蘑菇视频

The nation's critical infrastructure鈥攖he assets that power our homes, bring water to our faucets, and move people and goods from place to place鈥攈as grown frighteningly vulnerable to new kinds of threats. To protect these essential systems,听federal IT leaders and infrastructure managers need to continue down the path of digital transformation, placing special emphasis on data management, analytics, and improved portfolio management.

If the steady drip of headlines on the subject has you worried about the nation鈥檚 vulnerability to infrastructure disruption, you鈥檙e not wrong to be concerned. The听听sent ripples of pain along the entire East Coast, and its impacts pale in comparison to what could result from an assault on听听like GPS, or an听听meant to take down a major electrical grid.听While these types of threats听escalate in scope and sophistication, the attack surface itself is expanding beyond the surly bonds of Earth with the recent push to听听as critical infrastructure.

Thankfully, government agencies are taking meaningful steps to respond. The Department of Energy听 with the electricity industry听and the Cybersecurity and Infrastructure Security Agency (CISA) to enhance industrial control system and supply chain cybersecurity. For its part,听the Department of Homeland Security (DHS) Science & Technology Directorate recently听听to thwart attempts at GPS spoofing.听The听Space Policy Directive-5 gives DHS and CISA lead roles听in enhancing the nation鈥檚 cyber defenses for key systems involved in such critical services as global communications, navigation, and weather monitoring.

Moves like these are admirable and necessary, but we must go further. To that point, let鈥檚 take a closer look at how and why critical infrastructure has become so vulnerable.

For government agencies, connected systems and other essential new technologies present an unfortunate dilemma.听Consider something like smart building technology.听It would be folly听for agencies not to take advantage of听its ability to听bring together connectivity, automation, open architecture, and interoperability听as a means to听optimize听the total performance of buildings, businesses, and their occupants.听But connecting an organization鈥檚 physical systems to IP networks, external access, and the cloud creates a potential path for cyber criminals to take down the entire enterprise.听

This is hardly a hypothetical. Security researchers have proven the sinister possibilities on numerous occasions, such as when they hacked the听听at a major internet search provider, or when听听of a large Chinese hotel. Armed with such power, hackers could easily disable or misuse security systems, make off with private data, or destroy temperature-sensitive IT equipment by manipulating heating or cooling controls.

The risks and rewards of smart connectivity go well beyond buildings. Connected warships and spy planes could be targeted by hackers looking for valuable, sensor-gathered surveillance data.听听could be attacked to disrupt navigation of all kinds, from military to travel to shipping. In 2016, when unidentified hackers caused a power outage in听Ukraine听that affected over 225,000 people, they made real the fear that a surprise cyber attack could take down an entire electrical grid.

At the same time that increasingly powerful bad actors are upping their assaults on a growing attack surface, federal agencies face multiplying infrastructure-related portfolio management challenges, including fragmented ownership. When a water utility鈥檚 infrastructure is owned partially by the government, partially by a private-sector partner, and partially by an owner/operator, who is ultimately responsible for cybersecurity and other threat protection? And how can all parties work in concert to achieve and maintain system-wide resilience? Resolving such issues will require agencies to get active about breaking down siloes, and to take a flexible, adaptable approach to technology development, procurement, and upkeep.听

Other portfolio management challenges are rooted in the very nature of operational technology (OT). Most IT systems can be taken offline for extended periods of time for vulnerability testing, patching, risk assessments, and so on. This is not an option for most OT, which controls essential physical processes that often cannot be interrupted, like the flow of water through a city鈥檚 pipes. Many industrial control systems, with their decades-long lifespans, predate cybersecurity as a concern. They were built for unfailing reliability and safety, but not necessarily to be resistant to digital infiltration. Overcoming such challenges to meaningfully securing OT will require multidisciplinary teams with specialized, experience-born knowledge in industrial control system security and risk and sophisticated threat assessment tools to more effectively detect and thwart manmade attacks.听

As digital innovation has given rise to new critical infrastructure resiliency challenges, it can鈥攁nd must鈥攂e turned toward overcoming them. Happily, this is already happening, and has been for some time. System program offices, for example, are employing innovative wargaming and strategic simulation tools to inform efforts to modernize GPS and strengthen the protection of SCADA systems鈥攖he听supervisory听control and听data听acquisition systems used to monitor and control industrial control systems.

Emerging technologies must also play a role as we design and build new, more efficient, more resilient infrastructure to refurbish and replace now-crumbling, decades-old systems that were once, themselves, marvels of cutting-edge engineering. One such emerging technology, "digital twins"鈥攑recise, three-dimensional virtual models that exchange detailed status information with their real-world counterparts to update in near-real time鈥攊s empowering space-faring organizations to test satellites in myriad likely scenarios to identify vulnerabilities and strategize protection against them.

Drones, light detection and radar (LiDAR), and Internet of Things (IoT) systems are being used in the field of engineering and construction to produce rich streams of data to inform the development of more efficient and accurate planning, design, construction, and maintenance techniques. Fully evolved, these techniques may well transform traditional architect-engineering methods, and the data used to develop them could also be used by artificial intelligence to prescriptively advise planners and portfolio managers and help usher real-time autonomous critical infrastructure management from concept to reality.听

As digital transformation continues and accelerates, it will certainly solve more problems than it creates. But, as with any disruptive engine of modern progress, it will create a significant number of new challenges. In the case of infrastructure, those challenges are serious threats to the security of buildings, power grids, satellite systems, and more, and we need to apply the same degree of innovation to solving them that we do to driving transformational progress more generally. The examples described above are just the beginning. There are many, many more ways鈥攕ome proven, some emerging鈥攖hat data science, analytics, and other emerging technologies can help us protect and strengthen the critical infrastructural systems that are truly foundational to our way of life.听

A first appeared on Federal News Network.