What is critical infrastructure?
Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience defines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
PPD-21 advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure aimed to protect the U.S. from cyberattacks against any and all of the 16 sectors.
“Cyberattacks on our nation’s critical infrastructure – from our elections to finance to transportation hubs – can potentially devastate our economy, safety and way of life. Combating these threats requires cross-national and public-private sector collaboration,” according to a release from the National Cyber Security Alliance, which recently hosted the NCSA Nasdaq Cybersecurity Summit.
The summit, “Securing America’s Critical Infrastructure” brought together leaders from industry and government “to examine the latest nation-state cybercrime tactics and share ways to work together to thwart these threats and ensure a resistant and resilient America” according to the release.
A disruption to the nation’s critical infrastructure, which supplies basic necessities like food, water, financial services, healthcare, communications and power, can have significant and even catastrophic consequences for our nation, explained Russell Schrader, NCSA executive director.
The components of the critical infrastructure are often interconnected and sometimes internet-facing which can expose vulnerabilities that cybercriminals and hacktivists can exploit for their own nefarious purposes.
Both individuals and organizations play a large role in helping to protect these networks and systems from cyber threats, Schrader said.
As technology providers become more and more concerned about finding ways to help keep our nation’s systems safe, they are striving to develop security protection across the entire technology stack. With increased connectivity across all industries, it is important that government and industry work together to address the needs of critical infrastructure, Schrader explained.
At the same time, most Americans have bank accounts or investment accounts and engage in online transactions. As the world has gone digital, so too has our money. While the financial services sector has taken steps to improve its security architecture to keep the nation’s treasury system safe and secure, there are important steps we can all take as individuals.
The NCSA suggests five ways you can protect your financial assets from cyber threats:
Lock your credit
Per the Federal Trade Commission, all three credit bureaus are now required to allow you to lock your credit at no cost. Each of the agencies have made the process simple. Visit FTC.gov to request a freeze or lock – and do the same for your children, and for elderly or mentally challenged people under your care. Learn more about credit freezes at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
Enable two-factor authentication whenever it’s provided
As financial institutions continue to make online transactions easier, they are also adding security features to secure accounts. If your institution offers two-factor authentication, take advantage of it. It’s the best way to protect against a fraudster hijacking your account. For information about how to enable two-factor authentication for various online accounts, visit https://twofactorauth.org/
Be vigilant with your email
Enable two-factor on your email account – if offered by your provider. In some instances, cyber criminals may take control of an email account for signs of financial transactions. Stolen credentials for any type of account can be purchased online. A fraudster can purchase credentials for a batch of accounts and then attempt to log in into them. Sometimes they will resell these accounts or they might keep the credentials for themselves to make further fraudulent transactions. This is why it’s critical to create unique usernames and passwords and turn on two-factor authentication. Remember to report suspicious emails to your financial institution. You can also report them to the Anti-Phishing Work Group, who will then share this information to help prevent the phishing attempt from spreading. To learn more, visit https://apwg.org/report-phishing/overview/.
Monitor your account statements
Just as your instinct can alert you when something is wrong with an email, you can learn to be alert for unusual purchases on your financial and credit card accounts. If your financial institution allows fraud alerts, sign up. This gives you the option to block or allow a purchase at the time of the transaction.
Where you do your banking matters
Connecting to public Wi-Fi is always risky business. It is even riskier if you’re accessing your online financial accounts. When using a public network, avoid logging into your accounts if at all possible. If you’re in a pinch and need to make a quick transaction online, choose a public Wi-Fi that requires a password only the establishment can provide. Connect to a VPN if you have one and limit your transactions.
Finally, the NCSA advises that no one company, government agency, nonprofit or individual can do it alone: cybersecurity is “Our Shared Responsibility.”
Small steps can make a big difference in protecting your identity and online security, and ultimately, in protecting America's critical infrastructure!