Critical Infrastructure and Its Threats : Protecting the Heartland

October 27-31: Critical Infrastructure and Its Threats: Protecting the Heartland

In this last week’s National Cyber Security Awareness Month bulletin, we’re pleased to share a briefing with you that brings together a foundation of best practices that will help you going forward in securing your personal and mobile computing devices. Our final topic explores the concept of critical infrastructure and relates your role in its operation and protection.

According to the Department of Homeland Security, critical infrastructure consists of the nation’s essential services that underpin American society. The infrastructure is often identified by key sectors that provide these services and includes communications, energy, financial services, food and agriculture, defense, manufacturing, healthcare, emergency services and several other key categories.

The Financial Services sector represents a vital component in the critical infrastructure. When we stop to think about the extent of cyber interaction we have with this critical infrastructure sector – from online banking to automated billpay, payroll deposits to government benefit registration, online tax filing to e-commerce shops  – the extent of cyber interaction using public networks including the Internet is extremely extensive.

While so many of our day-to-day financial interactions increasingly rely on the cyber infrastructure of the Internet for their transactions, this same public infrastructure is shared by cybercriminal gangs, hostile nation-state cyber militaries and opportunistic hackers and activists – all of which are constantly seeking ways to attack and compromise this infrastructure for their benefit. Your role in helping protect this critical infrastructure is vital given the role you play in keeping the mobile and personal computing devices free from the vulnerabilities that invite such attack and exploitation.

Doing Your Part: Practical Protection

• Stay tuned into cyber security news.  Don’t be the last to know of a public security event. Establish a practice of periodically tuning in to general cyber security news: Forbes, Wired Magazine and BankInfoSecurity.com all offer good well-rounded updates to keep you current and aware. If you’re social network savvy, follow @StaySafeOnline and @Cybersecurity on Twitter or StaySafeOnline on Facebook.
• Practice unique passwords.  Invest in a password manager app for your smartphone and invest in the practice of maintaining unique passwords for your email, banking, merchant and social network accounts.
• Keep cyber technologies clean and current.  Smartphones, PCs, laptops, tablets and home wireless and wired routers should be kept on a current and supported operating system. Applications and operating systems should be kept current with the latest up-to-date patches. Remove unused programs and mobile apps. Learn how your security tools legitimately perform and watch for fake security warnings from pop-up ads that may be intent on taking your device hostage.
• Outsmart the bad guys with boosted defenses.  Most of us know that real-time antivirus is mandatory on our computers. Recent research conducted by the SANS Institute concluded that the time to infection for an Internet-connected unpatched Windows computer without antivirus was a mere four minutes. But did you know that current patches and antivirus are not enough to protect you on public wireless networks?  Strongly consider investing in a VPN (virtual private network) service and use it at all times when you’re not on a trusted home or workplace network (see our links below for independent reviews of VPN providers).
• Plan and practice for problems.  Even the best of preventative practices can fall short. New malware can sneak past antivirus software and weaknesses in programs and protocols are constantly being uncovered and exploited. Establish a plan for quickly restoring control of your accounts in the event of the compromise of a PC or mobile device.
• Keep a record of your ongoing cyber relationships.  Keep a journal of the accounts you access, including financial, service provider, utility, merchant, government resources, etc., and write contact information down should you need to quickly change passwords.  Practice active defense by evaluating financial accounts for questionable and invalid transactions on at least a monthly basis.

Further Information

• NCSA general information security recommendations and news:  http://www.staysafeonline.org
• DHS Banking and Finance Sector overview: http://training.fema.gov/EMIWeb/IS/IS860b/CIRC/bank1.htm
• VPN provider reviews: http://lifehacker.com/5935863/five-best-vpn-service-providers