Critical Infrastructure

COURSE ON CYBER SECURITY
CRITICAL INFRASTRUCTURE AND HOMELAND SECURITY

COURSE CODE: SS-815
FALL 2022
AIM
THE AIM OF THIS LECTURE IS TO HIGHLIGHT
• THE VULNERABILITY OF CYBER DEPENDENT CRITICAL
INFRASTRUCTURE FROM PHYSICAL AND CYBER ATTACKS AND CYBER
FAILURES.
• THE POLICY LEVEL GAPS.
PROF T. YAMIN, CYBER SECURITY, LECTURE 2 2

READING LIST
SER TITLE AUTHOR AVAILABILITY
1. CRITICAL INFRASTRUCTURE PROTECTION: CRISTINA ALCARAZ, ARTICLE
REQUIREMENTS AND CHALLENGES FOR THE SHERALI ZEADALLY
21ST CENTURY
2. CYBER SECURITY: CRITICAL MARTTI LEHTO AND Book
INFRASTRUCTURE PROTECTION PEKKA NEITTAANMÄKI
3. CRITICAL INFRASTRUCTURE PROTECTION STEPHEN D. WOLTHUSEN Book
INFORMATION INFRASTRUCTURE MODELS,
ANALYSIS, AND DEFENSE
4. EUROPEAN CRITICAL ALESSANDRO LAZARI BOOK
INFRASTRUCTURE PROTECTION
5. PROTECTION OF CRITICAL E. GOETZ AND S. SHENOI BOOK
INFRASTRUCTURE
6. A CONTROL SYSTEM TESTBED TO VALIDATE THOMAS MORRIS AND ARTICLE
CRITICAL INFRASTRUCTURE PROTECTION ANURAG SRIVASTAVA
CONCEPTS
7. CRITICAL INFRASTRUCTURE PROTECTION: KRIS HEMME Article
MAINTENANCE IS NATIONAL
SECURITY

IMPORTANT LINKS
• NCIIPC- the Guardian of Critical Infrastructure in India
NCIIPC- the Guardian of Critical Infrastructure in India · myLawrd
• Critical Infrastructure Security and Resilience https://
www.gps.gov/multimedia/presentations/2014/11/ICG/dhs.pdf
• Critical Infrastructure Protection https://
www.gao.gov/assets/gao-18-62.pdf
• DHS Continues to Test GNSS Timing for Critical Infrastructure
https://insidegnss.com/dhs-continues-to-test-gnss-timing-for-critical-i
nfrastructure
/

MOVIES
• The Imitation Game
• Die Hard 4: Live Free Or Die Hard

NEWS REPORTS ON ATTACKS ON
CRITICAL INFRASTRUCTURE
• ACSC issues joint warning about cyber attacks on critical infrastructure
ACSC issues joint warning about cyber attacks on critical infrastructure - GovernmentNews
• Water Sector Will Benefit from Call for Cyber Hardening of Critical Infrastructure
Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure (darkreading.com)
• Critical Infrastructure And Public Spaces Protection Against Terror Attacks
Critical Infrastructure and Public Spaces Protection against Terror Attacks » Capital News (capitalfm.
co.ke
)
• Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure
Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure - Security
Boulevard
• National Critical Infrastructure Under Attack: Clop Ransomware
National Critical Infrastructure Under Attack: Clop Ransomware - Security Boulevard
• OT cyber-attacks in transport and energy sectors on the rise
OT cyber-attacks in transport and energy sectors on the rise (controlengeurope.com)

BACKGROUND
• THE IDEA OF PROTECTING CRITICAL INFRSTRUCTURE IS VERY ANCIENT
E.G. SOURCES OF SUSTENANCE SUCH AS WATER WELLS AND GRAIN
SILOS HAD TO BE PROTECTED AT ALL COSTS FROM CONTAMINATION
OR CAPTURE BY ENEMY FORCES.
• THE AMERICANS NARROWED DOWN THE CONCEPT OF CRITICAL
INFRASTRUCTURE AFTER THE 9/11 ATTACKS ON THE TWIN TOWERS
IN MANHATTAN AND THE PENTAGON IN 2001
• MOST COUNTRIES AND POLITICAL ALLIANCES AND DEFENCE BLOCS
HAVE IDENTIFIED THEIR CRITICAL INFRASTRUTRE AND HAVE
ADOPTED POLICIES TO PROTECT THESE ASSETS

