Security Technology Executive

SEP-OCT 2018

Issue link: https://securitytechnologyexecutive.epubxp.com/i/1030460

Contents of this Issue

Navigation

Page 21 of 59

22 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2018 • www. SecurityInfoWatch.com SECURING THE GRID » Security and government officials are concerned about the vulnerabilities of America's critical infrastructure and the threats it faces now and in the foreseeable future. « T he tragic events of 9/11 awakened America to its critical infrastruc- ture's vulnerabilities and to the threats to this infrastructure – both physical and cyber. In the almost two decades that passed since then, the ability to monitor, detect and defend against a wide slew of threats to critical infrastructure has increased consid- erably, as witnessed by the forests of video surveillance cameras and their attendant soft- ware and humanware controllers, surrounding almost every critical infrastructure site or facil- ity. But, unfortunately, as the defenders became more sophisticated, so have the attackers and their capabilities. A review of some of the evolving threats and vulnerabilities to America's critical infrastructure reveals a future no less dangerous than the situ- ation today. The specter of stuck subway cars in deep underground tunnels, imperiling the lives of tens of thousands commut- ers, breached dams, threatening towns downstream, jammed telecommunica- tions networks and megacities froze by electricity blackouts should – and do – cause many a security experts to lose sleep. The Department of Homeland Secu- rity (DHS) defines critical infrastructures as assets that provide "the essential services that underpin American soci- ety and serve as the backbone of our nation's economy, security and health. We know it as the power we use in our homes, the water we drink, the transpor- tation that moves us, the stores we shop in, and the communication systems we rely on to stay in touch with friends and family." Specifically, this includes 16 sectors: chemical, commercial facili- ties, communications, critical manufac- turing , dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, trans- portation, waste and wastewater, and nuclear reac- tors, utilities and waste. With more than 80 percent of the critical infra- structure in the United States owned by the private sector, expensive security measures inevitably have to compete against an array of economic consid- erations, creating a reality where security alone is never the deciding factor. This creates two unique vulnerabilities: • Resource Disparity - Cyber and physical security are an expensive venture, and require allocation of significant resources. While large companies and organizations can afford such outlays, small companies rarely can. This leaves essential critical infrastructure, such as many water utility outfits under-protected and exposed. • Outsourcing Complexity - Today's companies and organizations tend to focus on core competencies and outsource all else to outside providers. This includes transportation, utilities, healthcare, financial service providers and many other companies. Quite often, physical and cyber protection services are also outsourced, making optimized defense more complicated and creating more opportunities for leaked defense-related knowledge, procedures and data, and contributes to shortages of highly skilled personnel. Critical Infrastructure Threats Security and government officials are concerned about the vulnerabilities of America's critical infra- structure and the threats it faces now and in the foreseeable future. In a recent Reuters article, Dan Coats, Director of National Intelligence, said: "The system was blinking red. Here we are nearly two decades later and I'm here to say the warning lights are blinking red again," Coats specifically marked Russia, China, Iran and North Korea as "daily " America's Critical Infrastructure: Threats, Vulnerabilities and Solutions Security managers must grasp the interface between physical and cyber threats By Johnathan Tal

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2018