How Technology Builds Resilience in Critical Infrastructure Security
Written by:
North Carolina Central University
• Jan 18, 2024
How Technology Builds Resilience in Critical Infrastructure Security
Critical infrastructure enables populations to ride across town on the subway, access the internet using their smartphones, get medical attention when they’re sick, and so much more. Even the simple act of filling up a glass with clean drinking water is the result of our nation’s infrastructure at work.
The ability to access resources, such as electricity, food, and money, as well as basic everyday things, can be easy to take for granted. However, when a resource is suddenly missing or compromised, it can expose our vulnerabilities, put populations in danger, and cause mass panic.
This is why the Cybersecurity and Infrastructure Security Agency (CISA) is such an important government agency. In addition to spearheading the oversight and strategic methods employed in maintaining the country’s critical infrastructure security, the agency collaborates with several organizations in the public and private sectors to ensure that our infrastructure meets the rigorous standards to foster continuity and mitigate the most pressing threats, including technological and cyber threats.
With that in mind, individuals should familiarize themselves with the critical infrastructure sectors, including how they provide necessary functions and resources for daily life and the main security considerations facing each one. Additionally, knowing how government agencies are safeguarding the nation’s critical infrastructure sectors to build security resilience is important.
What Are the 16 Critical Infrastructure Sectors?
According to CISA, 16 infrastructure sectors are designated critical because their networks, systems, and assets are “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The sections below provide an overview of each of the 16 critical infrastructure sectors and their roles in the country.
1. Chemical Sector
The chemical sector is integral to the use, manufacture, storage, transportation, and delivery of more than 70,000 different chemicals that are essential to the nation’s global supply chain. The main functional areas of the chemical sector include manufacturing plants, transport systems, warehousing/storage, and end users who consume the chemicals purchased.
The chemical sector consists of four main chemical industry components:
-
Basic chemicals, such as sodium chloride and sulfuric acid
-
Specialty chemicals, such as food additives, flavors, fragrances, and sealants
-
Consumer chemicals, such as paints, cosmetics, bleaches, and toothpaste
-
Agricultural chemicals, such as herbicides, insecticides,
pesticides, and fungicides
Chemical Sector Main Security Considerations
According to CISA, the biggest security risks to the chemical sector include the following:
-
Insider threats to physical and cybersecurity systems
-
Cyber threats that are deliberate and caused by humans, the result of human error, the result of technological error, or due to a supply chain vulnerability
-
Extreme weather and natural disasters that can adversely affect storage, transportation, or public health
-
Terrorist or deliberate attacks intended to cause widespread and long-term damage
-
Pandemics or biohazards that impact workers, operations, and supply chains
2. Commercial Facilities Sector
The commercial facilities sector consists of a broad range of public sites that draw sizable crowds for lodging, entertainment, shopping, and business. Most of the facilities are privately owned and operated and consist of the following eight subsectors:
-
Sports leagues and federations
-
Retail districts and shopping centers
-
Real estate, such as offices, condominiums, apartment buildings, and mixed-use facilities
-
Public assembly spaces, such as convention centers, museums, zoos, aquariums, and arenas
-
Outdoor events, such as marathons, exhibitions, parades, and fairs
-
Lodging sites, such as RV parks, motels, and hotels
-
Casinos and gaming sites
-
Entertainment and media sites, such as movie theaters and broadcast media sites
Commercial Facilities Main Security Considerations
CISA outlines the following critical infrastructure security risks and threats for the commercial facilities sector:
-
Using vehicles to ram into large crowds of people, breach security barriers, or inflict significant damage on people and property
-
Public health threats and pandemics that affect large groups of people
-
Natural disasters and extreme weather situations
-
Unmanned aircraft systems (UAS), such as drones, that are used to gather intel on a commercial facility for attack purposes
-
Explosive devices that cause extreme damage to pedestrians and property, such as improvised explosive devices (IEDs), pipe bombs, and kettle bombs
-
Supply chain disruptions that impact the delivery of products
-
Cyberattacks that can hinder internet communications and services used for online reservations, ticketing, merchandising, and marketing
-
Armed attackers and mass shooters who enter commercial facilities to cause mass fatalities and terrorism
3. Communications Sector
The communications sector is one the most critical sectors in the day-to-day operations of businesses, government, and public safety organizations, not to mention the overall U.S. economy. Consisting of a complex network of wireless, satellite, and terrestrial transmission systems, the communications sector is the bedrock of how information is exchanged and how people communicate.
