Critical Infrastructure

Biden Administration Plans to Bolster the Cybersecurity of Water Systems Critical Infrastructure

zqureshi — Tue, 04 Jun 2024 16:35:21 +0000

Biden Administration Plans to Bolster the Cybersecurity of Water Systems Critical Infrastructure zqureshi June 4, 2024

In March 2023, the Environmental Protection Agency issued a rule requiring states to evaluate the cybersecurity of water systems during sanitation surveys. This rule was based on an interpretation of the Safe Drinking Water Act – part of the Biden Administration's broader national cybersecurity strategy, which urges all agencies, including those protecting critical infrastructure like water systems, to establish minimum cybersecurity standards.

However, the EPA’s rule faced legal challenges, leading to a temporary hold by a court in July 2023 after three Republican state attorney generals filed a petition to review it. These petitioners expressed concern that the rule infringed on states' rights and could lead to increased costs for consumers. Consequently, the EPA withdrew the rule last October, with the intention to seek congressional authority to enforce digital safeguards for water and wastewater systems. Currently, the Biden Administration is taking another look at whether the EPA has the authority in the standardization of cybersecurity mandates under which this rule falls.

Protecting Water Systems from Cyber Attacks

Water and wastewater systems are one of the United States’ 16 critical infrastructure sectors, making them a prime target for malicious actors seeking to disrupt or harm American life. Like transportation, energy, and other critical industries, our country’s 50,000 water systems face both universal and sector-specific threats. Prime among these threats is the systems’ exposure to the public-facing internet. Operational technology such as controllers and remote terminal units are often connected to the internet, making them vulnerable to attack.

Thus, regular cybersecurity assessments are crucial to assess and protect vulnerabilities within operational and information technology systems. Assessments can identify systems that require updates, restrict unauthorized users, and ensure data and systems are backed up. Similarly, it can be challenging to maintain system inventories and authorizations across such a vast network, making the entire process difficult to manage and protect.

Human error plays a considerable role as well. Users who don’t change default passwords leave systems open to unauthorized access, as was seen last December. A group affiliated with the Iranian government exploited wastewater networks in 16 states by hacking into the systems using a default password of 1111. Employees without proper cybersecurity awareness training can inadvertently become the weakest link in the security chain. These critical sectors, like all organizations, must develop and execute cybersecurity incident response and recovery plans to better mitigate cyber incidents.

The Road Forward

Despite the withdrawal, the EPA continues to advocate for the adoption of cybersecurity best practices in public water systems to ensure safe and reliable drinking water. In a March 2024 letter to U.S. governors, EPA Administrator Michael Regan asked states to voluntarily review cybersecurity programs within water systems, and the EPA is committed to providing technical assistance, including risk assessments, consultations, training, and funding.

The Biden administration has also stated its continued dedication to securing water systems against cyber threats, and this has been an ongoing, multifaceted effort for several years. They plan to pursue alternative legislative options to obtain the necessary authority from Congress for the EPA to mandate cybersecurity practices.

The decision to rescind the rule has been met with mixed reactions. Some state officials and water sector groups, such as the American Water Works Association and National Rural Water Association, welcomed the withdrawal, while also acknowledging the ongoing and real cyber threats to the water sector. These groups are pushing for a co-regulatory model and have proposed legislation to support cybersecurity in rural water systems. This model “would build on a similar process in the electric sector, maintain EPA oversight, ensure the engagement of water sector experts and protect sensitive information. It would also incorporate the public-private collaboration called for in the recent National Cybersecurity Strategy,” making it a viable option to explore for the protection of our water systems.

Protect Cybersecurity of Critical Infrastructure with Capitol Tech

Capitol Technology University offers degree programs in Critical Infrastructure that prepare students to protect the critical sectors of our nation’s infrastructure. Through cybersecurity education and facilities management training, our comprehensive curriculum sets students on the path to success in this dynamic field. For more information, contact our Admissions team or attend an information session.

