Critical infrastructures as defined as services and facilities that are essential for the basic operations in society. There are various sectors of the economy and society in general that are considered critical. Still, they do vary from country to country owing to the lack of a universally accepted definition and designation of what sectors are to be regarded as critical. However, in most countries, sectors such as health care, banking, and finance, transportation, food, and telecommunications, among others, are considered to be critical. Most importantly, a country's designation of a sector as essential is dependent on national priorities. Additionally, the importance of critical sectors to relevant countries has led to the initiation of national strategies that are meant to protect the identified critical infrastructures from either human-made or natural risks. Moreover, the interdependence between some of the essential infrastructures coupled up with the rapid technological changes has also heightened the need to protect critical infrastructures and the incorporation of cyber security from strengthening the protection of the critical infrastructure.
Cybercrimes in the Critical Infrastructure Sectors
Cyber security is crucial in ensuring that criminal elements have restricted access to essential data of infrastructure and systems. In the face of the rapid changes in technology and more so evolution in digital and communications technology, all the sixteen identified critical structures are at a constant threat from cyber-attacks and data breaches. According to the United States Department of Homeland Security, the protection of critical infrastructure is a responsibility that had to be shared by all players and at all levels of government (Geers, 2009). With this in mind, the department of homeland security works in conjunction with players in the industrial sector, private sector organizations, and other federal agencies in the distribution and sharing f information relating to the vulnerabilities to critical infrastructure as well as emerging threats in cybercrimes. Additionally, the department of homeland security analyzes, monitors, and responds to instances of security that affect sectors, private and public organizations that provide essential services to American citizens. It should be noted that any cyber-attack launched against any of the critical sectors may have adverse impacts on national security or the public health and safety of the citizens of the United States (US) (Abele-Wigert, 2006).
Delegate your assignment to our experts and they will do the rest.
The importance of cyber security transcends over all the critical infrastructure sectors in the US. For instance, in the energy service sector, cyber terrorism or espionage may have devastating impacts as this sector hold much intellectual property making it a viable candidate for attacks. Moreover, the digitalization of the systems heightens the vulnerability of the threat to cyber-attacks (Abele-Wigert, 2006). For instance, the industrial control systems which form part of the digitalization program in this sector are connected to the cloud increases the vulnerability of this sector to suffer from cyber-attacks.
The other critical industry that faces a threat from cyber espionage is the transport sector. It should be noted that the transport sector plays a vital role in ensuring the mobility of persons and goods throughout the US. With this in mind, instances in which a disruption in the operational capacity of this sector may be disrupted or compromised would precipitate massive losses economically, socially, or in some cases, such disruptions may result in fatalities. Just as in the case of the energy sector, continuous digitalization of the transport sector has also made it vulnerable to cyber-attacks (Abele-Wigert, 2006).
The communications sector is one of the fundamental pillars of the American economy. Primarily, this sector performs an enabling function for all the other sectors of the economy. The rise in mobile technology and the increasing connectedness witnessed today have rendered the communication sector highly susceptible to cyber-attacks. in this sector, the main targets for attack include fiber and switches connecting networks that power voice, internet, and video connecting devices (Choraś et al., 2017). The information technology sector, which is vital in the countries security and the overall wellbeing of the government and other organizations, is also a sector that has a heightened propensity of cyber-attacks. Today, numerous sectors of the economy, as well as the scholarly world, depend on information technology to supply and utilize virtual capacities and in the creation of programs, equipment and data information frameworks and admissions. With this in mind, cyber-attacks and data breaches in this sector may work to limit or disrupt the operational capacity of information technology with its effects reverberating across all the other sectors that are progressively dependent on it.
The defense industrial base sector is the other sector that is increasingly at risk of cyber-attacks. In practice, this sector is tasked with the creation of innovative works geared at meeting requirements of the US military. The sensitive nature of this sector makes it a fertile ground for the continued cyber-attack as a result of the presence of highly confidential data and the intellectual property rights (Abele-Wigert, 2006). It is also important to note that this sector, cyber espionage, is commonly placed, and state-sponsored actors mostly instigate it.
