As the year continues, we want to highlight the White House decreeing November being Critical Infrastructure Security and Resilience Month. That may seem like a lot of words to describe one month! To celebrate, though, we want to bring awareness of the importance of critical infrastructure, security, and resilience and how these three things work together to protect our society.
According to the Cybersecurity & Infrastructure Security Agency (CISA), critical infrastructure is any “assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”[1] There are 16 sectors total that makeup US infrastructure ranging from chemical, financial services, and transportation.[2] When all 16 sectors are working, it creates a safe society, to the point where we do not even think about the switch turning on light, the traffic lights working, or the refrigerator running to keep food from spoiling. All 16 are important, but the communications, energy, transportation, and water sector are at the top of the list to keep society running. If these do not work/are compromised, then the other sectors cannot do their jobs properly.
Security and resilience go hand in hand. Security is the “protection of a person, building, organization, or country against threats such as crime or attacks by foreign countries.”[3] Resilience is “the ability of a system or organization to respond to or recover readily from a crisis, disruptive process, etc.”[4] Essentially, security is step one in the making sure a thing is safe and, if a crisis happens, the resilience is step two, to make sure that the industry gets back to working / safe after a disruption.
The point of November is the awareness of how these three topics interact with each other. The connection between these three aspects is that critical infrastructure needs security and resilience. Security helps with damper attacks or even protects from attacks as well. As we keep advancing technology, so do threats. We need security to protect us. But sometimes disasters do happen. An unexpected natural disaster, or a calculated malware attack, could take down a system, which is why we need resilience. Security is a plan in place at the beginning of a system, and resilience is another plan to ensure the disruption does not last long. Those operations can continue as fast as possible. We cannot predict or plan for everything, and we cannot put our eggs into one basket. So between security and resilience, it provides a layered protection approach. Another cliché works well here – if you fail to plan, you plan to fail. With security and resilience plans in place, we ensure that the critical infrastructure is protected and will not fail when disaster strikes.
You may be asking yourself – what does this mean to me? This awareness is the start of making and asking for change and protection in our critical infrastructure. Even if you do not work in the cyber or infrastructure industry, you are affected by the infrastructure every day. The power in our house, clean and safe water for drinking, the traffic lights helping you get to work, is all connected. We all need to do our part and protect the critical infrastructure. Learning about it and building awareness is only the beginning.
If you would like to read more, here is the official decree from the white house: https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/31/a-proclamation-on-critical-infrastructure-security-and-resilience-month-2022/
- [1] https://www.cisa.gov/critical-infrastructure-sectors
- [2] https://www.cisa.gov/critical-infrastructure-sectors
- [3] https://dictionary.cambridge.org/us/dictionary/english/security
- [4] https://www.dictionary.com/browse/resilience