Hoosiers rely on critical infrastructure to travel; communicate with friends, family, coworkers and customers; conduct business; handle money; obtain clean, safe food and water; and conduct many more important daily functions. Managing risks to critical infrastructure involves planning and preparing for all hazards, reinforcing the resilience of assets and networks, and staying ever vigilant and informed.
Indiana's security and economic prosperity depend on critical infrastructure, which is at risk from many natural and man-made hazards and threats. Just as all residents rely on this infrastructure, all also must play a role in keeping it strong, secure and resilient.
During Infrastructure Security Month each November, the Indiana Department of Homeland Security (IDHS) joins with partners nationwide to urge you, your family and businesses throughout Indiana to do your part at home, at work and in your community to be vigilant and incorporate safety practices and cybersecurity behaviors into your daily routines. On a daily basis, if you see something, say something by reporting suspicious activities to law enforcement.
During times of crisis, be sure to check the Indiana Business Emergency Operations Dashboard, which was developed to be an Indiana-centric version of the U.S. Department of Homeland Security's NBEOC Operations Dashboard. These tools allow important information to be shared between the private sector and the government in a more steady, interactive format during ongoing emergencies.
Critical Infrastructure Overview
What Is Critical Infrastructure?
Critical infrastructure refers to the systems, networks and assets that provide services that are so essential that their incapacitation or destruction would debilitate security, the economy or public health or safety. According to the Cybersecurity and Infrastructure Agency (CISA), there are 16 areas whose physical and virtual assets are considered critical infrastructure:
- Chemical: producers of basic, specialty, agricultural, pharmaceutical and consumer chemicals and products
- Commercial facilities: sites that draw many people to them, such as hotels, malls, stadiums, convention centers, offices and apartment buildings
- Communications: wirelines, wireless and satellite systems
- Critical manufacturing: metals manufacturers, machinery manufacturers, transportation equipment manufacturers and electrical equipment, appliance and component manufacturers
- Dams: dams used for power, water supplies, agriculture, flood control and shipping
- Defense industrial base: military weapons systems and the complex set of industries to support them
- Emergency services: law enforcement agencies, fire departments, emergency medical services, emergency management agencies and public works departments
- Energy: producers of electricity, oil and natural gas
- Financial services: banks and investment companies
- Food and agriculture: farms, restaurants and the facilities that produce, process and store food
- Government facilities: government buildings used for business, commercial or recreational activities
- Healthcare and public health: providers of health services
- Information technology: hardware, software and systems and services that connect using networks such as the internet
- Nuclear reactors, materials and waste: inactive and active nuclear power plants, testing facilities and nuclear fuel producers
- Transportation systems: aviation, highway and motor carrier, maritime, mass transit, pipeline, railroad and postal systems
- Water and wastewater systems: water supply and wastewater treatment systems
What To Do
Hoosiers need to develop a firm understanding of the risks to critical infrastructure and play their own role in their community or business to guard against these risks. Critical infrastructure is highly interconnected, meaning critical infrastructure systems often depend on other areas of critical infrastructure to operate. For example, almost all critical infrastructure relies on cyber technology. These systems may be connected to the internet, which increases their vulnerability to attacks. When one area of critical infrastructure experiences a cyber attack, like the 2021 ransomware attack on a gas pipeline, it impacts many others.
Because most critical infrastructure is privately owned and operated, the public must share responsibility to prevent and reduce exposure to risks. These efforts will pay off in multiple ways: prevent disruptions, lessen the scope of incidents, improve the ability to respond to events and shorten the recovery time after the emergency has ended.
Developing a customized continuity plan, or emergency plan, may be one of the first actions you need to take for your household or organization. The plan should take into account different types of emergencies, such as a fire, natural disaster, terrorist threat or attack, cyber attack or power outage. The plan should include:
- Critical activities performed
- Orders of succession
- Delegations of authority
- Locations other than the main facility to carry out essential work functions
- Communication capabilities
- Vital records to maintain
- People to help support emergency efforts
- How to train and practice the plans
- Procedures to transfer responsibilities to other staff or facilities
- How to resume normal operations after the emergency
Critical infrastructure sector-specific plans are available via the CISA website. The IDHS Planning and Assessment Section also diligently works in conjunction with public and private stakeholders to provide plans to keep critical infrastructure resolute and secure. Learn more about continuity planning from IDHS
Guidance for Highlighted Critical Infrastructure Areas
Below are several critical infrastructure areas highlighted for Hoosiers.
The critical manufacturing sector makes products that other sectors depend on, especially energy and transportation, meaning that supply chain disruptions can have far-reaching impacts.
The U.S. Department of Homeland Security is this sector's lead coordinator of partnerships and primary federal government agency. It has released the following guidance:
- Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance
- Critical Manufacturing Sector Security Guide
The U.S. Department of Energy is this sector's lead coordinator of partnerships and primary federal government agency. It has released the following guidance:
- Electricity Sub-Sector Cyber-Physical Security Spotlight
- Energy Sector Cybersecurity Framework Implementation Guidance
- Indiana Energy Sector Risk Profile
- SLTT Program Resource Library
Food and Agriculture
With more than 50,000 farms, Indiana ranks in the top 10 nationally in total agricultural production and is a top producer of turkeys, pigs, eggs, corn, soybeans, pumpkins, watermelon and mint. The U.S. food and agriculture sector overall comprises one-fifth of the country's economy as it produces food for people across the globe.
The U.S. Department of Agriculture and U.S. Food and Drug Administration (Department of Health and Human Services) are this sector's lead coordinators of partnerships and primary federal government agencies. They have released the following guidance:
- Food and Agriculture Sector-Specific Plan
- Food Defense Tools
- Food Defense Training
- See Something, Say Something Flyer
The transportation sector makes it possible for people and goods to move quickly and securely throughout the country.
The U.S. Transportation Security Administration (Department of Homeland Security) and U.S. Department of Transportation are this sector's lead coordinators of partnerships and primary federal government agencies. They have released the following guidance:
- Transportation Sector Cybersecurity Framework Implementation Guide
- First Observer Plus Training and Hotline
- Intermodal Security Training and Exercises
- Surface Transportation Cybersecurity Toolkit
Water and Wastewater
The water and wastewater sector supplies safe drinking water and treated wastewater.
The U.S. Environmental Protection Agency is this sector's lead coordinator of partnerships and primary federal government agency. It has released the following guidance:
- Cyber Risks and Resources: Supply Water Infographic
- Cyber Risks and Resources: Wastewater Infographic
- Organization Resource List
- Route to Resilience Interactive Training Tool