Syllabus for CYB-523

PROTECTIVE SECURITY CONTROLS FOR UTILITY SYSTEMS

COURSE DESCRIPTION

In this course students will learn how to identify, develop, and apply security controls in utility information technology (IT) and operational technology (OT) environments with a focus on protective security controls. These controls are implemented to mitigate inherent risks and reduce the chances of utility systems being compromised. Such controls include identity and access management, awareness and training, asset management, secure network architecture and segmentation, secure coding practices, personnel security, and physical security. Students will use risk-based frameworks, regulations, standards, best practices, and security control catalogs to identify and select applicable protective controls in utility environments.

COURSE TOPICS

• Cybersecurity integration into the utility system life cycle
• Cybersecurity challenges and defense-in-depth strategies for utility systems
• Implementation and operation of protective security controls for utility systems
• Implementation of network security for utility systems
• Implementation of physical and environmental protection for utility systems
• Implementation of personnel security for utility systems

COURSE OBJECTIVES

After completing this course, you should be able to:

CO1        Evaluate the need for cybersecurity integration into each phase of the utility system life cycle.

CO2        Critique different families of security controls and, in particular, the role of protective security controls.

CO3        Determine how to protect individual utility systems and networks from exploitation based on industry best practices.

CO4        Evaluate information protection processes and procedures for utility systems.

CO5        Propose how to restrict logical access to the utility system network and network activities.

CO6        Articulate technical and cultural differences between traditional approaches to IT and OT security.

CO7        Propose how to maintain and improve personnel skills in providing cybersecurity.

CO8        Specify security controls for physical and environmental protection of utility systems.

CO9        Apply North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) reliability standards on cybersecurity to utility systems.

COURSE MATERIALS

You will need the following materials to complete your coursework. Some course materials may be free, open source, or available from other providers. You can access free or open-source materials by clicking the links provided below or in the module details documents. To purchase course materials, please visit the University's textbook supplier.

Required Textbook

• Knapp, E. D., & Langill, J. T. (2015). Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems (2nd ed.). Waltham, MA: Elsevier.

ISBN-13: 978-0124201149

Other Materials

• Various government documents

Note: Many of the study materials cited in each module are reference materials and do not have to be read or studied in their entirety; they are available online at no charge.

COURSE STRUCTURE

Protective Security Controls for Utility Systems (CYB-523) is a three-credit, online course consisting of seven modules. Modules include an overview, topics, learning objectives, study materials, and activities. Module titles are listed below.

• Module 1: Integrating Cybersecurity into the System Life Cycle (SLC)
  Course objectives covered in this module: CO1, CO2

• Module 2: An Advanced Approach to Cybersecurity of Utility Systems 
  Course objectives covered in this module: CO6
  
• Module 3: Restricting Unauthorized Access and Modification of Utility System Data
  Course objectives covered in this module: CO3, CO4
  
• Module 4: Restricting Logical Access to the Utility System Network and Network Activity
  Course objectives covered in this module: CO5
  
• Module 5: The Role of Human Factors in Cybersecurity of Utility Systems
  Course objectives covered in this module: CO7
  
• Module 6: Restricting Physical Access to the Utility System Network and Devices
  Course objectives covered in this module: CO8

• Module 7: Leveraging NERC CIP Standards

        Course objectives covered in this module: CO9

ASSESSMENT METHODS

For your formal work in the course, you are required to participate in online discussion forums and complete written assignments. See below for details.

Consult the Course Calendar for due dates.

Promoting Originality

One or more of your course activities may utilize a tool designed to promote original work and evaluate your submissions for plagiarism. More information about this tool is available in this document.

Discussion Forums

This course requires you to participate in seven graded discussion forums. There is an ungraded but required Introductions Forum in Module 1.

Deadlines for posting discussion threads are given in the Course Calendar. For posting guidelines and additional help with discussion forums, please see the Online Student Handbook located within the General Information section of the course website.

Written Assignments

You are required to complete ten written assignments. The written assignments are on a variety of topics associated with the course modules.

GRADING AND EVALUATION

Your grade in the course will be determined as follows:

• Discussion forums (7)—20 percent
• Written assignments (10)—80 percent

All activities will receive a numerical grade of 0–100. You will receive a score of 0 for any work not submitted. Your final grade in the course will be a letter grade. Letter grade equivalents for numerical grades are as follows:

To receive credit for the course, you must earn a letter grade of C or higher on the weighted average of all assigned course work (e.g., assignments, discussion postings, projects). Graduate students must maintain a B average overall to remain in good academic standing.

STRATEGIES FOR SUCCESS

First Steps to Success

To succeed in this course, take the following first steps:

• Read carefully the entire Syllabus, making sure that all aspects of the course are clear to you and that you have all the materials required for the course.
  
• Take time to read the entire Online Student Handbook. The Handbook answers many questions about how to proceed through the course and how to get the most from your educational experience at Thomas Edison State University.
  
• Familiarize yourself with the learning management systems environment—how to navigate it and what the various course areas contain. If you know what to expect as you navigate the course, you can better pace yourself and complete the work on time.
  
• If you are not familiar with web-based learning be sure to review the processes for posting responses online and submitting assignments before class begins.

Study Tips

Consider the following study tips for success:

• To stay on track throughout the course, begin each week by consulting the Course Calendar. The Course Calendar provides an overview of the course and indicates due dates for submitting assignments, posting discussions, and scheduling and taking examinations.
  
• Check Announcements regularly for new course information.

ACADEMIC POLICIES

To ensure success in all your academic endeavors and coursework at Thomas Edison State University, familiarize yourself with all administrative and academic policies including those related to academic integrity, course late submissions, course extensions, and grading policies.

For more, see:

• University-wide policies
• Undergraduate course policies and regulations
• Graduate academic policies
• Nursing student policies
• Academic code of conduct