CISA points out the following sectors as being closely linked with the communications sector:
-
The transportation systems sector depends on communications to monitor and control flows of traffic in air, ground, and sea.
-
The emergency services sector depends on communications for receiving 911 calls, public alert and warning systems and coordinating emergency response systems.
-
The financial services sector requires communications for the operation of financial markets and the transmission of financial transactions.
-
The information technology sector depends on communications for the delivery and distribution of services and applications.
-
The energy sector not only relies on communications to monitor and control the delivery of electricity but also provides the power necessary to operate cell towers and other essential communications facilities.
Communications Sector Main Security Considerations
According to CISA, the communications sector is one of the few that can impact all other sectors in the event of an outage or an attack that hinders its ability to operate at capacity. The most pressing threats include the following:
-
Internet of Things (IoT) vulnerabilities and cyber threats from malicious actors
-
Terrorist attacks that target communications equipment
-
Insider threats, including intentional attacks and threats that manifest as a result of human error or negligence
-
Third-party risks, including subcontractors, web hosting providers, service providers, email providers, and other vendors
-
Distributed denial of service (DDoS) attacks
-
Severe weather events that damage or destroy vital communications equipment
4. Critical Manufacturing Sector
The U.S. is known as a nation that builds and creates; this is what makes the critical manufacturing sector so vital to the continuity of our infrastructure. Additionally, the raw materials manufacturing, energy and water, communications, transportation, and chemical sectors all depend on critical manufacturing. The critical manufacturing sector is divided into four subsectors:
-
Primary metals manufacturing is responsible for iron, steel, aluminum, and nonferrous metal production and processing.
-
Machinery manufacturing is responsible for engines, turbines, power transmission equipment, mining, agricultural machines, and construction equipment.
-
Electrical equipment and component manufacturing is responsible for electric motors, appliances, transformers, and generators.
-
Transportation equipment manufacturing is responsible for vehicles, commercial ships, aerospace products, locomotives, transit cars, and other rail track equipment.
Critical Manufacturing Sector Main Security Considerations
According to CISA, the following are the biggest risks to the critical manufacturing sector:
-
Natural disasters and extreme weather that can impact facilities and disrupt supply chains
-
Supply chain disruptions that impact the “just-in-time” delivery model, potentially leaving some companies with limited resources and inventories
-
Global political and social implications, including negative attitudes toward the U.S., poor economic conditions, and radicalism
-
Terrorism and deliberate attacks that target facilities and their workforce
-
Cyberattacks that take over systems, shut down operations, steal information and proprietary data, disrupt day-to-day processes, damage or disable equipment, and otherwise hinder manufacturing
5. Dams Sector
The dams sector is responsible for critical water retention and control services, including industrial waste management, sediment and flood control, agricultural irrigation, municipal industrial water supplies, and hydroelectric power generation. The dams sector is single-handedly responsible for approximately 60% of the electricity in the Pacific Northwest region and protects over 43% of the country’s population from flooding.
According to CISA, the dams sector’s core dependencies and interdependencies include the following:
-
The communications sector enables remote control over dams.
-
The energy sector sources some of its power from hydropower dams.
-
The food and agriculture sector is assisted by the dams sector for flood protection and irrigation.
-
The transportation systems sector is supported by the dams sector via navigation locks systems that enable freight movements in inland and intracoastal waterways.
-
The water sector provides pumping capabilities and drinking water from the dams sector.
Dams Sector Main Security Considerations
With more than 100,000 dams in the country that are responsible for water retention, energy production, and the support of other critical sectors, these structures must remain in good working order. According to CISA, the following are the main critical infrastructure security threats facing the dams sector:
-
Rising populations equate to more people moving into areas that surround levees and dams, such as farmland; in the event of a failure, the consequences and loss of human life would be much higher.