CRITICAL INFRASTRUCTURE
CRITICAL INFRASTRUCTURE OR CRITICAL NATIONAL INFRASTRUCTURE (CNI) IS A TERM USED
BY GOVERNMENTS TO DESCRIBE ASSETS THAT ARE ESSENTIAL FOR THE FUNCTIONING OF A SOCIETY AND
ECONOMY. THESE INCLUDES FACILITIES SUCH AS:
• FUEL & HEATING (NATURAL GAS, FUEL OIL PIPE LINES AND DISTRIBUTION NETWORKS)
• AGRICULTURE, FOOD PRODUCTION AND DISTRIBUTION
• EDUCATION, SKILLS DEVELOPMENT AND TECHNOLOGY TRANSFER
• WATER SUPPLY (DRINKING WATER, WASTE WATER/SEWAGE SYSTEMS, STEMMING OF SURFACE WATER E.G.
DIKES AND SLUICES)
• PUBLIC HEALTH (HOSPITALS, AMBULANCES)
• TRANSPORTATION SYSTEMS (FUEL SUPPLY, RAILWAY NETWORK, AIRPORTS, HARBOURS, INLAND SHIPPING)
• SECURITY SERVICES (POLICE, MILITARY)
• ELECTRICITY GENERATION, TRANSMISSION AND DISTRIBUTION E.G. NATURAL GAS, FUEL OIL, COAL, NUCLEAR
POWER
• RENEWABLE ENERGY SUCH AS SUNLIGHT, WIND, RAIN, TIDES, WAVES, AND GEOTHERMAL HEAT.
• TELECOM
• ECONOMIC SECTOR; GOODS AND SERVICES AND FINANCIAL SERVICES (BANKING, CLEARING)
CYBER DEPENDENT CRITICAL
INFRASTRUCTRE
• MILITARY COMMAND AND CONTROL CENTRES
• PUBLIC OR PRIVATE CONCERNS CONTROLLED BY SUPERVISORY CONTROL AND DATA ACQUISITION (
SCADA)
• BANKING SECTOR SBP
• HEALTH SECTOR
• EPIDEMIC CONTROL CENTERS SUCH AS NCOC
• COMMUNICATION (AIR/SEA PORTS, RAILWAY SYTEM, TRANSPORTATION SERVICES, TELECOM SECTOR)
• ELECTRICITY GRID
• HYDEL DAMS
• POLICE AND EMERGENCY RESPONDERS LIKE NDMA/PDMA
• GRAIN RESERVES SUCH AS PASSCO
• NATIONAL FLOOD RESPONSE & RELIEF CENTER SUCH AS NFRCC
• PRIVATE BUSINESSES

