Not all cybersecurity risks are created equal, and because threats are constantly evolving, it’s crucial to regularly perform and update risk assessments. That’s especially true for critical infrastructure, where cyber attacks can have life-threatening consequences. But are critical infrastructure cyber-risk assessments different than traditional IT cyber-risk assessments? The answer is importantly yes.
To understand how the assessments differ, it’s important to first establish how the risks differ:
The degree of danger associated with critical infrastructure cyber-risk is significantly higher than with traditional IT cyber-risk. For example, if someone were to steal your identity and open a credit card in your name, it would certainly disrupt your personal life, but you are unlikely to be held accountable for the fraudulent charges. In contrast, if bad actors were to shut down the electric grid, poison the local water system or compromise a reservoir dam, your family could be in life-threatening danger. Sufficiently widespread critical infrastructure attacks could also have grave national security implications.