-
A rising frequency of natural disasters, potentially damaging dams and relevant systems.
-
Aging dam infrastructure that no longer meets safety standards or has fallen into disrepair.
-
Limited information surrounding dam security, making it difficult for agencies to determine if the measures in place are enough.
-
Cyberattacks that target outdated patches, security controls, or other technological vulnerabilities.
-
Terrorism and deliberate attacks that intend to destroy dams and that may result in extreme flooding, population casualties, property damage, and impacts on power supplies.
6. Defense Industrial Base Sector
The defense industrial base sector is the heart of the nation’s ability to perform research and development for military weapons, including systems, subsystems, parts, and components. The U.S. has more than 100,000 defense industrial base companies and subcontractors that operate at the behest of the U.S. Department of Defense (DOD). Our nation’s arsenals, ammunition plants, and other services that help satisfy the military’s national defense requirements are supplied by this sector.
Notable systems and equipment from the defense industrial base sector include the following:
-
UAS
-
Unmanned underwater vehicles
-
Combat vehicles
-
Tactical vehicles
-
Unmanned ground vehicles
-
Electronics used for electronic warfare
-
Chemical biological defense systems
-
Clothing and textiles for soldiers
-
Ceramic and plating armor
-
Missiles and munitions
-
Satellites
-
Nuclear components
Defense Industrial Base Sector Main Security Considerations
Considering the extremely sensitive nature of what the defense industrial base sector does and how it’s directly responsible for national security, significant resources are invested in the assessment of threats and risks that may potentially impact this sector’s ability to support our defense systems and supplies.
The most notable threats and security considerations include the following:
-
Foreign and domestic threats, including those motivated by terrorism
-
Hazards caused by humans and acts of nature
-
Cyber threats and malicious actors who wish to steal, delete, damage, or otherwise corrupt sensitive data
-
Production risks caused by lack of resources or supply chain issues
7. Emergency Services Sector
The emergency services sector is responsible for maintaining peace and order, saving the lives of those in peril, protecting communities and property, and providing aid to populations impacted by natural disasters.
According to CISA, the emergency services sector is divided into five disciplines, including the following:
-
Public works
-
Emergency management
-
Emergency medical services
-
Fire and rescue services
-
Police and law enforcement
Emergency Services Sector Main Security Considerations
The emergency services sector consists of law enforcement personnel and vital support staff that aid communities, keep criminals in check, and protect homes and businesses. If an emergency services department is rendered incapable of performing its duties, it can put an entire community at risk.
According to CISA, the following are the main risks currently facing the emergency services sector:
-
Natural disasters and extreme weather situations
-
Cyberattacks and disruptions to vital technology that impact the emergency services sector’s response and communications
-
Terrorist attacks and violent extremists
-
Nuclear, radiological, biological, and chemical incidents
-
Funding shortages that leave certain communities more vulnerable than others
8. Energy Sector
The energy sector is divided into natural gas, oil, and electricity. The U.S. has more than 6,413 power plants in operation. Approximately half the nation’s electricity is produced through coal combustion. Nuclear power plants and natural gas combustion are the other two primary sources of power, responsible for roughly 42% of the country’s electricity. What makes the energy sector distinct is that virtually every other infrastructure sector depends on it for power and performing day-to-day operations.
