Critical infrastructure security: the need for a twofold approach