16 Critical Infrastructure Sectors and Their Importance in Industrial Control Security

Jul 23, 2024

16 Critical Infrastructure Sectors and Their Importance in Industrial Control Security

Introduction

  • Speaker: Mike Holcomb
  • Focus on 16 critical infrastructure sectors as defined by the U.S. government and CISA
  • Importance in Industrial Control (ICS) and Operational Technology (OT) security
  • Purpose: Understand repercussions of sector failures and interdependencies

Key Concepts

  • ICS: Industrial Control Systems
  • OT: Operational Technology
  • SCADA: Supervisory Control and Data Acquisition
  • CISA: Cybersecurity and Infrastructure Security Agency
  • Critical Infrastructure: Essential sectors for societal function, significant repercussions if disrupted

Critical Sectors Overview

  1. Chemical Sector

    • Categories: Basic, Specialty, Agricultural, Consumer chemicals
    • Example incident: 2017 Trident/Trisis attack in the Middle East
    • Importance: Safety Instrumented Systems (SIS) are crucial for safety
  2. Commercial Facilities

    • Public accessible locations: Stadiums, Malls, Amusement Parks
    • Focus: Physical security and Building Management Systems (BMS)
  3. Communications

    • Essential for internet, point-to-point communication, emergency services
    • Importance for sectors like emergency services, power distribution
  4. Critical Manufacturing

    • Focus: Manufacturing goods for other critical sectors
    • Importance: Continuous operations and maintenance of parts
  5. Dams

    • Uses: Power generation, irrigation, water management
    • Example: Recent dam failure in Ukraine and its repercussions
  6. Defense Industrial Base

    • Contractors supporting government missions
    • Focus: Physical and IT security, BMS in military contexts
  7. Emergency Services

    • Police, medical, and fire response
    • Dependence on reliable communication and dispatch systems
  8. Energy

    • Power generation and distribution
    • Importance of continuous operations, example: large power plants
  9. Financial Services

    • More traditional IT security focus
    • Example: NotPetya attack affecting financial services
  10. Food and Agriculture

  • Food production and distribution, dependency on other sectors
  • Example: Activist attack on irrigation systems in Jordan Valley, Israel
  1. Government Facilities
  • Federal, state, local, tribal buildings, National Labs, military installations
  • Focus: Physical, IT, and OT security, including BMS
  1. Healthcare

    • Hospitals and medical facilities, dependency on secure systems
    • Example: Medical procedures reliant on operational technology
  2. Information Technology

    • Data centers, cloud services, internet infrastructure
    • Traditional IT security focus
  3. Nuclear Reactors, Materials, and Waste

    • Secure operations and waste disposal
    • High focus on cyber, physical, and IT security
  4. Water and Wastewater Systems

    • Essential for clean drinking water, sanitation, irrigation
    • Often underserved in ICS/OT security despite high importance
  5. Transportation Systems

    • Ensuring safe transport of people and goods
    • Example: Safety systems in commuter railways

Conclusion

  • Importance of understanding critical infrastructure sectors in ICS/OT security
  • Impact analysis of sector disruptions, from hours to months
  • Goal: Protect these sectors to ensure societal functions and safety

Resources

  • Further reading available on the CISA website
  • Speaker contact: LinkedIn - Mike Holcomb