CLOSEX

Critical Infrastructure Protection

Download the eBook

What is Critical Infrastructure?

Critical infrastructure is a term used to describe assets that are essential for the functioning of a society and economy.

What is Critical Infrastructure Protection?

Critical Infrastructure Protection (CIP) is a concept that relates to the preparedness and ability to respond to serious incidents that involve the critical infrastructure of a region or nation. It recognizes certain parts of a countries infrastructure as critical to national and economic security, and the steps required to protect it.

The U.S. Presidential Directive PDD-63 of May 1998 set up a national program of "Critical Infrastructure Protection". In Europe, there is a similar directive called the European Programme for Critical Infrastructure Protection (EPCIP).

This was updated on December 17, 2003, by President Bush through Homeland Security Presidential Directive HSPD-7 for Critical Infrastructure Identification, Prioritization, and Protection. The directive describes the U.S. as having some critical infrastructure that is so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety.

Critical Infrastructure Protection Sectors

There are 16 sectors defined by the U.S. Department of Homeland Security as critical infrastructure:

    Chemicals
    Commercial Facilities
    Communications
    Critical Manufacturing
    Dams
    Defense
    Emergency Services
    Energy
    Financial Services
    Food and Agriculture
    Government Facilities
    Healthcare and Public Health
    Information Technology
    Nuclear Reactors, Materials, and Waste
    Transportation Systems
    Water and Wastewater Systems

    Critical Infrastructure Protection Requirements

    With the proliferation of zero-day attacks and the rapid expansion of the attack surface, cybersecurity professionals are extraordinarily busy. To help prioritize workload and mitigate backlogs, both current and prospective workers must be efficient in the responsibilities and technical proficiencies most applicable to critical infrastructure environments.

    Such responsibilities include, but are not limited to:

    Creating and maintaining secure data exchange processes between segregated networks

    Ensuring proper device posture checks to determine which devices can access which organization assets and segregated networks

    Disarming content that has potential for carrying malware from application files or emails

    Critical Infrastructure Protection Skills

    A major critical infrastructure protection (CIP) vulnerability is the cybersecurity skills gap – an unprecedented predicament at a time when there are up to 3.5 million open cybersecurity jobs worldwide. Why is the lack of people such a vulnerability? Within all 16 critical infrastructure sectors, the confidentiality, integrity and availability of networks, systems and equipment are of the utmost importance. Unexpected downtime is not only unacceptable, but it can be dangerous, destructive and costly. The same can be said for unauthorized access, as it can be very difficult to find an adversary’s footprint and root them out once they have bypassed security controls and entered into a system or network.

    ICS environments can also serve as a gateway into enterprise and government IT networks, which frequently maintain incredibly sensitive IP, company and customer data, as well as classified national security information. Simply put, it is because of such high stakes that critical infrastructure organizations need an abundance of qualified, highly skilled cybersecurity pros 24/7/365 to help identify, mitigate and remediate threats of all types.

    Within critical infrastructure specifically, there is no universally accepted number of current or projected job openings; however, an aging OT workforce of non-digital natives combined with the increase in threat frequency and sophistication suggests that there is no shortage of opportunities. In fact, a very basic search of Indeed and LinkedIn provides thousands of open positions.

    The OPSWAT Academy provides a modern-day cybersecurity training program to help address the CIP cybersecurity skills shortage through courses that promote the best practices and practical approaches successfully implemented in the most secure critical infrastructure environments.

    Critical Infrastructure Protection Technologies

    The following 12 technologies are necessary to ensure an organization can address all aspects of Critical Infrastructure protection.

    Deep CDR

    Content disarm and reconstruction (CDR) breaks a file into its smallest components and removes any and every potential threat. The technology scrubs away hidden files or messages maliciously embedded within any file type, leaving the final disarmed file to look and behave exactly as the file should.

    Proactive DLP

    Data Loss Prevention (DLP) technology is used to detect and block financial or personally identifiable information (PII). Rather than blocking files and leaving teams high-and-dry, Proactive DLP technology suppresses sensitive information with automatic document redaction, metadata removal, or watermark addition.

    Multiscanning

    Multiscanning technology provides advanced threat detection and prevention. Multi-scanning exponentially increases malware detection rates, decreases outbreak detection times, and provides resiliency to anti-malware vendor issues by deploying up to 30 antimalware engines.

    File-based Vulnerability

    This technology detects application and file-based vulnerabilities before they are installed. It allows organizations to correlate vulnerabilities to software components, product installers, firmware packages, and many other types of binary files which are commonly collected from a vast community of users.

    Threat Intelligence

    Effectively and intelligently analyzing patterns of malicious content is paramount to preventing outbreaks or stopping them in critical infrastructure environments. Threat intelligence technology analyzes data from thousands of devices, analyzing data points for binary reputation, vulnerable applications, malware analysis reports, Portable Executable or PE info, static and dynamic analysis, IP/URL reputation and, most importantly, the correlations between them.

    Sandbox

    Due to the criticality of maintaining operational efficiency in critical infrastructure environments, sandboxes are often used to run third-party software and untested code as a means to reduce risk. This allows CIP cyber pros to test content without giving it access to mission critical networks and servers

    Endpoint Compliance

    Enables organizations to detect, assess and remediate device applications that do not comply with a set of security and operational policies created and enforced. It helps to minimize the spread of a malware infection and decrease the probability of data loss in the organization.

    Endpoint Vulnerability Assessment

    Strengthens the security of endpoints by confirming all applications are running on their most updated versions. Once vulnerabilities are identified, automatic patching can remediate them as soon as possible. This can also be done manually by retrieving the available remediations and choosing the update which best suits the organizations’ needs.

    Endpoint Malware Detection

    Examines the running processes and their loaded libraries in order to provide a quick assessment of the endpoint and to determine if any suspicious processes are currently running. This is especially important for remote facilities with many third-party visitors.

    Endpoint Application Removal

    Allows for the removal of security applications like AV and firewalls as well as the removal of potentially unwanted applications (PUA). It allows systems admins to prevent users from accessing some popular and legitimate applications that are not compliant with the work environment.

    Data Protection

    Incorporating removable media protection, anti-keylogger and anti-screen capture technologies, data protection technology helps organizations prevent data loss and file-based attacks on endpoints. It does so by blocking users’ access to removable media, such as USBs or smart phones, or allowing access to only whitelisted processes.

    BEC Attack Detection and Prevention

    Increase threat detection rates up to 99%, and prevent BEC attacks by deploying an advanced email gateway security layer with zero-day prevention technology. Deploy spam filtering and anti-phishing to protect against malware outbreaks.

    Learn how OPSWAT can help your protect your critical infrastructure.