The government sector, which includes several buildings both in the US in the diaspora, forms part of the critical infrastructure. These facilities are usually owned or rented by the state, elected, or tribal governments and are highly vulnerable to cyber-attacks. The vulnerability of these infrastructures emanates from the delicate material, data, hardware, and procedures present in these locations. For instance, in 2011, two US research labs in Pacific Northwest Laboratory (PNNL) and Thomas Jefferson National Laboratory that are located in Virginia fall victim to cyber-attacks. In this attack, these labs experienced internet shutdowns, which lasted a couple of days (Finkle, 2011).
The commercial facilities sector is also highly susceptible to cyber-attacks. In practice, this sector incorporates a myriad of organizations that individuals are attracted to for their shopping entertainment hospitality or business. Since most business organizations in this sector are privately owned, the propensity of cyber-attacks is considerably high. With this in mind, the firms in the industry are increasingly falling victims to malware attacks, data breaches, and phishing schemes. Other critical sectors that are usually harmed due to cyber-attacks include the chemical sector. This sector produces and transports potentially hazardous chemicals. also, the water and wastewater system sector that is tasked with providing water is at risk for potential attacks. The food and agricultural sector and the nuclear Reactors, Materials, and Waste Sector, as well as the dams sector, are other critical infrastructures that face the threat of cyber-attacks.
Cyber Crime in the Health Care and Public Health Sector
In the US, the health care and public health sector is classified as critical infrastructure. According to the department of homeland security, the health care and public health sector plays an important role in protecting other sectors of the economy from various hazards such as infectious diseases, terrorism, as well as natural disasters. It is also important to note that the importance of the health care and public health sector in the US also emanates from the fact that the assets are either privately owned or operated through the collaboration between private and public sectors (Jalali & Kaiser, 2018). To this end, the need for heightened communication between all stakeholders in public health and health care is critical in ensuring that this sector performs its mandate to the optimum without unnecessary intentional or unintentional disruptions. However, advances in information technologies and specifically cyber technology have not only worked to enhance communication between these sectors and other critical sectors but have also provided an avenue for terrorists and other individuals with malicious intent to launch attacks that might be detrimental to the overall wellbeing of the American population.
Prevalence of Data Breaches in the Health Care and Public Health Sector
Data breaches present a significant security breach in health care. Primarily, the prevalence of data breaches has been on the rise. According to Koczkodaj et al. (2019), data breaches in health care, and specifically medical records, affected approximately 173 million individuals in the US. Additionally, another study also illuminated that in 2018, the health care sector witnessed approximately five hundred and three data breaches that comprised the health records of approximately 15 million patients. Furthermore, according to the 2020 Protenus Breach Barometer, the prevalence of data breaches in health care skyrocketed with projected breaches affecting more than 25 million Americans.
Factors Exacerbating Cyber Crimes in the Health Care and Public Health Sector
The increased prevalence of data breaches is partly attributed to the work of insiders. In practice, insiders' data breaches by insiders happen either when trusted individuals engage in cybercrimes or when cybercriminals or hackers bypass system firewalls and perpetrate cybercrimes without the knowledge of system administrators. Data breaches are not only synonymous with the health care sector as other sectors have also fallen victim to cybercriminals (Kozik, & Choraś, 2013). The banking and financial sectors are some of the sectors that have also been hard hit by cybercrimes. For instance, between May and July 2017, approximately 44 million British citizens and 143 million American citizens had their information breached and stolen by hackers in the Equifax data breach. Primarily, this data breach was orchestrated for theft purposes (Fruhlinger, 2020). However, the occurrence of such data breaches raises the question of what the scenario would be in a case such breaches were intent on sabotaging or compromising infrastructure in a way that endangers the lives of millions of American citizens.
It should be noted that a significant number of the data breaches occurring in the health care sector have presented a challenge owing to the exposure and susceptibility of the health care and public health infrastructure to cyber-attacks. Primarily, the health care and public health sector is usually a preferred target during military warfare, and an attack on this sector is likely to cause massive panic. The vulnerability of the health care and public health sector is also exacerbated by the ability of cyber-attacks and warfare to be initiated remotely (Jalali & Kaiser, 2018). With the interconnectedness present between different health care facilities and corporations as well as the connectedness of this sector to government databases, the onset of data breaches may harm the government and other sectors of the economy and in totality the entire American nation. Additionally, data breaches in the health care and public health sector also result in reduced citizen confidence in the system as well as affecting the interactions between different sectors and agencies that are interconnected to health care (Jalali & Kaiser, 2018).
