Where Do You Fit In? - Critical Infrastructure Security

Have you ever felt lost attempting to process all the information involved in securing the 16 critical infrastructure sectors? Have you ever wondered which sector pertains to your organization? Are you overwhelmed with requirements regarding reporting and adhering to the most up-to-date security regulations, standards, or framework? Are you aware of potential funding resources available for your business to help bolster security?

Our team at Ankura is here to help. Our advisors are experts across a multitude of disciplines and have come together to answer your questions. Without the contributions and hard work from the many people and industries that make up our critical infrastructure, our way of life would be dramatically different. Today's threat landscape most certainly stands to compromise that way of life. It is our goal to enhance your success and security.

Below we provide a brief summary of each critical infrastructure sector in the United States. We have focused on concise and relevant information regarding security within each sector, including: overall sector description, sector risk management agencies, example industries/organizations, examplestandards/regulations/frameworks, and example funding sources¹. Additionally, we have created a versatile one-page resource to assist you. Follow this link to request your copy full of useful references to our summary below. One of our team members will connect with you to provide our hyperlinked roadmap and discuss navigating the complexities of critical infrastructure security.

< Get Your Copy of the Guide Today >

1. Chemical Sector
   • Description: Involves the production, storage, and transportation of chemicals used in various industries, including pharmaceuticals and agriculture.
   • Sector Risk Management Agency: Department of Homeland Security (DHS)
   • Example Industries/Organizations: Petrochemical plants, pharmaceutical companies, fertilizer producers, paint manufacturers, industrial gas producers, plastic manufacturers, and pesticide manufacturers.
   • ExampleSecurity Standards/Regulations/Frameworks: Occupational Safety and Health Administration (OSHA) standards, Environmental Protection Agency (EPA) regulations, Chemical Facility Anti-Terrorism Standards (CFATS).
   • Example Funding Sources Related to Security: DHS Homeland Security Grant Program, EPA grants.
2. Commercial Facilities Sector
   • Description: Consists of sites that host large numbers of people for business, entertainment, or lodging purposes, such as shopping centers and sports venues.
   • Sector Risk Management Agency: DHS
   • Example Industries/Organizations: Shopping malls, hotels, casinos, sports stadiums, convention centers, amusement parks, and office buildings.
   • ExampleSecurity Standards/Regulations/Frameworks: National Fire Protection Association (NFPA) standards, International Building Code (IBC), Americans with Disabilities Act (ADA) regulations.
   • Example Funding Sources Related to Security: DHS Urban Area Security Initiative, Federal Emergency Management Agency (FEMA) grants.
3. Communications Sector
   • Description: Encompasses the infrastructure for the transmission of voice, data, video, and internet communications.
   • Sector Risk Management Agency: DHS
   • Example Industries/Organizations: Telephone networks, internet service providers, satellite communications, radio stations, television broadcasters, and fiber optic networks.
   • ExampleSecurity Standards/Regulations/Frameworks: Federal Communications Commission (FCC) regulations, National Institute of Standards and Technology (NIST) Special Publication 800 series, Telecommunications Industry Association (TIA) standards.
   • Example Funding Sources Related to Security: FCC Universal Service Fund, National Telecommunications and Information Administration (NTIA) grants.
4. Critical Manufacturing Sector
   • Description: Produces essential goods such as primary metals, machinery, electrical equipment, and transportation equipment vital to national security and economic stability.
   • Sector Risk Management Agency: DHS
   • Example Industries/Organizations: Steel mills, automotive manufacturers, aerospace manufacturers, electronics producers, machinery manufacturers, electrical equipment producers, and shipbuilding companies.
   • ExampleSecurity Standards/Regulations/Frameworks: International Organization for Standardization (ISO) standards, American National Standards Institute (ANSI) standards, OSHA regulations.
