Who is responsible for securing the critical infrastructure?

Written By Todd Mitchell

Electrical grid, phone communications, gas and oil pipelines are all controlled via the internet. The valves open and close with Supervisory control and data acquisition (SCADA) technology that was created decades ago when there was no need for security. Now they need billions to update the infrastructure and apply cyber security. The government regulates this but the companies are all privately owned and for profit. So, they will not spend money unless forced to.

The most likely (SCADA) system to be targeted by terrorists is the Industrial Control Systems (ICS). The ICSs include water, power, and communication utilities. The management of these systems is often performed via remote dial in with no personnel on site (Bosworth, Kabay, & Whyne, 2014). These systems take on extra vulnerabilities with this improved technology (i.e. Stuxnet).

Unfortunately, based on the continued reports received by Trend Micro Zero Day Initiative (ZDI), vulnerabilities have been and will likely continue to plague SCADA systems for some time. In the last five years, 2018 saw the greatest number of known vulnerabilities, with 2019 coming in second.

I must disagree with the view that the security for less critical systems should be protected by the owner of the system. I would argue that the security of a small more affordable home is not left to the owner while the police only respond to the large rich home at the end of the street. I believe the government is responsible for the security and safety of our country, regardless of what form that may take.

References:

Bosworth, S., Kabay, M., & Whyne, E. (2014). Computer Security Handbook (6th ed., Vol 1 & 2, pp.55-2). Hoboken: John Wiley & Sons.

Todd Mitchell
Previous

What is the Internet of Things? Is it safe?
Next

Home Energy Management Systems