Welcome back to the course. Let's now start on Part 3. Recall in Part 1 that we made the connection between homeland security and cybersecurity. Homeland security is about safeguarding the United States from domestic catastrophic destruction. Homeland security became a concern after the 1995 Tokyo subway attacks demonstrated the ability of non-state actors to employ weapons of mass destruction. The timing and targeting of the Tokyo subway attacks on Japan's transportation infrastructure prompted the Clinton Administration in July 1996 to appoint a commission on critical infrastructure protection and report on the vulnerabilities to America's own infrastructure. The Presidential Commission reported back in 1997 their concerns on the growing threat and vulnerability to the nation's infrastructure through cyber attack. Accordingly, President Clinton in May 1998 issued PDD-63 establishing a national framework for protecting the nation's infrastructure from both physical and cyber attack. After 9-11 demonstrated the power of subverting infrastructure, President Bush in October 2003 issued HSPD-7 revising the framework established under PDD-63. Responsibility for managing the framework was given to the new Department of Homeland Security when it was created by the Homeland Security Act in November 2002. The Homeland Security Act also gave the Department of Homeland Security responsibility for the nation's cybersecurity. Both missions are assigned to the DHS National Protection and Programs Directorate and remain a top priority according to the 2014 Quadrennial Homeland Security Review. In February 2013 President Obama issued Presidential Policy Directive 21, again revising the critical infrastructure protection framework. Placing stronger emphasis on the need for greater resilience and cybersecurity in the nations infrastructure. In part two we began looking at how cybersecurity was being applied to elements of what the 2013 National Infrastructure Protection Plan identifies as lifeline infrastructure. These include elements of the water, energy, transportation and communication sectors listed in PPD-21. Because there are 14 subsectors, we have confined our examination to the water, electricity, aviation, and internet subsectors. In February 2013, President Obama signed executive order 13636, titled Improving Critical Infrastructure Cybersecurity. The executive order directed the National Institute of Standards and Technology to develop a Cybersecurity framework to form the basis of a voluntary critical infrastructure cybersecurity program. NIST released version 1.0 to the framework a year later in February 2014. While the Environmental Protection Agency has regulatory authority over drinking water infrastructure, they do not have authority to impose cybersecurity standards. Accordingly, all efforts to enhance cybersecurity among water utilities are done through voluntary cooperation. However, the Department of Energy does have authority to enforce cybersecurity standards on the electricity infrastructure through the Federal Energy Regulatory Commission. FERC already developed the electricity subsector cybersecurity capability maturity model and used it to help NIST develop the NIST cybersecurity framework. Not surprisingly, both models are very similar. They are each based on a set of existing standards and have a defined set of capability targets. The NIST cybersecurity framework is comprised of the framework core, organized according to five functions and four framework tiers. The ES-C2M2 is comprised of the cybersecurity practices organized according to ten domains and for maturity levels. Both models employ continuous improvement cycle that evaluates the current system according to the standards. Establishes capability targets within the program scope. Identifies and prioritizes necessary actions to achieve the next capability target. And implements the necessary practices in priority order. Both programs are part of a larger management model that entails cooperation throughout the organization, and with key partners. In part three, we will continue our examination of critical infrastructure cybersecurity for the aviation and internet subsectors. These should prove somewhat different than the sub-security methods for water and electricity subsectors, as they share the common attribute of being fixed-site installations. The aviation subector addresses cybersecurity for mobile assets. And the Internet subsector addresses cybersecurity for a globally distributed system. So once again, please join me as we embark on a closer look of cybersecurity protocols for lifeline infrastructure. And as before, don't forget to watch each lesson closely and try to answer the challenge questions at the end of each one. These practices will serve you well in mastering the course material. Now, onward to lesson 21. Good luck!