   • Example Funding Sources Related to Security: Department of Commerce grants, Small Business Administration (SBA) loans.
5. Dams Sector
   • Description: Includes dam infrastructure that provides water retention, hydroelectric power, and flood control.
   • Sector Risk Management Agency: DHS
   • Example Industries/Organizations: Hydroelectric power plants, flood control dams, irrigation dams, water supply reservoirs, navigation locks, levees, and spillways.
   • ExampleSecurity Standards/Regulations/Frameworks: Federal Energy Regulatory Commission (FERC) regulations, U.S. Army Corps of Engineers guidelines, Dam Safety Program standards.
   • Example Funding Sources Related to Security: FEMA Hazard Mitigation Grant Program, U.S. Army Corps of Engineers funding.
6. Defense Industrial Base Sector
   • Description: Supplies products and services essential for military operations, including weapons, vehicles, and technology.
   • Sector Risk Management Agency: Department of Defense (DoD)
   • Example Industries/Organizations: Military aircraft manufacturers, shipbuilders, missile manufacturers, defense electronics producers, armored vehicle producers, ammunition manufacturers, and cybersecurity firms.
   • ExampleSecurity Standards/Regulations/Frameworks: Defense Federal Acquisition Regulation Supplement (DFARS), NIST Special Publication 800-171, International Traffic in Arms Regulations (ITAR).
   • Example Funding Sources Related to Security: DoD contracts, Defense Production Act funding.
7. Emergency Services Sector
   • Description: Comprises services such as police, fire, and emergency medical services that are crucial for public safety and health.
   • Sector Risk Management Agency: DHS
   • Example Industries/Organizations: Police departments, fire departments, emergency medical services, search and rescue organizations, emergency management agencies, hazardous materials teams, and disaster response organizations.
   • ExampleSecurity Standards/Regulations/Frameworks: National Incident Management System (NIMS), NFPA standards, OSHA regulations.
   • Example Funding Sources Related to Security: DHS Assistance to Firefighters Grant Program, FEMA grants.
8. Energy Sector
   • Description: Involves the production and distribution of energy, including electricity, oil, and natural gas.
   • Sector Risk Management Agency: Department of Energy (DOE)
   • Example Industries/Organizations: Electric power utilities, oil refineries, natural gas companies, renewable energy producers, coal mining companies, nuclear power plants, and energy transmission companies.
   • ExampleSecurity Standards/Regulations/Frameworks: North American Electric Reliability Corporation (NERC) standards, FERC regulations, NIST Cybersecurity Framework.
   • Example Funding Sources Related to Security: DOE grants, Rural Energy for America Program.
9. Financial Services Sector
   • Description: Encompasses institutions that manage monetary transactions, including banks, credit unions, and stock exchanges.
   • Sector Risk Management Agency: Department of the Treasury
   • Example Industries/Organizations: Commercial banks, investment firms, insurance companies, credit card companies, stock exchanges, credit unions, and mortgage lenders.
   • ExampleSecurity Standards/Regulations/Frameworks: Gramm-Leach-Bliley Act (GLBA), Payment Card Industry Data Security Standard (PCI DSS), NIST Special Publication 800-53.
   • Example Funding Sources Related to Security: Community Development Financial Institutions Fund, SBA financial assistance.
10. Food and Agriculture Sector
    • Description: Covers the production, processing, and distribution of food products, as well as agriculture and livestock farming.
    • Sector Risk Management Agency: Department of Agriculture (USDA) and Department of Health and Human Services (HHS)
    • Example Industries/Organizations: Farms, food processing plants, grocery stores, fisheries, livestock producers, agricultural equipment manufacturers, and food transportation companies.
    • ExampleSecurity Standards/Regulations/Frameworks: Food Safety Modernization Act (FSMA), USDA regulations, Food and Drug Administration (FDA) regulations.
    • Example Funding Sources Related to Security: USDA grants, Agricultural Marketing Service funding.
11. Government Facilities Sector
    • Description: Includes buildings owned or leased by federal, state, and local governments for various functions and services.
    • Sector Risk Management Agency: DHS and General Services Administration (GSA)
    • Example Industries/Organizations: Federal buildings, state capitals, courthouses, military bases, embassies, municipal buildings, and government research facilities.