Energy Sector Main Security Considerations
The energy sector faces constantly evolving threats from various sources, including external malicious actors and domestic extremists. According to CISA, the following are the most pressing critical infrastructure security threats to the energy sector:
-
Cybersecurity and physical security threats that can compromise energy production
-
Extreme weather events that can disable power plants and vital infrastructure
-
Terrorist attacks and attacks from violent domestic extremists
-
Human errors that cause critical situations
-
Aging infrastructure and equipment failures
-
Evolving regulatory, economic, and environmental requirements that are difficult to satisfy
-
Changes in the operational and technical environments that can cause disruptions, such as changes in how fuel is supplied
-
Volatile markets that result in significant fluctuations in supply, demand, and pricing
-
Operational hazards that result in hazardous spills, explosions, and population fatalities and injuries
9. Financial Services Sector
The financial services sector consists of credit and financing organizations, insurance companies, providers of investment products, depository institutions, and the services and critical utilities that support financial functions. With everything from local credit unions to global banking institutions falling under the purview of the financial services sector, it’s essential to the nation’s financial continuity and our ability to:
-
Deposit and transfer funds
-
Make payments to other parties
-
Provide liquidity and credit to consumers
-
Make short- and long-term investments
-
Transfer financial risks between parties
Financial Services Sector Main Security Considerations
The financial services sector faces the most dynamic and complex set of threats and risks that can impact the country at micro and macro levels. Individuals, small businesses, and major corporations are all targets of financial crime. The challenge is keeping up with the evolution of threats and remaining informed on the newest methods being used to hinder the country’s monetary systems.
According to CISA, the following are the most notable threats facing the financial services sector:
-
Cybersecurity and physical security incidents that compromise vital systems
-
Natural disasters and extreme weather events that cause physical disruptions
-
Terrorist attacks against banking institutions, including ransomware and physical attacks
-
DDoS attacks intended to take down websites
-
Large-scale power outages that compromise security systems and operations
-
Supply chain attacks that target vulnerable third-party vendors and banking affiliates
10. Food and Agriculture Sector
Consisting of more than 935,000 restaurants; 2.1 million farms; and more than 200,000 food processing, manufacturing, and storage facilities, the food and agriculture sector is distinct because it’s responsible for about 20% of the nation’s economy and it’s almost entirely under private ownership. It also has some critical dependencies with numerous sectors, including the following:
-
The chemical sector is responsible for providing vital pesticides and fertilizers for crops.
-
The energy sector is responsible for sourcing the power necessary for food processing and agriculture production.
-
The transportation sector is responsible for the transport of livestock and food products.
-
The water and wastewater sector is responsible for processed water and clean irrigation.
Food and Agriculture Sector Main Security Considerations
Because the food and agriculture sector is the source of organic and perishable food products, it faces a distinct set of risks and threats compared with other sectors. Most notably, CISA points out the following critical infrastructure security risks to the sector:
-
Accidental and intentional food contamination and disruption that cause illness, chronic health conditions, and death
-
Terrorists and violent extremists who target food supplies in an attempt to deplete valuable resources, create panic, and starve populations
-
Natural disasters and extreme weather events that can wipe out farmlands, cause flooding, and impact supply chains responsible for food products
-
Diseases and pests that deplete or otherwise compromise food supplies
-
Cyber threats that target the digital systems, resources, and tools that impact food supply chains, transport, and other relevant activities
11. Government Facilities Sector
The government facilities sector consists of domestic and international buildings and structures that are either owned or leased by any branch of the U.S. government. This includes local, state, federal, and tribal government agencies. Notable examples are the following:
-
National laboratories
-
Courthouses
-
Embassies
-
Special use military installations
-
Structures that house essential government-owned equipment, networks, or systems
-
General use office buildings and government-owned buildings that contain highly sensitive equipment, materials, or information
Government Facilities Sector Main Security Considerations
Government facilities always have a proverbial target on their back, especially when it comes to international terrorists and domestic extremists. A successful attack on a government building carries symbolic value in the eyes of foreign enemies; this is exactly why public sector structures receive every conceivable protection to ensure the safety and security of U.S. government workers and our assets.
According to CISA, the following are among the most notable threats to the government facilities sector:
-
Terrorist attacks and attacks from domestic extremists
-
Unintentional threats caused by humans, including human errors, equipment failures, security violations, manipulation, and coercion
-
Intentional threats, including malicious criminal acts; active shooters; assassination attempts; drone attacks; cyberattacks; insider threats; supply chain disruptions; hostage-taking scenarios; and explosive events involving nuclear, radiological, biological, or chemical materials
-
Natural threats and extreme weather events
-
Pandemics and public health threats
-
Aging infrastructure that increases vulnerabilities
12. Health Care and Public Health Sector
As the nation witnessed during the 9/11 terrorist attacks and the recent COVID-19 pandemic, many of our nation’s heroes support populations through health care services and medical aid. The health care and public health sector is responsible for protecting and treating various other sectors in natural disasters, infectious disease outbreaks, and terrorist attacks that impact large populations.