CRITICAL INFRASTRUCTURE SECTORS IDENTIFIED
BY US CYBER & INFRASTRUCTURE SECURITY AGENCY
(CISA)
• CHEMICAL SECTOR • FINANCIAL SERVICES SECTOR
• COMMERCIAL FACILITIES SECTOR • FOOD AND AGRICULTURE SECTOR
• COMMUNICATION SECTOR • GOVERNMENT FACILITIES SECTOR
• HEALTH CARE AND PUBLIC HEALTH
• CRITICAL MANUFACTURING SECTOR
STRUCTURE
• IT SECTOR
• DAMS SECTOR
• NUCLEAR REACTORS, MATERIALS,
• DEFENSE INDUSTRIAL BASE SECTOR WASTE SECTOR
• EMERGENCY SERVICES SECTOR • TRANSPORTATION SECTOR
• ENERGY SECTOR • WATER AND WASTE WATER SYSTEM
SECTOR
CANADA
THE CANADIAN FEDERAL GOVERNMENT IDENTIFIES THE FOLLOWING 10 CRITICAL INFRASTRUCTURE SECTORS AS A
WAY TO CLASSIFY ITS ESSENTIAL ASSETS.
• ENERGY & UTILITIES: ELECTRICITY PROVIDERS; OFF-SHORE/ON-SHORE OIL & GAS; COAL SUPPLIES, NATURAL GAS
PROVIDERS; HOME FUEL OIL; GAS STATION SUPPLIES; ALTERNATIVE ENERGY SUPPLIERS (WIND, SOLAR, OTHER)
• INFO AND COMMUNICATION TECHNOLOGY: BROADCAST MEDIA; TELECOMMUNICATION PROVIDERS (LANDLINES,
CELL PHONES, INTERNET, WIFI); POSTAL SERVICES;
• FINANCE: BANKING SERVICES, GOVERNMENT FINANCE/AID DEPARTMENTS; TAXATION
• HEALTH: PUBLIC HEALTH & WELLNESS PROGRAMS, HOSPITAL/CLINIC FACILITIES; BLOOD & BLOOD PRODUCTS
• FOOD: FOOD SUPPLY CHAINS; FOOD INSPECTORS; IMPORT/EXPORT PROGRAMS; GROCERY STORES; AGRI & ACQUA
CULTURE; FARMERS MARKETS
• WATER: WATER SUPPLY & PROTECTION; WASTEWATER MANAGEMENT; FISHERIES & OCEAN PROTECTION
PROGRAMS
• TRANSPORTATION: ROADS, BRIDGES, RAILWAYS, AVIATION/AIRPORTS; SHIPPING & PORTS; TRANSIT
• SAFETY: EMERGENCY RESPONDERS; PUBLIC SAFETY PROGRAMS
• GOVERNMENT: MILITARY; CONTINUITY OF GOVERNANCE
• MANUFACTURING: INDUSTRY, ECONOMIC DEVELOPMENT

EU
• THE EUROPEAN PROGRAMME FOR CRITICAL INFRASTRUCTURE
PROTECTION (EPCIP) HAS BEEN LAID OUT IN EU DIRECTIVES BY THE
COMMISSION (EU COM(2006) 786 FINAL).
• IT HAS PROPOSED A LIST OF EUROPEAN CRITICAL INFRASTRUCTURES
BASED UPON INPUTS BY ITS MEMBER STATES.
• EACH DESIGNATED EUROPEAN CRITICAL INFRASTRUCTURES (ECI) WILL
HAVE TO HAVE AN OPERATIONAL SECURITY PLAN (OSP) COVERING THE
IDENTIFICATION OF IMPORTANT ASSETS, A RISK ANALYSIS BASED ON
MAJOR THREAT SCENARIOS AND THE VULNERABILITY OF EACH ASSET,
AND THE IDENTIFICATION, SELECTION AND PRIORITISATION OF COUNTER-
MEASURES AND PROCEDURES.
INDIA
• CRITICAL INFRASTRUCTURE PROTECTION IS A MAJOR CYBERSECURITY
PRIORITY FOR INDIA.
• FOR SAFEGUARDING THE COMMON INTEREST OF INDIA, THE
GOVERNMENT ESTABLISHED THE NCIIPC IN 2014 AS THE NODAL
AGENCY TO WORK WITH THE PUBLIC AND PRIVATE SECTORS FOR
PLUGGING GAPS IN THEIR CRITICAL INFRASTRUCTURE SYSTEMS.
• THE ORGANIZATION WAS ESTABLISHED UNDER SECTION 70 A OF THE
IT ACT, 2000, AND COMES DIRECTLY UNDER THE CONTROL
OF THE PRIME MINISTER’S OFFICE.

NATO
• WITHIN NATO CRITICAL INFRASTRUCTURE IS A GENERAL TERM
DESCRIBING A NATION'S INFRASTRUCTURE ASSETS, FACILITIES,
SYSTEMS, NETWORKS, AND PROCESSES THAT SUPPORT THE MILITARY,
ECONOMIC, POLITICAL AND/OR SOCIAL LIFE ON WHICH A NATION
AND/OR NATO DEPENDS.
• 2021 NATO COEDAT TEC

EU AGENCY FOR CYBERSECURITY
(ENISA)
THE DEFINITION OF CII IS TAKEN FROM THE COUNCIL DIRECTIVE
2008/114/EC ON THE IDENTIFICATION AND DESIGNATION OF
EUROPEAN CRITICAL INFRASTRUCTURES AND THE ASSESSMENT OF THE
NEED TO IMPROVE THEIR PROTECTION:
“ICT SYSTEMS THAT ARE CRITICAL INFRASTRUCTURES FOR THEMSELVES
OR THAT ARE ESSENTIAL FOR THE OPERATION OF CRITICAL
INFRASTRUCTURES (TELECOMMUNICATIONS, COMPUTERS/SOFTWARE,
INTERNET, SATELLITES, ETC.”

