Personal tools
 

Cybersecurity and Critical Infrastructures

Critical Infrastructure Sectors_021524A
[Critical Infrastructure Sectors - Huntsman Security]

- Overview

Critical infrastructure risk is the possibility that an attacker will exploit a vulnerability in critical infrastructure. Vulnerabilities are weaknesses in the systems and assets that are essential to how society functions. 

Critical infrastructure is made up of three elements: physical, cyber, and human. These elements should be integrated throughout the steps of the framework.

Here are some threats to critical infrastructure, including: natural disasters, pandemics, accidents, negligence, criminal activity, terrorist attack, acts of political aggression. 

Examples of infrastructure failures include:

  • Building collapses
  • Water main breaks
  • Gas pipe ruptures
  • Dam failures
  • Steam pipe explosions

 

- Critical Infrastructure Cybersecurity

Critical infrastructure cybersecurity is the use of programs, protocols, and technology to protect the critical infrastructure of a nation state. 

Critical infrastructure includes computer systems, networks, programs, data, and traffic data that are so vital to a country that their destruction or interference would have a debilitating impact. 

Examples of critical infrastructure include: 

  • Power plants
  • Water treatment facilities
  • Roads and bridges
  • Hazardous materials
  • Hospitals
  • Postal services
  • Internet connectivity
  • Data storage


A cyberattack on critical infrastructure can lead to: 

  • Service disruptions
  • Financial losses
  • Compromised data
  • Risks to public safety


The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations. These regulations require covered entities to report cyber incidents and ransomware payments to CISA.

 

- Examples of Cyber Attacks on Critical Infrastructure

Here are some examples of cyber attacks on critical infrastructure:

  • Stuxnet: A computer virus  that damaged centrifuges used in Iran's nuclear program 
  • Operation Crouching Yeti: A 2014 attack on India's power grids
  • Attack on a Russian telecom firm: In June 2023, Ukrainian hackers claimed responsibility for an attack on a Russian telecom firm that provides critical infrastructure to the Russian banking system


Other examples of cyber attacks on critical infrastructure include: NotPetya, SolarWinds, Colonial Pipeline.

 

[More to come ...]

 

 

Document Actions