Security by Design: Creating the Critical Infrastructure of the Future
We are regularly asked about the biggest risks to critical infrastructure. Recent news headlines blare concern about Russians infiltrating US utility control rooms, child hackers laying waste to voting machines, bridge collapses that serve as a reminder to crumbling infrastructure worldwide, and extreme weather that is exacerbating a taxed, highly interdependent and increasingly fragile infrastructure ecosystem.
I subscribe to the 2013 National Infrastructure Protection Plan’s characterization of risk, which refers to the “potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood [a function of threats and vulnerabilities] and the associated consequences.” I also subscribe to the notion that security and resilience are strengthened through risk management.
Threat is a headline-grabber and a function that exploits vulnerabilities. As we think about a modern and resilient infrastructure, we must address three fundamental future attributes that render infrastructure open to exploitation or susceptible to a range of hazards: design, supply chain, and people.
The Connected Critical Infrastructure System
Three game-changing design disruptions are driving the shift from an analog, stovepiped infrastructure to a complex and interconnected ecosystem that has reshaped how we go about our daily lives.
- Electrification of large sectors of our economy, from transportation and the advent of electric vehicles and to residential heating and connected climate controls.
- Decentralization of resources like the electric grid, spurred by prosumerism and demands for flexibility, efficiency, and lower resource costs, enabled by new players that are driving distributed resources and community aggregation.
- Digitization and the Internet of Everything, creating sensing networks that are extending the limits of automation and connectivity, driving the smart environment, and that will become faster with the advent of next-generation telecom networks (5G).
The implications of electrification, decentralization, and digitization are profound. Probably most pressing is the fact that our infrastructure could be compromised from many directions – many of which are still operating outside our awareness. The broadening connectivity means more network, software, and human attack surfaces, which produce more reachable and exploitable vulnerabilities.
A Susceptible Global Logistics Network
Our critical infrastructure depends on the efficient and secure transit of goods through our global supply chain. From bespoke transformers to integral communications hardware and antivirus software, foreign-made products and highly specialized goods have become part of the DNA of our infrastructure. Globalization and outsourcing have made it harder to maintain visibility into the source, provenance, and intent of parts and services. Vulnerabilities may be inherent. Some may be intentional, introduced by adversaries intending to gain footholds into and manipulate our critical systems. Supply chain vulnerabilities are as likely unknown as known. Moreover, they emerge regularly, including availability and scarcity of products driven by a global trade war.
Many of the same nation-states that manufacture outsourced products the American industry has come to rely on are the same that we deem to be our most formidable adversaries. It raises the question – would you give a robber your alarm passcode or better yet, help them design your security system?
People are the Biggest Vulnerability
The third common denominator in the vulnerability of our infrastructure is humans. Three factors are driving the people problem – supply, insider threat, and human error.
Infrastructure operators are competing with the technology industry for skilled people. Our contract and gig economy exacerbate the supply problem and befuddle sectors that have traditionally been “cradle to grave.” As people compete with technology for jobs, and as careers become ever more independent, employers have a more laborious task of overseeing and securing the workforce. Intensifying the issue is the massive shortfall of security experts – upwards of 1.5 million by 2020.
The human factor is compounded by the insider threat - employees with access and intent who can disrupt operations and impact the brand. We were raised to trust our employees, and many industries are accustomed to two and three generations of families wearing their uniforms. The concept of background checks and recurrent vetting is foreign to most. Human error represents the third leg in this fragile stool. We don’t like to think of employees as vulnerabilities, but the reality is, we need to. All it takes is the naïve click of a link to launch a malicious malware or cut a fiber optic cable.
The Biggest Threat: Us
I was recently asked to name the adversary that worries me the most. While I always put the nation-state four horsemen at the top, I have moved a more provocative adversary to the top. And that’s us. Yes, America.
We lack sufficient healthy paranoia that allows us to take our own vulnerabilities seriously. As the 2018 National Defense Strategy stated, “it is now undeniable that the homeland is no longer a sanctuary.” It is no longer a matter of if we are at risk, but when we will face a threat, what form it will take, and how long the impact will last.
The 2016 elections, the current news about Russian and Iranian sponsored disinformation operations, never-ending fire seasons, rising sea levels, falling bridges all are clear indicators of the future. We can begin to address those vulnerabilities by treating security and resilience as essential to design criteria as sustainability and efficiency. That step means employing greater discipline in choosing our suppliers and it a Madison Avenue Campaign to highlight how attractive and vital working to operate and secure our infrastructure can be.
Building a secure and resilient infrastructure is akin to building a secure and resilient organization. It begins with an understanding that withstanding known threats and as well as circumstances beyond its control is more than developing a playbook or a plan. It starts with an organization widening its risk lens and a fostering a culture that embraces challenging long-held biases and assumptions. Its resources and actively engages a workforce that senses, assesses, and acts with purpose. It builds agility by learning from its and others’ successes and failings and invests in a framework that underpins a more risk tolerant and change ready organization.