Infrastructure security is the security provided to protect infrastructure, especially critical infrastructure, such as airports, highways [1] rail transport, hospitals, bridges, transport hubs, network communications, media, the electricity grid, dams, power plants, seaports, oil refineries, liquefied natural gas terminals[2] and water systems. Infrastructure security seeks to limit vulnerability of these structures and systems to sabotage, terrorism, and contamination.[3]
Critical infrastructures naturally utilize information technology as this capability has become more and more available. As a result, they have become highly interconnected, and interdependent. Intrusions and disruptions in one infrastructure might provoke unexpected failures in others, which makes handing interdependencies a key concern.
There are several examples where an incident at one critical infrastructure site affects others. For example, in 2003, the Northeastern American areas experienced a power outage that appears to have originated in the Midwest, and possibly from a tree branch.[4] In 2013, damage caused by a sniper attack at an electrical substation in California threatened power distribution throughout Silicon Valley.[5] The 2020 Nashville bombing caused telecommunications outages in several states.
Critical infrastructure is vital for essential functioning of a country. Incidental or deliberate damage will have serious impact on the economy as well as providing essential services to the communities it serves. There are a number of reasons why infrastructure needs to be heavily secured and protected.
One of the fundamental foundations of modern society is the electrical power systems. An intentional disruption of electricity supplies would affect national security, the economy, and every person's life. Because power grids and their sources are widely dispersed, this is a challenge for the effectiveness of defensive organizations and structures.[6]
Sabotage can damage electrical sources for the power grid, including civilian nuclear power stations. Sabotage in the form of cyberattacks can create havoc with computer, communication, and information systems, which could severely interrupt the electrical supply. This in turn can cause major disruptions to other infrastructure components of society. Comprehensive defense plans are proposed.[7] One method is to isolate load systems. Sophisticated defense systems should be wide-area, real-time protection, with control systems that are alerted and guided by sensing technologies. Communication and information must be capably routed.[7]
Many countries have initiated government agencies to directly manage the security of critical infrastructure usually through the Ministry of Interior/Home Affairs, dedicated security agencies to protect facilities such as United States Federal Protective Service, as well as dedicated transport police such as the UK's British Transport Police and Amtrak Police in the United States.
A number of government organizations focus on infrastructure security and protection. In the USA, the Technical Support Working Group has the Infrastructure Protection Subgroup. The UK has the National Infrastructure Security Co-ordination Centre.
Critical infrastructure sites may deploy perimeter intrusion detection systems, video surveillance, access control and other security systems to detect and respond to intruders and other security events. Meanwhile, maritime and offshore critical infrastructure sites can benefit from the deployment of satellite imagery, sensors, advanced patrol aircraft, autonomous underwater vehicles and anti-drone capabilities, among other solutions.[8]
US or North American specific: