Transportation, water, energy, communications: The country’s critical lifeline functions are constantly under threat from adversaries ranging from amateur hackers and domestic extremists to sophisticated nation-state operators.
Sectors at risk of physical or cyber attacks, due to natural causes or accidents as well as malicious actors, include healthcare, nuclear and chemical facilities, the food chain, dams and power stations, government and financial facilities, water treatment and sewer systems, critical manufacturing and more. Threats include extreme weather and other natural disasters, pandemics, malfunctions and industrial accidents, hacking, terror attacks, active shooters, foreign influence operations and the investment of potentially hostile foreign powers in segments of American infrastructure.
“Many of the hot issues that we focused on in 2019 continue to be threats that require our utmost attention — both as an agency and as a nation,” Cybersecurity and Infrastructure Security Agency Assistant Director for Infrastructure Security Brian Harrell told HSToday, outlining some of the top infrastructure threats in the Department of Homeland Security’s sights for the coming year.
Election security
2020 brings another presidential election, along with memories of Russia’s campaign influence operation targeting the 2016 vote. On Nov. 5, CISA Director Chris Krebs, Attorney General Bill Barr, Defense Secretary Mark Esper, Acting Homeland Security Secretary Kevin McAleenan, Acting Director of National Intelligence Joseph Maguire, FBI Director Chris Wray, and U.S. Cyber Command Commander and NSA Director Gen. Paul Nakasone declared in a joint statement that election security is a top priority, underpinned by increased support to state and local election officials, improvements to election infrastructure, timely and actionable threat intelligence, and more.
“Our adversaries want to undermine our democratic institutions, influence public sentiment and affect government policies. Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions,” the agency leaders said. “Adversaries may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations or conducting disruptive or destructive cyber-attacks on state and local infrastructure.”
Harrell stressed that “the entirety of the U.S. government is intensely focused on election security, working together with election partners better than ever.”
“CISA is working with all 50 states and more than 2,300 local jurisdictions — and they’re working together better than ever before,” he said. “Security is top of mind, and all recognize the threat and are working to improve security and resilience.”
Attacks on soft-target venues and public gatherings
In April, CISA updated its “Security of Soft Targets and Crowded Places — Resource Guide” to reflect recent attacks and help prepare stakeholders for a breadth of threats ranging from bombings or active shooters to drones. Deadly attacks that occurred throughout the rest of the year included the May mass shooting at a Virginia Beach public works office, the August mass shootings at a Walmart in El Paso and Dayton’s nightlife district, the November attack at a Santa Clarita, Calif., high school, and this month’s attack on a kosher grocery store in Jersey City. In 2018, the FBI documented 27 active-shooter incidents in 16 states, with 85 people killed and 128 wounded.
“As we have seen recently, soft targets and mass gathering areas remain an attractive target for criminals and would-be domestic terrorists,” Harrell said. “Houses of worship, schools, outdoor festivals, local malls, and other public venues must continue to invest in security. Adhering to the If You See Something, Say Something awareness campaign is great when used in conjunction with proper protective measures, relationships with local law enforcement and first responders, and robust response and recovery plans.”
5G and supply-chain security
CISA’s Information and Communications Technology Supply Chain Risk Management Task Force, with the input of 20 federal partners and 40 industry members, issued in September its first report evaluating supply-chain threats and information sharing. “Effective supply chain risk management is a national imperative. This effort will require a whole of government and whole of society approach,” the task force said. “Continued technological advancement in the ICT supply chain – with welcomed developments in 5th Generation (5G) mobile communications – only increases the necessity to take this issue seriously.”
“The upcoming deployment of 5G technologies offers untold increases in access and data for industry, potentially enabling new innovation, new markets, and economic growth for the United States,” Harrell told HSToday. “In a 5G network, vendors, the suppliers that provide the products and technical components that actually make up the 5G infrastructure have a much more substantial role in network operations and service delivery than in previous generations. These advantages also carry additional risk, and CISA is focused on working with our public- and private-sector partners — and internationally — to manage that risk.”
ICS and issues related to cyber-physical convergence
In April, CISA released a list of 55 National Critical Functions “so vital to the United States that disruption, corruption, or dysfunction would have a debilitating effect security, national economic security, or national public health or safety.” Protection of critical systems and manufacturing sectors requires strong industrial control systems (ICS) security, and holistic risk management takes into account the convergence of cyber and physical threats. Information sharing with industry, identification of vulnerabilities, and developing technology to detect and respond to ICS intrusions are all part of the CISA strategy to defend against complex attacks on critical systems.
“As our physical infrastructure relies more and more on cyber-enabled capabilities, it is more important than ever to take a collective approach to security,” Harrell said. “We need to share information, tools, capabilities, and knowledge between the government, industry, academia, international partners and community partners. Only by doing so can we close the gaps and prevent the enemy from carrying out successful cyber or physical attacks.”
Federal network security
From Florida to Texas, New Orleans to Baltimore, state and local governments were targeted in ransomware incidents this past year. The attacks served as a reminder of persistent cyber threats not only to states and municipalities but those that can disrupt, deny access to, degrade or destroy critical federal networks. DHS’s Continuous Diagnostics and Mitigation program keeps federal agencies up to date on identification and prioritization of cyber risks, while the National Cybersecurity Protection System helps protect executive branch networks.
“If I could make one ‘ask’ it would be that every entity, large or small, plan for the risks they face – and EXERCISE those plans,” Harrell said of the overall infrastructure threat picture. “This process should be a collaborative effort with community partners, internal and external stakeholders, and others who may be impacted or responding if an incident occurs.”
New Guide Helps Critical Infrastructure Navigate Threats and Seize Power of Partnerships
