Scribd
Upload
251 views

Critical Infrastructure Security

CIS

Uploaded by

maribel.neroza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
251 views

Critical Infrastructure Security

CIS

Uploaded by

maribel.neroza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

What is critical infrastructure security?

• Is the scientific and established defense


methodologies deem to ensure that the critical
infrastructures of organizations in industries like
agriculture, energy, food, and transportation receive
protection against cyber threats, natural disasters,
and terrorist threats.
What are examples of critical infrastructure?
• Critical infrastructure includes the vast network of
highways, connecting bridges and tunnels, railways,
utilities and buildings necessary to maintain normalcy in
daily life. Transportation, commerce, clean water and
electricity all rely on these vital systems.

What is the goal of infrastructure security?


• The main goal of infrastructure security is to reduce the
level of risks the organization faces
What is the three 3 elements of critical infrastructure?
• Physical — tangible property.
• Cyber — electronic information and communications systems and
the information contained therein.
• Human — critical knowledge of functions or people uniquely
susceptible to attack.

What are the four critical infrastructures?


• Energy
• Communications
• Water
• Transportation
What are the potential threats to critical infrastructure?
• Foreign Entities and Nation-States. Foreign entities and nation-states
engage in cyber espionage and warfare, seeking to gain strategic, political,
or military advantages. ...
• Non-State Actors and Terrorists. ...
• Criminal Groups. ...
• Insiders.

Why is critical infrastructure security important?


• Critical infrastructure needs to be resilient to changing conditions, as
well as withstand and recover from disruption. This means strength
against physical and cyber threats, which require a comprehensive
cybersecurity defense program.
• Critical infrastructure security is essential to communities because any
damage to these infrastructures is detrimental to global economies and
the public
How to implement infrastructure security in your team?
• Establish security compliance standards
• Encrypt your business data. ...
• Regularly create backup files. ...
• Implement endpoint security. ...
• Enable role-based access. ...
• Conduct regular security audits. ...
• Develop robust firewalls and intrusion detection systems.
• Perform security awareness training
• Regularly monitor events
• Conduct periodic system testing
• Create an incident response plan
• Hire security experts to fortify infrastructure security
What are the components of critical infrastructure?
• Chemical Sector.
• Commercial Facilities Sector.
• Communications Sector.
• Critical Manufacturing Sector.
• Dams Sector.
• Defense Industrial Base Sector.
• Emergency Services Sector.
• Energy Sector.
What are the natural threats to critical infrastructure?
1. Natural Origin
• earthquakes
• tsunamis
• volcanic eruptions

2. Anthropic nature
• vandalism
• fires
• pollution
What are the examples of critical infrastructure failures?
• building collapses
• water main breaks
• gas pipe ruptures
• dam failures
• steam pipe explosions
• related types of events
What are the effects if the critical infrastructures are not
well maintain?
• disruption to households and businesses
• evacuations
• business closures
• economic loss and clean-up costs
• potential health hazards and environmental impacts
What are the challenges of infrastructure security?
• Operation Complexity.
Operational complexity is a result of internal and external factors impacting
company's ways to manage operations to produce products and services
• Limited Visibility.
The term 'restricted visibility' means any condition in which visibility is
restricted by fog, mist, falling snow, heavy rainstorms, sandstorms or any
other similar causes.
• Misconfigurations.
An incorrect or suboptimal configuration of an information system or system
component that may lead to vulnerabilities
• Multi-Cloud or Hybrid Cloud.
A hybrid cloud—sometimes called a cloud hybrid—is a computing environment
that combines an on-premises datacenter (also called a private cloud) with a
public cloud, allowing data and applications to be shared between them.
• Changing Workloads.
the amount of work or of working time expected or assigned; the amount of
work performed or capable of being performed (as by a mechanical device)
usually within a specific period.
• Shared Responsibility Confusion.
Collaboration between two or more persons or bodies performing the same kind
of activity in the creation of the content of an item. The contribution of each
may form a separate and instinct part of the item, or the contribution of each
may not be separable from that of the other(s).

• Insecure Access.
Improper access control is a vulnerability that occurs when a system does not
properly restrict or enforce access to resources.

• Vendor Lock-In.
Vendor lock-in is a situation in which a customer using a product or service
cannot easily transition to a competitor's product or service. This can be a
major problem, as it can limit the customer's choices and make it more difficult
to get the best possible value for its money.
incorrect or suboptimal configuration of an information system or system
component that may lead to vulnerabilities
Best practices for improving critical infrastructure security
To improve critical infrastructure security, consider leveraging the following best
practices:

1. Risk assessment:
Conducting a risk assessment is a crucial first step in securing critical infrastructure.
The process involves identifying and analyzing the threats and vulnerabilities based on
software and systems used in these critical infrastructure systems.

2. Threat intelligence
Gathering and analyzing threat intelligence is essential for identifying potential threats
to critical infrastructure systems. This process involves monitoring the threat landscape,
including cyber threats, physical threats, and natural threats.

3. Access control:
Implementing strong access control systems can help prevent unauthorized access to
critical infrastructure systems and allows access to only authorized staff. Access control
includes implementing strong authentication measures, such as multi-factor
authentication and limiting access to authorized personnel based on their jobs and
duties.
4. Cyber security measures:
Implement cyber security measures, such as firewalls, to secure the perimeter. Implement
strong intrusion prevention systems, and implement strong encryption protocols. This can
help protect critical infrastructure systems from cyber attacks.

5. Physical security measures:


Implementing strong and strict physical security measures, such as entry exit checks,
surveillance cameras, security guards, and access control systems, can help protect
critical infrastructure from physical attacks.

6. Incident response planning:


Developing and implementing an incident response plan is crucial for responding to
security incidents. Conducting a routine red team exercise to ensure that an incident
response plan is effective is a key to success against an attack.
THANK YOU

You might also like