Categories: Critical Infrastructure

Powering Up Our Defenses: The DOE Invests in Energy Sector Cybersecurity

emdecker — Tue, 02 Apr 2024 20:40:44 +0000

Powering Up Our Defenses: The DOE Invests in Energy Sector Cybersecurity emdecker April 2, 2024

The Department of Energy (DOE) recently announced a significant investment of $45 million into cybersecurity research for the energy sector. This critical funding aims to bolster the nation's defenses against cyberattacks that threaten our electricity grids, oil pipelines, and natural gas infrastructure. The urgency for such measures cannot be overstated. The energy sector is the backbone of our economy and daily lives, and a successful cyberattack could have crippling consequences, disrupting essential services and causing widespread crisis.

Understanding the Threat Landscape

In recent years, the energy sector has become an increasingly attractive target for cybercriminals and state-sponsored actors. The interconnected nature of our power grids and the growing adoption of digital technologies have created vulnerabilities that malicious actors can exploit. A well-coordinated cyberattack could disrupt power supplies, manipulate energy prices, or even cause physical damage to critical infrastructure.

The 2020 SolarWinds supply chain attack, which compromised software used by many electric utilities, serves as a stark reminder of the potential dangers. The attack highlighted the energy sector's interconnectedness and the potential for a single security breach to have cascading effects.

Investing in Energy Cyber Solutions

The DOE's $45 million investment is a positive step towards fortifying the energy sector's cybersecurity posture. The funding will be directed towards several research projects focused on developing innovative solutions to address current and emerging cyber threats. Some of the critical areas of research include:

Leveraging Artificial Intelligence (AI) for Enhanced Security: AI can be a powerful anomaly detection and threat identification tool. The research will focus on developing AI-powered systems that can continuously monitor energy grids for suspicious activity and identify potential cyberattacks in real-time.
Quantum Communication for Unbreakable Encryption: Quantum communication offers the potential for unbreakable encryption, making it extremely difficult for attackers to eavesdrop on communications or tamper with data. Research in this area will explore the feasibility of integrating quantum computing technologies into the energy sector's infrastructure.
Improving Pipeline and Grid Resilience: Research will target ways to improve the resilience of pipelines and electricity grids against cyberattacks. This could involve developing new methods for segmentation and isolation, as well as enhancing the physical security of critical infrastructure.
Workforce Development and Training: A skilled cybersecurity workforce is essential for protecting the energy sector. The funding will also support initiatives to develop a more robust cybersecurity workforce, including training programs and educational opportunities.

The Future of Cybersecurity in the Energy Industry

The DOE's investment in cybersecurity research is a crucial step, but it's just the beginning of a long-term series of efforts that are necessary, such as:

Collaboration: Effective cybersecurity requires collaboration between government agencies, energy companies, technology providers, and cybersecurity experts. Public-private partnerships will be essential for sharing information, developing best practices, and coordinating responses to cyber threats.
Standardization and Regulation: The Department of Energy has already made strides in establishing cybersecurity baselines for the electric sector. Continued efforts are needed to develop and implement consistent cybersecurity standards and regulations across the entire energy industry.
Continuous Improvement: The cyber threat landscape is constantly evolving. It's imperative to foster a culture of continuous improvement within the energy sector, where cybersecurity practices are regularly evaluated and updated to address new threats and vulnerabilities.

By investing in research, promoting collaboration, and fostering a culture of cybersecurity awareness, the DOE and other organizations can build a more resilient energy sector that is less susceptible to cyberattacks. This will safeguard our critical infrastructure and ensure a more reliable and secure energy future for all.

Cybersecurity Education at Capitol Technology University

Do you have a drive to protect our nation's most critical systems? Capitol Technology University offers programs in critical infrastructure where you will develop the skills needed to become a crucial line of cyber defense for our nation. Our program merges in-depth training in Cyber and Information Security, Critical Infrastructure, Computer Science, Artificial Intelligence and Data Science, and many more. Visit our website to learn more.

Categories: Critical Infrastructure

The Bridge Crisis in America

bcook — Wed, 16 Mar 2022 20:59:36 +0000

The Bridge Crisis in America bcook March 16, 2022

At the end of January, the Fern Hollow Bridge in Pittsburgh collapsed, injuring ten. About three weeks later, the arches of a pedestrian bridge in North Carolina collapsed less than a year after construction. According to the American Road & Transportation Builders Association (ARTBA), one in three U.S. bridges either needs repairs or to be replaced.

The Fern Hollow Bridge collapse is still being investigated and it may take upwards of 12-18 months until a full report of what occurred is issued. One of the potential causes may be that the bridge design is considered “non-redundant,” meaning if the paths to disperse stress place on the bridge fail, the entire bridge fails, reports Margaret J. Krauss for WESA, Pittsburgh’s NPR station.

University of Pittsburgh professor of structural engineering Kent Harries talked with Krauss and shared that, “…non-redundant bridges face restrictions on traffic flow, more stringent inspection guidelines, and more extensive inspection.”

The Fern Hollow Bridge had annual inspections, having been rated in “poor condition” for the last 10 years. Pennsylvania ranks 5th in the nation in percentage of structurally deficient (SD) bridges and 2nd in terms of largest number of bridges in poor condition on ARTBA’s Bridge Report. Every state, including Washington D.C. and Puerto Rico, has multiple bridges that are considered SD or in poor condition.

President Joe Biden arrived in Pittsburgh for a previously scheduled event at Carnegie Mellon University just hours after the bridge collapse.

“Biden promoted the bipartisan infrastructure law, which he said will allocate $1.6 billion to Pennsylvania for repairing and restoring bridges,” report Quint Forgey and Claire Rafford for Politico. “The law, Biden said, is also the largest investment in bridges since former President Dwight D. Eisenhower started the interstate highway system.”

Home to more than 400 bridges, the city of Pittsburgh has the most bridges of any city in the world, and with the Fern Hollow Bridge collapse serves as an example of just how important it is that bridges be maintained and updated appropriately.

According to ARTBA, “The government classifies a bridge as ‘structurally deficient’ if any one of the following bridge components are rated less than or equal to 4 (in poor or worse condition):

Deck condition
Superstructure condition
Substructure condition
Culvert condition.”

Over 43,000 U.S. bridges that are still in active use are considered SD and in poor condition. While this number has decreased from 47, 619 in 2017, ARTBA estimates it would take 30 years to fix all of the nation’s SD bridges.

In addition to the SD bridges, an additional 180,000 bridges are in need of some level of repair.

What is being done to ensure that collapses such as the Fern Hollow Bridge don’t continue to occur? As previously mentioned, the federal Infrastructure Investment and Jobs Act (IIJA), signed into law last November, provides states with additional resources to make improvements to infrastructure, including bridges. Under the act, more than $27.5 billion is being issued to states for bridge repair over the next five years. Additionally, a discretionary bridge program will provide $12.5 billion for projects through 2026.

“State DOTs can also use federal formula highway fund programs, such as the National Highway Performance Program and the Surface Transportation Block Grant Program, for bridge improvements,” states the ARTBA report.

In the Pittsburgh area, steps at the city-level for addressing the city’s bridges are also being implemented.

“Mayor Ed Gainey and City Councilor Corey O’Connor, whose district includes the area around Fern Hollow Bridge, introduced legislation to create an infrastructure commission,” reports Krauss. “That body will recommend how best to maintain and improve city-owned assets.”

Learn more about Capitol Tech’s degree programs in Security, Intelligence, and Critical Infrastructure. Several degree programs are available entirely online including a BS in Construction Management and Critical Infrastructure and a BS in Facilities Management and Critical Infrastructure. Also available are a master’s degree and PhD in critical infrastructure. For more information, contact admissions@captechu.edu.

Categories: Critical Infrastructure