Browse Definitions :
Definition

critical infrastructure security

Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

Although the elements of critical infrastructure vary to some extent on the country in question, there are many commonalities among nations. In the United States, the Department of Homeland Security (DHS) has identified 16 sectors involving critical infrastructure, including energy, communications, transportation, financial services, food and agriculture.

With the ongoing trends to M2M networking and the Internet of Things (IoT), devices in industrial environments are increasingly connected to the internet and capable of exchanging data. Despite the importance of these systems, for those that aren’t involved in IT (information technology), security is often inadequate.

Industrial control systems (ICS) are ubiquitous in many areas of critical infrastructure, controlling everything from nuclear power plants and other utilities to HVAC installations, robotics and even prison cell doors. When many such systems were built -- even in environments that were somewhat automated -- computing resources and connectivity were limited. As such, cybersecurity was not considered a very serious concern.

However, such systems pose a number of security issues.  For one thing, the fact that they are considered critical means that it is difficult to take them down for updates. Their limited computing resources may make it impossible to run antimalware. Furthermore, over 80 percent of such systems are owned and controlled by the private sector, which complicates any government efforts toward their security.

According to security expert Bruce Schneier, the biggest threat to critical infrastructure security may not be targeted exploits such as equipment destruction attacks but random malware that could inadvertently take down essential systems:  “A random attack--a worm or some hacker who doesn't know what he's doing--might inadvertently set in motion a chain reaction that could cause serious damage. This kind of thing is far more likely, and worrisome, than a cyberterrorist.”

This was last updated in April 2016

Continue Reading About critical infrastructure security

Networking
  • telematics

    Telematics is a term that combines the words telecommunications and informatics to describe the use of communications and IT to ...

  • packet filtering

    Packet filtering is the process of passing or blocking data packets at a network interface by a firewall based on source and ...

  • WAN (wide area network)

    A wide area network (WAN) is a geographically distributed private telecommunications network that interconnects multiple local ...

Security
  • FIDO (Fast Identity Online)

    FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by ...

CIO
  • leadership

    Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, ...

  • transaction

    In computing, a transaction is a set of related tasks treated as a single action.

  • lean management

    Lean management is an approach to managing an organization that supports the concept of continuous improvement, a long-term ...

HRSoftware
  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • customer data platform (CDP)

    A customer data platform (CDP) is a type of software application that provides a unified platform of customer information that ...

  • moment of truth (marketing MOT)

    A moment of truth (MOT) is marketing lingo for any opportunity a customer (or potential customer) has to form an impression about...

  • customer engagement

    Customer engagement is the way a company creates a relationship with its customer base to foster brand loyalty and awareness.

Close