rise in temperature. And since terrestrial life has adapted to tempera-
tures in a relatively mild range centered on 288 K, any departure from this sweet spot is considered a threat to all life. Simply
put, all living things on planet Earth depend on a fragile balance between heat coming in and heat leaving the planet.
The famous Stefan–Boltzmann Law relates heat to Kelvin temperature. It says the amount of heat radiated by a com-
pletely black ball of matter is proportional to its temperature raised to the fourth power. As a result of these pioneers work,
today we measure temperature in °C or °K. The goal is to limit the rise in temperature to 1.5 °C. This may not seem like
much, but 4.0 °C crosses a tipping point leading to disaster.
The Earth is considered as gray body instead of a perfect black body, because much of sun’s energy bounces off the atmos-
phere, clouds, land, and sea. The process of reflecting heat is called albedo, and the fraction of energy reflected by a body is
called emissivity. The average emissivity of Earth is about 39%. This means only 61% of sun’s energy reaches Earth. Even
after the Earth’s continents and seas are heated by the remaining 61%, Earth temporarily stores accumulated heat and then
radiates it back into space, according to the Stefan–Boltzmann Law.
When Earth’s energy budget is in balance, heat in equals heat out, and life goes on.
If the sun were to stop shining, Earth would eventually return to absolute zero. If the sun’s radiation increased, as it does
during solar storms, Earth’s temperature rises until another equilibrium temperature is reached and the Stefan–Boltzmann
Law kicks in and radiates heat back into space to maintain equilibrium. If the sun’s rays remain unchanged, Earth’s heat

Incoming Outgoing
solar radiation long wave
Reflected
341.3 wm2 radiation
solar radiation
101.9 wm2 239 wm2
Reflected Emitted by
Atmospheric
by clouds atmosphere window
79 wm2 199 wm2 40 wm2

Absorbed by Absorbed by
atmosphere GHG Greenhouse
78 wm2 356 wm2 gases (GHG)

Reflected Back
by surface radiation
23 wm2 333 wm2

Thermals Evapo-
Absorbed Surface
reflected transpiration radiation
by surface 17 wm2 80 wm2 Absorbed
161 wm2 396 wm2
by surface
333 wm2
Earth
net 0.9 wm2

Figure 1.3 A simple model of the Earth’s heating and cooling system is sometimes referred to as the Earth’s energy budget.
Source: Adapted from NASA/JPL [6].
 1.3 ­Weather/Climate Change/Global Warmin 19

Temperature variation since 1880

1.6
1.4
Temperature variation, C

1.2
1.0
0.8
0.6
0.4
0.2
0.0
1860 1880 1900 1920 1940 1960 1980 2000 2020 2040
Year

Figure 1.4 Rise in SST from 1880 to 2020. Global temperature is increasing at an exponential rate.

budget remains in equilibrium between heat in and heat out. The Earth’s temperature remains steady under equilibrium
conditions.
The key to understanding global warming is in Figure 1.3, but the underlying mechanisms driving the processes in
Figure 1.3 are not well understood. This is why climatology is still a young science. A number of climatology models have
been developed and back-­tested to validate them against historical data. Admittedly, the evidence is more empirical than
theoretical, so a certain amount of skepticism is warranted. But it is a start.
The first question most people ask is, “How do we know the Earth is warming up?” That is, how do we know there is an
imbalance in Earth’s energy budget? To answer this question, we can study temperature anomalies recorded over the past
100 years or more. Anomalies are departures from recent historical measurements of temperatures taken throughout the
year and across the globe. Then we can compare recent measurements against previous years’ measurements to determine
the size of anomalies and determine any trends.
Figure 1.4 plots Sea Surface Temperature (SST) anomalies obtained from the dataset maintained by the UK Met Office
Hadley Center. It is one of the most trusted and respected science centers in climatology. SST readings are collected from
nearly 2600 latitude and longitude squares beginning at the International Dateline and the North Pole and moving ­eastward.
Obviously, these measurements exclude land temperatures. Also, they are anomalies, not absolute values. Therefore, an
anomaly of 0.5° means the temperature at that square is one-­half of a degree above an historical baseline value. Typically,
the baseline is an average calculated in 1960, 1980, or perhaps 1880 (pre-­industrialization). Figure 1.4 shows measurements
made relative to 1980.
Is warming caused by an increase in the world’s population? Is it caused by the GDP or public debt? All of these are
­increasing, and all correlate with SST! Correlation is not the same as causation, but if we are looking for a perfect fit, the
concentration of GHG in the atmosphere has the strongest correlation and a scientific basis for increasing SST. Using
Occam’s razor, increasing concentrations of GHGs are the best explanation for global warming. It is based on science,
not politics.
Table 1.2 lists the top sources of CO2 emissions in 2019. Note that two-­ Table 1.2 Contribution to global warming in
thirds of the problem is concentrated on two sectors – transportation and terms of CO2 emissions (2019).
electric power generations. Both are due to burning fossil fuels. This is where
we need to focus attention. This is where transformation will happen. Economic sector %CO2

Transportation 34.6
1.3.3 The Lightening Rod
Electric power 30.7
James Edward Hansen has been called a hero for advocating anthropogenic Industrial 15.6
(human-­caused) global warming and also criticized for overestimating its Residential 6.7
dangers. He is perhaps the staunchest spokesperson for global warming,
Commercial 4.8
having received numerous awards for his 40 years of climatology research
Other 7.6
and “courageous and steadfast advocacy in support of scientists’ responsi-
bilities to communicate their scientific opinions and findings openly and Source: Adapted from [8].
20 1 The Challenge

CO2 strongly correlated with temperature rise

450
425
400
CO2 concentration, ppm

375
350
325
300
275
250
225
200
–0.4 –0.2 0 0.2 0.4 0.6 0.8 1 1.2
Temperature, C

Figure 1.5 CO2 is the most consequential GHG since 1960. SST is strongly correlated with CO2 concentrations and suggests
continued increases unless CO2 emissions are reduced. Source: Adapted from [9].

honestly on matters of public importance.”21 In 2011, Hansen was arrested while protesting in front of the White House.
He has become a lightning rod in the debate over whether climate change is caused by industrialization or is simply
another Bond Event. If we believe Figure 1.5, CO2 emissions are driving global warming just as they did on Venus.
Hansen began his journey to celebrity as a 1960s and 1970s student of the Venusian climate. Venus’ climate may have
been similar to Earth’s several million years ago. But a runaway greenhouse effect evaporated its water and turned the sec-
ond planet into an uninhabitable hothouse. Hansen worries that Earth’s fate may be the same [10].
Furthermore, he believes that the future of Earth’s climate is in humanity’s hands. We can ruin the planet or save it, depend-
ing on our policy choices. We can prevent another runaway greenhouse disaster by shutting down coal-­burning power plants,
adopting energy efficiency policies, switching to renewable energy, converting our old dumb power grid to a smart grid, and
producing electricity using fourth-­generation nuclear reactors that burn nuclear waste rather than p
­ roducing it [11].
The bottom line is that we must turn to circular economy renewables to generate electricity and power everything with
electric motors instead of burning fossil fuels. And we have less than a decade to transition.

1.4 ­Consequences

Regardless of whether Hansen’s warnings come true or not, a prudent race of earthlings would be wise to prepare for the
worst. Otherwise, the Big One may be a black swan we cannot recover from. What if nothing is done to repeal projected
rises in temperatures around the globe? The Intergovernmental Panel on Climate Change (IPCC) report warns of disas-
trous consequences:
●● Warming lakes will reduce water quality.
●● Heat mortality will increase.
●● Diseases will spread more widely.
●● Droughts will induce water shortages.
●● Crop failures will lead to starvation.
●● Warming oceans will kill species and reduce food supplies. Rising sea levels will cause flooding.
●● Higher coastal waves will cause tsunami damage.
●● Intensified storms (superstorms) cause widespread damage.
It may be worse. The IPCC largely assumes linearity and ignores possible tipping points or black swans like a series of
Krakatau-­sized volcanoes, unexpected rises in aerosols, etc. Finally, nobody knows the effect of “deep-­ocean mixing,”
whereby deeper layers of the ocean absorb heat and CO2 to balance Earth’s energy budget. What if absorption of heat into
the ocean is delayed by 60 years?

