Protect What is Critical to Your Infrastructure. Government and businesses often view the world through separate lenses. The list of that deemed ‘critical’ in the public sector, although complexly inter-related, is far from a mirror image of the infrastructure concerns of private businesses. In the matter of fact, unless it is global fortune 500 scale corporation, else if you refer to government national critical infrastructure, it is a very different scale to be dealt with.
We are using universal definition here to cover processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of enterprise ICT infrastructure, that cover both corporation and government agency.
Not everything within a corporation or (national infrastructure) is critical. For the principle of economics, we all (even nation) had limited of resources. To be economies of scope and scale, resources need to be strategically managed, that applied to infrastructure, for let the ICT continuous availability and serve the various roles it cater for, away from unintended disruption that may cause business downtime, or nation productivity lost. Once you had the right mindset and perspective, critical infrastructure become a fundamental concept you can use for formulate and carry out a range of decision making and implementation.
Once you can identified among infrastructure, what is the most important, and risk and threats facing, you can define critical infrastructure (CI), or some like to define it as mission critical infrastructure. For national scale known as national critical infrastructure. We had natural disasters for war, hurricanes, floods, wildfires and earthquakes that may cause disruption for nuclear plants, airport, ports in national scale. For typical enterprise scale critical infrastructure disruption, we may have ICT communication link down, server and application down, hardware faulty, or user mis operation, and external intruder attack or internal employee sabotages. Above is quick named some of the critical information for nation and enterprise.
Once you being aware for what critical infrastructure is about, you will work backward to identify critical infrastructure risk exposure, like vulnerable for bothy cybersecurity and physical security risk, and the likelihood of impact. You can just imagine, global estore like amazon and nation stock market exchange, down for one business day, what is the likelihood of business and nation impact? Once you had that in mind, you are very logically to work backward for the list of risk to be addressed or mitigating, and to work on the way to protect critical infrastructure from risk exposure discussed earlier. This is what the term Critical Infrastructure Protection (CIP) is all about, and solution typically refer it as CIP solution.
For instance, Industrial Control Systems (ICS)/SCADA System, which govern the operation of large industrial plants, cannot be actively scanned for vulnerabilities the way a virtual-only Information Technology (IT) environment can be scanned because such scans can knock the industrial systems offline, grinding operation of a major plant to a halt. Same as way for online continuously running system for business, it do not tolerant for the downtime. Those are areas for all the operation and new project need to be addressed.
Feel free to contact E-SPIN for the Mission Critical Infrastructure Discovery, Asset Inventory, Continuous Uptime monitoring, security assessment and protection. We see how we can help in your specific use case requirement and project.