Browse Definitions :
Definition

critical infrastructure security

Contributor(s): Matthew Haughn

Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

Although the elements of critical infrastructure vary to some extent on the country in question, there are many commonalities among nations. In the United States, the Department of Homeland Security (DHS) has identified 16 sectors involving critical infrastructure, including energy, communications, transportation, financial services, food and agriculture.

With the ongoing trends to M2M networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite the importance of these systems, for those that aren’t involved in IT (information technology), security is often inadequate.

Industrial control systems (ICS) are ubiquitous in many areas of critical infrastructure, controlling everything from nuclear power plants and other utilities to HVAC installations, robotics and even prison cell doors. When many such systems were built -- even in environments that were somewhat automated -- computing resources and connectivity were limited. As such, cybersecurity was not considered a very serious concern.

However, such systems pose a number of security issues.  For one thing, the fact that they are considered critical means that it is difficult to take them down for updates. Their limited computing resources may make it impossible to run antimalware. Furthermore, over 80 percent of such systems are owned and controlled by the private sector, which complicates any government efforts toward their security.

According to security expert Bruce Schneier, the biggest threat to critical infrastructure security may not be targeted exploits such as equipment destruction attacks but random malware that could inadvertently take down essential systems:  “A random attack--a worm or some hacker who doesn't know what he's doing--might inadvertently set in motion a chain reaction that could cause serious damage. This kind of thing is far more likely, and worrisome, than a cyberterrorist.”

This was last updated in April 2016

Continue Reading About critical infrastructure security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Critical infrastructure security is about constantly assessing risks and taking appropriate steps to mitigate those threats.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • spyware

    Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge.

  • application whitelisting

    Application whitelisting is the practice of specifying an index of approved software applications or executable files that are ...

  • botnet

    A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • DRAM (dynamic random access memory)

    Dynamic random access memory (DRAM) is a type of semiconductor memory that is typically used for the data or program code needed ...

  • RAID 10 (RAID 1+0)

    RAID 10, also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data.

  • PCIe SSD (PCIe solid-state drive)

    A PCIe SSD (PCIe solid-state drive) is a high-speed expansion card that attaches a computer to its peripherals.

Close