21 http://en.wikipedia.org/wiki/James_Hansen.
 1.4 ­Consequence 21

We must hope for the best but be prepared for the worst. CIKR will be the first line of defense against crippling effects on
civilization.

1.4.1 Accidents/Aging/Neglect
One of the greatest American tragedies of infrastructure failure due to neglect and aging is the Flint Michigan drinking
water debacle. Flint is the birthplace of General Motors (GM) and had a population of 200,000 at one time. Then the
city’s economy failed, along with GM’s decline due to foreign imports. But in the 1980s, the population declined to
100,000 ­citizens of which 45% were living below the poverty line. In 2011 the city failed, financially, and the state of
Michigan took control.
In classic normal accident style (normal accidents will be studied in the next chapter), the state-­appointed emergency
manager ended the city’s practice of piping treated water from Detroit in favor of a cheaper alternative of pumping water
from the Flint River. Unfortunately, the Flint River served as a dumping ground for pollutants from adjacent industries and
wastewater from the city.

For more than a century, the Flint River, which flows through the heart of town, has served as an unofficial waste
disposal site for treated and untreated refuse from the many local industries that have sprouted along its shores,
from carriage and car factories to meatpacking plants and lumber and paper mills. The waterway has also received
raw sewage from the city’s waste treatment plant, agricultural and urban runoff, and toxics from leaching landfills.
Not surprisingly, the Flint River is rumored to have caught fire – twice.22

It did not take long before the residents started complaining about the foul water in their water faucets. Things got worse
when the city increased chlorine levels to treat the contaminated water. But this compounded the problem by making peo-
ple sick from elevated levels of cancer-­causing chemicals that are a byproduct of chlorination of water.

In early 2016, a coalition of citizens and groups – including Flint resident Melissa Mays, the local group Concerned
Pastors for Social Action, NRDC, and the ACLU of Michigan – sued the city and state officials in order to secure safe
drinking water for Flint residents. Among the demands of the suit: the proper testing and treatment of water for lead
and the replacement of all the city’s lead pipes. In March 2016, the coalition took additional action to address an
urgent need, filing a motion to ensure that all residents – including children, the elderly, and others unable to reach
the city’s free water distribution centers – would have access to safe drinking water through a bottled water delivery
service or a robust filter installation and maintenance program.
Those efforts paid off. In November 2016, a federal judge sided with Flint residents and ordered the implemen-
tation of door-­to-­door delivery of bottled water to every home without a properly installed and maintained fau-
cet ­filter. A more momentous win came the following March with a major settlement requiring the city to
replace the city’s thousands of lead pipes with funding from the state, and guaranteeing further funding for
comprehensive tap water testing, a faucet filter installation and education program, free bottled water through
the following summer, and continued health programs to help residents deal with the residual effects of Flint’s
tainted water.23

This terrible incident in Flint illustrates how critical and fragile an infrastructure like water and water treatment is to
daily life. Even simple things such as drinking water may be subject to collapse due to neglect, accident, or aging.

1.4.2 The Report Card

The American Society of Civil Engineers (ASCE) Report Card for America’s Infrastructure gave infrastructure a C-­grade in
2021, up from a D in 2020, see Table 1.3. When climate change is considered, the grade drops to an F. “We decided that, if
we add climate change to those grades, ­everything would be an F.”24

22 https://www.nrdc.org/stories/flint-water-crisis-everything-you-need-know#sec-summary.
23 https://www.nrdc.org/stories/flint-water-crisis-everything-you-need-know#sec-summary.
24 https://www.enr.com/articles/52849-asce-guide-examines-climate-change-threats-to-infrastructure-how-to-prioritize-projects.
22 1 The Challenge

Table 1.3 ASCE report card for 2021. Overall grade

of C− but trending up.

Infrastructure Grade

Aviation D+
Bridges C
Dams D
Drinking water C−
Hazardous waste D+
Inland waterways D+
Levees D
Ports B−
Public parks D+
Rail B
Roads D
Schools D+
Solid waste C+
Stormwater D
Transit D−
Wastewater D+

Source: Adapted from [12].

Of course, physical infrastructure is built by civil engineers, architects, and construction crews, so they are in a good
place to evaluate physical infrastructure. In 2022, the ASCE estimated the cost to upgrade US physical infrastructure sys-
tems at $2.6 trillion over 10 years. How will the money be spent? Priorities are difficult to be set when CIKR is interdependent –
a failure in one often cascades to another. The domino effect of one sector such as the power grid spreading a fault to
another sector such as communications and transportation (stop lights) complicates setting of priorities. Interdependencies
introduce complexity and complex systems behave in unexpected and nonlinear ways.

1.4.2.1 The Domino Effect

Interdependent complex systems that domino require special considerations. Cascading is the term used to describe the
spread of a fault in one place causing faults in other places. For example, the state of Texas experienced a black swan power
grid failure in 2021 due to an unusually cold winter storm. The Electric Reliability Council of Texas (ERCOT) relies on
natural gas production to generate electricity, and natural gas production relies on electricity to produce natural gas. Any
fault in the loop breaks the entire system. At one point during the 2021 storm, more than half of the state’s natural gas sup-
ply shut down because of power outages, frozen equipment, and weather conditions.
Cascading is more common than one might think because CIKR sectors are interconnected in most modern societies.
The potential for cascading is exacerbated by optimization and cost-­cutting to increase profits and efficiency. The Internet
is a classic example. Initially designed to be highly redundant and resilient, the number of servers and routes have consist-
ently centralized for economic reasons. Today’s Internet is vulnerable to cascade failures due to reduced servers and
links [13].

1.4.3 Terrorism/Extremists
Mohamed Mohamed el-­Amir Awad al-­Sayed Atta was born in Egypt on 1 September 1968. His strict father demanded his
children be educated, so Atta attended Cairo University to study architecture. In 1992 Atta entered the Carl Duisberg
Gesellschaft international student exchange program and moved to Germany where he lived in a house provided by a
Hamburg couple while attending the Technical University of Hamburg-­Harburg, majoring in urban planning. Upon gradu-
ating, he worked for Carl Duisberg as a tutor and seminar participant throughout Germany circa 1995–1997 [14].
 1.4 ­Consequence 23

