Cyber Security and Infrastructure Protection

View all blog posts under Articles | View all blog posts under MSCS

A cybersecurity professional working on a tablet in a server room.

Computers control our power grids, roads, public transportation, telecommunications and more. Malicious attacks from either foreign or domestic sources can paralyze key services and communications. With the rapid proliferation of the Internet of Things (IoT) within critical infrastructure and growing evidence of state-sponsored cyber attacks, both government agencies and private-sector organizations have increasing concerns about cyber security threats that directly impact critical infrastructure.

Understanding the types of cyber threats and how cyber security professionals can respond to them is an important step toward minimizing threats. Cyber security professionals may work with privately-owned companies or public agencies.

Employers are increasingly looking for candidates with in-depth cyber security experience and with advanced degrees. A Master of Science in Cyber Security degree can help individuals develop a solid foundation for a range of cyber security careers, including those that focus on building and maintaining strong cyber security infrastructure to prevent cyber attacks.

What Is Cyber Security Infrastructure?

To understand what cyber security infrastructure is, it’s important to understand how critical infrastructure relates to cyber security. Critical infrastructure represents the various cyber systems that need to stay functional to keep elements of the economy, public health and safety and day-to-day life running smoothly

The elements of this infrastructure radiate through a wide range of sectors that clearly impact our daily living. CISA defines sixteen distinct sectors that make up critical infrastructure. These include transportation systems, water and wastewater, food and agriculture, financial services, energy, and health care and public health.

While these sectors are distinct, they can also be intertwined. For instance, disruption to the transportation systems sector could cause a ripple effect on supply chains that could be felt within the food and financial sectors. Because of this connectivity, all it takes is one exploited vulnerability to create a serious issue that wreaks havoc on a variety of levels.

Cyber Attacks on Critical Infrastructure

Critical and cyber security infrastructure tends to be a highly targeted entity as a whole. There were 649 ransomware complaints that indicated cyber attacks on critical infrastructure in 2021, according to the FBI’s Internet Crime Complaint Center (IC3). Fourteen of CISA’s identified critical infrastructure sectors were targeted, with the most attacked sector being health care and public health, with 148 complaints. This particular sector is a top target of cyber criminals because it contains a high level of information that is of high value among cyber criminals and state-sponsored malevolent actors, from patient financial data to medical innovation intellectual property.

These attacks can have a significant economic impact. The IC3 report noted the 2021 ransomware attacks resulted in more than $49.2 million in losses incurred by entities that were breached. Other types of cyber attacks were also recorded by IC3, such as business email compromise (BEC), illicit cryptocurrency usage and phishing.

One of the highest profile attacks was on Colonial Pipeline company, whose entire operation was shut down for six days due to a ransomware attack. The attack disrupted fuel supplies to the southeastern United States. It was reported that hackers infiltrated the system due to a TK password. Colonial Pipeline stated it paid almost $5 million to the hackers to re-enter the system through a single password that was not protected by two-factor authentication.

How to Protect Critical Infrastructure from Cyber Attacks

Protecting infrastructure security falls under the purview of CISA, a division of the Department of Homeland Security (DHS). Created in 2018 to replace the National Protection and Programs Directorate, CISA works with businesses, communities and governments to strengthen the nation’s infrastructure and make it more resilient to both cyber and physical threats.

Its focus includes:

  • Assessment: CISA analyzes the cyber security of infrastructure in communities and businesses and locates ways to improve security before events and plan for recovery.
  • Information Sharing: Critical information must be shared among key agencies when there is an attack on critical infrastructure.
  • Sector Partnerships: CISA forms partnerships to plan public/private cyber security initiatives.

CISA develops strategies, information and services to help protect critical infrastructure, both on its own and via strategic partnerships within the various sectors. These strategies include:

Power Grids

Electric grids are complex and, because they have grown over time, are patched together and not immune to cyber attack. Power disruptions to hospitals, factories, businesses and homes are noteworthy and costly. The National Renewable Energy Laboratory is engaged in modernizing the U.S. power grid through research and development to build its resistance to cyber attacks.

