Can Infrastructure be Truly Modernized Without Cyber Security Defenses Included?

By Matthew Vulpis, Content Contributor  |  May 21, 2021

With a $2 trillion bill being debated in Washington, DC and the recent attack on the Colonial Pipeline earlier this month, lawmakers, analysts, economists, and the media are shining a very bright light on the need to not just build – but secure – mission-critical systems that impact every organization and individual every single day.

Without dedicated cybersecurity funding, experts believe even the most advanced infrastructure will be vulnerable to catastrophic hacks.

The administration and Congressional leaders wish to pour trillions of dollars into upgrading America’s airports, roads, shipping ports, public buildings, schools, water systems, energy grids, and more, instrumenting the world with sensors that can collect and analyze data to ensure resilience and efficiency. And while the Industrial Internet of Things will continue to generate enormous value, unless the networks that connect to the edge to collect information are rock solid, “unintended consequences” could be grave.

Designing and building security into any complex infrastructure with digital components is easier to do in the beginning, compared to retrofitting after the fact, and getting cyber security straight as part of planning, budgeting, and building is especially important given modernized roads, bridges, tunnels, and a new wave of sustainable energy creation that is designed to be in place for decades to come.

The current plan, as laid out by the White House, would give NIST $14 billion, which is 14 times its annual budget, to “bring together industry, academia, and government to advance technologies and capabilities critical to future competitiveness,” according to a statement from the administration.

NIST could use some of that money to update cybersecurity standards for industrial control systems, and CISA, with a long history of assisting infrastructure operators, could work collaboratively to ensure cyber security measures are backed into every project going forward.

While the jury is still out on what the bill will look like after negotiations on Capitol Hill, cyber security industry leaders are preparing to participate, which was made evident in last week’s United for Infrastructure events, which brought together public and private sector agencies and organizations to discuss and debate priorities.

Nearly every event included conversations about the urgency of cyber security as a “must-have” to make sure the digital innovations emerging do not end up causing more harm than good.

We asked Chris Swan, CRO of Dispersive, an innovative, secure virtual networking company with a unique solution and reputation for protecting critical infrastructure, to share what the company is seeing in their interactions with government agencies, utilities, industrial and infrastructure customers and partners.

“Utility and communications networks are more mutually interdependent than ever before, constantly converging, and critically connected,” Swan said. “With new distributed generation, storage, and other network-enabled assets linking to the US grid daily, utilities, balancing authorities, and other grid partners must increase protection and situational awareness across the network all the way to the edge.

Swan explained that this convergence and growing interdependency must be fully understood as cyber-physical infrastructure networks are built out. “Security measures must be implemented to protect critical elements of both from cascading failures and potentially catastrophic events,” he said.

In the 1990s, local area networks began tying centralized and previously isolated utility supervisory control and data acquisition (SCADA) to each other, increasing overall grid coordination.

“As the number and diversity of connected assets have increased and analytics have become the lifeblood of critical infrastructure, the trend has been to interface SCADA operating technology (OT) environments to information technology (IT) networks. This combination has helped operators gain a more granular picture of the increasingly complex grid, improve efficiencies and plan capabilities in multiple areas, but has also created a digital layer that adversaries understand can be attacked for ransom as we saw in the Colonial Pipeline incident,” Swan said.

“Innovation is leading to improved efficiencies across the energy ecosystem, but unfortunately, the increased interdependence of the data networks and electricity infrastructure has also heightened vulnerabilities.”

It is a well-known fact that the US lags behind other developed countries when it comes to critical infrastructure.

According to a very recent report from Statista, Singapore is the global leader in overall infrastructure, with a value of 95.4 on a scale of 0 to 100. The United States was ranked 13th.

“While there are many types of infrastructure, electric power is a critical resource,” Swan said. “Threats to the power grid are very real and growing rapidly, so this is an ideal time for the private sector and federal, state, and local government agencies to accelerate their efforts to assure that US grid networks remain secure, resilient, and capable of providing service and support.”

“Americans have long been supportive of upgrading and modernizing our crumbling infrastructure,” Swan concluded. “They are also increasingly aware of cyber attacks, the impact they have, and that infrastructure programs must move beyond shovels and concrete to include modern secure network access, control, and surveillance.”




Edited by Luke Bellos