Browse Definitions :
Definition

critical infrastructure security

Contributor(s): Matthew Haughn

Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

Although the elements of critical infrastructure vary to some extent on the country in question, there are many commonalities among nations. In the United States, the Department of Homeland Security (DHS) has identified 16 sectors involving critical infrastructure, including energy, communications, transportation, financial services, food and agriculture.

With the ongoing trends to M2M networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite the importance of these systems, for those that aren’t involved in IT (information technology), security is often inadequate.

Industrial control systems (ICS) are ubiquitous in many areas of critical infrastructure, controlling everything from nuclear power plants and other utilities to HVAC installations, robotics and even prison cell doors. When many such systems were built -- even in environments that were somewhat automated -- computing resources and connectivity were limited. As such, cybersecurity was not considered a very serious concern.

However, such systems pose a number of security issues.  For one thing, the fact that they are considered critical means that it is difficult to take them down for updates. Their limited computing resources may make it impossible to run antimalware. Furthermore, over 80 percent of such systems are owned and controlled by the private sector, which complicates any government efforts toward their security.

According to security expert Bruce Schneier, the biggest threat to critical infrastructure security may not be targeted exploits such as equipment destruction attacks but random malware that could inadvertently take down essential systems:  “A random attack--a worm or some hacker who doesn't know what he's doing--might inadvertently set in motion a chain reaction that could cause serious damage. This kind of thing is far more likely, and worrisome, than a cyberterrorist.”

This was last updated in April 2016

Continue Reading About critical infrastructure security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • RAID 6 (redundant array of independent disks)

    RAID 6, also known as double-parity RAID, uses two parity stripes on each disk. It allows for two disk failures within the RAID ...

  • hard disk drive (HDD)

    A computer hard disk drive (HDD) is a non-volatile memory hardware device that controls the positioning, reading and writing of ...

  • byte

    In most computer systems, a byte is a unit of data that is eight binary digits long. Bytes are often used to represent a ...

Close