It would seem very strange to me why a government body would be including the definition of Critical National Infrastructure on their website.
I would be inclined to remove it straight away. Noone should be advertising that.
Critical national infrastructure is one of those phrases that gets used a great deal, but is not often defined very well. When you look for definitions, you often find they differ greatly, or are rather general. Many governments include them on their websites.
There are a number of assets that are critical to the functioning of our society, like energy, water, health, transport and financial services. In fact, when you start listing them, you start to wonder what isn’t critical national infrastructure rather than what it actually is.
It would be interesting to ask some of the twenty year-olds who are part of the Occupy Movement about what in their view is critical to the functioning of society - is it the same as the government’s definition?
One of the links between differing elements of critical national infrastructure is that they each rely on networks to make them work. So the cyber threat to national infrastructure is a threat that comes across networks, through systems which people use on those networks.
The purpose of such attacks is not always very clear. Sometimes it might be a denial of service attempt or the theft of data, but not all have a malicious purpose. Some are actually intended to expose vulnerabilities in order for those vulnerabilities to be closed (think First State Super). Other attacks come from individuals who simply want to make a name for themselves, they create mischief for mischief’s sake. And, of course, there are organised groups who are financially driven, as well as nation-states who may be inclined towards these practices to steal sensitive or strategic information.
I think the main groups that actually threaten us are those engaging in espionage and criminal behaviour.
When responding to an attack impacting critical infrastructure, it is important to have a regime of compulsory, yet confidential reporting of IT incidents so that the organisation under attack is informed in time and can take action in time. In late August 2011, it became known that DigiNotar, a certification authority established in the Netherlands had been hacked. DigiNotar issues certificates for government and other parties, its delayed response resulted in around 530 fake certificates being lost.
There are several challenges in policy making, including curly issues of data protection and cross border sharing of information. The numbers of challenges probably won’t increase, but in time, the complexity will.
Many of these challenges can be solved by working in a public/private coalition which defines the common interest clearly, for many organisations this will simply be business continuity. Today’s interconnected economy is not just about an organisation’s strength and resilience, it’s about the entire supply chain and the ecosystem in which it operates. This is what true national critical infrastructure protection should be about.
The (CMS) consolidates the management, reporting, & data sharing of Web MPS, Email MPS, File MPS, and Malware Analysis System (MAS) in an easy-to-deploy, network-based appliance.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.