Latest News & Updates

June 11, 2024
 / 
Backgrounder
 / 
Critical Infrastructure

What is “Critical Infrastructure”?

Critical infrastructure provides the foundation that nations need for societies to function; the systems that underpin what people need to live and businesses require to operate. These are the assets and systems—that if destroyed or disrupted—have a debilitating impact on a nation’s security, economy, or its health and safety.

What sectors fall under Critical Infrastructure?

Critical infrastructure encompasses more business sectors than is commonly understood, which governments must recognize in their efforts to strengthen national security, as the definition of critical infrastructure helps determine how much companies and governments are willing to put into protecting them. Which industry sectors should be included should be expansive, according to Jen Easterly, Director, US Cybersecurity and Infrastructure Security Agency. “Critical infrastructure is the networks, systems, and data that we rely on every hour of every day, and that’s the water, it’s the power, it’s the telecommunications, it’s the healthcare, it’s the transportation—it’s all those things that underpin our daily lives.”

What are the risks to Critical Infrastructure?

Attacks on critical infrastructure—which may include privately held, often unregulated operators—pose critical risks for societies, and may occur as an outgrowth of geopolitical tensions, criminal enterprises holding systems hostage for ransom, or extremists of all sorts seeking to disrupt the status quo of societies. Security risk to critical infrastructure has dramatically escalated in recent years, the result of legacy systems embracing digital integration and providing attackers with new opportunities to compromise these high-value targets. Nation state conflict is catalyzing some activity, but perhaps greatest motivation for attacks on critical infrastructure is money. Critical infrastructure is an appealing target because of the significant ramifications of a successful attack—and the bigger the potential impact, the better the chances of big payout.

What is needed to protect Critical Infrastructure?

With an expanding threat surface and persistent adversaries, critical infrastructure security requires a coordinated approach that accounts for both cyber and physical security risk. Security threats faced by critical infrastructure today aren’t cyber or physical, they’re both—and, just as often, necessary countermeasures aren’t one or the other. Yet, this convergence isn’t always matched in how security is managed at the world’s critical infrastructure. Collaborations are necessary to meet mounting threats: between government agencies and private businesses, public and private security, and among different departments at operators of critical infrastructure. An effective collective defense approach requires recognition that security is truly a shared responsibility between many stakeholders: physical security, network security, operation and facility management, senior management, and others.