The Nation’s Infrastructure

Exploring the complexity of “unmanned” critical infrastructure protection

  • By S. Guerry Bruner
  • Jul 28, 2023

The last 12-18 months have shown us just how important our nation’s infrastructure is to our daily lives as well as our health and safety. However, the complexity of these systems and the risks they face may sometimes make us feel that properly securing them is an insurmountable feat.

According to the Cybersecurity & Infrastructure Security Agency (CISA), “Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. The Nation's critical infrastructure provides the essential services that underpin American society.”

What Does this Include?
The following 16 sectors have been identified by the Department of Homeland Security (DHS) as critical infrastructure because any disruption to their operation would have such a significant impact:

  • Chemical
  • Communications
  • Commercial facilities
  • Critical manufacturing
  • Dams
  • Defense industrial base
  • Emergency services
  • Energy
  • Financial services
  • Food and agriculture
  • Government facilities
  • Healthcare and public health
  • Information technology
  • Nuclear reactors, materials, and waste
  • Transportation systems
  • Water and wastewater systems

This is an incredibly complex system in which many sectors not only rely heavily on each other but also have several subsectors, each with their own unique requirements and considerations. Within the transportation systems sector alone, there are seven key subsectors: aviation, highway and motor carrier, maritime transportation system, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping.

Looking deeper into each of the subsectors reveals even more complexity. For example, the highway and motor carrier subsector includes over 4 million miles of roadway, more than 600,000 bridges, and more than 350 tunnels, as well as vehicles, vehicle and driver licensing systems, traffic management systems, and cyber systems used for operational management.

Identifying Opportunities for Improvement
While the sheer enormity of these systems may seem daunting, there are many opportunities within each sector to help improve the security and resilience of our infrastructure. One such opportunity is Intelligent Traffic Systems (ITS). Spread across the United States’ roadways and on the corner of virtually every intersection are hundreds of thousands of unsecured targets for attack—traffic cabinets and ITS devices. Used to store and protect technology that connects and controls traffic signals, vehicles, and digital road signage, traffic cabinets are critical for road and highway safety. Exposed at the network “edge” and housed inside these cabinets are intelligent devices and connectivity that if left unprotected, leaves our country's infrastructure and citizens exposed to critical safety risks.

Unauthorized entry into an ITS cabinet not only enables a potential attack or vandalization of connected intersections but could also allow access to the entire network of traffic controllers and camera feeds. In addition, most cabinets have active network connections to state and municipal agencies, putting them at serious risk of cyber-attack.

Securing access to our infrastructure and managing authorized users is critical, as we are now exposed to an entire gamut of risk from seemingly harmless vandalism to more malicious physical and cyber-attacks. Managing the security and access of our ITS networks and infrastructure is an absolute must. In doing so, we not only apply physical controls to connected intersections but also protect the entire network of traffic controllers, connected vehicles, cameras, digital signage, and IoT devices.

ITS networks are not isolated—they interconnect cities, states, and their citizens. Failure to secure them puts both agencies and the public at serious risk of attack.

Despite the fact that physical access to traffic infrastructure can have an immediate and widespread impact, the majority of cabinets are secured with a generic physical key that can easily be obtained and duplicated. Hundreds of thousands of key-holders currently have access to a piece of our country's critical infrastructure.

This presents a serious threat as we continue to rely more on sophisticated technology to operate and control our vehicles and signal systems. Do you know who has access to your ITS devices and traffic cabinets? Do you know if your cabinets are secure right now? Unauthorized physical access to traffic infrastructure exposes agencies to both physical and cyber-related attacks. With Connected and Autonomous Vehicles (CAV), Vehicle-to-Infrastructure (V2I) connectivity, and more IoT connected devices than ever before, legal and liability issues are a reality for agencies operating these assets.

Entry into any traffic cabinet must be authorized, managed and monitored in real-time. Thankfully, this can be accomplished with robust solutions that are available for both online and offline access control.

Using a Layered Approach to Address Physical and Cyber Security
ITS cabinets are an excellent example of the interdependency between physical security and cybersecurity. A vulnerability in the physical security of these cabinets creates a major risk for the cybersecurity of the systems and networks accessible through the connections housed within the cabinets. We are able to mitigate the cybersecurity risk by proactively addressing physical security.

This concept applies beyond transportation to the unmanned infrastructure in all of the sectors identified by DHS as critical. We see cabinets and enclosures across the country in rural areas or along highways, in fields, following power transmission lines or along railways that now provide the connectivity from “Information Technology” in the office to “Operational Technology” in the field. This is the very fabric that connects our infrastructure.

So, this layered approach can be applied across almost any application, and will become increasingly important as the need to protect the cybersecurity of our nation’s critical infrastructure continues to grow. Highlighted by the recent ransomware attack against the Colonial Pipeline and President Biden’s executive order to improve cybersecurity, we are facing constant threats to our economic and physical security. It is our responsibility as security professionals to bring knowledge, awareness, and action to protect against these threats.

Featured

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX

  • How Much Carbon is Your Footprint Leaving?

    A more sustainable future is not only shared responsibility, it is increasingly critical. Securitas, is inviting clients and industry partners to make a difference in an ever-evolving world that faces diverse sustainability challenges. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3