The six private subsectors of the health care and public health sector are as follows:
-
Direct patient care
-
Health information technology
-
Health plans and payers
-
Mass fatality management services
-
Medical materials
-
Laboratories, blood, and pharmaceuticals
The two government subsectors of the health care and public health sector are as follows:
-
Public health
-
Federal response and program offices
Health Care and Public Health Sector Main Security Considerations
The support that public health departments and health care workers provide to communities makes them an ideal target for domestic and foreign threats that wish to cause maximum damage and prevent populations from receiving vital treatments. For areas with little to speak of in terms of medical resources, an attack against a hospital can put an entire population at great risk.
According to CISA, the following critical infrastructure security risks pose the greatest threat to the health care and public health sector:
-
Emerging sector threats and hazards, including public health crises and pandemics
-
Natural disasters and extreme weather events that compromise health care operations
-
Malicious human attacks, including explosive devices, active shooters, and attacks that use chemical agents
-
Supply chain disruptions that compromise the transport of vital medical supplies, drugs, and medications
-
Cyberattacks that disable health care systems, corrupt or compromise patient data, harvest personal data, or infect systems using malware
-
Electromagnetic pulse (EMP) risks that can instantly cause a power outage to systems and medical equipment
-
Internal or cross-sector dependencies and interdependencies that experience a point of failure, resulting in a cascading impact with negative implications
13. Information Technology Sector
With the nation’s mass adoption of technology in every critical sector, the information technology sector has experienced significant expansion over the past couple of decades in terms of hardware, software, and IT systems. This sector is now a central fixture in the areas of academia; business; public health; the economy; national security; and local, state, and federal government agencies. Furthermore, approximately 97% of the U.S. population owns at least one smartphone device.
According to CISA, the information technology sector performs the following essential functions:
-
IT products and services
-
Incident management capabilities
-
Domain name resolution services
-
Identity management and associated trust support services
-
Internet-based content, information, and communication services
-
Internet routing, access, and connection services
The dynamic and constantly evolving sector makes it a constant target of malicious actors and cyberattackers who wish to disrupt operations, corrupt data, steal private and proprietary information, and infect networks with viruses and malware. Considering the widespread use of the internet and internet-connected devices for personal, business, and government applications, a successful attack on the information technology sector has the potential to cause significant complications.
Information Technology Sector Main Security Considerations
The critical infrastructure security risks facing the information technology sector have the potential to take down entire networks, disable websites, and cut off communications. CISA notes the following risks as main concerns:
-
Cyberattacks that take advantage of supply chain vulnerabilities
-
Attacks caused by humans that can lead to internet outages
-
Denial-of-service attacks on the domain name system (DNS) infrastructure
-
Unintentional incidents that result and the loss of e-commerce capabilities
-
Attacks caused by humans that cause partial or complete loss of routing capabilities
-
Impacts to cyberattack detection capabilities
14. Nuclear Reactors, Materials, and Waste Sector
The nuclear reactors, materials, and waste sector is an expansive system chiefly responsible for providing electricity and creating medical isotopes that are used for treating cancer patients. According to CISA, the sector consists of:
-
A total of 92 active power reactors that are responsible for producing approximately 20% of the nation’s electricity
-
A total of 31 research and test reactors that produce industrial and medical isotopes
-
A total of eight active nuclear fuel cycle facilities that produce and reprocess nuclear reactor fuel
-
More than 20,000 licensed users of radioactive sources, including those used for medical diagnostics, food sterilization, academia, and more
The nuclear reactors, materials, and waste sector is interdependent with numerous other sectors, including the following:
-
The chemical sector is essential for electricity production.
-
The emergency services sector relies on trained medical professionals capable of treating hazards caused by nuclear incidents.
-
The water and wastewater systems sector provides large amounts of water for nuclear reactor cooling.
-
The transportation systems sector is used for the shipment of radioactive and nuclear materials.
