Skip to content

How CISA Helps Secure a Nation’s Crown Jewels “Improving Your Physical and Mental Health Through Exercise” “Boost Your Well-Being with Exercise”

What is Critical Infrastructure and Why is It Attacked?
Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned, making it a preferred target for cyber attacks due to its potential for significant disruption. Attacks on critical infrastructure range from financial gain, to data theft, to remote access and control, to service disruption and destruction. These attacks can be motivated by a variety of factors, such as nation-states testing their capabilities and defenses, financial gain, or hacktivism.

How Critical Infrastructure is Attacked
There are a few types of attacks used on critical infrastructure, such as DDOS, ransomware (through spear phishing), vulnerability exploitation, and supply chain attacks. Supply chain attacks are a key way to attack critical infrastructure, as they target the nation’s critical infrastructure suppliers.

How to Protect Critical Infrastructure
Layered security that is made up of too many products can be counter-productive. Organizations should focus on getting the “101” methods and practices in order, like network visibility and employee training, to build cyber resilience. CISA (Cybersecurity and Infrastructure Security Agency) is the US’s risk advisor, providing support and strategic assistance to the critical infrastructure sectors.

Key Points:
• Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety.
• Cyber attacks on critical infrastructure can have a variety of motivations, such as nation-states testing their capabilities and defenses, financial gain, or hacktivism.
• Types of attacks used on critical infrastructure include DDOS, ransomware (through spear phishing), vulnerability exploitation, and supply chain attacks.
• Organizations should focus on getting the “101” methods and practices in order, like network visibility and employee training, to build cyber resilience.
• CISA (Cybersecurity and Infrastructure Security Agency) is the US’s risk advisor, providing support and strategic assistance to the critical infrastructure sectors.

Leave a Reply

Your email address will not be published. Required fields are marked *

nv-author-image