Many people may have heard the term Critical National Infrastructure (CNI) and wondered why it needs to be protected or how it impacts them. CNI is all around us and impacts every aspect of our lives, including how we travel, what we eat and how we eat, where our energy comes from, and how we communicate. This blog will answer what is Critical National Infrastructure and provide CNI examples.
Introduction: What is Critical National Infrastructure?
Critical National Infrastructure are the things that are essential for the day-to-day functioning of society and the economy. This includes networks, processes, buildings, services, information and people that, if not present, would have a catastrophic impact on society's economic security, safety or health.
Critical national infrastructure definition also extends it to specific sites and organisations which aren't classed essential but need protection due to the danger to society if they were breached or damaged. These include nuclear power stations and chemical treatment/production facilities.
Critical national infrastructure is commonly used in Government to describe roads, bridges, railways, hospitals etc., but also extends much more into cyber systems, which are equally as vulnerable, if not more, than physical systems.
Not everything within a country's infrastructure is classed as critical; as such, The UK Government has the below definition to ensure CNI has the highest possible protection:
Critical National Infrastructure are critical elements of infrastructure that the loss or compromise of which could result in:
a) A lack or loss of availability, integrity or delivery of essential services
b) Significant impact on national security, defence, or the functioning of the state
To learn more about how CNI is being protected, specifically against cyberattacks, we recommend checking out The National Cyber Security Centre.
Critical National Infrastructure Sectors and Examples
In the UK, there are thirteen CNI sectors - we have included a complete list below with examples:
- Chemicals - Chemical facilities and processors
- Civil Nuclear - Nuclear power plants and waste centres
- Communications - Cell towers and telephone exchanges
- Defence - Military bases
- Emergency services - Hospitals, prisons and police stations
- Energy - Power stations, power lines and backup generators
- Finance - Banks
- Food - Key production factories
- Government - Government buildings such as Number 10 and The Cabinet Office
- Health – Laboratories and testing facilities
- Space - Launch facilities and satellites in orbit
- Transport - Roads, bridges and railways
- Water - Water stations and treatment facilities
In America, there are 16 critical infrastructure sectors (provided in a list below) that the Government defines as:
"There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their destruction would drastically affect security, national economic security, national public health or safety, or any combination thereof."
The complete list of the 16 sectors is as follows:
- Commercial Facilities
- Critical Manufacturing
- Defence Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials and Waste
- Transportation Systems
- Water and Wastewater Systems
Recent calls have also pushed the US to move space onto its list of CNI sectors - a discussion undoubtedly spurred on by the feats of SpaceX and Starlink.
What the Threat of Cyberattacks to CNI Means for Society
Over the past few months, the horrific events in Ukraine highlight just how crucial CNI is and why. CNI is often one of the first things to be targeted during attacks, as failure can cripple a nation. Additionally, without CNI, we lose the ability to protect ourselves from future attacks, making us even more vulnerable.
Without CNI, humanity cannot function, making it the perfect target for criminals looking for a significant payoff. When criminals successfully hack or attack CNI, governments and organisations often have no choice other than giving them what they want to avoid widespread societal disruption. For example, in May 2021, the Colonial Pipeline, which originates in Texas, was hit by a ransomware attack. The attack led to 45% of all fuel consumed on the East Coast being cut off for six days and fuel prices reaching record prices. To restart the pipeline, Brenntag paid 75 Bitcoins ($5m at the time, source) to hackers – highlighting the price companies are willing to pay to get CNI back up and running.
Cyberattacks can be localised or even across a whole country - one cyberattack can lead to a complete blackout of entire sectors, leading to unknown damages and chaos. This means that society not only needs to be aware of the actions they can take against cyber threats, but they also need to do everything they can to reduce the risk - especially if they're working for a company in one of the critical sectors.
Fortunately, there are some fantastic companies and organisations that are making large strides to reduce these risks and help society - these include:
- The Alacrity Foundation: A Government-backed innovation charity that turns recent graduates into tech entrepreneurs through a demand-based approach. Alacrity has incubated several cyber startups, as well as being the incubator where the RECOVAR Team met.
- HutSix: A software company that provides information security awareness training and phishing simulation that improves employee cybersecurity at work and home.
