What is Critical Infrastructure, Cybersecurity, and Supply Chains? If you support or are in a critical infrastructure industry a strong cybersecurity foundation should be top of mind for all your assets. In today's digital age more than ever nefarious actors are wanting to run espionage and sabotage campaigns against you. But what is critical infrastructure and how does this fit into the Maximo world? Critical infrastructure is defined as "assets, systems, and network, whether physical or virtual, considered so vital to the United States that any impact or destruction to them would have a major impact on national security, economic security, or our nation’s public health." There are 16 sectors to critical infrastructure they are:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
From a Maximo perspective, it’s probably pretty easy to associate your company to one of these sectors. Each of these sectors whether you are them or are part of a company that supports them (making your company part of the supply chain) is foundational that you take cybersecurity seriously. Now cybersecurity is a broad term relating to many different cogs that make up one machine on its own. Cybersecurity gets broken down into three distinct categories, known as the security triad- Confidentiality, Integrity, and Availability.
Confidentiality: The ability to keep information whether sensitive or not protected and security from unneeded access or disclosure. As we conduct business with one another, vendors, clients, and business partners we are all collecting personal information, names, email addresses, phone numbers, invoices, etc. It is your duty to ensure that only those who are truly authorized have access to this information. We all have IT admins who have access to everything. But do they truly need access to client information? Vendor invoices? If the answer is no, then you must look into limiting that access to only with the need to know.
Integrity: In a nutshell integrity means that your systems are well maintained and are not subject to unauthorized modification or deleted by unauthorized parties. Data should be regularly backed up and audited to create a paper trial. If a malicious actor was able to penetrate through your network and modify sensitive information or system files this would have a devastating effect. Do you know who last accessed your database with client information? Do you know what changes what they made? What files were modified? Are these changes authorized? All of these questions are ones you have to ask yourself and proper departments to understand if your systems have integrity.
Availability: Systems and services need to be available to businesses and individuals when they need it no matter the circumstance. Regardless if your company experiences a power outage, natural disaster or any other unplanned event. With today's remote working world and heavy dependence on the clouds, availability is more important than ever. Are the cloud providers that host your infrastructure reliable for you? What about for your clients? What would happen if you lost access to your office suite or CRM software? Do you have redundant networks, servers, or applications? What if you are hosting your clients business on your cloud?
These basic tenants of cybersecurity are what makes up the foundation of the term as a whole. Security is not only about keeping your business safe, but also keeping your customers information systems safe. Holding your vendors to a certain standard and risk level. Much like you wouldn't choose the lowest rated mechanics shop to work on your car, you shouldn't choose the least amount of security effort to protect your businesses goals and missions. Additionally, if you are servicing one of the critical infrastructures, you are part of their supply chain. Your security efforts must meet or exceed their expectations. If an issue or unwanted cybersecurity event occurs that effects one of the critical sectors that permeated from your network, software, cloud, services, or users, your business could be in jeopardy.