Information security threats that pose risks to corporate IT systems also threaten critical national and business infrastructures, it was claimed today.

Timing its statement with the launch of Infosecurity Europe 2008, the Information Security Forum (ISF) warned that transport systems, utility networks, manufacturing facilities and financial transaction networks are all vulnerable to IT security threats.

The ISF is an independent association of over 300 major businesses and public sector organisations from around the world.

• INFOSEC VIDEO: Interview with Ed Gibson, chief security advisor at Microsoft UK

"The increasing dependence on IT may make this seem rather obvious, but the relationship between information systems and critical infrastructures is frequently overlooked," said Mark Chaplin, the author of the ISF report.

"Furthermore, it appears that information security professionals are rarely involved in the design, planning, implementation and management of infrastructure components - such as vital production lines, support networks and electricity supply, heating and ventilation equipment - and this has to change. "

Chaplin pointed out that almost all critical infrastructure components within an organisation are supported or enabled by information systems.

These range from embedded systems and process control PCs, to sophisticated information systems such as computer-aided manufacturing and supervisory control and data acquisition.

"The dependence on information systems introduces security issues that can have a significant impact on the resilience and reliability of critical infrastructures, regardless of whether the supporting systems are centralised, standalone or embedded," he said.

Threats to critical infrastructures which could damage IT equipment include:

• External threats such as hacking, espionage and denial of service attacks
• Internal threats including human error, malicious misuse and fraud
• Natural or man-made disasters such as fire, flooding or explosions