‘Critical infrastructure’ defined as vulnerable to cyber attack include malls, zoos and power grid

(Cyberwar.news) As more of American society becomes connected to the Internet, much more things become vulnerable to cyber attacks, meaning the government’s “critical infrastructure” list continues to grow as well.

In fact, according to the Department of Homeland Security, which defines critical infrastructure, “there are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

The sectors are energy, defense, transportation, food and agriculture, emergency services, communications, water and wastewater, manufacturing, chemical, commercial facilities, dams, finance, healthcare, government facilities, nuclear facilities, and information technology – just about everything, notes Grist.org.

Included under the “commercial facilities” category are hotels, amusement parks, apartment buildings, zoos, museums, casinos, Hollywood studios and many other businesses you wouldn’t think would qualify as an important national security asset.

• More: Fiorina calls cyber security ‘urgent’ in face of rising threats, says govt. should work with private industry

In fact, even some former high-ranking DHS officials and analysts think that some listings are just over-the-top.

“This strikes me as faintly ludicrous,” Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security, wrote after learning that Sony was considered critical infrastructure. “America will not collapse if Hollywood is dark. If everything is critical, then nothing truly is critical.”

As Wired noted further, there is only so much the federal government can mandate protection, which may be why nearly everything is considered “vital:”

Since most critical infrastructure is in the hands of the private sector, the government cannot impose itself on these industries or mandate that they take certain security measures. There is an exception to this — the handful of industries that are government regulated, such as the financial, health and nuclear industries. All the government can do for other industries that are not regulated is advise best practices, share threat intelligence with them, and provide forensic and recovery assistance after an attack. The government can also use its intelligence powers to spot attacks that are in the works and ward them off, though the nature and limits to what the government can do in this regard are still murky.

That said, an Obama administration priority – albeit a late one – has been to work with private industry on ways to jointly protect vital systems. Since the government cannot impose solutions on industries where there is little regulation, the next best thing is to win cooperation from the corporate world, which does indeed possess assets that would could be detrimental to security.

See also:

Grist.org

Lawfare

Wired

Cyberwar.news is part of the USA Features Media network of sites.