Critical Infrastructure Requires Modernization
September 27, 2021
The May 2021 Colonial Pipeline attack, which resulted in the prolonged closure of one of America’s largest pipelines due to ransomware, highlighted the real-world consequences of a successful cyberattack.
It shut down nearly half of the supply of jet fuel and gasoline for the east coast of the United States, sparking fears of shortages and hoarding, and then, resulting in actual shortages. The company paid a ransom said to be about US$4.4 million.
The vulnerability of critical infrastructure to cyberattacks has been a topic of research and discussion for decades, with references dating back to at least the 1990s in IEEE journals.
So why has this risk exploded into public attention now? And what makes critical infrastructure around the world so vulnerable to cyberattacks?
Critical infrastructure, most of which is operated by private industry, faces the same risk that other businesses face. It’s become far easier, and less risky, to exploit vulnerabilities for profit, which has provided an incentive for people to write ransomware.
“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey.
McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.
“The room for innovation in this space is analogous to the magician’s trick with the fully set table and tablecloth,” he said. “The innovators in this space will be able to replace the table without touching the tablecloth. That could mean in-place upgrades of critical systems, or seamless transitions from a legacy technology to a modern and secure technology.”
Converging Technologies
Some critical infrastructure facilities had long depended on a kind of built-in level of protection due to the obscure nature of the components they use.
These components, referred to as operational technology, are designed to manipulate physical processes, like electrical flows and chemical reactions, as described in IEEE Security and Privacy Magazine. Often, these components are developed using uncommon programming languages, and exploiting these obscure devices would not normally be profitable for cybercriminals because there are millions of easier targets, like personal computers at large companies. Additionally, operational technology has traditionally been insulated from the internet through dedicated communication lines, making it even harder to reach.
Traditionally, cybersecurity efforts related to critical infrastructure have focused on preventing attacks by sophisticated threat actors targeting operational technology to damage the plant itself.
Increasingly, however, operational technology is in contact with internet-connected information technology systems. An electricity provider, for example, may use software to analyze operational data. That data might be useful for the purposes of increasing efficiency or even sending bills to customers. But a ransomware attack impacts the entire operation of that system by targeting the IT systems.
That’s what happened in the case of the Colonial Pipeline.
Emerging Defenses
As hackers grow increasingly emboldened and sophisticated, what are the keys to securing the infrastructure that millions rely on for day-to-day life?
The answer to that question is the subject of intense focus from governments, researchers and critical infrastructure operators
“Newer cryptography technologies, best practices and protocols, and in the future, AI, will be keys to securing cyber-physical infrastructure,” said IEEE member Marcelo Zuffo.
One solution is to not repeat the mistakes of the past. Software developers and engineers need to consider security concerns at the very beginning of the process, and throughout development. It also means training personnel, using the right security tools and evaluating risks across the supply chain, including software and hardware.
“The challenges are probably interconnected, given the cyberattacks raging on worldwide,” says IEEE member Marcos Antonio Simplicio. “The opportunity here is strongly related to awareness: more and more people are paying attention to the topic of cybersecurity as a strong requirement (or paying the price for not taking the topic seriously enough).”
And significant attention is also focused on making sure operators can restore service quickly when they are attacked.
“Resiliency is more important than the unrealistic goal of denying all threat actors all the time,” said McGladrey. “Countermeasures and response tactics should be diverse and across people, processes and technology. For example, much has been made of a hypothetical example of a threat actor opening the floodgates on a dam and flooding a city, but that fails to consider the human countermeasures that are watching the floodgates and could take corrective actions in time to prevent a catastrophe. Defense in depth is necessary for critical infrastructure.”
AI Through Our Ages
Liquid Infrastructure: Our Planet's Most Precious Resource
The Impact of Technology in 2025
Quantum and AI: Safeguards or Threats to Cybersecurity?
Why AI Can't Live Without Us
Bits, Bytes, Buildings and Bridges: Digital-Driven Infrastructure
Impact of Technology in 2024
Emerging AI Cybersecurity Challenges and Solutions
The Skies are Unlimited
Smart Cities 2030: How Tech is Reshaping Urbanscapes
Impact of Technology 2023
Cybersecurity for Life-Changing Innovations
Smarter Wearables Healthier Life
Infrastructure In Motion
The Impact of Tech in 2022 and Beyond
Cybersecurity, Technology and Protecting Our World
How Technology Helps us Understand Our Health and Wellness
The Resilience of Humanity
Harnessing and Sustaining our Natural Resources
Creating Healthy Spaces Through Technology
Exceptional Infrastructure Challenges, Technology and Humanity
The Global Impact of IEEE's 802 Standards
Scenes of our Cyber Lives: The Security Threats and Technology Solutions Protecting Us
How Millennial Parents are Embracing Health and Wellness Technologies for Their Generation Alpha Kids
Space Exploration, Technology and Our Lives
Global Innovation and the Environment
How Technology, Privacy and Security are Changing Each Other (And Us)
Find us in booth 31506, LVCC South Hall 3 and experience the Technology Moon Walk
Virtual and Mixed Reality
How Robots are Improving our Health
IEEE Experts and the Robots They are Teaching
See how millennial parents around the world see AI impacting the lives of their tech-infused offspring
Take the journey from farm to table and learn how IoT will help us reach the rising demand for food production
Watch technical experts discuss the latest cyber threats
Explore how researchers, teachers, explorers, healthcare and medical professionals use immersive technologies
Follow the timeline to see how Generation AI will be impacted by technology
Learn how your IoT data can be used by experiencing a day in a connected life
Listen to technical experts discuss the biggest security threats today
See how tech has influenced and evolved with the Games
Enter our virtual home to explore the IoT (Internet of Things) technologies
Explore an interactive map showcasing exciting innovations in robotics
Interactively explore A.I. in recent Hollywood movies
Get immersed in technologies that will improve patients' lives