As cyberattacks continue to grow in both frequency and severity, leveraging modern technology is key to securing critical infrastructure.
by: Joe Morgan, Business Development Manager (Critical Infrastructure), Axis Communications, Inc.
On May 7, 2021, the hacking group DarkSide successfully infiltrated computers from Colonial Pipeline with ransomware that effectively ground 45% of east coast gas distribution to a halt. The hackers took over command and control of the pipeline, forcing a shutdown that has cost millions of dollars in damages and lost revenue, with engineers estimating that 14 days will be needed just to get the gas flowing again—and that’s after they solve the ransomware issue. The incident has sparked obvious concern among those charged with protecting American infrastructure. Protecting these critical infrastructure sites is now a major priority, and requires both physical and cybersecurity components.
The Potential Scope of Attacks Targeting Infrastructure
Unfortunately, the DarkSide attack was not the first cyberattack to target infrastructure—nor is it likely to be the last. The water supply of Oldsmar, FL, was recently targeted by a dangerous cyberattack, and in 2019 an “unprecedented” attack exploited firewall vulnerabilities to disrupt power grids in the western U.S. over the course of approximately 10 hours. While the attack did not result in a blackout of any kind, it was the first-time hackers had successfully caused this type of disruption. Many experts indicated that it might be a sign of things to come.
This year’s Texas power grid disruption was not the result of a cyberattack, but it is a highly effective showcase for the potential damage that an unexpected electrical outage can cause. The Texas grid was unprepared to deal with critical temperatures, which led to a collapse of several different sectors. This domino effect left millions without the energy to heat their homes, and the resulting rush to stock up on food and water led to shortages of both. Texas demonstrated that while protecting against malicious attacks is critical, defending infrastructure from other types of disasters is equally important.
One key takeaway from the incident is that if it can happen in Texas, it can happen anywhere. Unexpectedly cold weather for the region exacerbated the issue, but a similar outage in New England, Minnesota, or another cold-weather region could have even more disastrous results—with greater potential for loss of life. A natural disaster or savvy attacker able to overload one power station could cause a chain reaction that might leave millions freezing without heat, power, or water.
The Right Precautions Can Save Lives
The Oldsmar attack had a fortunate outcome: a diligent employee noticed what was happening in time to stop it. But that won’t always be the case. For water treatment plants, power stations, and other infrastructure sites, having safeguards in place to automatically detect suspicious behavior is critical. First, surveillance cameras, especially those equipped with thermal imaging, radar detectors, and other tools should be part of any infrastructure site’s security setup, ready to identify potential trespassers looking to cause physical sabotage. After all, it’s important to remember that cyberattacks are hardly the only way to carry out an attack, and some infrastructure sites, such as power transfer stations, are often remote.
In many ways, the nation’s healthcare infrastructure has led the way, with hospitals frequently deploying sensors designed not only to monitor patient vitals, but to track the movements of patients likely to fall, identify aggressive behavior, ensure employee compliance, and more. Interestingly, similar technology can be deployed in power stations, chemical plants, and other locations to monitor mixture rates, power surges, and heat levels, among other potential hazards. These sensors can automatically trigger an alarm—or even a shutdown—if their readings approach dangerous levels. Just as a nurse might be flagged if a patient shows signs of distress, the appropriate authorities can be alerted if infrastructure locations exhibit suspicious or dangerous activity.
Think of it as the next logical step from a burglar alarm. By identifying signs of trouble quickly and effectively, today’s technology can help decrease response times and even anticipate problems before they arise.
Now Is the Perfect Time to Modernize
Protecting critical infrastructure has always been a priority, but the COVID-19 pandemic added an extra element of challenge. With a considerable segment of the workforce operating remotely, many sites have been forced to function with just one or two employees present. While this has presented obvious challenges, it has also provided an excellent opportunity for these sites to modernize their approach to security.
Faced with the potential for cyberattacks, physical attacks, and even natural disasters, it is now clearer than ever that America’s critical infrastructure must be protected. Today’s security tools can do just that, monitoring not only for signs of malicious activity, but for anything that might be amiss. Whether modern security cameras are detecting an intruder intent on sabotage or sensors identifying a potentially dangerous mixture error at a chemical plant, modern security technology can keep infrastructure sites safer and more secure than ever.
About the Author
Joe Morgan is the Segment Development Manager for Critical Infrastructure at Axis Communications, Inc. In this capacity, he is responsible for developing strategies and building channel relationships to expand Axis’ presence in markets specific to Critical Infrastructure in the Americas.
Mr. Morgan has more than 32 years of experience building market share in the critical infrastructure industry. He has completed course work to become specialized in Optical Imaging and through previous experience and additional coursework has also become specialized in Optical Security.
Prior to joining Axis in 2017, Mr. Morgan held previous positions serving in a business development and sales capacity at FLIR Systems, Olympus Industrial and Everest/VIT where he helped deliver new technology to emerging markets. Mr. Morgan focuses on thermal imaging specifically to the petrochemical and oil and gas markets.
Mr. Morgan has his CFATS certification and is an active member with ASIS. He holds a B.A. in education from the University of Texas at Arlington.