In the words of the Department of Homeland Security (DHS), “critical infrastructure includes the vast network of highways, connecting bridges and tunnels, railways, utilities and buildings necessary to maintain normalcy in daily life.” The Cybersecurity and Infrastructure Security Agency (CISA) notes that there are 16 different sectors within the CNI umbrella in the United States. These include energy, communications, healthcare, finance, chemical, critical manufacturing, commercial facilities, dams, defense industrial base, emergency services, food and agriculture, government facilities, nuclear reactors and waste, information technology, transportation, and water.
CISA defines these 16 sectors as “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Therefore, a breach in the security of CNI sectors could mean nationwide consequences. Consider the inability to access clean water, use electricity or manufacture chemicals used in lifesaving medicines. As attackers find new ways to infiltrate critical infrastructure, be it through SCADA vulnerabilities, supply-chain infiltration, or sophisticated malware attacks, it becomes ever more imperative to modernize the nation’s defenses.
To that end, the White House released a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems last year that outlined the collaboration between the federal government and the critical infrastructure community in achieving a cyber-secure CNI. Sectors are encouraged to deploy technologies that provide threat visibility, detection, and response, with the goal to “greatly expand deployment of these technologies across priority critical infrastructure.”
Critical infrastructure is at the tip of the spear for nation-state cybersecurity attacks, and yet the current cybersecurity posture remains “woefully insufficient given the evolving threat we face today,” according to a senior administration official at the White House. Said he, “We really kicked the can down the road for a long time.” In the midst of so many evolving threats, bolstering the cybersecurity of the nation’s critical national infrastructure is not only overdue, but key to maintaining a stable national defense system, economy, and society.