Aging critical infrastructure is impacting how Federal officials are preparing to respond to cyberattacks and damage to that infrastructure from environmental disasters, with collaborate approaches and response plans key to that preparedness effort.
Speaking at the Act-IAC 2024 Cybersecurity Summit on Oct. 9, top Federal officials from the Coast Guard, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Energy (DoE) said that securing critical infrastructure may not be solved by modernizing infrastructure alone.
“As soon as you go through the process of updating [infrastructure], it’s still not going to be updated, because there’s going to be a new threat, there’s going to be a new vulnerability out there,” said Patrick Thompson, the director of infrastructure for the Coast Guard’s C5I Service Center. “The biggest threat is our ability as a whole of government approach […] to respond when a problem does come.”
The average age of critical infrastructure is 50 years, according to the U.S. Army Corps of Engineers and the American Society of Civil Engineers, with many navigation structures and dams clocking in at older than 50 years.
These aging structures are vulnerable to both adversaries and climate-related disasters intensified by global warming – such as hurricanes Helene and Milton striking the many dams in Tampa, Fla., said CISA Executive Director Bridget Bean.
Though concerned about emergency preparedness, officials said that by creating a culture of readiness, providing training through events such as hackathons, and collaborating across academia, industry, and government, threats can be addressed.
“I am really pleased to see the collaboration across the critical infrastructures that no longer is water just dealing with the water sector, but they’re very much engaged with the energy sector, they’re very much engaged with the chemical sector,” said Bean about agencies and organizations taking steps toward emergency preparedness. “They’re really engaged with those critical infrastructures that are connected and where those interdependencies lie.”
Artificial intelligence can also help secure critical infrastructure, though it also brings its own challenges, said Paul Selby, the chief information security officer at the DoE.
“Is AI good or is AI evil? The answer is yes,” said Selby, noting that AI has both aided cyberattacks and assisted with security. “One of the things that can be very detrimental for us is if we’re using AI and we’re thinking that the data is secure, and then find out the data’s been poisoned, or there’s hallucinations as a result of the data – that can create just as many problems as anything else.”
Selby advocated for better cybersecurity hygiene including employing encryption that can withstand the impact of post-quantum cryptography, and viewing cybersecurity as “part of the mission” when developing infrastructure and systems.