IDG Contributor Network: Combating cyber threats in critical infrastructure through due diligence

Imagine a major city in the United States without power. Transportation systems would fail, and businesses would have to shut down. Large segments of the population would panic. Considering the important role these sectors have in our country’s economy and way of life, the stakes are high. No one can deny the importance of critical infrastructure cybersecurity. Even more due diligence is required when building a cybersecurity program in key, critical infrastructure sectors.

Many critical infrastructure companies are working hard to become resilient to cyberattacks, but unfortunately, they face an uphill battle. So how do security leaders in these sectors execute cyber due diligence? In this article, I’ll be diving into a few of these sectors – energy, transportation and logistics –  and will give you recommendations based on my experience.

What is critical infrastructure?

The US Patriot Act defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety.” There are many critical infrastructure sectors, ranging from energy, to transportation, to telecom that need protection from cyberattacks since they are so important to our national security, economy and daily life.


Energy and utility organizations focus on preventing cybersecurity attacks, because without a stable energy supply, our economy cannot function. I have done a fair amount of work in this field, helping major companies in the energy sector protect their systems.