Smart Grid

The goal of Smart Grid technologies, in development by SmartGrid.gov, is to contain outages so they don’t become widespread blackouts and to also strategically restore electricity. For example, power companies might first restore power to emergency services or hospitals. Cyber security experts say the Smart Grid will even discern when power consumers have generators and can then direct resources elsewhere as power is restored. Another goal of the Smart Grid is to make the grid more resistant to attack.

Roads

Now that computers can direct cars, the Intelligent Transportation Systems Joint Program Office of the Department of Transportation plans to include security in the highway architecture. “This security approach ensures that vehicles exchanging data as they travel down a highway, vehicles receiving data from infrastructure at traffic signals or work zones, and all other components and participants in the connected vehicle system can rely on the integrity of the connected vehicle data received,” according to the ITS website.

Chemical Security

CISA works with chemical facilities to ensure they have cyber security measures in place to prevent or reduce cyber attacks that involve hazardous chemicals. For example, CISA sponsors regular events to engage with stakeholders, exchange security-related information and share best practices regarding chemical security.

Dams

CISA offers training to dam and levee stakeholders to help them assess facility risks and create effective cyber security plans.

Information Technology

Access to and reliance upon the internet for the nation’s security, economy and safety has become central for a healthy, functioning country. Businesses, governments, academia and citizens rely on a safe, functioning internet. CISA provides training tools, simulation modules and software applications to better prepare stakeholders for cyber attacks. For example, CISA’s Malware Analysis service provides stakeholders a dynamic analysis of malicious code, including recommendations for malware removal and recovery activities.

Emergency Services

Numerous organizations work together to protect lives and property during emergencies and aid in recovery afterward. CISA offers the Emergency Services Sector Cybersecurity Initiative to help those in the sector manage risks and coordinate information.

Boost Your Cyber Security Skills with an Advanced Degree

The principles of an effective cyber security infrastructure boil down to one key concept: Staying one step ahead of cyber criminals who are seeking to exploit a cyber security system. Doing so requires the knowledge and skills that can be properly honed by a cyber security master’s program. This knowledge and skill set is critical to not only building effective cyber security systems, but also helping prevent damage that can have a profound impact across multiple infrastructure sectors.

The University of North Dakota’s online Master of Science in Cyber Security program and its certificate tracks can help prepare you for a key role in cyber security. Our program is designed to help you develop the level of expertise to stay ahead of would-be cyber criminals, thus helping stopping cyber crime before it starts.

Learn more about the tools, skills and background we can deliver to aspiring cyber security professionals.

Recommended Reading:

Cyber Security and the Internet of Things: Examples and Trends

The Cyber Security Talent Shortage

Is a Master’s Degree in Cyber Security Worth It?

Sources:

AHA Center for Health Innovation, “A High-Level Guide for Hospital and Health System Senior Leaders”

Business Insider, IoT Infrastructure

Cybersecurity & Infrastructure Security Agency, CISA Services Catalog: Second Edition

Cybersecurity & Infrastructure Security Agency, Critical Infrastructure Sectors

Cybersecurity & Infrastructure Security Agency, Emergency Services Sector Cybersecurity Initiative

Cybersecurity & Infrastructure Security Agency, Infrastructure Security

Cybersecurity & Infrastructure Security Agency, Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Deloitte, “Incentives are Key to Breaking the Cycle of Cyberattacks on Critical Infrastructure”

Federal Bureau of Investigation, Internet Crime Report 2021

National Renewable Energy Laboratory, Grid Modernization

Reuters, “One Password Allowed Hackers to Disrupt Colonial Pipeline, CEO Tells Senators”

SmartGrid.gov, The Smart Grid

United States Department of Transportation, How the U.S. Department of Transportation is Protecting the Connected Transportation System from Cyber Threats