The months leading up to Election Day exposed major vulnerabilities we face in today’s increasingly digital world. It’s now more clear than ever that America’s dependence on technology and web-based communication has forever changed the way government functions at every level.
But it’s not only our country’s highly sensitive — and sometimes top-secret — data and intellectual property that government officials need to keep secure; America’s access to drinking water, electricity, transportation networks and countless other types of critical infrastructure are significantly at risk from cyberattacks.
Many, if not most, of America’s control systems and infrastructure have been in place since long before cybersecurity was a concern. This means traffic-control centers, electric grids, water-treatment facilities and a slew of other vital resources are oftentimes ill-equipped to handle the growing threat of cyberattacks.
The water and wastewater sectors, which clean our sewage and provide us with safe and affordable drinking water, are among the most targeted areas of critical infrastructure today. According to the Department of Homeland Security, the United States has about 153,000 public drinking water systems and more than 16,000 publicly owned wastewater treatment systems.
Given that the vast majority of Americans rely on these systems for potable and sanitary water, we truly cannot underestimate the devastating impact of water supply contamination or disruption to the network of pipes, pumps and other equipment that constitute the systems that regulate our water.
The risk within the energy sector — which includes power plants and the electrical grid — is just as significant. In fact, we saw the reality of this threat come to fruition in Ukraine late last year when the country experienced the world’s first publicly recognized cyber-induced power outage on an electrical grid. Hundreds of thousands of Ukrainians were without power for several hours, and it wasn’t long before the Department of Homeland Security warned Americans of the possibilities for a similar attack occurring in the United States.
With the risks ever-apparent, it’s no surprise President Barack Obama has called on the public and private sectors to “take necessary steps to modernize our roads, bridges, pipes, and ports to ensure they remain resilient and strong,” as he proclaimed November to be “Critical Infrastructure Security and Resilience Month.”
The president also noted that “as our population grows and our technology advances, the demands of our critical infrastructure become increasingly significant.” Indeed, technology’s role in government — and society as a whole — will only continue to grow.
More stakeholders within the critical infrastructure community are beginning to understand the significant risks at hand.
But while our growing dependence on technology is largely to blame for the new cyber threats we now face, further technological advancements will also help mitigate these persistent and ominous threats.
Advanced technology and strategic use of algorithms allow engineers and cybersecurity professionals to address vulnerabilities within existing critical infrastructure facilities and systems. For example, penetration testing can be used to assess and exploit vulnerabilities of a given facility or system. By exploiting our critical infrastructure’s vulnerabilities, today’s cybersecurity experts can effectively design, test and implement technical options needed to protect the security of critical networks and infrastructure.
Yet despite the significant strides we’ve made in combating these emerging threats, a number of pressing challenges remain. For instance, the private sector owns and operates the vast majority of America’s critical infrastructure, meaning existing cybersecurity protection programs vary from one owner to the next.
The good news on this front is that cybersecurity investments have steadily increased in recent months as more stakeholders within the critical infrastructure community are beginning to understand the significant risks at hand.
Even so, we can’t afford to be complacent — and President-elect Donald Trump agrees. His 100-day action plan includes a tenet to work with Congress to introduce the “American Energy and Infrastructure Act,” which he states will leverage public-private partnerships, and private investments through tax incentives, to spur $1 trillion in infrastructure investment over 10 years. Ideally, ample funding to protect America’s critical infrastructure against cyberattacks will be included in this initiative.
Further, the president-elect must be ready to collaborate with our other elected government officials, infrastructure owners and the business community to combat the risks to these important systems all Americans rely upon.