Browse Definitions :
Definition

critical infrastructure security

Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

Although the elements of critical infrastructure vary to some extent on the country in question, there are many commonalities among nations. In the United States, the Department of Homeland Security (DHS) has identified 16 sectors involving critical infrastructure, including energy, communications, transportation, financial services, food and agriculture.

With the ongoing trends to M2M networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite the importance of these systems, for those that aren’t involved in IT (information technology), security is often inadequate.

Industrial control systems (ICS) are ubiquitous in many areas of critical infrastructure, controlling everything from nuclear power plants and other utilities to HVAC installations, robotics and even prison cell doors. When many such systems were built -- even in environments that were somewhat automated -- computing resources and connectivity were limited. As such, cybersecurity was not considered a very serious concern.

However, such systems pose a number of security issues.  For one thing, the fact that they are considered critical means that it is difficult to take them down for updates. Their limited computing resources may make it impossible to run antimalware. Furthermore, over 80 percent of such systems are owned and controlled by the private sector, which complicates any government efforts toward their security.

According to security expert Bruce Schneier, the biggest threat to critical infrastructure security may not be targeted exploits such as equipment destruction attacks but random malware that could inadvertently take down essential systems:  “A random attack--a worm or some hacker who doesn't know what he's doing--might inadvertently set in motion a chain reaction that could cause serious damage. This kind of thing is far more likely, and worrisome, than a cyberterrorist.”

This was last updated in April 2016

Continue Reading About critical infrastructure security

SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
  • data breach

    A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an...

  • insider threat

    An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.

  • data compliance

    Data compliance is a process that identifies the applicable governance for data protection, security, storage and other ...

SearchCIO
  • data privacy (information privacy)

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • leadership skills

    Leadership skills are the strengths and abilities individuals demonstrate that help to oversee processes, guide initiatives and ...

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

SearchHRSoftware
SearchCustomerExperience
  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

Close