Taken together, urbanization and digitization have led to the creation of systems that have made nations and individuals dependent on them for their daily activities.
This dependency is magnified whenever a major disruption occurs, as economies and lives are significantly impacted. The news is littered with examples of such events like war, climatic disasters, cyber-attacks, and human errors that have impaired the functioning of utilities, telecommunications, transportation and other systems that caused much stress to people’s way of life by threatening their stability and security.
Governments around the world have become cognizant of the need to properly manage and secure these systems that are vital for the wellbeing of their citizens. The term “critical infrastructure” is used to define these systems whose disruption, whether caused by nature or man-made, can affect the economic and social stability of a country.
Critical infrastructure is defined in the USA Patriot Act as systems and assets, whether physical or virtual, “so vital” to the United States that “their incapacity or destruction would have a debilitating impact on:
Critical infrastructure can be owned by the government, public agencies, or private entities — often, supported by a combination of stakeholders. Because of their significance, this infrastructure requires a substantive level of oversight to ensure operations run smoothly and securely.
(Related reading: IT infrastructure & infrastructure security.)
There are 16 critical infrastructure sectors mapped by CISA whose incapacitation or destruction would have a debilitating effect on one or a combination of security, national economic security, national public health or safety.
Let’s take a brief look at each of the 16 sectors.
This sector covers the end-to-end supply chain of:
The manufacturing and distribution facilities are designated as critical infrastructure because the impairment of these facilities can be hazardous to the public, and because it can affect manufacturing and other sectors that requires such chemicals and associate products in their operations.
This sector covers the diverse range of public and private venues that draw large crowds of people for shopping, business, entertainment, or lodging. These include stadia, malls, amusement parks, hotels and resorts among others.
Disruption of such facilities especially when major events are taking place can impact economic stability and the wellbeing of citizens.
This sector is composed of telecommunications (telco) systems including terrestrial, satellite, and wireless transmission systems. They are considered as enablers for all the other sectors since they facilitate transfer of data and information required for operational activities.
Disruption to communication systems has a major impact in the information age since most people are heavily dependent on smart phones and computing systems for their day-to-day activities.
(Learn how resilient digital systems can power stronger connections.)
This sector covers the manufacturing of primary metals, machinery, electrical equipment, and transportation equipment.
Because other sectors depend heavily on inputs from this sector, a supply chain disruption — even a minor one — can significantly impair essential parts of the national and global economy.
This sector covers the large man-made water bodies that are essential for the provision of:
A disruption in a dam can be extremely hazardous for the wellbeing of citizens who are located downstream, as well as those dependent on the supply of water and electricity.
The DIB sector covers the massive supply chain that provides goods and services for the military. The disruption of subcontractors can negatively affect efforts to keep the peace globally which is essential for other critical infrastructure sectors to operate.
The emergency services sector includes police, ambulance, fire departments, and other emergency response entities, whether public agencies or private entities, who:
This sector covers three interrelated segments:
They include power plants and electricity utilities including transmission and distribution systems. These are considered enablers, as a disruption to power supply will highly impact the other critical infrastructure sectors.
This sector involves public and private entities involved in large scale financial transactions such as banks, insurance, exchanges, and investment and credit service providers.
Because the economic stability of the world is so heavily linked, a disruption in the financial sector can quickly lead to major negative impact to individuals and nations alike.
(See how Splunk helps financial services build resilience.)
This sector includes farms and food processing facilities who produce the food and drink that supplies hotels, restaurants, institutions and homes. A disruption to the food sector can adversely affect individuals who need daily sustenance.
These facilities include buildings and associated systems that government agencies use for provision of services to citizens. Examples include offices, court rooms, prisons, embassies, and storage facilities.
Should these facilities be impaired, the government will struggle to effectively meet its mandate to its citizenry.
This sector protects individuals from the negative effects of natural disasters, accidents, and other hazards such as disease and war. They include hospitals and providers of health care products. Their disruption can be a major risk to the wellbeing of citizens and the stability of a territory.
A recent example, the Covid-19 pandemic reminds us how people across the world were impacted by an infectious disease.
Our dependence on technology in this information age cannot be understated. Every sector is heavily reliant on the transfer and processing of data, and computing systems are critical to day-to-day operations including work and leisure. This sector covers:
For example, the emergence of generative AI is seen as both a major benefit and risk for individuals and nation states.
This sector involves the use of nuclear capability for energy, medical use, and military. Because of its potent capability to destroy the world as we know it, the need to secure nuclear facilities is well understood.
The movement of people and goods across towns and territories is vital to economic and social wellbeing. This sector covers transportation facilities and systems in the air, land, and water, and includes highways, airports, pipelines, railways, and marine systems.
Disruption of this sector significantly affects the operations of almost all other sectors that depend on logistics for people and materials.
Clean water is essential to the wellbeing of individuals — and it’s a critical ingredient in manufacturing sectors. This sector covers the facilities that process water for drinking or industrial use, including provisioning clean drinking water and processing sewerage.
Because critical infrastructure underpins the very essence of human society, ensuring its security and resilience is paramount. Any country (including its citizens) are well aware that their safety and prosperity are inherently tied to the condition of its critical infrastructure.
This fact is also known by malicious actors, who would target these systems in a bid to disrupt government by effecting threats that target these systems. Some of the threats include physical attacks and cyberattacks.
In a world where tools such as drones and exploit kits are easily accessible via the dark web and people can be easily manipulated through social engineering — the world we live in today — risks to critical infrastructure are real and potent.
Governments have taken steps to enhance the resilience of their critical infrastructure by enacting legislation that deploys security resources and directs private entities to put in place the right mechanisms to prevent any disruption and minimize the impact should it occur. Examples of such legislation include:
In order to secure critical infrastructure assets, a formal risk management framework is necessary. By adopting standards such as ISO 31000, organizations can:
To deploy the right controls, organizations can also reference frameworks that provide guidance on implementing appropriate risk and security controls.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.