Food, water, sanitation, education, health care and transportation are basic survival and societal needs. For the past several years, government entities all over the world have focused increasingly on threats to critical infrastructure, both physical and cyber. According to IBM Managed Security Services data, these “basic needs” infrastructure sectors accounted for 8 percent of all incidents in 2014.

All the basic needs sectors share characteristics that make defense against cyberattacks difficult. They have an extremely low threshold for unavailability, meaning even a small outage could have a significant and widespread impact on their ability to operate.

What Is Critical Infrastructure?

Well, it depends on where you are in the world. The definition of “critical infrastructure” changes from country to country, which is part of the challenge when addressing and prioritizing cyberthreats targeting this area. In the United States, the Department of Homeland Security defines critical infrastructure as “the assets, systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

Critical infrastructure often encompasses industrial control systems, including supervisory control and data acquisition (SCADA) systems. Attacks against SCADA and other industrial control systems are a serious concern. They have the potential to create wide-scale compromise in vital systems such as transportation, oil and gas supply, electrical grids, water distribution and wastewater collection.

So where would a severe compromise probably have the greatest impact at the individual level? To answer this, IBM defined our most basic physical needs for survival — food, water, shelter and clothing — and then added next-level needs such as sanitation, education and health care. Additionally, all these sectors have a critical dependency on transportation systems. Therefore, this sector was also included in the analysis.

Read the RESEARCH AND INTELLIGENCE REPORT on Criticial Infrastructure (Basic Needs)

Unauthorized Access Incidents Nearly Doubled

In 2014, IBM found that incidents affecting basic needs critical infrastructure sectors — food and agriculture, water and wastewater systems, education, health care and transportation systems — accounted for 8 percent of all incidents. This was down from 11 percent in 2013.

Year after year, incidents of almost all types have decreased in the basic needs critical infrastructure group. The notable exception is unauthorized access incidents, which almost doubled between 2013 and 2014, rising from 1,500 to nearly 2,900. This is alarming yet expected. That change was actually reflected in every sector across the board, not just in this group. Thanks, Shellshock and Heartbleed.

Susceptibility to Attack: The Cyber Perspective

Not every industry has the same cybersecurity issues, but all are susceptible to attack and should therefore continuously assess their cybersecurity postures to prevent business interruption or compromised information. A high-level overview of each sector within the basic needs critical infrastructure group, its susceptibility to cyberattacks and recommendations can be found here.

Image Source: iStock

More from Mainframe

How Dangerous Is the Cyberattack Risk to Transportation?

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

Low-Code Is Easy, But Is It Secure?

Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

Starting From Scratch: How to Build a Small Business Cybersecurity Program

When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

A Journey in Organizational Resilience: Supply Chain and Third Parties

The next stop on our journey focuses on those that you rely on: supply chains and third parties.  Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is to take advantage of a capability that your organization did not have, or the vendor was just better at than you. In turn, there was…