Every society and nation rests on distinct pillars to allow it to function correctly. Experts often refer to some of these pillars as critical infrastructure. In essence, critical infrastructure security is concerned with protecting systems, networks, and assets that need to be operational continually.
The goal is to ensure the security of a nation, its economy, and the public’s health or safety.
Almost every nation has a different definition of critical infrastructure. However, there are many commonalities among them. For instance, the Department of Homeland Security in the U.S. has recognized 16 sectors that pertain to critical infrastructure. Among others, these include communications, energy, transportation, financial services, food, and agriculture.
Basically, all the things we can’t live without.
How Connectivity Harms Security
There used to be a time when industrial control systems (ICS) weren’t so heavily connected to the internet. However, nowadays, devices are more and more interconnected and have a broader reach to external systems. ICS are now controlling nuclear power plants, HVAC installations, robotics, and prison cell doors.
You could even say that your computer is in some ways directly connected to the cell doors of some prison in Nicaragua. Strange, right?
Twenty years back in time and cybersecurity didn’t look like a considerable concern. Well, today it is. It’s often nearly impossible to take critical infrastructure systems down for updates. The reason being they are critical. According to the Cambridge dictionary, the word critical refers to something that is of the greatest importance to the way things might happen.
To make things worse or better, governments cannot really influence the whole matter. The reason? The private sector owns and controls over 80 percent of these systems.
Some experts say that they are primarily worried about random malware inadvertently taking down essential operations. Strangely, their main concern isn’t equipment destruction attacks.
The Devastating Threats That Ravage Everything
If you haven’t noticed, threats all around us. Malicious attackers, non-state actors, and state entities are always looking for new ways to cause harm. Critical infrastructure is under attack, but there may be some ways in which we could protect it.
But what are we defending it from? It’s usually natural disasters, terrorist activities, and cyber attacks that can produce the most damage. We have grown so accustomed to being safe and secure most of the time that we forget the potential hazards. However, the sad fact is that entire nations and societies are at risk all the time.
Consider the 2017 Shamoon malware strike on Saudi Arabia’s oil giant Aramco. The company had to spend more than a week to restore their services after the invasion subsided. Malicious attackers designed Shamoon to erase and overwrite hard drive data with a corrupted image. Then it reported the addresses of infected computers back to the company’s network.
The offense was political because its designers cited oppression and the Al-Saud regime as a basis for the attack.
A second good example of how things can go wrong fast is the 2019 Hydro ransomware attack. The aluminum-producing company had to switch to manual operations at some smelting plants due to a severe ransomware attack. Workers had to turn off some of the systems and machinery.
According to one official, “They have the option of reverting back to methods that are not as computerized, so we are able to continue production.”
And just like that, the attackers forced the company to go 50 years back in time. Disturbing, to say the least.
What’s a Critical Infrastructure Security Plan?
The fastest and best way to deal with any problems is by making a plan. Critical infrastructure protection or security plan is a means to protect critical infrastructure and ensure the systems are up and running.
To cut a long story short, a critical infrastructure protection plan includes the following steps:
- Identifying private and public sector resources that meet the definition of critical infrastructure.
- Determining thresholds for each sector that verify when an asset is vital.
- Developing a methodology to prioritize resources and create a ranked list of critical infrastructure.
- Identifying vulnerabilities and flaws in critical infrastructure sectors and methods for security protection planning.
- Being aware of other locations of interest throughout the state that may not meet the Department of Homeland Security guidelines.
Researchers found that a potential attack on the U.S. power grid could result in a 70-90 percent casualty rate in a matter of 12 months. It’s for this reason that organizations need a critical infrastructure protection plan. So they can prepare for and prevent dangerous incidents.
Defending Against Persistent Dangers
Apart from other data breaches and serious cyberattacks, here are five threats to look out for:
- DDoS attacks can cripple the public cloud infrastructure of any organization. They can affect the availability of enterprises that are running critical infrastructure in the cloud. All this can result in slowing systems down or timing out requests while expending large amounts of processing power.
- Cross-site scripting and SQL injection attacks use remote access to devastate unprotected and exposed systems. Experts recommend that organizations use Content Delivery Networks and Web Application Firewalls. To identify vulnerabilities, companies should share crucial resources with administrators during the performing of regular security audits.
- IT departments use network segmentation to divide a network into multiple segments. That allows network administrators to control the flow of traffic based on defined admin policies. When network segmentation isn’t in place, malicious actors can gain access to valuable assets. They can steal personnel information and confidential intellectual property.
- Recently, many people are undermining the severity of malware attacks. Count us out! These attacks can have devastating effects on critical infrastructures. As computers, systems, and networks are more interconnected than ever before, malware attacks can get through more frequently. NotPetya, Stuxnet, Shamoon, and Dark Seoul are only a few examples of malicious malware ravaging the world.
Conclusion on Critical Infrastructure Security
While writing this article, our intention wasn’t to make you unplug from the internet and run out to live in the woods. Although that may be an option, this piece should serve to make you more aware of the persistent and ever-present threats.
Destruction of critical infrastructure doesn’t only cost a lot of money. It also slays vital systems that sustain life. All this isn’t just related to monetary considerations but is instead a matter of life and death. If hospital systems aren’t working correctly, then people die. If a company’s machines fall prey to malicious attacks, production stagnates, and jobs suffer.
All in all, critical infrastructure is critical for a reason. Creating a secure environment contributes not only to national and business growth but also makes sure we don’t revert to the Middle Ages. And who would want that? Not us.