Atta became more religious and more critical of the Gulf War and US policy in the Middle East while studying and
­working in Germany. According to the 9/11 Commission Report, Atta expressed anti-­Semitic and anti-­American sentiment
and condemned the “global Jewish movement centered in New York City” that supposedly controlled the financial world
and the media. Atta considered New York City the heart of America. If you want to kill America, strike its heart.
Mohammed Haydar Zammar claims he recruited Atta into al-­Qaeda. According to the FBI, Atta established the Hamburg
cell of the al-­Qaeda terrorist network when he moved into an apartment with alleged terrorists Said Bahaji and Ramzi
Binalshibh in November 1998. Many other al-­Qaeda members lived in the same apartment building, including Marwan
­al-­Shehhi, Zakariya Essabar, Waleed al-­Shehri, and others. Twenty-­nine men claimed the apartment as home while Atta’s
name was on the lease, including the 9/11 mastermind Khalid Sheikh Mohammed who repeatedly visited the apartment.
In late 1999 through early 2000, Atta, al-­Shehhi, Jarrah, Bahaji, and Binalshibh studied terrorist tactics with Osama bin
Laden at Tarnak Farms, near Kandahar, Afghanistan. The CIA observed Atta buying large quantities of chemicals after
returning to Germany in 2000. During this time Atta contacted 31 flight schools in the United States regarding flight train-
ing. Then he traveled to Prague, stayed overnight, and departed for the United States via Newark, New Jersey. The CIA
stopped watching Atta after he entered the United States on 3 June 2000. After all, the CIA does not spy inside of the United
States! The CIA’s job was done.
Atta and other hijackers in the United States began flight school training in July 2000. He and Marwan al-­Shehhi enrolled
at Huffman Aviation in Venice, Florida, where both men earned their instrument certificates from the FAA in November.
They continued flight training by watching flight deck videos purchased from Sporty’s Pilot Shop in Batavia, Ohio. They
even practiced flying commercial jets using the Boeing 727 simulator at the Opa-­locka Airport near Miami. Atta and
Marwan were awarded pilot’s licenses on 21 December 2000.
Throughout the summer of 2001, Atta visited Boston, San Francisco, Las Vegas, Spain, and Switzerland, apparently meet-
ing fellow terrorists to plan the 9/11 attacks. In July he met with Binalshibh in Spain, and according to U.S. officials and the
Spanish police, Atta drove halfway across Spain to meet with hijackers Wail and Waleed al-­Shehri, and Binalshibh. Pere
Gomez, manager of Hotel Monica in Spain, said the receptionist on duty refused to rent them a room because she did not
like the look of Binalshibh. They later returned and stayed the night. The growing network of hijackers reportedly met
­al-­Qaeda’s Spanish point man Imad Yarkas during this trip and coordinated the details of the 9/11 attacks. They ruled out
an attack on a nuclear plant and instead decided to hit the World Trade Center.
The day before 11 September 2001, Atta collected al-­Omari from the Milner Hotel in Boston and drove to a Comfort Inn
in Portland, Maine, where they spent the night in room 232 only to return back to Boston the following morning. Authorities
speculate that this maneuver was designed to avoid strict security checks at Logan Airport in Boston. At 6:45 a.m. on
11 September, Marwan al-­Shehhi called Atta to confirm that the attacks were ready to begin.
The plane departed Boston with 81 passengers at 7:59 a.m. At 8:24 a.m. air traffic controllers heard a voice believed to be Atta’s
saying, “We have some planes. Just stay quiet and you will be OK. We are returning to the airport. Nobody move, everything will
be OK. If you try to make any moves, you’ll endanger yourself and the airplane. Just stay quiet…”. Atta is believed to have been
the pilot of the plane when it crashed into the north tower of the World Trade Center 23 minutes later at 8:46:40 a.m.
Everyone on the planet remembers 9/11, when a group of terrorists attacked the United States using commercial airliners
as weapons. Whenever terrorism is discussed, most people think of the 9/11 terrorists. But terrorism is a narrowly defined
act committed by non-­state actors:

Terrorism: The threatened or actual use of illegal force and violence by a non-­state actor to attain a political, eco-
nomic, religious, or social goal through fear, coercion, or intimidation.

Data collected since 1970 suggests that most terrorist attacks are for political purposes and not to damage critical infra-
structure. With the exception of cybercrime, acts of terror are narrowly focused and declining. Summarizing25:
●● The highest proportion of unsuccessful attacks since 1970 occurred in 2011 – four out of nine recorded attacks were
unsuccessful.
●● From 2001 to 2011 California (40) and New York (19) experienced the most total terrorist attacks against the US homeland.
●● The three cities in the United States that experienced the most attacks from 2001 to 2011 were New York City (12),
Washington, DC (9), and Los Angeles (8).

25 https://www.theguardian.com/news/datablog/2013/apr/17/four-decades-us-terror-attacks-listed-since-1970#data.
24 1 The Challenge

●● The most common weapons used in terrorist attacks in the United States from 2001 to 2011 were bombs (53% of all
­weapons used) and explosives (20% of all weapons used).
●● For the period from 2001 to 2011, biological weapons were tied with firearms as the third most common weapon used in
terrorist attacks (both represented 8% of all weapons used). This is due to the anthrax attacks in October 2001.
●● From 2001 to 2011, the most common targets of terrorists in the United States were businesses (62 attacks), private
citizens and property (59 attacks), and government (43 attacks).
●● The three terrorist organizations with the largest number of attacks on the United States from 2001 to 2011 were the
Earth Liberation Front (50), the Animal Liberation Front (34), and al-­Qaeda (4).
Physical attacks with costly consequences aimed at infrastructure are rare [15]. The number of attacks since 1970 has
s­ teadily declined as well as the number of human casualties. Eighty-­nine percent of all deaths due to terrorist attacks in the
United States during this time period were caused by the 1995 bombing of the Alfred P. Murrah Federal Building in
Oklahoma City (5%) and the 11 September 2001 attacks (84%). More than 90% of all attacks that targeted critical infrastruc-
ture were nonlethal, compared to just over 80% of attacks that did not target critical infrastructure. In contrast, 15% of
attacks that did not target critical infrastructure resulted in a single death compared to 5% of attacks that did target critical
infrastructure.
Statistically, physical attacks on CIKR obey what is called a long-­tailed distribution, see Figure 1.6. By long-­tailed, we
mean that the distribution rapidly declines as the number of deaths or targets increases. The distribution is skewed to the
left with highly likely events of low consequence and rare events of high consequence.

Number USA attacks on CIKR (1970–2015)

2000 1854

1500
Number

1000

500
90 31 4 4 4
0
0 1 3 8 100 200
Deaths

Number USA attacks on CIKR (1970–2015)

500
454 433
450
400
350
300 281
Number

250 222
190
200
157
150 109
89
100
54 24 18
50
8 6 5 4 1
0
al

th

es

gy

re

al

ns

ls

s
en

ce

em

em

og

am
as

in

ia
ci

ic
al

tu
ic

er

tio
ur
m
er

er
vi
he

lb

ol
ul
rv

st

st

D
En

ca
n

ct
er

he
m

hn

at
ic
se
ria

sy

sy
er

ic

a
ls

i
om

,m
un
C

c
ag

uf
ov

bl

st

te
ia

e
an
nc
pu

tio

m
du
C

rs
G

at
c

n
om
an

to
ge

an

m
ta
in

ew

io
d

ac
or
an

at
n

er

al
e

C
od

t
Fi

as
s

sp

rm

re
ic
Em
en
lth

Fo

rit

,w
an

fo

ar
ea

ef

In

le
Tr

er
D
H

uc
at

N
W

Figure 1.6 CIKR attack statistics are long-­tailed – most attacks result in one death, most targets are in the commercial and
government sectors, and most are bombings.
 1.4 ­Consequence 25

By far the preferred weapon used in an attack is a bomb. Neither the attacks nor the weapons used are random. Therefore,
aggregation of results in terms of average value is meaningless. Instead, one has to study the distributions as illustrated.

