Critical infrastructures Discussion
Critical infrastructures are any systems or assets that are so vital to the country such that their incapacitation or destruction could have severe consequences on public health, safety, national security, or the economy. Examples of critical infrastructures include the energy sector, transport system, and water systems. In today’s world, more than 9 billion devices are connected to the internet (Lewis, 2019). According to Department of Homeland Security critical infrastructure is explained as “it provides the essential service underpin the American society and serves as the backbone of our national’s economy, security and health” (DHS, n.d.). According to National Geospatial Agency 18 sectors of critical infrastructures exists in The United States of America. Critical infrastructures include; agriculture and food; banking and finance; chemical; commercial facilities; communications; critical manufacturing; dams; defense industrial base; emergency services; energy; government facilities; health care and public health; information technology; national monuments and icons; nuclear reactors, materials, and waste; postal and shipping; transportation systems; and water (Ferro, et. al., 2010). All of these different types leaves the critical infrastructure open to cyber threats from attackers.
There are different types of attackers each with different motivations. First, there are individual hackers who mostly engage in hacking activities for the thrill. Although these hackers may not have ill intentions, their actions can still cause considerable damage to critical infrastructures (Kovacevic & Nikolic, 2015). Another type of attacker is the nation-state attackers who are people employed by governments of sovereign nations that condone cyber-attacks to carry out cyber warfare against other nations. There are also politically motivated activist groups such as anonymous who carry out attacks to try and get the government or other political leaders to submit to their demands. Finally, there are criminal organizations whose main objective is to profit from hacking activities. With the development of new innovations to address the cyber attacks and the hackers, law enforcement has improved in their investigative methods to combat cyber threats and security. Cybercrimes are now more than ever investigated and the perpetrators are prosecuted to the fullest extent of the law.
On February 12, 2013 President Obama signed the Executive Order (EO) 13636 for improving critical infrastructure cybersecurity. EO 13636 is the policy to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. Hence, the previous government administration supported promoting cybersecurity for critical infrastructures by directing government to be proactive and implement proper security measures to protect the critical infrastructures of the United States (NIST, 2016). On February 12, 2013 President Obama released Presidential Policy Directive (PPD-21), which directs government agencies to provide proactive and coordinated efforts to strengthen and maintain, secure, functioning, and resilient critical infrastructures including assets, networks and systems that are critical to public confidence and Nation’s safety, prosperity, and well being. Also, in the directive PPD-21, it identifies 16 critical infrastructures sectors and designates roles and responsibilities of Sector specific Agency (SSA). For example, the responsibility of Information technology is DHS, the responsibility of Water and Waste water system is Environmental Protection Agency, the responsibility of Government facility is DHS and General Service Administration (General Service Administration, 2013).
The first way to try and improve the infrastructure is to promote communication and a joint effort between the public and the private sectors through an employee exchange program. Each entity should know hat the other is doing and they can bring a fresh new perspective to the table. This would increase awareness on the part of state employees concerning the required tools to secure cyber systems (National Infrastructure Advisory Council, 2017). The second would be to to ensure that the people working in the sectors are properly trained on the issues and possible threats of cybersecurity. The employees will learn how to protect their personal information and the information of the companies they represent. That will be securing passwords, daily and monthly updates, mandatory training, and outside checks for flaws that are reported and corrected with a fresh set of eyes and ideas. The third would be to make sure that the networks are separated for the private and the public sector. No open networks that would allow hackers and cyber attacks to infiltrate the infrastructure. This will ensure that the private networks are operated on a private side and that they are isolated from the public with no way for the public to access. The most important step is to make sure that that you train the trainer. A separate group would be formed that would be dedicated to cybersecurity and the attacks that come with it. Their job would be to stay up to date on all updates and to make sure that the critical systems are always secure. These professional experts would stay in the forefront of all of the new technologies to ensure that all relevant knowledge is always available, and they can assess the problem before it damages the infrastructure and ensure that all involved are kept up to date and trained properly.