    • Example Security Standards/Regulations/Frameworks: Federal Facility Security Standards, International Building Code (IBC), ADA regulations.
    • Example Funding Sources Related to Security: GSA funding, FEMA Public Assistance Program.
12. Healthcare and Public Health Sector
    • Description: Comprises public and private organizations that deliver medical, behavioral health, and pharmaceutical services, manufacture drugs, devices, and medical supplies, and ensure public health.
    • Sector Risk Management Agency: HHS
    • Example Industries/Organizations: Hospitals, pharmaceutical companies, medical device manufacturers, public health agencies, health insurance companies, pharmacies, laboratories, and clinics.
    • ExampleSecurity Standards/Regulations/Frameworks: Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, FDA regulations, Joint Commission standards, Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), NIST Cybersecurity Framework.
    • Example Funding Sources Related to Security: Health Resources and Services Administration (HRSA) grants, Centers for Disease Control and Prevention (CDC) funding.
13. Information Technology Sector
    • Description: Encompasses the infrastructure that supports computing services, including hardware, software, and networks.
    • Sector Risk Management Agency: Department of Homeland Security (DHS)
    • Example Industries/Organizations: Software companies, hardware manufacturers, cloud service providers, data centers, cybersecurity firms, internet service providers, and information technology (IT) consulting firms.
    • ExampleSecurity Standards/Regulations/Frameworks: NIST Cybersecurity Framework, ISO/IEC 27001, Federal Information Security Management Act (FISMA).
    • Example Funding Sources Related to Security: National Science Foundation (NSF) grants, DHS cybersecurity funding.
14. Nuclear Reactors, Materials, and Waste Sector
    • Description: Involves the generation of nuclear power and the management of radioactive materials and waste.
    • Sector Risk Management Agency: DHS
    • Example Industries/Organizations: Nuclear power plants, uranium mining companies, radioactive waste management facilities, nuclear fuel manufacturers, research reactors, nuclear medicine facilities, and decommissioning services.
    • ExampleSecurity Standards/Regulations/Frameworks: Nuclear Regulatory Commission (NRC) regulations, International Atomic Energy Agency (IAEA) standards, DOE nuclear safety guidelines.
    • Example Funding Sources Related to Security: DOE funding, NRC grants.
15. Transportation Systems Sector
    • Description: Covers the infrastructure for the movement of people and goods, including: pipelines, roads, railways, airways, and seaports.
    • Sector Risk Management Agency: DHS and Department of Transportation (DOT)
    • Example Industries/Organizations: Airlines, railroads, shipping companies, public transit systems, trucking companies, airports, and ports.
    • ExampleSecurity Standards/Regulations/Frameworks: Federal Aviation Administration (FAA) regulations, Federal Railroad Administration (FRA) standards, Maritime Transportation Security Act (MTSA).
    • Example Funding Sources Related to Security: Federal Transit Administration (FTA) grants, FAA funding.
16. Water and Wastewater Systems Sector
    • Description: Involves the infrastructure for water treatment, distribution, and wastewater management.
    • Sector Risk Management Agency: EPA
    • Example Industries/Organizations: Water treatment plants, wastewater treatment facilities, municipal water utilities, desalination plants, irrigation companies, stormwater management systems, and well water systems.
    • ExampleSecurity Standards/Regulations/Frameworks: Safe Drinking Water Act (SDWA), Clean Water Act (CWA), EPA regulations.
    • Example Funding Sources Related to Security: EPA State Revolving Fund, USDA Rural Development Water and Waste Disposal Loans and Grants.

As you can see, there are certainly overlapping and refined details to discover based on the intricacies of your organization. Let us streamline the information to support your needs. If you still have questions, let's connect here. We are happy to help you protect, create, and recover value.

Footnote

1 Example standards/regulations/frameworks and example funding sources may vary in applicability across different industries/organizations within a given sector. The standards/regulations/frameworks listed may include voluntary or recommended (i.e., non-compulsory) frameworks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.