1.4.4 Cyber Exploits/Criminals

Like a thief in the night, Code Red entered through an open door – port 80 – the same door used by browsers to access web
pages from anywhere in the world. But it wasn not looking for personal information – at least not yet. Named Code Red by
eEye Digital Security employees Marc Maiffret and Ryan Permeh, who were drinking Code Red Mountain Dew when they
first detected it, the software worm sent copies of itself to thousands of randomly generated Internet addresses as it blazed a
trail through the Internet. It jumped from computer to computer using the oldest cyber trick in the book – the buffer overflow
exploit. Posing as data, buffer overflow allows malicious code into your computer so a hacker can take control. In this case, the
impostor “data” would initiate a distributed denial-­­of-­service attack (DDOS) on the White House of the United States.
Silently and secretly, Code Red spread to other computers for 20 days, lying dormant inside of Microsoft’s Internet
Information Server until a certain time and date, when all copies simultaneously attacked www.whitehouse.gov. The force
of this malicious program was multiplied by infecting not just one, but nearly 400,000 unsuspecting “zombie” computers
before lashing out. Like a torrent of water released by a collapsing dam, millions of messages rushed toward the servers
located in Washington DC. Only this torrent wasn’t water. It was pure software – ones and zeros – that leapt from machine
to machine much like the spread of a modern Black Plague. Code Red flooded the www.whitehouse.gov servers with a tor-
rent of meaningless data.
Code Red recruited thousands of innocent and unsuspecting computers along its swath. The unsuspecting
­participants – called zombies – became unwilling co-­conspirators in a crime of national scope. Zombie computers form
a kind of network – a botnet – for the purpose of massively attacking a single target. Botnet zombies derive their power
from numbers: at a prespecified date and time, the entire botnet of zombies floods the victim’s computer with half-­
completed requests for attention. But once they get the victim’s attention, they ignore it!

1.4.4.1 Black Hats

Black Hats are malicious hackers – people who break into networks for the purpose of doing harm. They use a variety of
tools and techniques to perpetrate cyberattacks known as exploits. Script Kiddies are amateurs, but Black Hats are serious
criminals. They are also very clever and often border on genius. Perhaps this is one reason they are drawn to cybercrime – to
commit a serious cybercrime you have to be seriously clever. In some cases, Black Hats establish their reputation through
crime but earn their fortunes through honest security work at reputable Internet companies. When this happens, Black
Hats become White Hats.
DDOS attacks like Code Red are the oldest of all known cyber exploits. Robert Tappan Morris first demonstrated the
basic technique, while a student at Cornell University in 1988. At the time, his father, Robert Morris was a NSA scientist
working on cybersecurity! The Morris Worm was the first computer worm set free in the wild, as hackers say, and the first
to get out of control. Morris claims he was trying to see how large the Internet was by tracking where his worm went.
Unfortunately, the Morris Worm rendered more than 6000 machines unusable.
Pioneer Morris invented the first worm – a malicious program that travels on its own. Viruses have been around longer,
but they require human intervention because viruses travel with humans. For example, a virus might jump from one com-
puter to another via a shared disk drive or other storage device that is moved from one computer to another by a user.
A worm, on the other hand, spreads clandestinely through the Internet, via email attachments, web pages, etc.
Morris was also the first person prosecuted under the 1986 Computer Fraud and Abuse Act. He was convicted and sentenced
to three years’ probation, required to perform 400 hours of community service, and fined $10,000. But his story did not end
there. Like many hackers, Morris went on to become one of the foremost computer network researchers in the country.
He cofounded and sold a company named Viaweb to Yahoo for $48 million in 1995. Yahoo renamed it Yahoo Store. Later
he earned a Harvard PhD in 1999. Today he is a tenured professor of Computer Science at the MIT Computer Science and
Artificial Intelligence Laboratory researching network architectures.26 His friend and co-­entrepreneur partner Paul
Graham says, “Robert is never wrong.”27

26 www.itsecurity.com.
27 http://en.wikipedia.org/wiki/Robert_Tappan_Morris.
26 1 The Challenge

1.4.4.2 Cybercrime Pays

Morris avoided serving time, but 16-­year-­old Jonathan James achieved a small amount of fame as the first juvenile to serve
prison time for hacking. He targeted high-­profile organizations like NASA and the Department of Defense. According to
the Department of Justice, James cracked into NASA computer systems and downloaded the International Space Station’s
control software worth $1.7 million. NASA was forced to shut down its computer systems at a cost of $41,000. When
caught, James claimed the exploit helped him study C programming and observed that the NASA code was “crappy” and
hardly worth $1.7 million. He was banned from recreational computer use and eventually served six months in prison for
violation of parole. James’ ambition after getting out of jail was to start a computer security company and get rich the old-­
fashioned way – by earning it.
Adrian Lamo – the homeless hacker – cracked computer systems at The New York Times, Yahoo, Bank of America,
Citigroup, and Microsoft. Lamo, a Colombian-­American who lived in Wichita, Kansas, was once nicknamed the “homeless
hacker” because he would drift across the United States on Greyhound buses, finding shelter with friends or in vacant
buildings. Lamo would find flaws in his victim’s information technology security, exploit them, and then tell the companies
about their vulnerabilities. For example, he broke into the New York Times internal network to look at personal informa-
tion such as social security numbers. He may have pioneered another racket: a decade later, cyber extortion is big business.
Modern Black Hats extort World Wide Web companies by promising to not attack their sites in exchange for money.
He is perhaps best known for high-­profile hacks of companies like Microsoft, and later for turning in Chelsea Manning after
receiving leaked classified documents from her. Manning gave Lamo classified video allegedly showing a 2009 air strike in
Afghanistan that killed nearly 200 civilians.
Lamo was eventually caught and ordered to pay approximately $65,000 in restitution and sentenced to six months of
home confinement plus two years of probation. After his probation expired on 16 January 2007, Lamo began working as
an award-­winning journalist and public speaker. He was working for a threat analysis company in Sacramento, California
in 2009, according to his online bio. He died in 2010 at the age of 37.
Perhaps the best-­known Black Hat is Kevin Mitnick – the self-­proclaimed “hacker poster boy.” The Department of Justice
described him as “the most wanted computer criminal in United States history.” Mitnick may have benefitted from overly
exuberant publicity from two movies: Freedom Downtime and Takedown. Like traditional wiseguy gangsters, Mitnick began
his career as a small-­time thief, hacking the Los Angeles bus-­ticketing system for free rides. Then he dabbled in phone
phreaking – manipulating the telephone system to make free long-­distance calls. His online bio says, “[My] hobby as an
adolescent consisted of studying methods, tactics, and strategies used to circumvent computer security.”28
Mitnick was eventually caught and convicted of breaking into the Digital Equipment Corporation’s computer network and
stealing software. He served five years – about eight months of it in solitary confinement. He became a computer security
consultant, author, and speaker, appearing on 60 minutes, The Learning Channel, Court TV, Good Morning America, CNN,
and National Public Radio. He is the author of two books: The Art of Deception (2002) and The Art of Intrusion (2005).
Dark Dante, who is Kevin Poulsen in real life, worked for SRI International by day and hacked by night. His most famous
hack won him a brand-­new Porsche. Each week the Los Angeles radio station KIIS-­FM ran a “Win a Porsche by Friday”
contest. The station awarded a $50,000 Porsche 944 to the 102nd caller following a preannounced sequence of songs. When
the song sequence triggered the calling frenzy, Poulsen took over the station’s phone system, blocked out all other callers,
made call number 102, and drove away with the prize!
Poulson worked as a White Hat for the government but was drawn to the dark side as his skill and fame spread. In
another telephone exploit Dark Dante crashed the phone lines of the TV show Unsolved Mysteries after his photo appeared
on the show. More seriously, he hacked into the FBI database containing wiretap information – perhaps to punish the
FBI. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”29 When captured, authorities found so many
hacking devices they said Poulsen put James Bond to shame. After a 17-­month pursuit, Poulsen was captured in a super-
market and served 51 months in jail and was ordered to pay $56,000 in restitution.
Like so many other Black Hats, Poulsen got off easy, leveraged his expertise to get a lucrative job after serving time, and
achieved more celebrity than notoriety.30 Poulsen became a senior editor for Wired News, specializing in cybercrimes and
the people who do them. His most prominent article exposed 744 sex offenders for exploiting MySpace profiles. It seems
that our society rewards genius even when it leads to a life of crime. Who says crime does not pay?

