Graduate Certificate in Cybersecurity - Critical Infrastructure

The online Graduate Certificate in Cybersecurity – Critical Infrastructure was designed by top cybersecurity professionals working in the utility industries to prepare mid-career professionals with the skills and competencies required to secure critical major utility infrastructures, such as power grids and water purification systems.  

How is this program unique?

  • It blends both information technology (IT) and operational technology (OT)
  • It focuses specifically on critical infrastructure sectors such as energy, water, gas and transportation
  • It is offered completely online and can be completed in less than a year

The 15-credit program is designed to help current utility employees advance professionally in the cybersecurity field and prepares IT professionals to transition into the utility industry.  

According to the U.S. Bureau of Labor Statistics, employment of information system analysts is expected to grow by 18 percent through 2024.

Utilities have unique security requirements given their use of geographically distributed high performance networks, requirements for both safety and reliability and compliance standards.  Building and maintaining secure utilities networks requires specialized knowledge and skills that include a comprehensive understanding of cybersecurity frameworks, a firm awareness of utility business practices and a thorough understanding of operational technologies. In this program, students will develop the knowledge and skills needed to secure critical infrastructure systems.
 

Credit Distribution

Required courses Credits
CYB-521: Foundation of Utility Cybersecurity 3
CYB-522: Cybersecurity Risk Management in Utility Environments 3
CYB-523: Protective Security Controls in Utility Systems and Networks 3
CYB-524: Monitoring, Detection, Response and Recovery in Utility Environments 3
CYB-525: Integrating Cybersecurity into the System Lifecycle 3
Total 15

Learning Outcomes 

Graduates of this program will be able to:

  1. Investigate cybersecurity risks based on ranking criteria.
  2. Apply appropriate models for security risk mitigation.
  3. Analyze new technology and identify/develop solution sets for cybersecurity vulnerability concerns.
  4. Construct research-based recommendations to resolve security incidents and to mitigate vulnerabilities and threats.
  5. Develop cybersecurity solution requirements for IT/OT vendors and suppliers.
  6. Implement industry best practices for existing and future systems.
  7. Implement security controls as defined by industry standards and cybersecurity frameworks.
  8. Integrate security into the entire system life cycle (planning, architecture, design, development, implementation/operation, maintenance and disposal).

 

Course Descriptions

CYB-521: Foundation of Utility Cybersecurity (3 credits)
This course introduces students to foundational cybersecurity concepts related to utilities critical infrastructure. The course will cover fundamental cybersecurity concepts and nomenclature. In addition, it will cover various types of utility networks and systems including Information Technology (IT), Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, and distributed networks. The course also introduces students to risk management concepts, threat modeling fundamentals, utilities-related regulations, standards, guidelines, and system control frameworks. This course lays the foundation for subsequent course work in the program and is recommended as the first course taken in the sequence.
CYB-522: Cybersecurity Risk Management in Utility Environments (3 credits)
In this course, students will learn how to identify applicable cybersecurity risk mitigation models and apply them in an organizational context. They will develop the knowledge and skills needed to make recommendations related to the choice of risk mitigation security controls and to provide oversight for the implementation of those controls within information technology (IT) and operational technology (OT) systems. This course will give students the tools to develop risk models that reflect the organization’s unique governance structure and corporate culture. Using risk analyses that are predicated upon a holistic risk picture (business, environment, compliance, etc.) of the organization, students will learn how to articulate and defend risk allocation recommendations to accept, transfer, mitigate, or ignore risk and to communicate cybersecurity risks to peers and senior management in both IT and OT. This course will also expose students to relevant international utility-related cybersecurity regulations, standards and guidelines.
CYB-523: Protective Security Controls in Utility Systems (3 credits)
In this course, students will learn the techniques used to identify, develop, and apply protective security controls in utility-related information technology (IT) and operational technology (OT) environments. They will develop the skills and knowledge needed to implement controls used to mitigate inherent risks and reduce the chances of utility systems being compromised. Students will develop expertise using controls for identity and access management, awareness and training, asset management, network architecture and network segmentation, secure coding practices, personnel security, and physical security. Students in this course will employ risk-based frameworks and control catalogs to identify and select applicable security controls for utility environments.
CYB-524: Monitoring, Detection, Response and Recovery in Utility Environments(3 credits)
The students will learn methods and techniques for monitoring information technology (IT) and operational technology (OT) environments. Along with developing an expertise in system monitoring techniques, students will learn methods for detecting compromise and develop strategies for effectively responding to and recovering from compromise. Students will learn methods and techniques such as network baselining, perimeter and internal monitoring and defense, situational awareness, intrusion detection, detecting exploits, “kill chain” management, event analysis and correlation, incident response, evidence collection and preservation, and system recovery and restoration.
CYB-525: Integrating Cybersecurity into the System Lifecycle (3 credits)
This course focuses on integrating security into the entire system and solution life cycle. Topics include system planning, architecture, design, acquisition, development, implementation/operation, sustainment and disposal. Students will learn the importance of ensuring that security practices are identified and integrated into utility networks and systems projects. In addition, this course will help students develop the knowledge and skills needed for integrating security requirements into technology acquisitions and for identifying and managing supply chain risks across system life cycles. Using case studies, students will apply the concepts learned throughout the program to solve real world utility and network system security challenges.