The Critical Infrastructure Cybersecurity Debate Continues Unabated
Doomsday scenarios regarding the nation's key pieces of infrastructure have been around since the beginning of the communication age. But what makes those theories and concepts more relevant now, as opposed to the past? Our society has become more technologically integrated and reliant. Entire industries have evolved to the point where a lack of Internet services could cripple the country and cost billions of dollars. But just how vulnerable are we really to a major attack? Cyber threat intelligence holds some answers, but the debate on both sides continues. One can break down the arguments over the energy infrastructure's cybersecurity vulnerability into key points, but not everyone can completely agree on these points. We'll be exploring both viewpoints.
The Internet of Things (IOT)
In the past few years, we've seen great growth of the Internet of Things (IoT) and view it as a security vulnerability for critical infrastructure for a number of reasons.
- Unsecured Viewpoint: With the growing size of the IoT, an increased overall presence of Internet-based infrastructure will
naturally lead to a heightened risk. The idea is that with things as integrated as they are, it will only take a small security failure to ignite a nationwide infrastructural disaster.
- Secure Viewpoint: The IoT has grown, but the growth of critical infrastructure- based components that are part of the IoT has not. North America has a less Internet-facing vulnerabilities than other parts of the world.
To expound on the issue of just how our energy infrastructure is distributed, and what this would mean for security, think of the three main ways an electrical grid is set up: generation, transmission, and distribution.
- Generation: A power plant generates electricity.
- Transmission: Transmission lines carry the electricity long distances.
- Distribution: Distribution lines carry electricity into homes. AMI, or Advanced Metering Infrastructure, is an IoT technology that communicates between the utility and customer sides of the meter. AMI consists of in-home displays, energy management systems, etc. It is truly an Internet-facing, public technology.
Those who feel our energy infrastructure is more secure would point to the fact that although our distribution of infrastructure is Internet-facing, our transmission and generation is not. Put simply: the only truly vulnerable areas in our infrastructure come from smaller individual connection points (distribution). Our energy infrastructure is fractured, therefore more difficult to disrupt in any meaningfully complete way.
People with the unsecured viewpoint disagree with this viewpoint, including Retired Adm. James Stavridis, a former NATO supreme allied commander. Speaking with CNBC in 2016, and focusing on both the electric grid and the financial industry, he put the issue of security simply and thusly: "It is the greatest mismatch between the level of threat, very high, and the level of preparation, quite low."
In this view, no matter the specifics and logistics of our infrastructure, a constant and sustained threat, along with a lazy approach to infrastructure security, has left our systems in dire straights. It is in this view, essentially, a disaster is waiting to happen.
No matter which side of the debate you or your organization leans toward, it should matter little in the big picture. Safety and security should be a first priority, from industries as varied as transportation, energy, media, finance, or medicine. Cyber threat intelligence enhances security primarily through clear and concise communication. This is the reason platforms such as NC4's Soltra Edge are in demand.
Contact us anytime at 877-624-4999 for more information.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.