the DHS Critical Infrastructure 16 Sectors

Today's society is replacing hundreds of thousands of analog control systems with digital ones in the Critical Infrastructure sector. The digital systems give managers remote control and visibility over a number of operational factors, such as the production and transmission of energy, the control of nuclear reactor temperature, the flow and pressure in refineries, and the recording of financial data. Both industrial and non-industrial processes have become more effective as a result of all these digitalizations. However, the managers' use of digital connectivity to oversee data and operations across several industries has made these areas hotspots for cybercriminals. Cyber criminals use existing vulnerabilities to steal critical information, disrupt processes, and cause massive damages to the equipment. Hackers, mainly from China, Middle East Countries, and Russia have undermined the America critical infrastructure several times recently (Traynor, 2007). While control breaches are common, industrial control systems have become avenues of targeted attacked by these skilled adversaries. Some of the most and least vulnerable sectors are discussed below.

Most vulnerable critical infrastructure sectors

The Healthcare and Public Health Sector

In America Healthcare and Public health sector is the most important sector today. The sector itself is large running from healthcare facilities to drug manufacturers and insurance companies. Healthcare sector possesses wealth of information beneficial to hospitals, insurance companies, government, and patients. The ability of healthcare professionals to access this information with ease makes it easy for health professionals to offer immediate assistance to patients and others in between. However, this information or data is what criminals need. Criminals use existing vulnerabilities to steal the same data and use them to commit fraud, data ransoming, financial crimes, corporate espionage, and even commit intentional disruption on the health care system to slow service delivery. These types of cyber-attacks, whenever they occur, cause several impacts such as slow service delivery, loss of finances by insurance companies, and exposure of highly private and confidential information. Healthcare sector is currently improving its cyber security risk management and preparedness processes to manage such occurrences at its early stages (Espiner, 2008).

Financial service sector

The Financial Services Sector is a vital component of our nation's critical infrastructure but remains one of the most breached sectors. It has information that if breached accounts to massive loss not only to the financial sector but other intertwined sectors. The financial sector is largely dependent on other sectors such as the healthcare, energy, and transport and in the event of data breach risks affects all those in the equation. An attack on financial service sector leads to massive financial crimes, loss of private information, and intentional disruptions. To minimize or avoid financial service sabotage by criminals the sector continually advises members to update their security protocol and systems to stay ahead of potential threats. Staff and customers are advised not to open suspicious emails as it exposes them to ransomware and other malicious software (Herzog, 2011).

Critical manufacturing sector

The critical manufacturing sector is currently among the most attacked sectors. The recent Industrial Control System modules of the HAVEX Trojan are an example of a cyber attack on the manufacturing sector. This type of attack uses malware to attack critical sectors and infringes itself on software's updates normally distributed by control system manufacturers. When this malware gets to the desired network, it collects information from the control devices and transfers it to cyber criminals. This type of attack in the critical manufacturing sector has resulted in the massive theft of intellectual property and attack on various organizations' production control systems. To prevent this and other threats the sector emphasizes on latest security systems and protocols and proper encryption of data to prevent access by third parties (Kushner, 2013).

Least Vulnerable Critical Infrastructure Sectors

Dam Sectors

The Dam sector comprises navigation locks, dam projects, hurricane barriers, levees, and other water retention and control facilities. The projects mentioned herein does not bring massive benefits to attackers were they to attack the sector. In essence, the information is less beneficial as compared to committing a cyber-attack on financial sectors where one gets to access financial records and other private information.

Water and Wastewater Systems Sector

Water and Wastewater system sector is least attacked by criminals because it does not have massive benefits as compared to other sectors such as financial sectors. Information and intellectual property that defines the system is less desirable for attackers and thus less beneficial. However, so attackers sabotage this sector mainly to slow down processes such as water supply and distribution to households.

Chemical sector

Chemical facilities are full of dangerous substances, but little moves have been made by criminals to disrupt this particular sector. This fewer attacks on the sector are because attackers have little to benefit from this sector. However, computers run chemical factories, and attackers might use existing loopholes to slow processes or steal intellectual.

Conclusion

In conclusion, risk management in all these sectors in essential irrespective of how likely or unlikely it can be attacked. In some sectors no matter how effective risk management is the risk can never be eliminated and constant update of cyber security and cyber insurance becomes necessary.

References

Armed Forces Communications and Electronics Association (AFCEA) (2008). The Russo-Georgian War 2008: The role of the cyber attacks in the conflict. Retrieved from http://www.afcea.org/committees/cyber/documents/TheRusso-GeorgianWar2008.pdf

Denial-of-Service: The Estonian cyber war and its implications for U.S. National Security. International Affairs Review. (2016). Iar-gwu.org. Retrieved from http://www.iar-gwu.org/node/65.

Espiner, T. (2008). Georgia accuses Russia of coordinated cyber attack (2008). Retrieved from http://www.cnet.com/news/georgia-accuses-russia-of-coordinated-cyberattack/

Herzog, S. (2011). Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses. Journal of Strategic Security, 4(2), 49-60. Retrieved from http://scholarcommons.usf.edu/jss/vol4/iss2/4/?utm_source=scholarcommons.usf.edu%2Fjss%2Fvol4%2Fiss2%2F4&utm_medium=PDF&utm_campaign=PDFCoverPages

Kushner, D. (2013). The real story of Stuxnet. Retrieved from http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet

Traynor, I. (2007). Russia accused of unleashing cyberwar to disable Estonia. The Guardian. Retrieved from http://www.theguardian.com/world/2007/may/17/topstories3.russia