The critical infrastructure of a country is what provides the lifeblood to its citizens. It includes everything from power plants, food supply, water systems, and transportation. However, these infrastructures are vulnerable to attack or natural disasters that can lead to loss of life and property. That’s why countries must take steps toward making their critical infrastructures more secure and resilient. Upon completing this article, you will be able to:
- Identify the different types of hazards that threaten critical infrastructure
- Recognize the Framework for securing and securing critical infrastructure
- Identify actions you can take to protect critical infrastructure in your community
What critical infrastructure is, and why does it matter to national security
Critical infrastructure is the physical and cyber systems that we rely on to provide essential services, such as energy, healthcare, transportation and communications. Such systems are essential to national security and our economy; however, they’re also vulnerable to natural disasters, cyber-attacks and other threats.
Critical infrastructure security and resilience awareness is the need to protect and preserve the essential infrastructures essential to a country’s operation. The critical infrastructures are those that, if disrupted, would have a significant impact on the population’s health, safety, or welfare.
When you hear news stories about critical infrastructure being hacked or compromised by bad actors—like when China was caught penetrating utilities in the US—you might think it’s just another day in cybersecurity. But these stories underscore how important it is for us all to understand what critical infrastructure is and why it matters so much in protecting our personal information online or offline.
Critical infrastructure security and resilience awareness (CISA) is a set of practices to ensure that critical infrastructures are protected from threats and hazards. These threats can come from natural disasters, artificial events, cyber-attacks, or other sources.
CISA helps organizations identify vulnerabilities and risks associated with their critical infrastructure assets and develop strategies for mitigating those risks. Organizations can secure themselves by implementing various strategies like:
- creating awareness programs for citizens on how they can contribute to ensuring their infrastructures themselves
- educating professionals in the field on best practices for security and resilience
- or even investing in new technologies that could improve the strength of these systems.
The federal government provides funding to protect specific critical infrastructures from cyber threats through its National Infrastructure Protection Plan (NIPP). The NIPP outlines three categories of critical infrastructure:
- Sector-specific: The Department of Homeland Security identifies 15 sectors (such as banking/finance or chemical manufacturing) with a high risk to our economy and quality of life if terrorists or criminals attack them. These sectors are required to develop plans with their industry groups detailing how they would respond to such an attack or disaster;
- Sectors that warrant particular focus: Department of Homeland Security (DHS) also has identified seven essentials but less sensitive sectors (such as transportation/communications) that deserve special attention because they support all other businesses; and
- All remaining industrial control systems are not covered by either category above—but it’s important to note that this doesn’t include personal computers used by individuals at home or work.
An attack on critical infrastructure could cause significant harm to people, disrupt the economy or destabilize national security. Critical infrastructure includes physical assets such as transportation and energy systems and cyber-based assets such as the financial sector, healthcare facilities, and government agencies. These systems are vital to national security because they are essential for the daily functioning of our society. When a nation’s critical infrastructure is damaged or destroyed in an attack, it can devastate people’s lives and livelihoods; disrupt economic productivity, or even destabilize national security.
As a nation, we have become increasingly dependent on our critical infrastructure. It’s no longer just the electrical grid or water systems that keep us safe—it’s also telecommunications and even transportation networks. These systems are vital to our way of life, but they’re also vulnerable to physical threats like natural disasters and cyber-attacks.
Someone could hack into a system and use it for their purposes (like stealing data) or shut down entire parts of the network by shutting down computers remotely. In either case, this can cause significant harm to people—think about how many people have been killed or injured in train crashes caused by hackers—or disrupt the economy or destabilize national security (think about what would happen if attackers took control of nuclear power plants).
As we can see, critical infrastructure is a vital part of our everyday lives. So much so that if it were compromised, it could adversely affect national security.
Identify the different types of hazards that threaten critical infrastructure.
- Natural hazards: hurricanes and tornadoes, earthquakes and floods, wildfires and drought. These are the most familiar events because they frequently happen in certain parts of the country. They can also occur anywhere at any time, so it is essential to continually assess your risk for these types of natural disasters.
- Man-made hazards: cyberattacks, terrorism (including chemical or biological attacks), sabotage (e.g., someone who intentionally damages infrastructure). These are less frequent but more devastating when they occur because they often target key components or systems within an organization’s critical infrastructure—like a power grid or water treatment plant—and cause widespread damage before anyone recognizes them as threats or can respond effectively
Impact of disasters on critical infrastructure
- Natural disasters affect critical infrastructure.
- Man-made disasters affect critical infrastructure.
- Terrorist attacks on critical infrastructure can be devastating.
- Cyberattacks on critical infrastructure can also be devastating, especially if they are state-sponsored or intended to harm the economy and national security of a country.
Framework for securing critical infrastructure
The NIST Cybersecurity Framework is a flexible, repeatable, and cost-effective approach for managing cybersecurity risk. The framework is on a tiered structure that provides organizations with context to decide on appropriate security controls by considering the sensitivity of the information being protected.
The NIST Cybersecurity Framework consists of five components:
- Identify: Assess your organization’s current state to identify assets and vulnerable places in your system.
- Protect: Implement actions and controls to reduce vulnerabilities and protect against threats.
- Detect: Monitor systems continuously so that you can detect malicious activity as soon as possible (or even before it happens).
- Respond: Execute immediate actions when an attack has taken place or been detected, such as containing damage or restoring services quickly after an incident has occurred.
- Recover: Restore normal operations after an attack by conducting forensics analysis on logs for law enforcement purposes if required; repairing damaged hardware; restoring lost data from backups; etc.
Actions organizations can take to protect critical infrastructure in the community.
- Educate employees on the threats to the local infrastructure.
- Become familiar with the incident response plan.
- Learn how to respond to a disaster.
- Develop a disaster preparedness plan for the companies that include plans for reuniting after any type of disaster, including earthquakes and cyber-terrorist attacks.
- Educate employees on how to stay informed about the local infrastructure by reading news and stories and watching TV shows about disasters, so if something happens anywhere, you’ll be prepared!
This article provides an overview of critical infrastructure, its threats, and measures organizations can take to help protect it. It is planned for anyone who wants to learn more about protecting critical infrastructure systems in their community or organization. The article will help you understand:
- The impact disasters have on critical infrastructure
- How the national framework for securing and securing critical infrastructure works
- Actions you can take to protect critical infrastructure in the community