Ariel Stern
From physical security to digital security, our world has undergone a total digital transformation in the two decades since September 11, 2001, forcing us to redefine what resilience means for critical infrastructure. No longer just an equation of how much damage steel and concrete support can withstand in the event of a terror attack, engineers must now judge how the virtual dimension both strengthens and threatens critical infrastructure.
Twenty years ago, terror was confined to the physical. Critical utilities utilized few digital tools and cyberthreats were limited to science fiction. Engineers tasked with designing critical civil infrastructure focused on physical resilience.
Today we live in a different world. The digital revolution touches every aspect of our lives with smartphones in every pocket and smartwatches on every arm. Technology and digital tools no longer exist in parallel to our physical lives, they are inherently intertwined.
Critical infrastructure exists in the interconnected physical and virtual world. The triple challenge of aging infrastructure, increased operational stress, and growing compliance reporting threatens the ability of civil infrastructure to supply the minimum in terms of critical services. In order to meet growing demand for critical services, infrastructure must utilize digital tools.
Digital tools aid every aspect of this challenge. Tracking key indicators within aging physical assets enable decision-makers to optimize repairs and replacements. Real-time data notifies operators when procedures must be changed to meet immediate demand. Data creation and aggregation transform compliance reporting into a simple feat. Digitization maximizes the abilities and lifespan of critical infrastructure.
The growing challenges faced by infrastructure can only be met by continuing this digital momentum. The 2021 ASCE Infrastructure Report Card emphasizes innovative, digital solutions as gamechangers for infrastructure resilience. Today’s civil infrastructure depends on digital infrastructure for operational resilience.
However, this enhanced physical resilience invites new virtual vulnerabilities. The threat of cyberattack looms over all civil infrastructure today. Critical infrastructure is an attractive target to any hacker. Ransomware attacks are on the rise, since people cannot live without water, wastewater, and energy. “Hacktivists” gain coveted publicity through such high-profile attacks. But most dangerous of all, government operatives and terrorists have the potential to infiltrate critical civil infrastructure and threaten our way of life. The elusive, unknown enemy constantly lurks in the background.
Historically, civil infrastructure applied digital solutions only “in the fence” or within the central plant. With increased operational stress, technology expanded to include visibility and situational awareness over remote assets “outside the fence” — spread along hundreds of miles of pipes or transmission lines. Industrial Internet of Things (IIoT) creates new data and efficacy over tens of thousands, of new components within infrastructure networks. But it also creates new opportunities for a cyberattack.
Every component within the digital infrastructure system and every interaction between components is a potential entry point for a hacker to exploit. As digitization spreads to include new functions and abilities, so do the vulnerabilities available for a hacker to gain access.
We must remember that one vulnerability is all a hacker needs to control the entire system. A cyber-attack begins when the hacker gains that first, initial toehold into the virtual network supporting civil infrastructure.
For example: a hacker may gain access to the system by intercepting a transmission from a remote asset being monitored in the field. Through that initial interception, the hacker can proceed to infiltrate the central command and entire system.
The correct way to take advantage of digital tools is the secure way. Cybersecurity measures must be integrated from the architecture of any civil infrastructure project, and continuously updated.
Add-on cybersecurity measures leave gaps for hackers to exploit. Just like retrofitting a building always requires more effort and expense than building the structure correctly in the first place, add-on cybersecurity measures cannot completely block windows available to hackers. The resilience of civil infrastructure depends on integrating cybersecurity protection from the beginning of any project.
The attack on the World Trade Center demonstrated how susceptible we are to terror — and the devastating outcome of such an attack. The repercussions of a cyberattack on civil infrastructure are almost unimaginable. A void in critical services would threaten the very foundation of society.
Today’s civil infrastructure is fused with digital infrastructure. It’s time for the engineering community to follow the example of the medical and financial industries and integrate robust cybersecurity protection in civil infrastructure at every stage of planning.
The trauma of 9/11 remains with us all. A cyberattack on civil infrastructure could jeopardize the lives we take for granted. Poisoned drinking water. Inactive wastewater removal. No electricity. With a few clicks, a malicious hacker could destroy or manipulate civil infrastructure and devastate a nation.
Physical resilience can only exist when there is virtual security.