You are here:

Week 4: Protecting Critical Infrastructure from Cyber Threats

The systems that support our daily lives – such as electricity, financial institutions and transportation – are increasingly dependent upon the internet. Building resilience in critical infrastructure is crucial to our national security.

This week, we'll look at how cybersecurity relates to keeping traffic lights, running water, phone lines, and other critical infrastructure secure.

The Department of Homeland Security (DHS) has identified 16 critical infrastructure sectors. The Information Technology Sector is one of these 16 critical infrastructures. DHS has established Security and Resiliency as part of their responsibility for protecting the nation’s infrastructure. 

Did you know?

There are very simple things we can do every day to protect the University's critical information technology infrastructure. 

Security

Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience defines security as reducing the risk to critical infrastructure by physical means or defense cyber measures to intrusions, attacks, or the effects of natural or manmade disasters.

Examples of security measures include:

  • Badge entry at building entrances and doors
  • Using antivirus software
  • Fencing around buildings
  • Locking computer screens when leaving your desk

The University’s Policy 4-004 has two supporting Rules that outline how to further protect our Information Technology sector.

If you see something suspicious, report it

Report a physical security incident (e.g. people jumping fences or unauthorized access to facilities or maintenance areas) to Campus Police at 801-585-COPS.

Reporting a cyber security incident can be done by reporting to your designated help desk. Examples of cyber security incidents can include sharing University passwords or accounts, overheard bragging of compromised school/hospital information systems, or witnessing tampering with University IT Resources.

Hospitals & Clinics: 801-587-6000
Main Campus: 801-581-4000 option 1

Resilience

PPD-21 defines resilience as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

Examples of resilience measures include:

  • Developing a business continuity plan
  • Having a generator for back-up power
  • Using building materials that are more durable

The University’s Rule 4-004M: Business Continuity and Disaster Recovery ensures the University’s information security requirements are included in business continuity and disaster recovery management.


How to report cyber security incidents at the U

The Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of University of Utah information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.

Reporting an incident can be done by reporting to your designated help desk:

Hospitals & Clinics: 801-587-6000
Main Campus: 801-581-4000 option 1

Helpful Links

Tweets by ISO

Last Updated: 9/30/18