-
The health care and public health sector uses radioactive materials to perform approximately 20 million medical procedures annually.
-
The energy sector both supplies and draws electricity from nuclear facilities.
Nuclear Reactors, Materials, and Waste Sector Main Security Considerations
The nuclear reactors, materials, and waste sector handles radioactive waste, radioactive materials, and nuclear materials, all of which are highly sensitive and potentially dangerous to populations. Furthermore, this sector is responsible for a significant percentage of the nation’s power and its ability to perform advanced health care tasks.
With that in mind, CISA outlines the following as the most pressing critical infrastructure security risks facing this sector:
-
Damage or disruption to critical assets that may result in catastrophic failure
-
Natural disasters and extreme weather events that can compromise nuclear facilities
-
Supply chain interruptions that cause site-specific issues
-
Safety risks associated with decommissioning a nuclear site
-
Aging infrastructure and equipment that pose a safety risk
-
Aging power grids that pose a threat of massive power outages
-
Complex and advanced cyber threats that can compromise operations or enable an external malicious actor to take over a nuclear facility remotely
15. Transportation Systems Sector
The transportation systems sector is responsible for transporting populations by land, air, and sea. Millions of Americans move throughout their cities using public transportation alone. According to CISA, the transportation systems sector consists of the following seven subsectors:
-
Postal and shipping is responsible for transporting mail and parcels.
-
Aviation is responsible for aircraft, airports, heliports, landing strips, and air traffic control systems.
-
Freight rail is responsible for the many freight cars and locomotives on the railway system.
-
Mass transit and passenger rail includes ride-hailing services, passenger rail, light rail, heavy rail, monorail, trolley buses, and transit buses.
-
Pipeline systems is responsible for transporting the country’s natural gas, hazardous liquids, and other chemicals.
-
Maritime transportation system includes the nation’s coastline, waterways, ports, and intermodal landslide connections
-
Highway and motor carrier includes the nation’s roadways, tunnels, bridges, and commercial vehicles.
Transportation Systems Sector Main Security Considerations
The transportation system sector is subject to a wide array of risks; this is why government agencies and other relevant organizations need to remain up to date on the main threats to this essential sector. Transportation that’s hindered or otherwise compromised can result in significant disruptions, safety issues, widespread panic, and other negative impacts.
According to CISA, the main threats to the transportation systems sector include the following:
-
Acts of terrorism that include physical or cyberattacks, resulting in the disruption or complete disablement of transportation services.
-
Aging infrastructure that increases the risk of sudden failures, breakdowns, and public safety issues.
-
Natural disasters and extreme weather events that can cause blockages on roadways, rail systems, and other avenues of transportation; these events may result in power outages that disable transport.
16. Water and Wastewater Systems Sector
The water and wastewater systems sector is primarily responsible for sourcing safe drinking water that’s fit for public consumption. The sector consists of approximately 153,000 drinking water systems and more than 16,000 wastewater treatment systems. Over 80% of the nation’s population gets its drinking water from these systems. Approximately 75% of the nation has its sanitary sewage treated by a wastewater system.
Water and Wastewater Systems Sector Main Security Considerations
As witnessed during the Flint water crisis, which began in 2014, the most significant danger to populations is the inability to access clean drinking water. As a result of consuming contaminated water, residents of Flint, Michigan, suffered from behavioral health issues, anxiety, depression, and reduced physical health.
According to CISA, the most critical infrastructure security risks to the water and wastewater systems sector include the following:
-
Attacks that contaminate water with deadly toxins or chemical agents
-
Accidents that release deadly toxins and chemicals into the population’s water supply
-
Natural disasters and extreme weather events that hinder the sector’s ability to treat drinking water and manage wastewater
-
Aging infrastructure that can result in disrupted processes and contaminated water
-
Cyberattacks and events that compromise drinking water systems and wastewater treatment systems
-
Economic costs associated with water-related issues and response
-
Inaction from essential stakeholders in the utilities industry
-
Limited water resources in populations in which reserves aren’t readily available
-
Outdated or unenforced requirements that don’t adhere to current standards
-
Lack of preparation for water-related events
-
Lack of leadership and emergency management
-
Communication and technology interoperability issues that restrict or disable the sharing of vital information
Safeguarding Critical Systems and Assets Against Cyber Threats
When evaluating the most relevant critical infrastructure security risks, readers may have noticed that cyber threats and attacks that use technology are the common denominator for all sectors. Although this wouldn’t have been the case two decades ago, the comprehensive adoption of the internet, computer networks, IoT devices, and other digital tools has made every sector a target using this specific type of attack.
