Protecting Critical Infrastructure from Cyber Threats

Criterion | Thought Leadership

Protecting Critical Infrastructure from Cyber Threats


By Bob Heckman, CISO

It’s the last week of October, and that means it is the fifth themed week of National Cybersecurity Awareness Month (NCSAM). The theme for this week is: “Protecting Critical Infrastructure from Cyber Threats”, which focuses on using cybersecurity to keep our critical infrastructure secure. These critical systems support our daily lives, including providing electricity, health care, financial services and institutions, transportation, etc. that are all dependent upon the Internet. Building resilience in critical infrastructure is crucial to our national security.

Happy Halloween and enjoy the “Trick or Treats”.

Considering the holiday and writing as our corporate CISO, I think critical infrastructure cybersecurity is a sensitive and scary area where a lot has been accomplished, but a lot remains to be done. We recommend a multi-faceted approach to protect critical infrastructure, consisting of increased cyber threat and situational awareness along with enhanced protection and preparation activities. The Department of Homeland Security (DHS), together with the critical infrastructure sectors, provides a range of resources, products, and services to assist with this approach.

DHS is the lead Federal agency for the protection of critical infrastructure from cyber threats and employs a risk-informed, all-hazards approach to safeguarding critical infrastructure in cyberspace. This approach emphasizes protections for privacy and civil liberties, transparent and accessible security processes, and domestic and international partnerships. DHS’ National Protection and Programs Directorate (NPPD) leads the effort to strengthen the security and resilience of the nation’s physical and cyber infrastructure by coordinating with sector-specific agencies, other federal agencies, and private sector partners to share information on — and analysis of — cyber threats and vulnerabilities and to more fully understand the interdependency of infrastructure systems nationwide. This is accomplished in accordance with the National Infrastructure Protection Plan (NIPP) that outlines how the Federal government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes. These private sector partners and sector specific agencies include the following:

  • Chemical Sector – Department of Homeland Security
  • Commercial Facilities Sector – Department of Homeland Security
  • Communications Sector – Department of Homeland Security
  • Critical Manufacturing Sector – Department of Homeland Security
  • Dams Sector – Department of Homeland Security
  • Defense Industrial Base Sector – Department of Defense
  • Emergency Services Sector – Department of Homeland Security
  • Energy Sector – Department of Energy
  • Financial Services Sector – Department of the Treasury
  • Food and Agriculture Sector – Department of Agriculture and Department of Health and Human Services
  • Government Facilities Sector – Department of Homeland Security and General Services Administration
  • Healthcare and Public Health Sector – Department of Health and Human Services
  • Information Technology Sector – Department of Homeland Security
  • Nuclear Reactors, Materials, and Waste Sector – Department of Homeland Security
  • Transportation Systems Sector – Department of Homeland Security and Department of Transportation
  • Water and Wastewater Systems Sector – Environmental Protection Agency

The Federal structure to prevent, protect against, mitigate, respond to, investigate, and recover from cyber incidents works with these sectors and consists of the following:

  • The National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center that shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.
  • The NCCIC’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors.
  • The National Infrastructure Coordinating Center (NICC), which is part of the DHS National Operations Center, is the dedicated 24/7 coordination and information sharing operations center that maintains situational awareness of the nation’s critical infrastructure for the federal government.

When an incident or event affecting critical infrastructure occurs and requires coordination between DHS and the owners and operators of our Nation’s critical infrastructure, the NICC serves as that information sharing hub to support the security and resilience of these vital assets.

Each of the critical infrastructure sectors face unique threats and must meet specialized regulatory requirements and guidance. Despite this, DHS and the other sectors can assist with increasing cyber threat and situational awareness of critical infrastructure owners via such initiatives as information sharing programs that provide enhanced cyber threat information on a timely basis. Another initiative is the Critical Infrastructure Cyber Community Voluntary Program (C³VP). This was established by DHS to encourage use of the Framework for Improving Critical Infrastructure Cybersecurity (also known as the “NIST CSF”). The C3VP is the coordination point within the Federal government for critical infrastructure owners and operators interested in improving their cyber risk management processes. It recommends that critical infrastructure owners should:

  • Develop detection, monitoring, warning, and response capabilities to recognize a cybersecurity event when it is actively happening
  • Conduct periodic cybersecurity threat, vulnerability, and risk assessments.
  • Assist critical infrastructure owners with implementing protection activities such as network segmentation, baseline configurations, hardening standards, configuration management, change control, patch management, anti-malware, etc.

By assisting critical infrastructure owner cybersecurity preparation activities, this program can help them better understand how their critical infrastructure is interdependent with other critical infrastructure; integrate both physical and cybersecurity concepts into daily business operations to foster an organizational culture of security; and improve the identification of potential threats with skilled physical and cybersecurity staff, armed with the knowledge to deter, detect, and delay an adversary’s tactics. Remember, November is Critical Infrastructure Security and Resilience Month (CISR)!