The Nation’s Infrastructure

Exploring the complexity of “unmanned” critical infrastructure protection

The last 12-18 months have shown us just how important our nation’s infrastructure is to our daily lives as well as our health and safety. However, the complexity of these systems and the risks they face may sometimes make us feel that properly securing them is an insurmountable feat.

According to the Cybersecurity & Infrastructure Security Agency (CISA), “Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. The Nation's critical infrastructure provides the essential services that underpin American society.”

What Does this Include?
The following 16 sectors have been identified by the Department of Homeland Security (DHS) as critical infrastructure because any disruption to their operation would have such a significant impact:

  • Chemical
  • Communications
  • Commercial facilities
  • Critical manufacturing
  • Dams
  • Defense industrial base
  • Emergency services
  • Energy
  • Financial services
  • Food and agriculture
  • Government facilities
  • Healthcare and public health
  • Information technology
  • Nuclear reactors, materials, and waste
  • Transportation systems
  • Water and wastewater systems

This is an incredibly complex system in which many sectors not only rely heavily on each other but also have several subsectors, each with their own unique requirements and considerations. Within the transportation systems sector alone, there are seven key subsectors: aviation, highway and motor carrier, maritime transportation system, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping.

Looking deeper into each of the subsectors reveals even more complexity. For example, the highway and motor carrier subsector includes over 4 million miles of roadway, more than 600,000 bridges, and more than 350 tunnels, as well as vehicles, vehicle and driver licensing systems, traffic management systems, and cyber systems used for operational management.

Identifying Opportunities for Improvement
While the sheer enormity of these systems may seem daunting, there are many opportunities within each sector to help improve the security and resilience of our infrastructure. One such opportunity is Intelligent Traffic Systems (ITS). Spread across the United States’ roadways and on the corner of virtually every intersection are hundreds of thousands of unsecured targets for attack—traffic cabinets and ITS devices. Used to store and protect technology that connects and controls traffic signals, vehicles, and digital road signage, traffic cabinets are critical for road and highway safety. Exposed at the network “edge” and housed inside these cabinets are intelligent devices and connectivity that if left unprotected, leaves our country's infrastructure and citizens exposed to critical safety risks.

Unauthorized entry into an ITS cabinet not only enables a potential attack or vandalization of connected intersections but could also allow access to the entire network of traffic controllers and camera feeds. In addition, most cabinets have active network connections to state and municipal agencies, putting them at serious risk of cyber-attack.

Securing access to our infrastructure and managing authorized users is critical, as we are now exposed to an entire gamut of risk from seemingly harmless vandalism to more malicious physical and cyber-attacks. Managing the security and access of our ITS networks and infrastructure is an absolute must. In doing so, we not only apply physical controls to connected intersections but also protect the entire network of traffic controllers, connected vehicles, cameras, digital signage, and IoT devices.

ITS networks are not isolated—they interconnect cities, states, and their citizens. Failure to secure them puts both agencies and the public at serious risk of attack.

Despite the fact that physical access to traffic infrastructure can have an immediate and widespread impact, the majority of cabinets are secured with a generic physical key that can easily be obtained and duplicated. Hundreds of thousands of key-holders currently have access to a piece of our country's critical infrastructure.

This presents a serious threat as we continue to rely more on sophisticated technology to operate and control our vehicles and signal systems. Do you know who has access to your ITS devices and traffic cabinets? Do you know if your cabinets are secure right now? Unauthorized physical access to traffic infrastructure exposes agencies to both physical and cyber-related attacks. With Connected and Autonomous Vehicles (CAV), Vehicle-to-Infrastructure (V2I) connectivity, and more IoT connected devices than ever before, legal and liability issues are a reality for agencies operating these assets.

Entry into any traffic cabinet must be authorized, managed and monitored in real-time. Thankfully, this can be accomplished with robust solutions that are available for both online and offline access control.

Using a Layered Approach to Address Physical and Cyber Security
ITS cabinets are an excellent example of the interdependency between physical security and cybersecurity. A vulnerability in the physical security of these cabinets creates a major risk for the cybersecurity of the systems and networks accessible through the connections housed within the cabinets. We are able to mitigate the cybersecurity risk by proactively addressing physical security.

This concept applies beyond transportation to the unmanned infrastructure in all of the sectors identified by DHS as critical. We see cabinets and enclosures across the country in rural areas or along highways, in fields, following power transmission lines or along railways that now provide the connectivity from “Information Technology” in the office to “Operational Technology” in the field. This is the very fabric that connects our infrastructure.

So, this layered approach can be applied across almost any application, and will become increasingly important as the need to protect the cybersecurity of our nation’s critical infrastructure continues to grow. Highlighted by the recent ransomware attack against the Colonial Pipeline and President Biden’s executive order to improve cybersecurity, we are facing constant threats to our economic and physical security. It is our responsibility as security professionals to bring knowledge, awareness, and action to protect against these threats.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3