28 http://mitnicksecurity.com/media/Kevin_Mitnick_Bio_BW.pdf.
29 http://library.thinkquest.org/04oct/00460/poulsen.html.
30 https://www.wonderslist.com/top-10-black-hat-hackers.
 1.4 ­Consequence 27

1.4.5 The Soft War

Cyber exploits are not all done by freelance Black and White Hats. Governments are getting into the business from the
offensive side. In May 2007, US President Bush authorized the NSA to launch cyberattacks on the cellular phones and
computers operated by insurgents in Iraq to coordinate roadside bombings. The insurgents were recording the strikes and
then posting the videos on the Internet to recruit followers.31 More interesting, however, was the way the American forces
used cyber exploits to deceive the insurgents. By hacking into their network and sending messages to the unwitting insur-
gents, the Americans led the insurgents into a trap set by waiting U.S. soldiers. Cyber exploits in the virtual world can have
serious consequences in the real world.
These military hacks were partly responsible for the success of the 2007 surge in Iraq. They allowed military planners to
pinpoint and kill the most influential leaders with minimal collateral damage. But using this technology on the battlefield
is more significant than Black Hat hacking because it introduces a new weapon into modern warfare. In fact, the war in
Iraq was as much about psyops and cyber countermeasures as it was about bombs and IEDs.
The commander of coalition forces in Iraq – General Petraeus – believes in cyberwarfare. Testifying before Congress in
September 2007, the General said, “This war is not only being fought on the ground in Iraq but also in cyberspace.” The
Defense Department’s Cyber Command’s job is to defend military computer networks as well as go on offense and attack
the enemy’s network infrastructure. But the United States is not the only country to go on the cyber offensive. In addition
to traditional hot wars, nations are now ramping up to fight soft wars.
In August 2008, a dispute between the Russian Federation and neighbor Georgia over a region called South Ossetia
located on the border between Georgia and Russia initiated a vigorous and effective cyber exploit designed to augment
physical conflict between Russian and Georgian military forces. The strife began when Georgian forces launched a surprise
attack against South Ossetia separatist forces on 7 August. On 8 August, Russia responded by sending troops into Georgian
territory, which Georgian authorities viewed as Russian aggression against Georgia.
Cyberattacks were launched against a large number of Georgian government websites prior to the physical attacks. The
exploits primarily defaced public websites and denied service to a number of other sites. Attacks lasted from two to six
hours, and damages were relatively low. In some cases, websites were disabled for days following the disruptive attacks.
At first, it appeared that Russian forces were behind the cyberattacks. Later, it was discovered that the attacks were car-
ried out by Black Hats – perhaps located in Russia, but not necessarily supported by the Russian military. Research suggests
that the Russian government also did nothing to stop the attacks coming from Russia. It is impossible to trace the DDOS
attacks to their origin because the botnet used zombies. Apparently, the aim of the attackers was to block governmental
operations and discredit the Georgian government. Georgia’s government was unable to get its point of view out to the rest
of the world.
Strategies like President Bush’s authorization of information warfare against Iraqi insurgents can also backfire and get
out of control much as Morris’s Worm did. For example, military planners rejected a proposed cyberattack on Iraq’s bank-
ing system because those networks were connected to banks in France. An attack of global proportions might take down
the entire banking system! A global cyber contagion may be easier to start than to stop.
These examples illustrate how assaults on the information infrastructure of companies and countries are tools for both
good and evil. Criminals use exploits for fame, financial gain, or mischief. Countries use exploits for political and psycho-
logical offenses. Some experts claim that terrorist groups such as al-­Qaeda purposely do not try to destroy the Internet
because they benefit from it too!
In any case, offensive and defensive exploits are not unlike hurricanes. They are virtual storms blowing through cyber-
space. While Internet storms may be caused by humans instead of Mother Nature, they also take on characteristics of
­natural catastrophes. They are unpredictable, extreme, and rare.

1.4.6 Cyberattacks and CIKR

Cyberattacks are asymmetric – they are inexpensive to build and buy but capable of causing great financial harm. It only
takes knowledge of the Internet and coding skills to build a malicious worm, virus, or botnet. Moreover, off-­the-­shelf
malicious code is available for purchase over the web! Anyone can buy one and unleash an exploit on the global Internet.
The number of exploits, and cost of recovery, is growing exponentially, see Figure 1.7.

31 http://www.itsecurity.com.
28 1 The Challenge

Growth of cyberattacks on infrastructure

5,000
4,500
4,000
IC3 number (000), forecast

3,500
3,000
2,500
2,000
1,500
1,000
500
0
2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030
Year

Figure 1.7 Cyberattacks are on the rise, and the forecast is not getting better. Globally, exploits cost trillions of dollars per year.

The most famous exploit against infrastructure so far is Stuxnet – the worm that took down Iran’s nuclear processing
centrifuges in 2009.32 The Stuxnet worm spread via USB drives that had to be inserted into a control system computer in
order to spread.

Stuxnet is a computer worm, reportedly developed and launched by the United States and Israel, that specifically
targets programmable logic controllers (PLCs) that control the automation of electromechanical processes, such
as those used for centrifuges. It is considered to be the first cyber weapon used in the world due to its ability to
cause physical destruction and the first known malware designed to infect industrial control systems (ICS).
Stuxnet is typically introduced to a network via an infected USB drive and contains three modules: a worm that
executes the main payload, an LNK file that automatically executes the propagated worm copies, and a rootkit
that hides all malicious files and processes to evade detection. The worm propagates across the network searching
for Siemens Step 7 software on computers controlling PLCs. Once the targeted machine is found, the malware
injects the rootkit onto the PLC and Step 7 software, modifies the code, and sends commands to the PLC while
displaying normal ­operation system information to the end user. Stuxnet was used specifically to target centri-
fuges at Iran’s uranium enrichment facility outside Natanz, Iran. It manipulated valves on the centrifuges,
increasing and decreasing their speed, putting additional pressure on them, and ultimately damaging the
machines until they no longer functioned.
Stuxnet found the controlling software for the centrifuges, seized control, and manipulated the speed of the centri-
fuges. The malware forced the centrifuges to spin very fast for 15 minutes and then return them to normal speed. Within
five months of the attack, the excessive speed changes caused the machines to break, resulting in the loss of about
1,000 centrifuges.
Unfortunately, Stuxnet was unintentionally unleashed in the wild, reportedly, when one of the engineers at an
infected facility connected his work laptop to his home network. It infected many more machines than originally
intended.

While typical attacks on infrastructure do not result in deaths, the cost of recovery may be large due mainly to labor. The
exception, of course, is ransomware, in which the threat actors encrypt files and then blackmail system owners and
­operators to pay a ransom to unlock their encrypted files. More on this in subsequent chapters.

32 https://www.cyber.nj.gov/threat-center/threat-profiles/ics-malware-variants/stuxnet.
  ­Reference 29

1.5 ­Discussion

The following are offered as thought-­provoking questions to stimulate discussion.

