Skip to main content

Critical Infrastructure Security

October 30, 2017

The United States Department of Homeland Security identifies 16 critical infrastructure sectors whose assets, systems and networks—whether physical or virtual—are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, economic security, public health and safety, or any combination thereof. 

When attacking critical infrastructure, cyber criminals often find themselves in an environment slightly different than traditional information technology (IT) networks, particularly as it pertains to security. Traditional IT network security concerns itself with the three primary pillars: confidentiality, integrity and availability. Operational technology (OT) drives the industrial control systems allowing for product delivery in the energy, manufacturing, shipping and other transportation sectors. Because of consumer demands and low inter-operability between components and infrastructure not receptive to patches and updates, OT systems often favor availability over security. Thus, OT networks are especially vulnerable once penetration of the firewall is accomplished.

The attack surface of critical infrastructure cyber systems has morphed and continues its evolution. However, many of the same defenses apply, and integration of OT-specific security measures can further strengthen the protection of critical assets. The following should be considered when protecting OT assets in a critical infrastructure environment:

  • Threats and risks in a changing environment: Identify and protect your most vital assets through hardening of defenses. Threats to critical infrastructure continue to increase, and breaches may result in catastrophic risk to national security, economic vitality, public health and global safety.
  • Cyber security basics: Develop and execute a robust training and awareness program emphasizing strong password management, use of multi-factor authentication, and defenses against phishing and social engineering tactics.
  • Security posture of IT and OT systems: To the largest extent possible, immediately apply critical security patches in the IT environment. Segmentation of IT and OT environments is crucial, particularly when OT components are connected and not secured with updates and patches, either by schedule or design limitation.

Critical infrastructure in the US is 85 percent privately owned. However, because of national security and stability concerns, its protection and control must be addressed in a unified and collaborative partnership between public and private entities. Recognizing the need for a coordinated effort to protect these sectors, President Obama in February 2013 signed Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity,” and Presidential Policy Directive 21, “Critical Infrastructure Security and Resilience.” To further promulgate policy and promote public/private collaboration on security matters, President Trump on May 11, 2017 signed EO 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” To ensure the sustainment of our nation’s critical infrastructure, continued collaboration between public and private stakeholders is essential to identifying threats and mitigating risk.

Related Blogs

October 11, 2017

From the Boardroom to the Breakroom: Cybersecurity in the Workplace

Key steps to cybersecurity in the workplace include establishing and maintaining a “security culture” in which company networks and the data they hold...

See Details

October 23, 2017

Cybersecurity Careers

2017 has been a very busy year for cybersecurity professionals. It seems weekly, if not daily, news breaks of a new data breach or intrusion of critic...

See Details

October 16, 2017

Predictions for Tomorrow’s Internet

Currently, an estimated 6.4 billion Internet-of-Things (IoT) devices are connected, with 67 percent residing in North America, Western Europe and Chin...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

August 16, 2019

Security Operations: Reduce Risk Through Security Awareness Training

Learn how to leverage the latest thinking in cognitive science to improve cyber security training.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.