- Hunt: A Real-Time Intelligence tool - security researchers and the OSINT community are currently using Hunt's sister product, Birdhunt, to identify and protect against threats.
How to make Telecommunications Critical National Infrastructure more resilient
Communication is a sector we all interact with every day - whether it be picking up the phone to call a friend, reply to emails or contact emergency services. The PSTN, a legacy copper-based technology that works even during a power cut, is one of the most ingenious ways that telecoms infrastructure was made resilient across the globe.
Copper cables that make up the PSTN are powered during power cuts via emergency generators within telephone exchanges. These generators kick in to provide electricity to critical infrastructure during power cuts to ensure no one is left connected. Check out our previous blog to learn more about how the PSTN works during power cuts.
Despite the PSTN's resilience, its age and cost to run have led to plans to turn it off in 2025 in the UK. This could mean the 1.1m landline-only customers may be without communication to emergency services or support during natural disasters or cyber-attacks. BT is rolling out mobile phones and battery backups to mitigate this risk. This solution may not be appropriate for those who live in the 4% of the UK with no phone signal and is useless during power cuts, as most base stations only have 1 hours' worth or no backup power. When put into perspective, a large power outage would wipe out communication for all those who don't have a PSTN connection.
To learn more about how this could impact the UK, check out Brian Levy's blog article "Current plans to close down the fixed Public Switched Telephone Network (PSTN) need a major rethink."
To protect vulnerable customers and society as a whole, we have suggested a three-step process to make telecoms infrastructure more resilient:
Accurate mapping: How can you make a plan to upgrade or protect technology if you don't know what you're dealing with? As mentioned above, legacy telco networks were installed decades ago and have been iterated on throughout those years without a standardised inventory being maintained - this makes it very difficult to plan and track scalable upgrades and removals without putting customers at risk.
This must be addressed, particularly in advance of the 2025 switch-off and is something RECOVAR is offering through our asset recovery software which digitises the inspection and recovery of telecoms equipment. Our software automates manual processes and standardises datasets required to track removal. Check out our map feature below, which can be used to track the removal of specific manufacturers and equipment from telephone exchanges, cell towers and infrastructure across the UK.
Replacement: The PSTN is over a decade past its design life and certainly needs to be removed. Before it is removed, there needs to be a nationwide replacement of its services. The best option for this could be ensuring complete mobile coverage across the UK to help protect customers' communication during power cuts. Companies are already addressing this problem, such as Streetwave, which creates mobile network performance maps across the UK to monitor and check the quality of the nation's 2G, 3G, 4G and 5G networks.
Energy resilience: Mobile networks are useless during a power cut without backup or independent energy sources. Mobile networks can ensure communication for society during power cuts by developing separate emergency networks powered by generators, solar panels, or wind power – something not currently required by law. The only critical requirement here is that people need access to mobile phones - but arguably, this is a cost worth paying to ensure vulnerable customers aren't left disconnected during PSTN removal.
During floods, even backup power can fail, highlighting the challenge that needs to be addressed as the weather gets more extreme and the need for resilience increases as we move to next-generation telco networks.
CNI Critical National Infrastructure FAQs
How can I learn more about the National Infrastructure CPNI?
What are examples of critical infrastructure?
Critical infrastructure includes highways, bridges, tunnels, railways, utilities and buildings. Transportations and commerce depend on these vital infrastructures. Clean water and electricity also rely on them.
What is critical infrastructure, and why is it important?
Critical National Infrastructure are the things that are essential for the day-to-day functioning of society and the economy. This includes networks, processes, buildings, services, information and people that, if not present, would have a catastrophic impact on physical or economic security, or society's safety or health.
Who owns critical infrastructure?
In the US, the private sector owns roughly 85% of the nation's critical national infrastructure and critical resources. Subsequently, UK and US governments provide support to each private sector to ensure the protection of CNI.
Conclusion: What We Can Do to Protect Our Nation's Most Vulnerable Assets
We need to do more to protect our nation's most vulnerable assets and critical national infrastructure. This includes educating our workforce on the dangers and how we can protect our critical national infrastructure, creating an accurate map of CNI in each sector and collaborating across the public and private sectors to innovate ahead of risks.
If you have any suggestions on how CNI can be protected, would like to book a demo with the RECOVAR Team or ask any questions, feel free to get in touch!