A. The DHS has an evolving strategy that changes ­relatively quickly as compared to other government agencies such as
the National Science Foundation, Department of Defense, and Department of Agriculture. Explain why this is the case
and evaluate both pro and con arguments for a shifting strategy.
B. An enduring theme of critical infrastructure protection in the United States has centered on strong leadership from the
federal government but with engagement at the state, local, and tribal levels. Alternatives to this vertical integration of
governmental control have not emerged beyond early discussions of the National Guard as protector. Is vertical integra-
tion the best approach? What are alternatives and why might they provide better security?
C. Immediately following the 9/11 attacks the mantra of homeland security was to protect, defer, respond, and recover.
This mantra has disappeared from the discussion over the years leaving most of the emphasis on recovery. Argue either
in favor or opposition to this narrowing down of focus. Why is not protection a bigger piece of the strategy?
D. Qualitative analysis methods are by far more prevalent in critical infrastructure analysis than quantitative methods.
The reason is obvious – quantitative analysis is difficult. Argue either in favor of quantitative methods or qualitative
methods pointing out pros and cons of each.
E. The DHS employed 225,000 people in 2019 and consumed nearly $50 billion. Is it worth it? What are the alternatives?
F. The characterization of threat as the four horsemen may be too simplistic. What is the advantage – and ­disadvantage –
of focusing on these versus the full list provided by DHS?
G. Is the heavy focus on sustainability and resilience in the face of extreme weather and climate change justified? Is the
emphasis on cybersecurity also emphasized? What happened to the concern for terrorists and terrorist attacks?
H. Is the extreme rise in gun violence in America a concern for sustainability and resilience of CIKR? Are the two related?

­References

1 Marsh, R.T. (1997). Critical foundations: protecting America’s infrastructures. The Report of the President’s Commission on
Critical Infrastructure Protection, October 1997.
2 Department of Homeland Security (2003). The National Strategy for the protection of critical infrastructures and key assets,
February. www.dhs.gov.
3 The Whitehouse (2003). Homeland security presidential directive/Hspd-­7. 17 December 2003.
4 Vugrin, E.D., Warren, D.E., Ehlen, M.A. and Camphouse, R.C. A framework for assessing the resilience of infrastructure
and economic systems. Sandia National Labs. http://www.sandia.gov/CasosEngineering/resilience_assess_framework.html.
5 Lewis, T.G. (2014). Book of Extremes. Springer. pp. 183.
6 Trenberth, K.E., Fasullo, J.T., and Kiehl, J. (2009). Earth’s global energy budget. Bulletin of the American Meteorological
Society 90 (3): 311–324.
7 National Research Council (2008). Severe Space Weather Events: Understanding Societal and Economic Impacts: A Workshop
Report. Washington, DC: The National Academies Press. http://www.nap.edu/catalog.php?record_id=12507.
8 U.S. EPA (2021). Inventory of U.S. greenhouse gas emissions and sinks: 1990–2019. https://www.epa.gov/sites/default/
files/2021-­04/documents/us-­ghg-­inventory-­2021-­main-­text.pdf.
9 Earthobservatory. Global warming. https://earthobservatory.nasa.gov/features/GlobalWarming.
10 Hansen, J., Sato, M., Kharecha, P., and Von Schuckmann, K. (2011). Earth’s energy imbalance and implications. Atmospheric
Chemistry and Physics 11 (24): 13421–13449.
11 Hansen, J., Sato, M. and Ruedy, R. (2012). Perception of climate change. Proceedings of the National Academy of Sciences
109(14726–14727): E2415–E2423. doi:https://doi.org/10.1073/pnas.1205276109.
12 ASCE (2021). Infrastructure policy & planning: ASCE’s 2021 report card marks the nation’s infrastructure progress.
https://www.asce.org/publications-­and-­news/civil-­engineering-­source/civil-­engineering-­magazine/issues/magazine-­
issue/article/2021/03/asce-­2021-­report-­card-­marks-­the-­nations-­infrastructure-­progress.
13 Lewis, T.G. (2015). Why physical cyber security is broken. Ubiquity, 24 August 2015.
14 Lewis, T.G. (2011). Bak’s Sand Pile, 382. Agility Press.
15 Miller, E. (2016). Terrorist Attacks Targeting Critical Infrastructure in the United States, 1970–2015. College Park, MD: START.
Another random document with
no related content on Scribd:
at the sides. The object-glass is composed of two pieces, which can
readily be separated. If both are used, sufficient magnifying power is
gained to show the scales on a butterfly’s wing and similar minute
objects; while, if one is removed, the object is not magnified to so
great an extent, but a larger portion can be seen, and the definition is
clearer. The cost of this instrument, together with a few accessories,
is about $2.50.
The proper light is our next point, and upon it rests the chief beauty
of the effect. The light which will suit one object will not suit another,
and even the same object should be examined under every variety
of light. Some objects are best shown when the light is thrown upon
them from above, and others when it is thrown through them from
below. Again, the direction of light is of vast importance; for it will
easily be seen that an oblique light will exhibit minute projections by
throwing a shadow on one side and brilliancy on the other, while a
vertical illumination would fail to show them. On the same principle,
one object will be shown better with the light in front, and another
when it is on one side.
One of the most effective means of attaining this object is by using
the “bull’s-eye condenser,” which is sometimes fixed to the stage, but
is usually detached. As the upright stem is telescopic, the glass can
be raised to a considerable height, while the joint and sliding-rod
permit the lens to be applied at any angle which promises the most
brilliant light.
As for the kind of light that is employed, there is nothing which
equals that of a white cloud; but such clouds are rare, and are at the
best extremely transient, and can only be seen by day, various
artificial methods of illumination have been invented. Novices
generally think that when the sky is bright and blue they will be very
successful in their illumination, and feel grievously disappointed at
finding that they obtained much more light from the clouds, whose
disappearance they had anxiously been watching. Finding that the
blue sky gives scarcely any light at all, they rush to the other
extreme, turn the mirror towards the sun, and pour such a blaze of
light upon the object, that the eye is blinded by the scintillating
refulgence, and the object is often injured because the mirror is
capable of reflecting heat as well as light.
In the daytime there is nothing better than the “white-cloud
illuminator,” which is made easily enough by means of plaster of
Paris. A sheet of thin white paper fastened against a window-pane is
also useful; and the simple plan of dabbing the glass with putty will
have a beneficial effect in softening the light, when the window has a
southern aspect. In default of these conveniences, it will be often
sufficient to fix a piece of white letter paper over the mirror, or even
to dull its surface with wax. At all events, he who aspires to be a true
microscopist must be ready with expedients, and if he finds himself
in a difficulty, he must summarily invent a method of obviating it.
At night a lamp is necessary; candles are useless, because they
have two faults—they flicker, and they become lower as they burn.
The latter defect can be cured by using a candle-lamp, but no
arrangement will cure the flame of flickering; it is peculiarly trying to
the eyes, and destructive of accurate definition. An ordinary
moderator lamp answers pretty well, and a small one is even better
for the microscopist than one of large dimensions. The chief
drawback to the moderator lamp is that the flame cannot be elevated
or lowered, so that the only way to procure a light at a higher
elevation is to stand the lamp on a block of wood or a book. Small
lamps are, however, made expressly for the microscope, and, if
possible, should be procured, and used for no other purpose, and
intrusted to no other hands.
If you want a really brilliant, clear, white light, you must trim the lamp
yourself. A small piece of pale blue or neutral-tint glass interposed
between the lamp and the microscope has a wonderful effect in
diminishing the yellow hue which belongs more or less to all artificial
lights which are produced by the combustion of oil or fat. We have
no doubt but that in a few years we shall be rid of the clumsy and
dirty machines that we call lamps, and have substituted for them the
pure brilliancy of the electric light.
Whatever lamp you use, a shade is absolutely necessary, in order to
defend the eyes. Let me here warn my young readers that they
cannot be too careful of their eyes. In the exuberance of youthful
strength and health we are too apt to treat our eyes as
unceremoniously as our digestion, and in later years we awake to
unavailing repentance.
Another point which calls for extreme attention is the perfect
cleanliness of the glasses. It is astonishing how a tiny dust-mote, or
the least condensation of damp, will diminish the powers of the
microscope, and how often the instrument is blamed for
indistinctness when the real fault lies in the carelessness of the
operator. Even when the greatest care is taken, dust is sure to settle
on the glasses, especially on the eye-piece, and before using the
microscope the glasses ought to be carefully examined. Never wipe
them with an ordinary handkerchief, but get a piece of new wash-
leather; beat it well until no dust issues from it, and then put it into a
box with a tightly-fitting cover. Use this, and nothing else, for
cleaning the glasses, and you will avoid those horrid scratches with
which the eye-glass and object-glass of careless operators are
always disfigured.
Moisture is very apt to condense on the glasses and to ruin their
clearness. If the microscope be brought from a cold into a warm
room, the glasses will be instantly covered with moisture, just as the
outside of a tumbler of cold water is always covered with fine dew
when brought into a warm room. The microscope should therefore
be kept at least an hour in the room wherein it is to be used, so that
the instrument and the atmosphere may be of the same temperature.
You should make the microscope a trifle warmer than the
surrounding atmosphere, and so avoid all danger of condensation.
When changing the object glass or eye-piece, always keep the hand
as far away from the glass as possible, and manipulate with the tip of
the forefinger and thumb. The human skin always gives out so much
exhalation, that even when the hand is cold the glasses will be
dimmed; and it is a peculiarity of such moisture, that it adheres to the
glasses with great pertinacity, and does not evaporate like the dew
which is condensed from the atmosphere.
In order to insure perfect success in this important particular, the
young microscopist will do well to get the optician from whom he
purchased his instrument to explain its construction, and to give him
a lesson or two in the art of taking it to pieces and putting it together
again; for unless each glass can be separately cleaned, no one can
be quite sure that the instrument will perform as it ought to do. The
best method of ascertaining whether it is quite clean is to throw the
light upwards by means of the mirror, and then to turn the eye-piece
slowly round. If any dust or moisture has collected either upon the
eye-glass or the “field-glass,” which forms the second lens of the
eye-piece, it will be immediately detected. Turning the object-glass
will in a similar manner detect impurities upon its surface.
THE END.
 Useful and Instructive Books.
HOW TO BECOME A SCIENTIST.—A useful and instructive book,
giving a complete treatise on chemistry; also, experiments in
acoustics, mechanics, mathematics, chemistry, and directions for
making fireworks, colored fires, and gas balloons. This book
cannot be equaled. Price 10 cents. For sale by all newsdealers,
or it will be sent to your address, postage free, on receipt of price.
Address Frank Tousey, publisher, 34 and 36 North Moore street,
New York. Box 2730.
HOW TO BECOME AN ATHLETE.—Giving full instruction for the
use of dumb-bells, Indian clubs, parallel bars, horizontal bars,
and various other methods of developing a good, healthy muscle;
containing over sixty illustrations. Every boy can become strong
and healthy by following the instructions contained in this little
book. For sale by all newsdealers, or sent to your address,
postage free, on receipt of 10 cents. Frank Tousey, publisher, 34
and 36 North Moore street, New York, Box 2730.
 GOLD! GOLD! GOLD!

