Barracuda full logo

Defending critical infrastructure from cyberattacks and other threats

Temas:
18 dic 2024
|
Christine Barry

There are 16 critical infrastructure sectors which the United States Department of Homeland Security (DHS) has defined as "those physical and cyber-based systems essential to the minimum operations of the economy and government." Each of these 16 sectors is vital to the nation’s health, safety, and security. DHS oversees critical infrastructure with input and support from other entities, such as state and local governments, private industry partners, and sector specific agencies (SSAs) like the Environmental Protection Agency (EPA).

Four foundational sectors

Critical infrastructure is full of dependencies, synergies, and overlapping interests that keep the sectors entwined with each other. This is especially true for energy, communications, water, and transportation. The Cybersecurity & Infrastructure Security Agency (CISA) considers these four sectors as critical to the operations of each other and all other systems. A failure or an attack in one sector can affect many others simultaneously. For example, the 2021 Colonial Pipeline ransomware attack led to a regional fuel disruption that strained the transportation sector and highlighted vulnerabilities in multiple supply chains.

Here’s a closer look at these four sectors and their relationships with others:

 

Sector

Dependencies

Synergies

Energy

Communications for grid monitoring and control systems, water for cooling in power plants, and transportation for fuel logistics.

Powers operations for communications, water, and transportation sectors, enabling their continuous operation.

Communications

Energy for electricity to run telecommunications equipment, and transportation for infrastructure maintenance.

Enables coordination across all sectors through information exchange and connectivity.

Water and Wastewater

Energy for pumping and treatment facilities, chemicals for purification, and communications for monitoring systems.

Provides clean water necessary for energy (cooling systems) and transportation (infrastructure maintenance).

Transportation Systems

Energy for fueling vehicles, communications for navigation and logistics, and water for cooling systems in infrastructure.

Facilitates delivery of fuel, equipment, and resources critical to energy, communications, and water.

There are similar relationships among the components within each sector. The following graphic is a basic illustration of this concept at work in Water and Wastewater Systems Sector:

 

Water Sector Components, via CISA

Water Sector Components, via CISA

These components are also referred to as subsystems or assets. The key point is that each sector's foundation is a network of systems within other systems. Each of these systems contributes to the contributes to the security, economy, and public health in the United States (U.S.).

The remaining 12 critical infrastructure sectors are listed below:  

  • Chemical
  • Commercial Facilities
  • Critical Manufacturing
  • Dams
  • Defense Industrial Base
  • Emergency Services
  • Financial Services
  • Food and Agriculture
  • Government Facilities
  • Healthcare and Public Health
  • Information Technology
  • Nuclear Reactors, Materials, and Waste

The U.S. also has several infrastructure sectors that are not designated as critical. Media and entertainment, hospitality and tourism, and real estate and construction are some examples of sectors that are important to the country, but not vital to public health and national security.

The Biden administration issued the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) in April 2024. This document mandates the development of a National Infrastructure Risk Management Plan that emphasizes shared responsibility and a risk-based approach to security.

CISA announced it would “employ all available federal tools, resources, and authorities to manage and reduce national-level risks, including those cascading across critical infrastructure sectors" as it developed this new risk management plan. CISA further acknowledged that the 2025 National Plan will account for the evolution of threats, vulnerabilities, and consequences beyond the realm of cyberattacks. Terrorism, natural disasters, and other risks will be evaluated and addressed.

These resources have more information on how the U.S. is defending critical infrastructure:

We’ll be taking a closer look at infrastructure defense over the next few months. Our upcoming post will explore the cyberthreats to water and wastewater management systems. 

 

 

Christine Barry

Christine Barry Senior Chief Cybersecurity Storyteller and Content Manager at Barracuda.  Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years.  She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Connect with Christine on LinkedIn here.

 

Join our Reddit community!

Publicaciones relacionadas:
CVE controversy creates opportunity to improve
CVE controversy creates opportunity to improve
 CVE program's funding crisis: Implications and strategic response
CVE program's funding crisis: Implications and strategic response
 La responsabilidad de la seguridad de la infraestructura crítica cambia
La responsabilidad de la seguridad de la infraestructura crítica cambia
 Infrastructure Defense: Communications systems
Infrastructure Defense: Communications systems
Search the blog

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.