Hacking itself isn’t a problem. Disruption is.
Sure, breaking into a system isn’t great, but it’s what hackers do once they’re in the system that causes the real problems. Most commonly, they’ll disseminate the information they find or infect the system with malware.
Here’s what disruption looks like in that case: Phone calls with banks, tech support chats, and a persistent headache.
But disruption can also take the form of energy blackouts, accidents, and isolation during an emergency.
We don’t always consider how critical infrastructure relates to cybersecurity. Unfortunately though, hackers already have. The theme of National Cybersecurity Awareness Month’s final week is critical infrastructure, one of the newest – and most unnerving – frontiers for hackers.
Note the Adjective in “Critical Infrastructure”
Critical infrastructure is what it sounds like: Traffic lights, energy grids, power plants, banks, phone lines, and more. These are the regulated systems that form the backbone of modern life, and they’re the constants that could be the difference between life and death.
If only that were hyperbole. But think about what would happen if phone lines went down or if the power were interrupted. Suddenly, minor emergencies intensify because you can’t phone for help or the hospital’s machines are inoperable due to the downed power grid. There are even worse scenarios to consider as well. It’s a straightforward way to wreak havoc, which is why state-backed hackers work to infiltrate these targets.
Why This Isn’t Worse
It might seem like a surprise that some of the US’s critical infrastructure hasn’t been brought down by malicious activity. It’s not for lack of trying.
There are a few reasons why this hasn’t happened yet. The infrastructure itself is part of the reason there hasn’t been a catastrophic attack yet. Cybersecurity expert Robert M. Lee explained that certain types of infrastructure are already insulated from prolonged service interruptions. For example, power grids can be returned to service manually, and an outage could last as little as several hours.
The structure of these systems also makes them difficult to control. There’s a big difference between hacking into a system and actually being able to control it. As Lee put it, it’s the difference between hacking into a system and then using the system to make a light blink.
Infrastructure is Indispensable, Not Invulnerable
But the big problem, according to Lee, is that infrastructures are increasingly reliant on computers. While this can eliminate the need for human operators, it also increases the number of entry points for hackers, all of whom are only getting more aggressive. We’ve been lucky enough to stay ahead of them. Allowing them to catch up is a dangerous choice.
Make no mistake – it is a choice. Eugene Kaspersky of Kaspersky Labs made a bold statement earlier this year. He said, “As we increasingly depend on technology as the backbone of our civilization, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure but immune.”
This idea is in direct conflict with the conventional wisdom that breaches are inevitable. There’s no reason why we can’t make cybersecurity the center of all of our digital creations. National Cybersecurity Awareness Month isn’t really about the awareness of cybersecurity; we all know it exists. It’s about being aware that there are alternatives to the status quo and understanding the urgency of implementing them.