The nation's critical infrastructure—the assets that power our homes, bring water to our faucets, and move people and goods from place to place—has grown frighteningly vulnerable to new kinds of threats. To protect these essential systems, federal IT leaders and infrastructure managers need to continue down the path of digital transformation, placing special emphasis on data management, analytics, and improved portfolio management.
If the steady drip of headlines on the subject has you worried about the nation’s vulnerability to infrastructure disruption, you’re not wrong to be concerned. The Colonial Pipeline attack sent ripples of pain along the entire East Coast, and its impacts pale in comparison to what could result from an assault on positioning, navigation, and timing (PNT) systems like GPS, or an electromagnetic pulse (EMP) attack meant to take down a major electrical grid. While these types of threats escalate in scope and sophistication, the attack surface itself is expanding beyond the surly bonds of Earth with the recent push to classify satellites, sensors, command and control systems, and other space assets as critical infrastructure.
Thankfully, government agencies are taking meaningful steps to respond. The Department of Energy launched a 100-day collaborative plan with the electricity industry and the Cybersecurity and Infrastructure Security Agency (CISA) to enhance industrial control system and supply chain cybersecurity. For its part, the Department of Homeland Security (DHS) Science & Technology Directorate recently released PNT resources and algorithms to thwart attempts at GPS spoofing. The Space Policy Directive-5 gives DHS and CISA lead roles in enhancing the nation’s cyber defenses for key systems involved in such critical services as global communications, navigation, and weather monitoring.
Moves like these are admirable and necessary, but we must go further. To that point, let’s take a closer look at how and why critical infrastructure has become so vulnerable.