Cybersecurity is an issue of profound importance in today’s technology-driven world. What was once a problem only for IT professionals is now a fact of life for all of us. A day hardly goes without hearing of some new cyberattack (Lewis, 2014). These incidents are a clear illustration of how the internet has become an integral part of our professional and personal lives. And while the benefits have been enormous, so, too, have the risks. In fact, there is almost no aspect of our lives that cybersecurity does not touch.
In the security industry and across government, cybersecurity has been a long discussed nightmare with various scenarios caused by cyber-attacks against critical infrastructure and key resources (CIKR). Critical infrastructure sectors, from financial services to transportation to healthcare, all depend on massive information technology networks. Many of the cyber defenses used by critical infrastructure owners and operators to ward off attacks are outdated and ineffective. These systems remain highly vulnerable to hackers, who could gain control of nuclear plants, railways and any number of other vital systems. Unfortunately, the frequency of attacks against critical infrastructure is increasing at an alarming rate. For instance, the chemical industry has tight sector-wide regulations on everything from occupational safety to environmental protection, yet even though the Department of Homeland Security recognized cyber-attacks as a major threat to the industry in 2010, cyber security regulations are still only managed at the company or facility level.
With few regulations in place, it has become increasingly important for these industries to assess their environments and cyber security risk. One way to do that is through compromise assessments or Industrial Control System (ICS) assessments (Lewis, 2014). These tests search the environment to identify whether or not a hacker is currently in the system. If a breach is identified then the organization can work to stop it and secure their system before any valuable information is taken. Organizations could also perform “red team” operations. In this assessment, a team of experts attempts to hack into an environment and, if successful, they can then reverse engineer security features to make sure that a real hacker cannot gain access to the system.
China Could Shut Down U.S. Power Grid With Cyber Attack, Says NSA Chief. (2016, March 6). Retrieved from http://www.newsweek.com/china-could-shut-down-us-p…
Lewis, T. G. (2014). Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. Hoboken, NJ: John Wiley & Sons.