Young Klondike.
Containing Stories of a Gold Seeker.
PRICE 5 CENTS.
Colored Covers.
No.
1 Young Klondike; or, Off For the Land of Gold.
2 Young Klondike’s Claim; or, Nine Golden Nuggets.
3 Young Klondike’s First Million; or, His Great Strike
on El Dorado Creek.
4 Young Klondike and the Claim Agents; or, Fighting
the Land Sharks of Dawson City.
5 Young Klondike’s New Diggings; or, The Great
Gold Find on Owl Creek.
6 Young Klondike’s Chase; or, The Gold Pirates of
the Yukon.
7 Young Klondike’s Golden Island; or, Half a Million
in Dust.
8 Young Klondike’s Seven Strikes; or, The Gold
Hunters of High Rock.
9 Young Klondike’s Journey to Juneau; or, Guarding
a Million in Gold.
10 Young Klondike’s Lucky Camp; or, Working the
Unknown’s Claim.
11 Young Klondike’s Lost Million; or, The Mine
Wreckers of Gold Creek.
12 Young Klondike’s Gold Syndicate; or, Breaking the
Brokers of Dawson City.
13 Young Klondike’s Golden Eagle; or, Working a
Hidden Mine.
 14 Young Klondike’s Trump Card; or, The Rush to
Rocky River.
15 Young Klondike’s Arctic Trail; or, Lost in a Sea of
Ice.
16 Young Klondike’s New Bonanza; or, The Gold
Diggers of French Gulch.
17 Young Klondike’s Death Trap; or, Lost
Underground.
18 Young Klondike’s Fight for a Claim; or, The
Boomers of Raccoon Creek.
19 Young Klondike’s Deep Sea Diggings; or, Working
at the Mouth of the Yukon.
20 Young Klondike’s Winter Camp; or, Mining Under
the Snow.

For sale by all newsdealers, or sent to any address on receipt of

price, 5 cents per copy—6 copies for 25 cents. Address
FRANK TOUSEY, Publisher,
29 West 26th St., New York
 THE LARGEST AND BEST LIBRARY.
PLUCK AND LUCK.
Colored Covers. 32 Pages. All Kinds of Good
Stories. Price 5 Cents. Issued Weekly.
Read List Below.
No.
1 Dick Decker, the Brave Young by Ex Fire Chief Warden
Fireman
2 The Two Boy Brokers; or, From by a Retired Banker
Messenger Boys to Millionaires
3 Little Lou, the Pride of the by General Jas. A. Gordon
Continental Army. A Story of the
American Revolution
4 Railroad Ralph, the Boy by Jas. C. Merritt
Engineer
5 The Boy Pilot of Lake Michigan by Capt. Thos. H. Wilson
6 Joe Wiley, the Young by Jno. B. Dowd
Temperance Lecturer
7 The Little Swamp Fox. A Tale of by General Jas. A. Gordon
General Marion and His Men
8 Young Grizzly Adams, the Wild by Hal Standish
Beast Tamer. A True Story of
Circus Life
9 North Pole Nat; or, The Secret of by Capt. Thos. H. Wilson
the Frozen Deep
10 Little Deadshot, the Pride of the by An Old Scout
Trappers
11 Liberty Hose; or, The Pride of by Ex Fire Chief Warden
Plattsville
12 Engineer Steve, the Prince of by Jas. C. Merritt
the Rail
13 Whistling Walt, the Champion by General Jas. A. Gordon
Spy. A Story of the American
 Revolution
14 Lost in the Air; or, Over Land by Allyn Draper
and Sea
15 The Little Demon; or, Plotting by Howard Austin
Against the Czar
16 Fred Farrell, the Barkeeper’s by Jno. B. Dowd
Son
17 Slippery Steve, the Cunning Spy by General Jas. A. Gordon
of the Revolution
18 Fred Flame, the Hero of by Ex Fire Chief Warden
Greystone No. 1
19 Harry Dare; or, A New York Boy by Col. Ralph Fenton
in the Navy
20 Jack Quick, the Boy Engineer by Jas. C. Merritt
21 Doublequick, the King by Capt. Thos. H. Wilson
Harpooner; or, The Wonder of
the Whalers
22 Rattling Rube, the Jolly Scout by General Jas. A. Gordon
and Spy. A Story of the
Revolution
23 In the Czar’s Service; or, Dick by Howard Austin
Sherman in Russia
24 Ben o’ the Bowl; or, The Road to by Jno. B. Dowd
Ruin
25 Kit Carson, the King of Scouts by an Old Scout
26 The School Boy Explorers, or, by Howard Austin
Among the Ruins of Yucatan
27 The Wide Awakes; or, Burke by Ex Fire Chief Warden
Halliday, the Pride of the
Volunteers
28 The Frozen Deep; or, Two Years by Capt. Thos. H. Wilson
in the Ice
29 The Swamp Rats; or, The Boys by Gen. Jas. A. Gordon
Who Fought for Washington
30 Around the World on Cheek by Howard Austin
31 Bushwhacker Ben; or, The by Col. Ralph Fenton
 Union Boys of Tennessee
For sale by all newsdealers, or sent to any address on receipt of
price, 5 cents per copy—6 copies for 25. Address

FRANK TOUSEY, Publisher, 29 West 26th St., N.

