Cybersecurity Hero Banner

Cybersecurity of Critical Infrastructures

Improving cyber-resilience of critical systems

As we continue to develop our understanding of cybersecurity and its impact on Critical Infrastructure security, we must heed the advice and guidance of risk management experts in the field. At our recent safety and physical security networking conference, EMERGE '22 San Antonio, Cybersecurity State Coordinator Mr. Ernesto Ballesteros gave an informative presentation on critical infrastructure security, the cybersecurity of physical security, and the innovative tools used to protect our nation's critical infrastructure today. Mr. Ballesteros shared insights on the work of the Cybersecurity and Infrastructure Security Agency (CISA), Critical Infrastructure Sectors, no-cost cyber resources and assessments, and today's risk landscape. He also outlined actions that can be taken to improve cyber-resilience in the near term.


What is the work of the US Department of Homeland Security and CISA?

The Cybersecurity and Infrastructure Agency (CISA) is a United States federal government entity with the department of homeland security responsible for protecting our nation's critical infrastructure from cyber threats. Along with aiding the Department of Homeland Security with federal security and risk management, CISA works with various government agencies and public and private sectors to improve cyber resilience. The agency also provides valuable resources and guidance to businesses and individuals in an effort to help them improve their cybersecurity posture and better protect their assets and stakeholders. 


Protecting our nation's critical infrastructure sectors

CISA has identified the following industrial critical infrastructure sectors as vital to the functioning of the United States economy.

Since these 16 critical infrastructure sectors are most vulnerable to cyber-attacks, CISA has developed specific strategies to protect them against external threats.

  • Chemical
  • Commercial Facilities
  • Communications
  • Critical Manufacturing
  • Dams
  • Defense Industrial Base
  • Emergency Services
  • Energy
  • Financial Services
  • Food and Agriculture
  • Government Facilities
  • Healthcare and National Public Health
  • Information Technology
  • Nuclear Reactors, materials, and Waste Sector
  • Transportation Systems
  • Water and Wastewater Systems

Today's risk landscape

The risk of cyber attacks in both the public and private sectors is constantly evolving, requiring protection and attention at all times. For example, the Russian invasion of Ukraine could have a debilitating impact on organizations within and beyond the region, including malicious cyber activity against the US homeland. Therefore, cybersecurity should be a top priority for all large and small organizations, whether you are a government entity or privately owned business. CISA is standing ready to help organizations prepare for, respond, and mitigate the impact of cyberattacks on our nation and its stakeholders. In addition, when cyber incidents are reported quickly, CISA can use this information to render assistance and warn other organizations and entities from falling victim to a similar attack.


Core Principles of Information Security in Our Nation's Critical Infrastructure Sectors

The department of homeland security, through its Cybersecurity and Infrastructure Security Agency (CISA), had identified fundamental principles of information security that critical infrastructure organizations and the private sector should follow to ensure protection themselves from cyber-attacks. These principles include:

  1. Confidentiality: Prevent unauthorized access and use of information resources
  2. Integrity: Prevent unauthorized change and ensure the reliability of information resources
  3. Availability: Ensure timely availability of information resources

Threat actors:

  • Hacktivists: Conduct attacks in furtherance of political interests
  • Criminals: Conduct attacks in furtherance of financial interests
  • Insiders: Conduct attacks in furtherance of personal interests
  • State Actors: Destruction, disruption, and espionage furtherance of national interests and assets
Cybersecurity 12

Most common types of cyber-attacks:

1. Assets as targets

2. Service Disruption

3. Attacks on Users

4. Ransomware

Heightened cybersecurity posture

Cybersecurity and physical security is critical for all organizations, regardless of size. Therefore, CISA recommends all organizations take steps to protect their critical infrastructure and critical systems, including reducing the likelihood of a damaging cyber intrusion, quickly detecting a potential intrusion, being prepared to respond if an intrusion occurs, and maximizing the organization's resilience against a catastrophic cyber incident.


Minimizing your attack surface

You can minimize your attack surface by implementing multi-factor authentication for all accounts, enforcing strong password policies, and stopping bad practices such as using end-of-life software, default accounts, and single-factor authentication.

It is also essential to keep your software up-to-date. Cybercriminals are constantly finding new ways to exploit vulnerabilities, so it is crucial to patch known vulnerabilities as soon as possible. In addition, CISA recommends organizations prioritize known exploitable vulnerabilities identified by CISA and system hardening to remove unnecessary accounts, ports, services, and software on machines.


Cybersecurity and CISA best practices

Adopt CISA Cybersecurity Best Practices. CISA has released guidance for securing cloud services. Cloud service providers offer a wide range of services and often hold large amounts of sensitive data.

Perform regular internal vulnerability scans, run antivirus software throughout your network, enable strong spam filters to prevent phishing emails from reaching end users, and train end users to identify, respond to, and report phishing attacks.


Monitor and protect your network

Monitoring network traffic can help identify malicious activity and threats and reduce the time it takes to detect and respond to Cybersecurity incidents. Therefore, CISA recommends that organizations review their logs regularly, establish baselines of day-to-day operations, and develop procedures for responding to unusual or unexpected behavior.


Incident response: exercise your plan

CISA recommends that organizations regularly test their incident response plans through tabletop exercises. Cyber incidents can escalate quickly and have far-reaching consequences. A well-crafted incident response plan can help an organization minimize the damage caused by a Cybersecurity incident and resume operations more quickly.


Operational resilience: backup and redundancy

Backups are a critical part of operational resilience and cyber safety. CISA recommends that organizations test their backup procedures regularly to ensure that data can be rapidly restored in case of ransomware or destructive cyberattack. In addition, backups should be stored offline and isolated from network connections to prevent them from being encrypted or deleted by attackers.

CISA also recommends that organizations that use industrial control systems or operational technology conduct tests of manual controls to ensure that critical functions remain operable if the organization's network is unavailable or untrusted.


No-cost cyber resources and assessments

The Cybersecurity and Infrastructure Security Agency (CISA) offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other critical elements of a robust and resilient cyber framework. These professional, no-cost assessments are provided upon request voluntarily and can help any organization manage risk and strengthening.


No-cost regional cybersecurity resources

  • Cyber Resilience Review (CRR) Assessment
  • External Dependencies Management (EDM) Assessment
  • Cyber Infrastructure Survey (CIS) Assessment
  • Ransomware Readiness Assessment (REA)
  • Workshops (Incident Management, Cyber-resilience, Vulnerability Management)

No-cost national cybersecurity resources:

  • Phishing Campaign Assessment (PCA)
  • Cyber Tabletop Exercises (CTTX)
  • Vulnerability Scanning Service (CyHy)
  • Web Application Scanning (WAS)
  • Validated Architecture Design Review (VADR)
  • Remote Penetration Test (RPT)
  • Risk & Vulnerability Assessment (RVA)

Looking ahead

By following CISA's tips and recommendations , organizations can better protect themselves against cyberattacks and ensure that their critical functions and critical infrastructure remain operable in case of an incident.