Critical Infrastructure and Cybersecurity
Written by:
University of Tulsa
• Jan 19, 2024
Critical Infrastructure and Cybersecurity
Critical infrastructure is defined as infrastructure that plays a vital role in national security, economic health, and public safety. It consists of networks, assets, and systems that are integral to a functioning society, and it supports human livelihood in all its forms. Examples are the national power grid, which delivers electricity to homes and businesses across the country, and transportation systems, which include airports, railroads, interstate highways, and bridges.
Advancements in digital technology have led to a significant uptick in threats to critical infrastructure, and security professionals in both the private and governmental sectors are struggling to keep up. An online Master of Science (M.S.) in Cyber Security degree program can teach aspiring professionals the skills they need to protect critical infrastructure through cybersecurity.
16 Sectors of Critical Infrastructure for Cybersecurity
Just as terrorists target infrastructure during physical attacks, cyber attacks target critical infrastructure via digital networks. Any industry or sector that stores data, relies on digital processes, or uses assets connected to the web faces cyber threats.
The Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 sectors of critical infrastructure. For each of the sectors, one or more government agencies identify risk-based performance standards and implement safeguards, such as security vulnerability assessments, site security plans, and other protective measures.
Chemical Sector
The chemical sector is a key link in the national economy. It’s responsible for the manufacturing, storage, use, and transportation of chemicals that pose a public health threat should they fall into the wrong hands via a network breach. The U.S. Department of Homeland Security (DHS) serves as the Chemical Sector Risk Management Agency.
Commercial Facilities Sector
Commercial facilities include malls, football stadiums, hotels, and entertainment venues that draw large crowds of people. Attacks against this sector of critical infrastructure from a cybersecurity standpoint could allow a cybercriminal or another organization to gain control of lighting, temperature, audio, and access control systems — causing distress, panic, or physical harm to those inside.
Communications Sector
The communications sector is private and therefore responsible for its own infrastructure, but CISA plays a large role in anticipating, preventing, and responding to cybersecurity incidents. This sector includes telephone, internet, and satellite communication pathways and the physical and digital infrastructure that makes communication possible.
Critical Manufacturing Sector
Critical manufacturing refers to industries that have national significance, such as primary metals processors and facilities, as well as engine manufacturing facilities. As more manufacturing processes become automated, the industry’s larger digital-facing edge exposes it to cyber attacks.
Dams Sector
Dams provide essential water and hydropower to American households and businesses. Automation and other forms of digital technology have led to risks of attacks that could alter or disrupt the flow of water. Attacks against American dams could create serious flooding, a complete loss of water or power, and potential casualties.
Defense Industrial Base Sector
Critical infrastructure and cybersecurity are especially important in the defense industrial base sector. This sector enables the research, development, design, production, delivery, and maintenance of military weapons systems and their components.
Emergency Services Sector
Emergency services consist of five disciplines: law enforcement, fire and rescue, emergency medical services, emergency management, and public works. These disciplines rely heavily on electronic data, and any attack against this sector could block access to data and impact prevention, preparedness, emergency response, and recovery efforts.
Energy Sector
The energy sector consists of organizations and assets responsible for collecting, processing, and distributing electricity, oil, and natural gas across the nation. Major attacks against the energy sector could lead to widespread fuel shortages or power outages.
Financial Services Sector
Banks, lenders, credit unions, and other organizations make up the financial services sector, which is foundational to the U.S. economy. Because these organizations store and process financial data, they face innumerable risks. An attack on this sector could result in the inability to deposit funds, make payments or purchases, obtain credit, or invest funds.
Food and Agriculture Sector
The privately owned food and agriculture sector accounts for about one-fifth of the economic activity in the U.S. It depends on the energy, chemical, transportation, and water and wastewater systems sectors for its production. Any major attack against the food and agriculture sector could lead to food shortages in the U.S. and globally.
Government Facilities Sector
Government facilities include both public-facing and private government buildings, such as courthouses, Social Security offices, military installations, and public transportation facilities. Professionals trained in critical infrastructure and cybersecurity use advanced technology to protect facilities and the people inside from potential attacks on closed-circuit television, environmental control, and access systems.
Health Care and Public Health Sector
The health care and public health sector protects the American public from infectious disease, terrorist attacks, and national disasters. It works in tandem with other sectors to respond to these incidents. Most of the sector is privately owned, but regulations set forth at the federal level provide guidance for protecting its critical infrastructure.
Information Technology Sector
As people, businesses, and industries grow more dependent on the internet and information technology (IT), this sector must remain diligent in identifying vulnerabilities, protecting data, and recovering from attacks. This sector collaborates with private agencies and other sectors to address the complex IT environment and comes up with creative solutions to potential threats.
Nuclear Reactors, Materials, and Waste Sector
The nuclear sector contains much of the nonmilitary nuclear infrastructure across the country, and the Nuclear Sector Risk Management Agency, an office of the DHS, manages its cybersecurity. Attacks on this sector could lead to uninhabitable zones due to radiation, large-scale power outages, or cancer treatment shortages.
Transportation Systems Sector
The transportation sector is responsible for moving goods and people at the local, state, national, and international levels. DHS and the U.S. Department of Transportation (DOT) work together as the Co-Sector Risk Management Agencies for this sector. Cyber attacks have the potential to ground air traffic, cause railways to cease operations, or cause accidents due to traffic light failures.
Waste and Wastewater Systems Sector
The waste and wastewater systems sector ensures that Americans have access to clean, fresh water. Cybercrime perpetrated against this sector could lead to water contamination or shortages.
The Importance of Critical Infrastructure in Cybersecurity
According to DHS, critical infrastructure is the foundation of national and economic security, and it’s important for the health and well-being of every American. Each of the 16 sectors identified by DHS allows the American way of life to flourish. The importance of critical infrastructure in cybersecurity continues to grow as more people, industries, and government agencies rely on electronic data and IT for their basic needs.
Protect Critical Infrastructure as a Cybersecurity Professional
Many careers in cybersecurity are important to critical infrastructure. Cybersecurity leaders, analysts, and engineers work together to design secure IT infrastructure and develop technologies — from firewalls to network scanning software — that protect assets from digital threats.
The online M.S. in Cyber Security program at The University of Tulsa can equip aspiring cybersecurity professionals with the skills and knowledge they need to prepare for modern threats against critical infrastructure. Discover how you can help protect national and global interests with your advanced knowledge of critical infrastructure and cybersecurity.
Recommended Readings
Cybersecurity Defense Strategies: The Role of Cybersecurity in National Security
Cyber Threat Analyst Career Overview
Cybersecurity and AI: A Changing Landscape
Sources:
Cybersecurity and Infrastructure Security Agency, Critical Infrastructure Sectors
Cybersecurity and Infrastructure Security Agency, Critical Infrastructure Security and Resilience
Deloitte, “Incentives Are Key to Breaking the Cycle of Cyberattacks on Critical Infrastructure”
Investopedia, “Infrastructure: Definition, Meaning, and Examples”
U.S. Department of Homeland Security, Secure Cyberspace and Critical Infrastructure