The term “critical infrastructure” is commonly thought to refer exclusively to the energy sector—companies that produce and transport oil, gas, coal, and other consumable fuels. But in today’s increasingly interdependent world, critical infrastructure spans a vast network of systems and services that are essential to maintain normalcy in daily life.
In fact, the Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience outlines 16 key industries that fall under the umbrella of critical infrastructure. These sectors are considered so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, and national public health or safety.
The 16 sectors identified in the Presidential Directive include:
Understanding what sector your company falls into is key to understanding what regulatory or compliance requirements are needed to comply with the directive. This guidance also helps streamline the process of applying cybersecurity controls within your industrial environment and improving overall security—both within your organization and across the nation.
Depending on your sector, you will need to adhere to either:
Every day, more critical infrastructure attacks occur and more ICS-specific forms of malware are being developed and deployed. In fact, two new forms of malware—PIPEDREAM and INDUSTROYER2—are actively exploiting systems.
PIPEDREAM, developed by CHERNOVITE Activity Group (AG), is a modular ICS attack framework that an adversary could use to cause disruption, degradation, and possibly even destruction depending on targets and the environment.
INDUSTROYER2 contains more targeted functionality than the original INDUSTROYER, a framework that used external modules to implement four different OT protocols. The latest version is self-contained and only implements the IEC 60870-5-104 (IEC-104) communications protocol to enable system monitoring and control over TCP.
Any loss of production due to a cyber attack will affect your company’s bottom line—and reputation. The best way to protect your organization is to create a well-planned mitigation strategy guided by ICS-specific regulations.
To start, you must first know what risks and vulnerabilities exist within your environment. Identifying all areas of risk within your organization—from the top of the management structure all the way to the end of the manufacturing line—allows you to identify key weaknesses, prioritize mitigation strategies, and address outstanding risks with a formal treatment plan.
Connect with our team to learn how we can help you identify risks and ensure compliance with ICS-specific regulations.
Enterprise security teams are adapting to meet evolving business needs. With six global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Cyderes is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.