2. Most of the critical infrastructures systems and applications depend on the
existence of the internet. The communication between different governmental
organizations run using the Cyber-network and either wired or wireless
connections. With the increased dependency on the internet systems and
communications, the need for higher and stronger security systems has
emerged. The more we rely on the internet, the more we need for their
security systems to be able to defend us against all types of threats.
Threats to Critical Infrastructure
3. Threat definition
Threats is the action that may cause harm on different levels of the
organization or may lead to a country-wide catastrophic event. It could
also be responsible for the loss of life, loss of welfare, and loss of main
services that the critical infrastructures rely on. Threats cause damage
in life, money, reputations, and the sense of security. It has shown
recently that threats in some cases had been turned to weapons.
5. Physical Threat
A physical threat is a potential cause of an incident that may result in
loss or physical damage to the computer systems. The threats
include fire, unstable power supply, and humidity in the rooms
housing the hardware.
6. Human Threat
Human threat that targets other humans, hackers, cyber criminals, people
who attempt terrorism.
7. Cyber threats
Cyber threats that target the software and are initiated from distant places it could cover:
Virus , Spyware
Trojans , Worms
Key loggers , Adware
Denial of Service Attacks
Distributed Denial of Service Attacks
Unauthorized access to computer resources such as data
Phishing
Other Computer Security Risks
8. Critical Infrastructure Definition
Critical infrastructure refers to main essential and effective environmental
government technologies, systems, processes, facilities, networks, assets and
services. It cover all the countries essential services from security, safety, health or
economic among other vital departments.
It is an asset, located in member country which is essential for the maintenance of
vital societal functions.
9. Critical Infrastructure Threats
Disruptions, and threats to critical infrastructure damage countries in no time. It
could result in life loss, business collapse, and loss of the main services for life. Since
critical infrastructure depends on an interconnected “system of systems” any
unattended device that cause threat may led to destroy bigger systems.
Threats has great effect on both society and environment.
10. 1 2 3 4 5
Loss life
Loss confident
Less productive
Loss stability in
economic
Loss main services or
halted for a period of
time
Threats impact on society
On the society there are many impacts that must be considered.
11. 1 2 3 4 5
Awareness to the
cause of threats.
Implement
appropriate
security measure.
Notice any change
and inform the
responsible by any
change.
Use strong
password for
devices used.
Follow the
organization security
instructions.
Role of Society for Risk Analysis
12.
13. What Could Go Wrong? What if?
Road
Energy
Sirens
Water
Telecom
Transportation
Dams
21. Who and How
• Who
• Hacktivists
• Insiders
• Criminals
• Terrorist
• Nations
• How
• SQL injection
• BotNet
• Phishing
• Social Media
• Infected Websites
22. Why is there concern?
• Why - Attacks • Why - Cost
• 2016 there was 1093
breaches
• 36,601,939 records
• 19,699,094 ssns
• 7,472,540 credit cards
• @$250 =
$9,150,484,750 cost to
organizations
Cyber Investigations 15/Day
Trojan Attempts 3000/Day
SQL Injection 50/Day
SPAM 100K/Day
Web Activity 8.3M/Month
27. The Layered Approach
Access Management
PERIMETER
APPLICATION
NETWORK
HOST
DATA Encryption
Access
Control
Input Validation
Host IDs
Vulnerability Assessment
Access Control
Host IDs
Virus Protection
Vulnerability Assessment
Access Control
Intrusion Detection
Intrusion Prevention
Vulnerability Assessment
Access Control
Firewall
VPN
Encryption
Access Control
LAYERED
SECURITY
FRAMEWORK
Defense in Depth
is an Information
Assurance strategy
utilized by Managed
Security Services in which
multiple layers of defense
are placed throughout an
Information Technology
system. It addresses
security vulnerabilities in
personnel, technology and
operations for the duration
of the system's lifecycle.
28. Critical Infrastructure Risk Management Framework
The elements for the critical infrastructures are the physical, the cyber and the human.
In order to protect the critical infrastructure we must do some steps: