What’s Next for Cyberattacks? The Steps to Securing Our Critical Infrastructure

Stewart Kantor, CEO and a Co-Founder
Full Spectrum Inc,

For those of us old enough to remember life prior to the wireless networks which now provide continual connectivity and bolster reliance on the internet, one recalls a period in which our country relied upon regulated monopolies – established by the phone companies – for most of its voice and data communications.  Fast forward to 2017 where, in the U.S. we’ve entered an age where internet access is nearly universal thanks to ever increasing competition and the integration of technological advances including automation, machine learning and now even artificial intelligence in our daily lives. These advances, which are frequently used by consumers and commercial enterprises, are now being leveraged within our nation’s critical infrastructure (C.I), introducing new network integrity and security concerns.

Secured data transferThe introduction of network connectivity to our nation’s mission critical operations for electricity, transportation and security is driving the need for a stronger, more robust means of cybersecurity. The implementation of autonomous monitoring and control technologies has created new vulnerabilities in network integrity, many of which have become far more advanced since the appearance of the first PC-based malware, “Charlie” over 30 years ago.

With the introduction of the Industrial Internet of Things (IIoT), secure and reliable networks will be a minimal requirement to keep us safe.

The ‘Future Shock’ of Automation
Picture the professional who views the latest news on his or her tablet during their morning coffee or on the commute to work. We seemingly think nothing of the technology that seamlessly fits into and enables on-demand convenience in our everyday lives.  It is only when we are forced to function without connectivity for a short period of time that we realize our growing dependency on our connectivity and the internet.  This sudden inconvenience leads to a sense of being completely out of control.  The 20th century writer and futurist Alvin Toffler warned of our increased dependence on technology in his 1970 book, “Future Shock” and the emotional state we experience to rapid change.

As network connectivity and automation are applied to the nation’s C.I. including self-healing electric grids and automated transportation, the people responsible for maintaining our critical infrastructure gain new knowledge and insight into the daily functions and processes that increase infrastructure efficiency and productivity.  However, the introduction of these technologies exposes the network operator and all of us to a similar state as described in Future Shock.  This is now more than an inconvenience or emotional state but puts lives and consumer safety at risk.

The Distinctive Cyber Threats to our National Critical Infrastructure
While there is a tremendous opportunity for growth of interconnectivity in our nation’s C.I., IIoT devices require a level of security and robustness that goes beyond consumer applications.

C.I. operators cannot simply take the most expedient solution for connectivity without facing repercussions to security and network availability.  While security measures such as encryption and firewalls can be deployed on commercial networks, the devices are still vulnerable to common problems on the public internet.  The shared nature of these networks exposes the C.I. to DDoS attacks on overall network capacity – squeezing out capacity – as well as manipulation of cellular protocols for individual devices.  This includes risks related to management commands such as ‘Cancel Location Request’ (CLR), effectively wiping a device from the network or ‘Update Location Request’ (ULR) which kicks the user out of the network.  In these instances, it isn’t the data that is compromised but the connectivity.

In addition to the security risks of the commercial networks, there are additional risks in terms of quality of service.  Many C.I. applications have maximum latency requirements which cannot be maintained in a public network.  Furthermore, during man-made and natural disasters, the commercial networks become overloaded due to increased consumer traffic demands, which places network access at risk.

According to a Tripwire study that focused on IT concerns over IIoT Security, the majority of surveyed IT professionals (96%) expected attacks on IIoT to increase but only slightly more than half (51%) are prepared. And as if that weren’t bad enough, C.I. customers are also concerned about infrastructure vulnerabilities that directly impacts them such as the power grid with a 70% awareness of the threats to the grid and only 9% displaying confidence in our government’s attempts to protect the grid

Threats like these have garnered the attention of the new administration, which recently released an Executive Order on cybersecurity in an effort to protect and defend C.I. and federal networks from foreign and domestic cyber threats. The EO clearly highlights the government’s concern over a possible cyberattack that might debilitate various aspects of the country’s C.I. and ultimately holds heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises.  It also demands that these C.I. networks adhere to a designated framework by which they will analyze and evaluate the cyber vulnerabilities in their network operations.

Imposing New Cybersecurity Regulations and Standards
With continuous attacks being made by hackers targeting IIoT devices in order to disrupt mission critical operations, security experts and C.I. operators are seeking cost-effective, high-efficiency solutions to address new cybersecurity regulations set forth by the government and major industry associations.

One emerging strategy for C.I. cyber security is through the complete isolation and separation of these mission critical IIoT networks – designed as both a preventative and active solution to virtually eliminate hacker threats but also to provide a solution for quality of service issues. Operating independently from the consumer internet, C.I. operators now have the capabilities to develop their own private networks using licensed radio spectrum and software defined radio technology (SDR). The separation of traffic through these private networks, which can be privately owned or leased, create digital and physical barriers that make it much more difficult for cyber threats to infiltrate.

Industry associations have found this approach to be the most effective for both proactive and reactive approaches and in turn, have created new industry standards such as IEEE 802.16s (GridMAN). Developed by the Electric Power Research Institute (EPRI) with support from some of the nation’s largest utilities, this new standard allows the nation’s C.I. operators a method to implement their own cost effective private networks over licensed spectrum.

swk headshot 2-3About the Author
Stewart Kantor is the CEO and a co-founder of Full Spectrum Inc, a wireless telecommunications company that designs, develops and manufactures private broadband wireless internet technology & provides network services for mission critical industries.  He has more than 20 years of experience in the wireless industry including senior-level positions in marketing, finance and product development at AT&T Wireless, BellSouth International, and Nokia Siemens Networks.  Since 2004, Mr. Kantor has focused exclusively on the development of private wireless data network technology & services for mission critical industries including electric utilities, oil & gas, defense, and transportation. http://www.fullspectrumnet.com

Comments are closed.