The Nation’s Infrastructure -- Security Today

The Nation’s Infrastructure

Exploring the complexity of “unmanned” critical infrastructure protection

By S. Guerry Bruner
Jul 28, 2023

The last 12-18 months have shown us just how important our nation’s infrastructure is to our daily lives as well as our health and safety. However, the complexity of these systems and the risks they face may sometimes make us feel that properly securing them is an insurmountable feat.

According to the Cybersecurity & Infrastructure Security Agency (CISA), “Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. The Nation's critical infrastructure provides the essential services that underpin American society.”

What Does this Include?
The following 16 sectors have been identified by the Department of Homeland Security (DHS) as critical infrastructure because any disruption to their operation would have such a significant impact:

Chemical
Communications
Commercial facilities
Critical manufacturing
Dams
Defense industrial base
Emergency services
Energy
Financial services
Food and agriculture
Government facilities
Healthcare and public health
Information technology
Nuclear reactors, materials, and waste
Transportation systems
Water and wastewater systems

This is an incredibly complex system in which many sectors not only rely heavily on each other but also have several subsectors, each with their own unique requirements and considerations. Within the transportation systems sector alone, there are seven key subsectors: aviation, highway and motor carrier, maritime transportation system, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping.

Looking deeper into each of the subsectors reveals even more complexity. For example, the highway and motor carrier subsector includes over 4 million miles of roadway, more than 600,000 bridges, and more than 350 tunnels, as well as vehicles, vehicle and driver licensing systems, traffic management systems, and cyber systems used for operational management.

Identifying Opportunities for Improvement
While the sheer enormity of these systems may seem daunting, there are many opportunities within each sector to help improve the security and resilience of our infrastructure. One such opportunity is Intelligent Traffic Systems (ITS). Spread across the United States’ roadways and on the corner of virtually every intersection are hundreds of thousands of unsecured targets for attack—traffic cabinets and ITS devices. Used to store and protect technology that connects and controls traffic signals, vehicles, and digital road signage, traffic cabinets are critical for road and highway safety. Exposed at the network “edge” and housed inside these cabinets are intelligent devices and connectivity that if left unprotected, leaves our country's infrastructure and citizens exposed to critical safety risks.

Unauthorized entry into an ITS cabinet not only enables a potential attack or vandalization of connected intersections but could also allow access to the entire network of traffic controllers and camera feeds. In addition, most cabinets have active network connections to state and municipal agencies, putting them at serious risk of cyber-attack.

Securing access to our infrastructure and managing authorized users is critical, as we are now exposed to an entire gamut of risk from seemingly harmless vandalism to more malicious physical and cyber-attacks. Managing the security and access of our ITS networks and infrastructure is an absolute must. In doing so, we not only apply physical controls to connected intersections but also protect the entire network of traffic controllers, connected vehicles, cameras, digital signage, and IoT devices.

ITS networks are not isolated—they interconnect cities, states, and their citizens. Failure to secure them puts both agencies and the public at serious risk of attack.

Despite the fact that physical access to traffic infrastructure can have an immediate and widespread impact, the majority of cabinets are secured with a generic physical key that can easily be obtained and duplicated. Hundreds of thousands of key-holders currently have access to a piece of our country's critical infrastructure.

This presents a serious threat as we continue to rely more on sophisticated technology to operate and control our vehicles and signal systems. Do you know who has access to your ITS devices and traffic cabinets? Do you know if your cabinets are secure right now? Unauthorized physical access to traffic infrastructure exposes agencies to both physical and cyber-related attacks. With Connected and Autonomous Vehicles (CAV), Vehicle-to-Infrastructure (V2I) connectivity, and more IoT connected devices than ever before, legal and liability issues are a reality for agencies operating these assets.

Entry into any traffic cabinet must be authorized, managed and monitored in real-time. Thankfully, this can be accomplished with robust solutions that are available for both online and offline access control.

Using a Layered Approach to Address Physical and Cyber Security
ITS cabinets are an excellent example of the interdependency between physical security and cybersecurity. A vulnerability in the physical security of these cabinets creates a major risk for the cybersecurity of the systems and networks accessible through the connections housed within the cabinets. We are able to mitigate the cybersecurity risk by proactively addressing physical security.

This concept applies beyond transportation to the unmanned infrastructure in all of the sectors identified by DHS as critical. We see cabinets and enclosures across the country in rural areas or along highways, in fields, following power transmission lines or along railways that now provide the connectivity from “Information Technology” in the office to “Operational Technology” in the field. This is the very fabric that connects our infrastructure.

So, this layered approach can be applied across almost any application, and will become increasingly important as the need to protect the cybersecurity of our nation’s critical infrastructure continues to grow. Highlighted by the recent ransomware attack against the Colonial Pipeline and President Biden’s executive order to improve cybersecurity, we are facing constant threats to our economic and physical security. It is our responsibility as security professionals to bring knowledge, awareness, and action to protect against these threats.

Featured

The Next Generation

Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now
- IP Video
Help Your Customer Protect Themselves

In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now
- Cybersecurity
Enhanced Situation Awareness

Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now
- Artificial Intelligence
Transformative Advances

Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now
- Artificial Intelligence

Webinars

Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems

Smart Buildings: Focus on Networking and Video Surveillance
The State of Safe Web Browsing in Enterprises Today
BriefCam

AI-Driven Video Analytics: The Foundation for Your Security Tech Stack

Whitepapers

Axis Communications, Inc.

Virginia School Security Grants
ASSA ABLOY

The evolution of data center security: Safeguarding critical assets in today’s data centers
Winsted Corporation

All-Star Lineup

New Products

Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3
FEP GameChanger

Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3