We hear the term “critical infrastructure” used so much that it almost has no meaning anymore. We hear about how we need to fund improving our infrastructure. But what does that mean, really?
DHS defines 16 areas or sectors that comprise our critical infrastructure. That is, those sectors which, if impacted in some way, would have a negative effect on our way of life.
Those 16 sectors are: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food & Agriculture, Government Facilities, Healthcare & Public Health, Information Technology, Nuclear Reactors/Materials & Waste, Transportation Systems, Water & Wastewater Systems.
Seeing the list of what is considered our critical infrastructure starts to bring it to life. Yes, we need these sectors to be resilient and to work. Plus, they are so interdependent that an impact on one sector will have subsequent impact on other sectors.
For example, an impact on the transportation sector can impede delivery of food or even emergency services. An impact on information technology can affect healthcare or financial services.
As we have seen recently, the attacks on our critical infrastructure are affecting aspects of our lives from work to home.
In May, the Colonial Pipeline ransomware attack caused a shutdown that lasted a few days. However, the fear of shortages resulted in a run on gas stations with people filling up their tanks, their gas cans and even some putting gasoline in plastic bags (not recommended, by the way).
This week, we saw a cyber attack on JBS, the world’s largest meat processing company. With so much automation in the plants, operations were halted for a few days resulting in chaos among the agriculture markets with wholesale meat prices at their highest level in over a year.
These are examples of our adversaries attacking our critical infrastructure. First they got us at the gas station, then they came after our hot dogs, what’s next? Or maybe the question is, “Who’s next?”
While these cyber attacks were short-lived, the resulting impact continues for much longer. The wake up call is that we need to think about what would happen in the case of coordinated cyber attacks on all parts of a sector (e.g., all oil and gas producers) or even coordinated attacks on more than one sector. We have seen what happens after just a few days of a cyber attack. The possibilities are frightening.
The answer is to elevate cyber security efforts across all of the critical infrastructure. If cyber criminals can take down such huge and critical parts of our infrastructure, no one is safe. We must ALL exercise cyber security to protect our way of life.