Qualities of a Secure Cyber Environment
All the critical sectors are in a continuous struggle to ensure that they adequately protect their systems from imminent cyber-attacks. There is a disparity between the evolution of technology and the rate at which threats evolve. Primarily, threat environments have been shown to evolve faster than security measures implemented to thwart the occurrence of cybercrimes. Under normal circumstances, basic protection and security measures are usually applied in all the critical infrastructures inclusive of the health care and public health sector. However, the basic measures applied in this case, most of the time, prove insufficient in protecting against cyber-attacks (Paul, 2012). With this in mind, as cybercrimes become increasingly complex and the health care and public health infrastructure more reliant on networks and operator systems, it is critical that this infrastructure must be adequately prepared to adjust its security measures promptly. Consequently, security measures have to be dynamic, novel, and up-to-date as well as in line with the accepted practices.
Properly applied cyber security techniques and measures help prevent the onset of cyber-attacks in organizations' networks or systems. I most cases, cybercrimes intend to either allow unwanted individuals access to the system or to hinder the normal operations. Adequate cyber security measures help mitigate and manage threats from nefarious actors, malware, and broad information sharing. In practice, these security measures are mostly precautionary in nature as they help in streamlining reporting and auditing protocols, system patching, and configuration management (Paul, 2012). Consequently, these security measures have to be constantly evolved to ensure that they are in tandem with the rapidly changing security threat environments.
Today, there are several measures and practices put in place to ensure cyber security in the healthcare and public health critical infrastructure sector. Although the threat environments are complex, the measures that are engaged today are considered to be the minimum level of protection as, without them, networks and systems would be utterly exposed to cyber threats. One of the measures applied today is the Identification and Authentication. Under this security measure, networks and systems can validate devices, processes, and individuals' before an activity is carried out in the system. In practice, through identification and authentication, operators and owners are provided with mechanisms to identify individuals and any actors involved in network transactions by creating an appropriate framework for network auditing (Guidorizzi, 2013).
A security patch management is also a security measure that enhances cyber security. Primarily, the security patch management is ma process in which system software is continuously updated in efforts to reduce risks posed by cybercriminals in compromising system applications and computer networks. It is important to note that security patch management is more reactive. However, the application of this security measure to complicated medical devices designed for complex health-related functions renders them susceptible to cyber-attacks and compromise Kuipers & Fabro, 2006).
Another security measure against cyber-attacks is the presence of firewalls. In practice, firewalls provide the first line of defense against unauthorized or unwanted network intrusions. Different types of firewalls exist today, with the level of protection offered dependent on the sensitivity and complexity of the system being protected (Ullrich et al., 2016). There are four different mechanisms utilized by firewalls to manage network traffic, and they are the circuit-level gateway, proxy server, application gateway, and packet filtering. It is, however, important to note that firewalls are more efficient if utilized between the internet and an organization network infrastructure or at a network’s perimeter.
Encryption is the other protective measure used in critical infrastructure to protect against cyber-attacks. In encryption, organization data is protected by transforming data into code. Primarily, encryption guarantees that individuals with criminal intent or any other unauthorized individuals are not able to access an organization’s computer systems. Additionally, encryption also heightens and maintains the reliability and integrity of information and data in electronic systems (Kogiso, K., & Fujita, 2015).
Recommendations
Just like in other critical infrastructure sectors, cybercrimes and data breaches in the health care and critical public sector are responsible for significant financial impacts as well as a loss of public confidence. Additionally, data breaches and cybercrime also pose a significant threat to the overall wellbeing of the American population as any compromises may impede the ability of this sector to perform and offer its services in a crisis. To this end, individuals and organizations in health care have to ensure that their system continually improves their cyber security by putting in place requisite policies and practices.
One of the critical elements in ensuring heightened cyber security in health care and public health is the cultivation of a security culture. In this case, health care organizations and facilities have to actively involve their employees in the promotion of security through education and emphasis o the importance of the protection of patient information and data. Secondly, it is also important to note that the use of mobile devices has become a mainstay in healthcare. To this end, players in the health care sector have to ensure that these devices are adequately provided through encryption of these mobile devices to reduce the possibility of cyber-attacks (Karabacak & Tatar, 2014).
