Abstract
This article discusses a practical mechanism to guard against cyber attacks by reducing the applica-tion's exposure to hostile intentions. The article provides the underlying assumptions and theory of attack surface reduction. It then relates practical steps that the user can take to that theory. The outcome of those steps will be a more robust and secure application environment that will increase the effectiveness of defensive measures
The critical information infrastructure (CII) represents the indispensable "nerves and blood" that allow modern societies to work and live. In fact, without it, there would be no distribution of energy, no services like banking or finance, no air traffic control and so on. The CII allows remote control and management of commodities and services, thus reducing costs, to utility companies and consumers alike, and improving efficiency. But the CII was born and developed with an intrinsic, and potentially disastrous, defect: security was never considered a top priority. Today, organized crime, rogue groups or even states may plan to disrupt or destroy portion of the CII or essential services, thus putting in serious dangers governments and economies around the world. This paper outlines the major elements of the CII and the risks to which it might be subject today and tomorrow.
