Is Our Critical Infrastructure At Risk?

Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil and gas supplies to cook our meals. But what happens when the system breaks down?

The critical infrastructure that supports this lifestyle utilizes products that are developed by the private industry. This technology that maintains and protects these systems are all presumed to be tested for secured and authorized access, uninterrupted service, and redundant operation.

Some governments are now realizing that not all of these networks and products are as secure as they expected. As seen in Germany, officials are uncovering severe vulnerabilities that could put critical infrastructure at risk.

Like any network or security system, the threat of hacking or unauthorized entry is ever present. In order to prevent intrusion into our nationally maintained systems, governments have implemented and mandated the use of products that have gone through rigid product hardening and security testing. This ensures that product vendors are not only creating secure products, but using third party testing to verify their claims. Similar to the products that we use in sensitive data centers and networks that secure our national defense, it is time we demand that critical infrastructure elevate the requirements for the products being used and ensure the protection of our local networks.

If the Federal government is mandating the use of security certifications like FIPS 140-2, Common Criteria, and listing on the DoD’s UC APL for Federal purchases, why haven’t we mandated their use for the critical infrastructure that protects the roads, natural resources, and support framework for our local cities and states?

The truth is, some have, and more and more purchasing agencies are starting to ask for proof that the security products they are acquiring are backed by the government and accredited government partners. As this practice evolves, legislature will as well, finally requiring all security products to complete strict certifications and validations.

Learn more about how each security certification can protect products and the way in which we secure our digital world:

FIPS 140-2

Common Criteria