Critical Infrastructure & Smart Cities

7 Lessons

This is the second module in the Cyber-Physical Industry course; however, it can be taught as a standalone module.  The purpose of this module is to introduce students to the current concept of critical infrastructure, the sectors of the economy that are currently managed as critical infrastructure, and the vision for how critical infrastructure will evolve as “smart cities” grow and develop.

Learning Objectives
  • Describe critical infrastructure, why it is important, and how it relates to production systems and smart cities
  • Identify key critical infrastructure sectors, and describe natural and man-made threats to critical infrastructure
  • Explain what resilience is and how critical infrastructure sectors can be made more resilient
  • Compare and contrast M2M and IoT
  • Describe technological innovations that are making IoT possible
  • Provide the ISO 55000 definitions of “asset” and “asset management” and explain how IoT is catalyzing innovation in asset management
  • Describe the functions of a BAS, the vulnerabilities that are associated with those functions, and how BAS can be secured
  • Identify new challenges and vulnerabilities that will emerge in smart cities of all kinds, and how to prepare for them
Faculty Instructions

This module has been designed with configurability in mind. Optional homeworks and additional assessment opportunities are outlined in each lesson plan, but can be incorporated or completely left out at the discretion of the instructor (with no adverse effect).

This module also contains one exam with 8 short-answer questions.

Critical Infrastructure & Smart Cities Module Description
Module 2 Exam
Module 2 Exam Answer Key

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0048: Knowledge of Risk Management Framework (RMF) requirements.
  • K0267: Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
  • K0309: Knowledge of emerging technologies that have potential for exploitation by adversaries.
  • K0335: Knowledge of current and emerging cyber technologies.
  • K0437: Knowledge of general SCADA system components.
  • K0612: Knowledge of what constitutes a “threat” to a network.
  • S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0034: Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • S0038: Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
  • S0085: Skill in conducting audits or reviews of technical systems.
  • S0086: Skill in evaluating the trustworthiness of the supplier and/or product.
  • S0228: Skill in identifying critical target elements, to include critical target elements for the cyber domain.
  • S0278: Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
  • A0001: Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0027: Ability to apply an organization's goals and objectives to develop and maintain architecture.
  • A0034: Ability to develop, update, and/or maintain standard operating procedures (SOPs).
  • A0060: Ability to build architectures and frameworks.
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Industrial Control Systems (ICS)

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit: