16 Critical Infrastructure Sectors and Their Importance in Industrial Control Security

Introduction

Speaker: Mike Holcomb
Focus on 16 critical infrastructure sectors as defined by the U.S. government and CISA
Importance in Industrial Control (ICS) and Operational Technology (OT) security
Purpose: Understand repercussions of sector failures and interdependencies

ICS: Industrial Control Systems
OT: Operational Technology
SCADA: Supervisory Control and Data Acquisition
CISA: Cybersecurity and Infrastructure Security Agency
Critical Infrastructure: Essential sectors for societal function, significant repercussions if disrupted

Chemical Sector
- Categories: Basic, Specialty, Agricultural, Consumer chemicals
- Example incident: 2017 Trident/Trisis attack in the Middle East
- Importance: Safety Instrumented Systems (SIS) are crucial for safety
Commercial Facilities
- Public accessible locations: Stadiums, Malls, Amusement Parks
- Focus: Physical security and Building Management Systems (BMS)
Communications
- Essential for internet, point-to-point communication, emergency services
- Importance for sectors like emergency services, power distribution
Critical Manufacturing
- Focus: Manufacturing goods for other critical sectors
- Importance: Continuous operations and maintenance of parts
Dams
- Uses: Power generation, irrigation, water management
- Example: Recent dam failure in Ukraine and its repercussions
Defense Industrial Base
- Contractors supporting government missions
- Focus: Physical and IT security, BMS in military contexts
Emergency Services
- Police, medical, and fire response
- Dependence on reliable communication and dispatch systems
Energy
- Power generation and distribution
- Importance of continuous operations, example: large power plants
Financial Services
- More traditional IT security focus
- Example: NotPetya attack affecting financial services
Food and Agriculture

Healthcare
- Hospitals and medical facilities, dependency on secure systems
- Example: Medical procedures reliant on operational technology
Information Technology
- Data centers, cloud services, internet infrastructure
- Traditional IT security focus
Nuclear Reactors, Materials, and Waste
- Secure operations and waste disposal
- High focus on cyber, physical, and IT security
Water and Wastewater Systems
- Essential for clean drinking water, sanitation, irrigation
- Often underserved in ICS/OT security despite high importance
Transportation Systems
- Ensuring safe transport of people and goods
- Example: Safety systems in commuter railways