Information Protection in Critical infrastructure protection

In other times, when vast fortunes formed during a war, then the war was business. In nowadays that vast fortunes are created by business, business is war. The entire ecosystem of any type of critical infrastructure (CI) is first and foremost business. As business entity its assets (People, Materials, Property, etc) faces intentionally or unintentionally risks which in their turn will lead to an undesirable outcome well known as Loss. Effective security requires a comprehensive "systems" approach that protects all assets of a CI company to avoid Loss because Loss equates to Cost(s). Providing a CI or site of a CI with effective security involves several factors, some relatively obvious, others less so. The situation is always asymmetric and additionally when security is poorly managed it can leave CI vulnerable to the risk of losing sensitive business information classified or not through espionage activity. Why? Because, while the attacker needs only to identify a single weak point to concentrate upon this the security manager must cover all points of attack. Espionage and the theft of sensitive business information is a violation of law in many countries.