Critical Infrastructure

Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure. ASIS curated resources speak to these concerns.

View past Spotlight's on topics like Leadership, Security Metrics, and Terrorism.

Have a suggestion for spotlight topic? Let us know the security management issues you'd like to see covered.

 Free Resources

Free Resources

Critical Infrastructure Protection From a Private Security Perspective

ASIS Webinar

Speaker: Keith Melo, emergency management program coordinator, George Brown College, Ontario, Canada. Key points from the program include:

  • 85 percent of the world’s critical infrastructure is owned by the private sector. Partnerships —fire, police, hospitals, EMS—are key.

  • Emergency management is an ongoing process based on a changing threat risk assessments.

  • Leadership and training on the “Pillars of Preparedness” will help a business survive the domino effect caused by an incident at a neighboring utility, dam, or oil spill.


Utility Security Risk Management: Security Program Fundamentals

ASIS Utilities Security Council White Paper

This 29-page, peer reviewed paper written by security experts in both the public and private sector, describes advancements in comprehensive risk management in critical and high-risk environments, including nuclear generation, gas and oil refineries, and dam safety.  Several charts depict a framework for managing risk. Key points include:

  • The expansion of utilities assets into the public domain—especially as it relates to the proliferation of IT assets in the smart grid and control systems—increases the potential for attacks.

  • A simple formula, risk = probability + consequences, can be used to measure risk for a utility.

  • If the risk assessment is inadequate, outdated, or unused, the utility could be held liable for damages if, for example, a patient became sick because the hospital did not have clean water.


Not yet an ASIS member?

Join now and gain access to
  • the world's largest library of security management resources
  • an online directory of ASIS members worldwide
  • a vast network of 234 local chapters
Learn more about the ASIS Advantage

​Members Only

Critical Infrastructure Protection: The Way Ahead

 ASIS Webinar

Speaker: Ron Martin, CPP, retired after a career with the U. S. Army and with the U. S. Department of Health and Human Services.

Martin cited numerous presidential directives and standards that provide guidance on forming security policies and protection efforts. He walked attendees through the National Infrastructure Protection Plan (NIPP) available on the Department of Homeland Security website. He also touched on presidential directives that have guided the federal response to critical infrastructure risks. Key points include:

  • Cyber threats are the greatest risk because the U.S. has many adversaries who would like to disrupt its resources.

  • DHS has been charged with identifying the critical infrastructure with the greatest cyber threat potential and give direction to the Executive Branch of the U.S. government.

  • A dashboard can be used to continuously monitor physical security information management, security event management, and security information management, thereby assessing security options for the future.


Securing Port and Maritime Assets

ASIS 2014 session

Speaker: Former Navy Seal Alan Oshirak. During his military service, Oshirak worked in the international maritime community and with the U.S. Coast Guard on port and harbor security issues.

During the session, Oshirak discussed the threats to international port security: external actors, insider threats, graft and corruption, piracy, and  labor unrest, including protests and demonstrations.  Key points include:

  • There is not a lot of integration among port authorities and ship owners on security matters, and this lack of coordination can tie up a port very quickly.

  • If a ship is simply passing through a port to another destination, it will rarely be pulled out of the queue to check its cargo.

  • If ships could be screened as many as two days before they enter a port, authorities would have a great chance to divert a ship if intelligence suspects illegal cargo or activities. It’s hard to stop a ship once it enters the port’s queue.


Sources of Information on the Security of Critical Infrastructure

ASIS IRC Reference Guide

A comprehensive review of the many books, Security Management articles, journals, annual seminar recorded sessions, and IRC security databases and catalog offerings.