Y.
 Work and Win.
An Interesting Weekly for Young America.
BRIGHT, CATCHY STORIES.
Beautiful Colored Covers.
32 Pages. Price 5 Cents.
Don’t fail to read about Fred Fearnot’s Wonderful Adventures in
School, at College, on the Stage, Out West and as a
Detective. They are Bright, Interesting and Fascinating.
COMPLETE LIST.

1 Fred Fearnot; or, School Days at Avon.

2 Fred Fearnot, Detective; or, Balking a Desperate
Game.
3 Fred Fearnot’s Daring Rescue; or, A Hero in Spite
of Himself.
4 Fred Fearnot’s Narrow Escape; or, The Plot That
Failed.
5 Fred Fearnot at Avon Again; or, His Second Term
at School.
6 Fred Fearnot’s Pluck; or, His Race to Save a Life.
7 Fred Fearnot as an Actor; or, Fame Before the
Footlights.
8 Fred Fearnot at Sea; or, A Chase Across the
Ocean.
9 Fred Fearnot Out West; or, Adventures With the
Cowboys.
10 Fred Fearnot’s Great Peril; or, Running Down the
Counterfeiters.
11 Fred Fearnot’s Double Victory; or, Killing Two Birds
With One Stone.
 12 Fred Fearnot’s Game Finish; or, His Bicycle Race
to Save a Million.
13 Fred Fearnot’s Great Run; or, An Engineer For a
Week.
14 Fred Fearnot’s Twenty Rounds; or, His Fight to
Save His Honor.
15 Fred Fearnot’s Engine Company; or, Brave Work
as a Fireman.
16 Fred Fearnot’s Good Work; or, Helping a Friend in
Need.

For sale by all newsdealers or sent to any address on receipt of

price, 5 cents per copy, or 6 copies for 25 cents.
FRANK TOUSEY, Publisher,
29 WEST 26th St., NEW YORK.
 OUR 10 CENT HAND BOOKS.
USEFUL, INSTRUCTIVE AND AMUSING.
Containing valuable information on almost every subject, such as
Writing, Speaking, Dancing, Cooking; also, Rules of Etiquette,
The Art of Ventriloquism, Gymnastic Exercises, and The
Science of Self-Defense, etc., etc.

1 NAPOLEONS ORACULUM AND

DREAM BOOK.
2 HOW TO DO TRICKS.
3 HOW TO FLIRT.
4 HOW TO DANCE.
5 HOW TO MAKE LOVE.
6 HOW TO BECOME AN ATHLETE.
7 HOW TO KEEP BIRDS.
8 HOW TO BECOME A SCIENTIST.
9 HOW TO BECOME A
VENTRILOQUIST.
10 HOW TO BOX.
11 HOW TO WRITE LOVE LETTERS.
12 HOW TO WRITE LETTERS TO
LADIES.
13 HOW TO DO IT; Or, BOOK OF
ETIQUETTE.
14 HOW TO MAKE CANDY.
15 HOW TO BECOME RICH.
16 HOW TO KEEP A WINDOW GARDEN.
17 HOW TO DRESS.
18 HOW TO BECOME BEAUTIFUL.
19 FRANK TOUSEY’S U. S DISTANCE
TABLES, POCKET COMPANION AND
GUIDE.
20 HOW TO ENTERTAIN AN EVENING
PARTY.
21 HOW TO HUNT AND FISH.
22 HOW TO DO SECOND SIGHT.
23 HOW TO EXPLAIN DREAMS.
24 HOW TO WRITE LETTERS TO
GENTLEMEN.
25 HOW TO BECOME A GYMNAST.
26 HOW TO ROW, SAIL AND BUILD A
BOAT.
27 HOW TO RECITE AND BOOK OF
RECITATIONS.
28 HOW TO TELL FORTUNES.
29 HOW TO BECOME AN INVENTOR.
30 HOW TO COOK.
31 HOW TO BECOME A SPEAKER.
32 HOW TO RIDE A BICYCLE.
33 HOW TO BEHAVE.
34 HOW TO FENCE.
35 HOW TO PLAY GAMES.
36 HOW TO SOLVE CONUNDRUMS.
37 HOW TO KEEP HOUSE.
38 HOW TO BECOME YOUR OWN
DOCTOR.
39 HOW TO RAISE DOGS, POULTRY,
PIGEONS AND RABBITS.
40 HOW TO MAKE AND SET TRAPS.
41 THE BOYS OF NEW YORK END
MEN’S JOKE BOOK.
42 THE BOYS OF NEW YORK STUMP
SPEAKER.
43 HOW TO BECOME A MAGICIAN.
44 HOW TO WRITE IN AN ALBUM.
45 THE BOYS OF NEW YORK
MINSTREL GUIDE AND JOKE BOOK.
46 HOW TO MAKE AND USE
ELECTRICITY.
47 HOW TO BREAK, RIDE AND DRIVE A
HORSE.
48 HOW TO BUILD AND SAIL CANOES.
49 HOW TO DEBATE.
50 HOW TO STUFF BIRDS AND
ANIMALS.
51 HOW TO DO TRICKS WITH CARDS.
52 HOW TO PLAY CARDS.
53 HOW TO WRITE LETTERS.
54 HOW TO KEEP AND MANAGE PETS.
55 HOW TO COLLECT STAMPS AND
COINS.
56 HOW TO BECOME AN ENGINEER.
57 HOW TO MAKE MUSICAL
INSTRUMENTS.
58 HOW TO BECOME A DETECTIVE.
59 HOW TO MAKE A MAGIC LANTERN.
60 HOW TO BECOME A
PHOTOGRAPHER.
61 HOW TO BECOME A BOWLER.
62 HOW TO BECOME A WEST POINT
MILITARY CADET.
63 HOW TO BECOME A NAVAL CADET.
64 HOW TO MAKE ELECTRICAL
MACHINES.
65 MULDOON’S JOKES.
66 HOW TO DO PUZZLES.
67 HOW TO DO ELECTRICAL TRICKS.
68 HOW TO DO CHEMICAL TRICKS.
69 HOW TO DO SLEIGHT OF HAND.
70 HOW TO MAKE MAGIC TOYS.
71 HOW TO DO MECHANICAL TRICKS.
72 HOW TO DO SIXTY TRICKS WITH
CARDS.
73 HOW TO DO TRICKS WITH
NUMBERS.
74 HOW TO WRITE LETTERS
CORRECTLY.
75 HOW TO BECOME A CONJURER.
 76 HOW TO TELL FORTUNES BY THE
HAND.
77 HOW TO DO FORTY TRICKS WITH
CARDS.
78 HOW TO DO THE BLACK ART.
79 HOW TO BECOME AN ACTOR.

All the above books are for sale by newsdealers throughout the
United States and Canada or they will be sent, post-paid, to your
address, on receipt of 10c. each.
Send Your Name and Address for Our Latest Illustrated Catalogue.
FRANK TOUSEY, Publisher,
29 WEST 26th STREET, NEW YORK.
 Transcriber’s Notes:
Punctuation has been made consistent.
Variations in spelling and hyphenation were retained as they appear in the
original publication, except that obvious typographical errors have been
corrected.
The notation 1-2 for fractions has been standardized to the current convention
1/2.
*** END OF THE PROJECT GUTENBERG EBOOK HOW TO
BECOME AN INVENTOR ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright
in these works, so the Foundation (and you!) can copy and
distribute it in the United States without permission and without
paying copyright royalties. Special rules, set forth in the General
Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree to
abide by all the terms of this agreement, you must cease using
and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.