Abstract
Not all infrastructures are critical. In most countries' definitions, a critical infrastructure (CI) is a collection of indispensable assets that provide an essential support for economic and social well-being, for public safety and for the functioning of key government responsibilities. CI assets can be classified into three broad categories: Physical, Cybernetic and Human. In the present era, Information and Communication Technology sector (e.g., Cloud Computing, Big Data, Internet of Things) can be regarded as the backbone of the economies of developed and the developing countries worldwide since they provide basic services to all segments of a society. Critical infrastructure protection (CIP) is a concept du jour in many developed countries. The present chapter discusses the method of protecting critical infrastructures in developing countries. It observes many developing countries experiencing massive growth in Internet capacity and the use of Internet-based technologies. Attacks on the information infrastructure can severely affect the ability of a country to function effectively.
TopCritical Infrastructure
Critical infrastructure (CI) refers to those essential physical and information technology facilities, networks, services and assets, which, if disrupted or destroyed, would have a serious impact on the health, safety, security, economic or social well-being or the effective functioning of government as proposed in Graham (2011).
According to Bennett (2007), not all infrastructures are critical. A product or service is critical when either it provides an essential contribution in maintaining a defined minimum level of national or international law and order, public safety, economic life, public health, and environmental protection, or if the disruption of its ability to provide product or services hurts citizens or government administration and may endanger security. Some are critical only when others are damaged (e.g., emergency services).
As proposed in Schrogl and Hays (2015) a critical infrastructure is a collection of indispensable assets. An asset, a subset of a critical infrastructure, is something of high importance or high value and can include people, property, or information systems. Critical infrastructures are best selected by each individual jurisdiction, as they know their specific circumstances best, e.g., Global Positioning System (GPS) timing signals currently provide the “heartbeat” that synchronizes all global telecommunications networks, yet there is a lack of appreciation for this dependency and underdeveloped policies to ensure protection of this critical space infrastructure.
The definitions of “infrastructure” used in official descriptions of critical infrastructure tend to be broad. Most also include intangible assets and/or to production or communications networks.
The danger when discussing CI is making it either too broad or too narrow. Any country has fully defined what is critical and what is not. Critical infrastructure, key resources, and key assets are located everywhere and anywhere. They are present in all aspects of our daily routine. It is easy to define them as a collection of assets present within a jurisdiction. A jurisdiction is a responsible party that has authority and control over the activities within a specific geographical area.
The following qualifications impact the criticality of infrastructure:
- •
The more dependencies, the more critical.
- •
The more vulnerable, the more critical.
- •
Lack of alternatives increases its criticality.
Graham (2011) broke down CI assets into three broad categories that span all sectors of country’s economy:
- 1.
Physical: These are all the tangible assets e.g., roads, oil and gas pipelines, electrical power transmission and distribution networks, telecommunication (data, voice) networks, dams, and vital institutions such as hospitals that are deemed essential to maintaining our society. Physically stored information is a part of this category.
- 2.
Cybernetic: This rapidly expanding category includes all the technology that depends upon information, hardware, software, data, and networks used within the CI context. This also includes all electronic information stored within these systems and controlling and monitoring systems that permit remote management of CI asset components.
- 3.
Human: Often forgotten in this discussion are the people who operate CI systems. They have knowledge, know-how, and experience that, if lost, represents a major threat to the ability to sustain or restore CI systems. Also included are other elements of human threats such as the potential for insider access to physical plant and systems as well as the robustness of management and culture to be alert to threats and build in resilience.
Key Terms in this Chapter
Big Data: A term for data sets that is so large or complex that traditional data processing applications are inadequate to deal with them. Challenges include analysis, capture, data curation, search, sharing, storage, transfer, visualization, querying, updating and information privacy. The term “big data” often refers simply to the use of predictive analytics, user behavior analytics, or certain other advanced data analytics methods that extract value from data, and seldom to a particular size of data set. Accuracy in big data may lead to more confident decision-making, and better decisions can result in greater operational efficiency, cost reduction and reduced risk.
Critical Infrastructure: Critical infrastructure (CI) refers to those essential physical and information technology facilities, networks, services and assets, which, if disrupted or destroyed, would have a serious impact on the health, safety, security, economic or social well-being or the effective functioning of government.
Critical Infrastructure Protection: Protection mechanisms, improve CI evaluation and protection, CI resilience, National Cybersecurity. Critical infrastructure protection is an area where an effective private public partnership is required. The main aim is to increase their resilience and to reduce the effects that a fault, regardless of its accidental or intentional origin, might produce.
Cloud Computing: It is one type of internet-based computing system which provides shared computer processing resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g., computer networks, servers, storage, applications and services),which can be rapidly provisioned and released with minimal management effort.
Internet of Things: The internet of things (IoT) is the internetworking of physical devices, vehicles, buildings and other items - embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.In 2013 the Global Standards Initiative on Internet of Things (IoT-GSI) defined the IoT as “the infrastructure of the information society.” The IoT allows objects to be sensed and/or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. When IoT is augmented with sensors and actuators, the technology becomes an instance of the more general class of cyber-physical systems, which also encompasses technologies such as smart grids, smart homes, intelligent transportation and smart cities. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts estimate that the IoT will consist of almost 50 billion objects by 2020.
Developing Countries: A developing country, also called a third world country, a less developed country or underdeveloped country, is a nation with a less developed industrial base and a low Human Development Index (HDI) relative to other countries. However, since the late 1990s developing countries tended to demonstrate higher growth rates than the developed ones. There are no universally agreed-upon criteria for what makes a country developing versus developed and which countries fit these two categories,[3] although there are general reference points such as a nation's GDP per capita compared to other nations. Also, the general term less-developed country should not be confused with the specific least developed country.