Cyber Conflicts: Future Battles - Threats to Critical Infrastructure

The cyber warfare incidents to date have not generated mass panic, and are driven more by citizen groups, rather than the overt government sponsored national campaigns. These past attacks were meant to send a political message. However, future attacks could have serious consequences, pitting nation against nation and requiring political as well as military intervention. One concern shared by all governments is that threat to critical infrastructure through electronic control systems.

The critical infrastructure is an easy target for enemy countries and rogue transnational since groups it is widely distributed geographically and left largely unprotected. The systems and manage water supply, power, oil and transport are all a part of the national critical infrastructure. Each represents different threat levels. The significant interdependencies can lead to unintended consequences during an attack.

The critical infrastructure is also increasingly under the control of SCADA systems. A supervisory control and data acquisition system. Probably through ease of remote monitoring and management. However, increased accessibility correlates with increased vulnerability to breach security. And as SCADA has become more and more homogeneous. The potential of breaches is further exacerbated since a single exploit could be used to attack multiple systems. They draw graphic distribution of critical infrastructure, the government recognizes as inability to protect everything. A key concern is that interdependence of infrastructure elements could mean a failure in a single element could cause devastating widespread damage in multiple critical infrastructure elements. The power grid is one of the most vulnerable including transmission lines, transformers, power stations and suppliers.

In 2009 actually authorities found that many segments of the U.S. power Ggid had experienced and suspected hacker infiltration. Software tools are to be used to disable infrastructure while identified on the machines. Interdependencies in the power grid alone were evident from the blackouts throughout the Northeast US and Canada in August 2003. A failure of a single Ohio power plant led to complete blackout of the Northeast US, along with nearby connected portions of Canadian National Power System.

Given some fragility in the system, we need to be very careful in protecting our critical infrastructure from cyber attacks. In 2008, the US power grid in multiple regions was disrupted purportedly for the purpose of extorting money.

The water supply is another critical infrastructure.

Encompassing both fresh water supply and wastewater collection. The US has more than a 170,000 public water systems, including weather wise dams, wells, aquifers, treatment facilities, pumping stations, aqueducts, and transmission pipelines. Waste collection includes 19,500 sanitary systems and 800,000 miles of sewer lines. In October 2006, an unknown hacker gained control of water filtering plant in Harrisburg, installing software that affect the plant operations. Though the US water supply is well distributed for the country, presenting multiple soft targets.

Interdependencies are weak and the effect of any single attack would be localized affecting at most a few hundred people.

A fail bomb is easily repaired or restarted leading to quick recovery without any serious long term devastating consequences but again the potential is here.

The financial of, the failure of financial institution infrastructure is however, more serious. It could undermine public confidence in financial institutions, as well as the government.

Less clear is how to compare these financial losses to the loss of life or to injury. Not all infrastructure attacks are perceived as equally devastating.

The risk and interdependency analysis are needed to accurately determine the risks. There's a lot of work that needs to be done.