CRITICAL INFRASTRUCTURE OF
RUSSIA
LIKE OTHER COUNTRIES CRITICAL INFORMATION INFRASTRUCTURE (CII) OF THE
RUSSIAN FEDERATION IS A SET OF INFO SYSTEMS AND TELECOM NETWORKS
THAT ARE CRITICAL FOR THE WORK OF KEY AREAS OF THE STATE AND SOCIETY:
• HEALTH CARE
• INDUSTRY
• COMMUNICATIONS
• TRANSPORT
• POWER
• FINANCIAL SECTOR
• URBAN ECONOMY
SHANGHAI COOPERATION
ORGANIZATION (SCO)
• SAMARKAND DECLARATION ON DIGITAL ISSUES

CRITICAL INFRASTRUCTURE OF
CHINA
ON AUGUST 17, 2021 CHINA’S STATE COUNCIL UNVEILED THE REGULATIONS ON THE SECURITY AND PROTECTION OF
CRITICAL INFORMATION INFRASTRUCTURE (‘THE REGULATIONS’), FORMULATED ON THE BASIS OF CHINA’S
CYBERSECURITY LAW. THE REGULATIONS DEFINE CII AS COMPANIES ENGAGED IN “IMPORTANT INDUSTRIES OR
FIELDS”, INCLUDING:
• PUBLIC COMMUNICATION AND INFORMATION SERVICES
• ENERGY
• TRANSPORT
• WATER
• FINANCE
• PUBLIC SERVICES
• E-GOVERNMENT SERVICES
• NATIONAL DEFENSE
• ANY OTHER IMPORTANT NETWORK FACILITIES OR INFORMATION SYSTEMS THAT MAY SERIOUSLY HARM NATIONAL
SECURITY, THE NATIONAL ECONOMY AND PEOPLE’S LIVELIHOODS, OR PUBLIC INTEREST IN THE EVENT OF
INCAPACITATION, DAMAGE, OR DATA LEAKS.

PAK TELECOM AUTHORITY (PTA)
• THE CRITICAL TELECOM INFRASTRUCTURE (CTI) WILL BE MONITORED
TO IDENTIFY AND PREVENT EAVESDROPPING, UNAUTHORIZED
ACCESS, AND CYBER THREATS.
• THE PTA HAS DEVISED THE REGULATIONS TO EXERCISE ITS POWERS
CONFERRED VIA CLAUSE (O) OF SUB-SECTION (2) OF SECTION 5 OF
THE PAKISTAN TELECOMMUNICATION (REORGANIZATION) ACT, 1996
(XVII OF 1996).

WHAT’S MISSING?

WHAT COULD BE PAKISTAN’S
CRITICAL INFRASTRUCTURE?
• GOVERNMENT & KEY MINISTRIES
• NCA
• MILITARY HQs I.E. JS HQ AND SERVICES HQs
• POLICE
• INTELLIGENCE AGENCIES
• NUCLEAR POWER PLANTS
• NADRA
• WAPDA
• ELECTRICITY DISCOs
• KE
EXERCISE: A POSSIBLE SCENARIO OF AN ATTACK
ON CRITICAL NATIONAL INFRASTRUCTURE
• FACILITY BEING ATTACKED
• UNFOLDING OF EVENTS
• CONSEQUENCES
• RESPONSE (CYBER, KINETIC AND POLITICAL)

Q&A

Critical Infrastructure

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Critical Infrastructure

Uploaded by

Copyright:

Available Formats

COURSE ON CYBER SECURITY

CRITICAL INFRASTRUCTURE AND HOMELAND SECURITY

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 2

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 3

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 4

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 5

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 6

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 7

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 9

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 12

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 14

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 15

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 16

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 18

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 19

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 20

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 21

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 23

PROF T. YAMIN, CYBER SECURITY, LECTURE 2 24

You might also like