By Dr. Kandis Y. Wyatt, PMP
Faculty Member, Transportation and Logistics
Infrastructure is commonly used to refer to the physical structures that enable safe transportation networks. But infrastructure also relates to our computer networks.
These computer networks ensure the safe transport of data and enable workers to maintain oversight of databases. However, recent cyberattacks on both the gasoline and the meat industries resulted in companies paying millions of dollars to retrieve sensitive company data.
Cybersecurity Attacks Rose in 2020
Cyberattacks can take many forms, such as phishing, malware and hacking. The Federal Bureau of Investigation (FBI) reported an increase in cyberattacks in personal, organizational and secret defense activities.
Cybersecurity company Tessian notes that according to the FBI’s Internet Complaint Center 2020 report, “phishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019 to 241,324 incidents in 2020. The FBI said there were more than 11 times as many phishing complaints in 2020 compared to 2016.”
Everyday US Infrastructures Are Particularly Vulnerable to Cyberattacks
Everything from your bank account to pilot flight systems to global e-trade can be affected by a lack of cybersecurity. For instance, the infrastructures that we use every day rely on computer systems. Traffic intersections use computer systems to control traffic flow, and air traffic controllers and our nation’s ports use computerized systems to monitor the movement planes and ships.
Computers also control various aspects of oil pipelines, including a pipeline’s speed, flow and pressure 24 hours a day. If any of these infrastructures are not protected with proactive cybersecurity measures, they could suffer a devastating attack.
The Stuxnet Attack
Formal, more structured cybersecurity measures were implemented to some computer systems shortly after the Stuxnet cyberattack in 2010, which was one of the early documented events that proved cyberattacks could have detrimental effects. Stuxnet was a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran. It targeted Microsoft Windows machines and networks, affected Siemens Step 7 software and centrifuges, and compromised the programmable logic controllers.
This cyberattack was one of the first times a worm was used to attack organizations. With this type of attack, the worm spreads on its own over a computer network and does not rely on an unknowing human to compromise a computer system.
The Stuxnet attack also proved that the more your computer interacts with servers, websites, and other computers, the more vulnerable it will be to hackers. As a result, sensitive data can be compromised, stolen or held for ransom. Stuxnet also proved that cyberattacks can be seamless and hard to detect, and they can spread exponentially in a short amount of time.
Many Computer Systems Still Have Outdated and Vulnerable Software
Over 20 years later, many of the major computer systems in the U.S. have the same computer networks that Stuxnet successfully infiltrated. As a result, failing to protect and update these legacy systems can be detrimental to the U.S., especially to our infrastructure and economy.
Legacy systems result from an organization’s hesitancy to remain relevant and update their computer hardware and software. They are typically outdated, costly to maintain and easier to hack.
The legacy system mindset has created a perfect storm of risky factors, which can have serious impacts on our infrastructure. Consequently, the U.S. federal government created Einstein in 2003 to identify suspicious computer activity occurring in federal networks.
Einstein also led to the United States utilizing third-party logistics (3PL) providers to proactively penetrate and patch legacy systems. 3PL providers identify and develop solutions to potential cyberthreats before bad hackers identify the same gaps.
However, there are drawbacks to this approach because when a cybersecurity problem is identified, only a software patch is created. Over time, multiple patches lead to more problems.
Software patches are only a localized, temporary solution. These patches introduce security risks because they do not address the root cause of a problem.
Addressing Cybersecurity Infrastructure Problems
What are some ways to improve the cybersecurity of our infrastructures? Here are some suggestions:
- Cyberattacks are constantly evolving, so ongoing training is needed for employees to identify potential phishing attacks before they happen.
- Zero trust architecture needs to be implemented in organizations, meaning that all employees’ computer activity should be routinely reviewed and screened.
- Each employee desktop computer or laptop needs to have anti-phishing software on it to prevent malware attacks. Ideally, this type of software should be installed on any device that can interact with an organization’s computer network, such as personal computers, tablets and cell phones.
- Multi-factor identification is needed within businesses to make it harder to attack a network. For example, having employees log in with both a username and password as well as using a confirmation from another device such as a cell phone provides an extra layer of protection against hacking.
- Computer manufacturers should adopt a secure by design mindset, requiring security in every computer design at its implementation and providing software that is less vulnerable to cyberattacks. Vendors should be united in how computers are manufactured and protect operational technology from cyberthreats, as well as seeking innovations and creating new technology.
- Companies should automatically back up their data, identify threats before they infiltrate the network and train system users to quickly identify problems.
- A social engineering mindset is needed to address outdated legacy systems. Social engineering – adapting new technology to address evolving human needs – helps us to create more powerful and complex computers.
- To complement social engineering, reverse engineering is needed to address hacks. Reverse engineering can be used to analyze a computer system’s logic to prevent errors.
Just as a traditional highway has congestion and bumper-to-bumper traffic, data transfer can be vulnerable if there is too much information and not enough “lanes” to deliver the information. Bottlenecks can occur when there are internet challenges or bandwidth issues.
But proper cybersecurity can serve as virtual lanes to ensure the flow of data is orderly, goes in the proper direction and has few, if any, blockages. Cybersecurity is not only about computer systems, but also about people’s use of those systems.
When it comes to hacking, vital infrastructures such as pipelines, water companies, power companies, railroads, airlines, toll roads and seaports are all vulnerable. Securing our infrastructure means strengthening data confidentiality and is critical to their daily operations. Losses from cybercrime continue to grow and could cost our world $10.5 trillion by 2025.
Addressing cybersecurity threats now also means developing methods to strengthen machine learning. Machine learning can be a helpful way to bolster the cybersecurity of our infrastructure.