Hackers and malicious actors aren’t bound by borders, and they continue to innovate the tactics and technology used to carry out their attacks. They also happen to be highly skilled in identifying vulnerabilities in infrastructure security, especially regarding sectors that are notorious for operating using outdated tech, software, and security measures.
To address the problem head-on, CISA is actively collaborating with other government agencies and relevant organizations to create a robust and secure network capable of mitigating cyber threats that put the nation’s infrastructure sectors at risk. The main action items include the following:
-
Cooperation between entities in the public and private sectors that engage relevant stakeholders and parties. Education and creating awareness about cyber threats and their potential impacts lay the groundwork for which threats pose the highest risk, what’s at stake, and how to implement proactive solutions.
-
Coordinating between the entities in the public and private sectors to develop a comprehensive framework that establishes best practices and protocols for communication, leveraging resources, defining key roles and relevant responsibilities, and creating effective teams capable of detecting, assessing, and responding to cyberattacks.
-
Creating an information-sharing engine that public and private sector entities can access to provide them with essential information and support resources relevant to deterring cyberattacks.
-
Advancing multidisciplinary cooperation by including groups and key roles that have historically not worked together, such as IT cybersecurity specialists who oversee state agencies, private sector disaster response and cybersecurity teams, law enforcement teams, and emergency management that’s responsible for critical infrastructure security scenarios, as well as other relevant parties that can help secure the nation’s infrastructure from cyber threats.
-
Coordinating and exchanging resources and information with federal entities, including the U.S. Department of Homeland Security (DHS) cybersecurity advisors, the DHS physical security advisors, and the National Cybersecurity and Communications Integration Center (NCCIC).
-
Establishing key points of contact within state agencies that are responsible for helping maintain federal databases and leveraging existing intelligence to conduct more granular and informed risk assessments on critical infrastructure security.
-
Private sector entities should securely share information about potential vulnerabilities and their ability to mitigate cyber threats without fear of the information being made public or reprisals. The idea at play is that these entities will eventually form a network of learning from each other.
-
Cybersecurity specialists and teams must receive the most advanced training to ensure that they have the knowledge, skills, and resources that enable them to adequately detect, assess, and address cybersecurity threats. Furthermore, they must engage in continuous education to remain up to speed on the evolution of these dynamic threats and risks to the nation’s infrastructure.
Although these action items won’t be implemented overnight, creating a culture of collaboration, awareness, well-defined roles, and relationship-based partnerships that benefit the nation at a macro level serves to foster a unified mindset in which all entities — public and private alike — are mindful of critical infrastructure security.
Critical Infrastructure Sectors Resource Section
The following resources provided by CISA provide further details about critical infrastructure sectors, including sector-specific plans, main threats, threat mitigation tactics, and relevant statistics:
-
Introduction to the Commercial Facility Sector Risk Management Agency
-
Introduction to the Communications Sector Risk Management Agency
Protecting Our Critical Infrastructure Is Key to Our National Security and Safety
Learning about the individual critical infrastructure sectors is essential to understanding how they operate independently and with other sectors that may depend on them. Each sector features a unique set of risks that can compromise its continuity, but they’re all unified by the most modern form of attack: cyber threats.
Getting up to speed on how cyber threats can impact a sector and the steps that must be taken to develop a robust network of cybersecurity are two essential parts of creating public awareness on this important issue. Through enhanced collaboration between public and private entities, creating well-defined frameworks and processes, and investing in cybersecurity education, we can ensure that each critical sector has the necessary protections and resources in place to mitigate foreign and domestic digital threats.