Today’s world seems to be increasingly more volatile. There is political unrest in almost every region around the globe and although this has almost always been the case, technology has allowed these conditions to be viewed by more people worldwide. Technology is also a new frontier to the world of warfare which has brought to us the advent of cyberattacks. We generally think that the most dangerous weaponry on a battlefield are guns and missiles and while this may be true in a tactical sense, strategically, cyber payloads pose a much larger threat.

Vulnerabilities to Critical Infrastructure

Life is generally easy for us in the modern era and thanks to technology and advancements in medicine and science, we are able to cook foods to accurate temperatures, heat and cool our homes, and have relatively easy access to potable water. We are far removed from the days of building fires with sticks and stones to cook our foods and keep us warm – meaning those skills have atrophied at least, and likely are only skills retained by diehard survivalists and hunters. So, what happens if all the modern-day comforts suddenly cease to exist? This is certainly a possibility we have to consider now that a lot of our critical infrastructure such as energy, water supply, communications, and more are managed and controlled by networked systems – leaving them vulnerable to cyber-attacks. In an interview conducted by Helga Labus of Help Net Security, Michael Johnson, Boar of Directors at Safe Security, stated “Today, services such as healthcare systems, power grids, transportation and other critical industries are increasingly integrating their operational technology with traditional IT systems in order to modernize their infrastructure, and this has opened up a new wave of cyberattacks” (Labus,

2022). Because a lot of these systems are implemented with traditional technology, there resides known Critical Infrastructure | David Makara

vulnerabilities to these infrastructures. Johnson also stated that if these systems were to be attacked, people could potentially face the inability to have access to drinkable water, healthcare, energy to their homes, and bank accounts among other essential services (Labus, 2022).

Risk Mitigation

The first step to mitigating these risks is recognizing that the vulnerabilities exist, so before the attacks are launched diligence must be acted on in order for preventative measures to take place. That is where Supervisory Control and Data Acquisition (SCADA) takes place. According to Inductive Automation (N.D.), SCADA systems are an automation process combining hardware and software that allows for local and remote monitoring and controlling of the collection of records and data analytics of critical infrastructure. The implementation of SCADA systems allows people to monitor and control these services from anywhere in the world, which can cue them in on cyber attacks happening in real time by noticing changes in how the SCADA system is distributing or managing a service. The SCADA system serves as a tool to monitor such instances, but it can also be used as the attack vector to manipulate how physical processes take place. This is very similar to the STUXNET case when an Iranian nuclear enrichment facility was attacked. The USB drive that was plugged into a networked device uploaded a code to the centrifuge controllers that made them spin uncontrollably until they suffered catastrophic failure. 

Conclusion

While there are vulnerabilities that exist within our critical infrastructure, there have at least been voices that have highlighted the need to shore up our security to harden our networks that enable Critical Infrastructure | David Makara

these services to exist. However, action needs to happen before these vulnerabilities are exploited and we are left without critical services. Cyber-attacks are only becoming more common and sophisticated and we must get ahead of them before it is too late.

Citations:

Labus, H. (2022, March 11). The massive impact of vulnerabilities in critical infrastructure. Help Net

Security. https://www.helpnetsecurity.com/2022/03/15/critical-infrastructure-security/  “SCADA: Supervisory Control and Data Acquisition.” Inductive Automation, inductiveautomation.com/resources/article/what-is-scada. Accessed 4 Nov. 2023