Critical infrastructure: Why its security matters

What is critical infrastructure?

Critical infrastructure is physical or virtual assets, systems, and networks vital for maintaining society’s economy, health, and safety. It varies slightly from country to country, but the smooth running of infrastructure and its security is important to us all.

Critical infrastructure includes energy, water supply, transportation, communication systems, financial services, healthcare, emergency systems, and defense. While critical industries are more or less the same in all countries, they can vary depending on a nation’s needs, resources, and level of development.

What are the sectors of critical infrastructure?

The private sector typically owns critical infrastructure in the United States. However, some are operated by federal, state, or local governments. It is divided into 16 sectors, which strongly depend on one another, so the smooth functioning of interdependent critical structures is essential for the continued operation of society, the economy, and government.

16 critical infrastructure sectors in the United States:

• The chemical and hazardous materials industry (maintenance of chemical hazards and toxic substances)
• The food and agriculture sector (farms, restaurants, food manufacturing, processing, and storage facilities)
• The financial services sector (banking, mortgages, credit cards, payments, taxes, accounting, and investing)
• The transportation systems sector (aviation, highways, maritime transport, transit, and rail)
• The emergency services sector (police, fire, and emergency medical services)
• The defense industrial base sector (development, production, and maintenance of military weapons systems)
• The government facilities sector (maintenance of US and overseas buildings belonging to federal, state, local, and tribal governments)
• The nuclear reactors, materials, and waste sector (nuclear power plants, materials, fuel, as well as transportation, storage, and disposal of nuclear material and waste)
• The communications sector (telecommunications, media, and entertainment)
• The critical manufacturing sector (manufacturing industries)
• The information technology sector (technology and software services, the internet, applications, systems, and databases)
• The commercial facilities sector (shopping, business, entertainment, and lodging)
• The dams sector (dam projects, navigation locks, levees, hurricane barriers, and mine tailings impoundments)
• The energy sector (electricity, oil, and natural gas resources)
• The healthcare and public health sector (hospitals, long-term care, ambulatory surgery, clinics, doctors, nurses, and pharmacists)
• The water and wastewater systems sector (water treatment plants, water supply, and sewer systems)

The connection between these 16 interdependent infrastructure systems is important because failure in at least one sector can negatively affect multiple sectors. We’ve seen cyberattacks disrupt the daily operations of critical industries multiple times before. Therefore, companies implement cybersecurity measures to prevent the domino effect on critical infrastructure sectors.

Critical infrastructure cybersecurity

Critical infrastructure evolves and becomes more digitized every day, raising concerns about its cybersecurity challenges. Automated systems reduce the cost of services and improve process efficiency while leaving facilities, sensitive data, and intellectual property open to cyber threats.

Critical infrastructure cybersecurity is a set of programs, protocols, and technologies safeguarding the infrastructure from cybercriminals. Bad actors frequently target infrastructure of national importance, such as the national public health sector, transportation systems, industrial control systems, the government facilities sector, the energy sector, financial services, and other operations vital for the welfare of governments and citizens. We all remember the scandalous ransomware attack on the US Colonial Pipeline that caused the shutdown of the largest fuel pipeline in the US and fuel shortages on the East Coast.

The US Department of Homeland Security (DHS) is responsible for public security. It collaborates continuously with industry sectors, federal agencies, and private organizations to ensure infrastructure security and prevent emerging threats. DHS responsibly analyzes vulnerabilities and monitors and handles security breaches that may affect key industry sectors.

Cyberattacks on infrastructure can have severe consequences for the smooth running of national operations and citizens' public health or safety. This is why maintaining strong critical infrastructure security is not only crucial for the private sector and federal agencies but is also the responsibility of each of us.