In ensuring cyber safety, health care facilities and organizations have to ensure that they adequately plan for the unexpected. To this end, continuous and regular backing up of data should be prioritized to negate the effects that imminent data breaches may have on the health care system. Players in the health care sectors must ensure that all protected information is not accessible to individuals who are not authorized. This action must also incorporate limitations to network access by any unauthorized software or its installation without authorization (Karabacak & Tatar, 2014).In totality, the measures are meant to enhance the security of networks and systems used in health care and public sector critical infrastructure as well as in other infrastructures.
Rapid technological changes have brought numerous advantages in diverse sectors of the economy. Primarily, the technological advancements witnessed a complex intertwine between numerous sectors, which are critical in ensuring the security and the overall wellbeing of the American population. In the health care and public sector data breaches where patient information and other sensitive data are susceptible to be compromised provide the greatest challenge; the challenge, in this case, is further exacerbated by the connectedness between this sector and other critical sectors in the American economy. Currently, numerous initiatives have been out in place to mitigate against cyber-attacks and data breaches. Despite offering protection to networks and systems utilized in health care, the complexity of the cyber-attack and the ever-evolving threat environment requires that players in health care put in place necessary measures to enhance their security and meet the challenges posed by the cybercriminals.
References
Abele-Wigert, I. (2006). Challenges governments face in the field of critical information infrastructure protection (CIIP): Stakeholders and perspectives. International CIIP Handbook , 2 , 139-167. https://doi.org/10.3929/ethz-b-000000490
Choraś, M., Kozik, R., Flizikowski, A., Hołubowicz, W., & Renk, R. (2016). Cyber threats impacting critical infrastructures. In Janusz, K. (Ed.), Managing the complexity of critical infrastructures : A modelling and simulation approach (pp. 139-161). Springer. https://doi.org/10.1007/978-3-319-51043-9_7
Finkle, J. (2011, July 6). Government facilities targets of cyber-attacks. Reuters. https://www.reuters.com/article/us-usa-hackers/government-facilities-targets-of-cyber-attacks-idUSTRE7656M020110706
Fruhlinger, J. (2020, February 12). Equifax data breach FAQ: What happened, who was affected, what was the impact? CSO. https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html
Geers, K. (2009). The cyber threat to national critical infrastructures: Beyond theory. Information Security Journal: A Global Perspective , 18 (1), 1-7. https://doi.org/10.1080/19393550802676097
Guidorizzi, R. P. (2013). Security: Active authentication. IT Professional , 15 (4), 4-7. https://doi.org/ 10.1109/mitp.2013.73
Jalali, M. S., & Kaiser, J. P. (2018). Cyber security in Hospitals: A Systematic, Organizational Perspective. Journal of Medical Internet Research , 20 (5), e10059. https://doi.org/10.2196/10059
Karabacak, B., & Tatar, Ü. (2014). Strategies to Counter Cyber-attacks: Cyberthreats and Critical Infrastructure Protection. In Matthew E. (Ed.), Critical infrastructure protection . IOS Press.
Koczkodaj, W. W., Masiak, J., Mazurek, M., Strzałka, D., & Zabrodskii, P. F. (2019). Massive health record breaches evidenced by the office for civil rights data. Iranian Journal of Public Health , 48 (2), 278–288. https://www.ncbi.nlm.nih.gov/
pmc/articles/PMC6556182/
Kogiso, K., & Fujita, T. (2015, December). Cyber-security enhancement of networked control systems using homomorphic encryption. In 2015 54th IEEE Conference on Decision and Control (CDC) (pp. 6836-6843). https://doi.org/ 10.1109/cdc.2015.7403296
Kozik, R., & Choraś, M. (2013). Current cyber security threats and challenges in critical infrastructures protection. In 2013 Second International Conference on Informatics & Applications (ICIA) (pp. 93-97). https://doi.org/10.1109/ICoIA.2013.6650236
Kuipers, D., & Fabro, M. (2006). Control systems cyber security: Defense in depth strategies . Idaho National Laboratory (INL). https://inldigitallibrary.inl.gov/sites/sti/sti/3375141.pdf
Paul, M. (2012). The 7 qualities of highly secure software . CRC Press.
Ullrich, J., Cropper, J., Frühwirt, P., & Weippl, E. (2016). The role and security of firewalls in cyber-physical cloud computing. EURASIP Journal on Information Security , 42 (1), 18-38. https://doi.org/10.1186/s13635-016-0042-3
