Page 5 - index
P. 5
Critical Infrastructure Security and Safely Navigating a Hostile
Cyberspace
By Adam C. Firestone
Critical infrastructure is often maligned as unprepared for the current cyber threat environment.
It’s true that the impacts of a cyber attack on critical infrastructure could be catastrophic and this
evokes great fear and trepidation. But focusing on potential consequences ignores the quality
and nature of the engineering behind critical infrastructure systems. Contrary to the popular
negative stereotype, the methods, practices and perspectives found in critical infrastructure
engineering may well hold the key to safely navigating today’s hostile cyber environment.
Cyber is sexy in a New York Times bestseller kind of way. The imagery evoked is vivid:
Shadowy figures huddled behind laptop computers prosecute activist agendas, conduct
espionage operations and sabotage systems half a world away. At the same time, frenzied
fingertips fly across keyboards as harried cyber defenders perform down-to-the-wire heroics that
seek to thwart ever-multiplying legions of threats. And all the while, armies of hackers dissect
our most mission critical software, looking for vulnerabilities to exploit. It’s the stuff of thrillers.
What makes this perspective both fascinating and terrifying is that there’s a grain of truth behind
it. There are indeed hacktivists, spies, terrorists and criminals pursuing nefarious agendas from
locations across the globe. Network engineers and security professionals log overtime hours in
the thousands trying to counter threats and eliminate vulnerabilities. And the black market for
stolen credentials, cyber-crime services and software vulnerabilities may be “more profitable
than the illegal drug trade.”
Critical infrastructure encompasses everything that makes modern society function. According
to the Department of Homeland Security (DHS), this includes chemical manufacturing and
storage, commercial facilities, telecommunications, manufacturing, dams and water control
facilities, the defense industrial base, emergency services, the energy sector, the financial
services industry, food and agriculture production, government facilities, healthcare, information
technology, the nuclear industry, transportation and water/wastewater management.
Joel Brenner, former senior counsel at the National Security Agency (NSA) and former head of
US counterintelligence, paints an accurate picture of the potential consequences of realized
critical infrastructure cybersecurity risks in his excellent book, Glass Houses. However, not all
authors and publications are as analytical as Mr. Brenner, and this contributes to rapidly
escalating tensions and fears.
For example, the March 2015 edition of Signal Magazine, the monthly journal of the Armed
Forces Communications Electronics Association (better known as AFCEA), has a lead article by
Sandra Jontz entitled “Critical Infrastructure Is Cyberterrorism’s Next Likely Target.” The
article’s opening sentence reads:
5 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
