The smooth operation and maintenance of critical infrastructure are essential for societies to function. Today, we all take critical infrastructure for granted. Critical infrastructure serves us so well that we often don’t even notice it’s there. If critical infrastructure is weakened though, the consequences for societies can be serious.
Critical infrastructure, including communication networks, power grids and transportation systems, increasingly relies on modern digital technologies to operate. These technologies enable critical infrastructure to operate at a higher, more autonomous level. There are risks, however, in using digital technologies to maintain and run critical infrastructure. Chief among these is the risk posed by cyberattacks, which is why governments such as the US have established programs that address the role of cybersecurity in protecting critical infrastructure.
Identifying and protecting against cyber threats and vulnerabilities is crucial for the nation. The Cybersecurity and Infrastructure Security Agency (CISA), America’s cyber defense agency, identifies 16 critical infrastructure sectors “whose assets, systems, and networks, whether physical or virtual, are considered “vital to the United States”. CISA identifies the following 16 sectors of critical infrastructure:
- Commercial facilities
- Critical manufacturing
- Defense industrial base
- Emergency services
- Financial services
- Food and agriculture
- Government facilities
- Healthcare and public health
- Information technology
- Nuclear reactors, materials and waste
- Transportation systems
- Water and wastewater systems
The above list illustrates the extent of critical infrastructure and how far-reaching it is in society. If these physical or virtual assets, systems and networks were weakened or destroyed, it would have a debilitating effect on the nation’s security, economy and public health and safety.
To illustrate the importance of critical infrastructure, imagine if the transportation systems that move millions of people and goods across the country every day went down. Imagine if you couldn’t access financial assets such as your bank account. We would all realize very quickly the importance of protecting critical infrastructure if we couldn’t make payments online. More companies rely on online sales generated through their websites than ever before and the same is true of their customers.
Why cybersecurity is so important for protecting critical infrastructure
A cybersecurity program aims to protect the digital devices, systems and networks used in critical infrastructure sectors from unauthorized access, damage, disruption or theft. If security were breached, this could create problems such as blackouts, communication outages and transportation delays.
Cyberattacks on critical infrastructure are on the rise. The 2015 Ukraine power grid hack left hundreds of thousands of Ukrainians without power for hours. There were more major attacks on Ukraine’s critical infrastructure in 2016 and 2017.
In 2016, Hollywood Presbyterian Medical Center paid $17,000 in bitcoin to ransomware hackers. Hackers installed a virus that encrypted the Los Angeles hospital’s computer files. The hospital lost access to its computer systems for more than a week, and staff reverted to using pen and paper to keep records.
While the above examples illustrate the financial loss and inconvenience of cyberattacks on critical infrastructure, it’s clear that cyberattacks have the potential to pose serious threats, not only in terms of time or money. The disruption of services such as transportation systems and the possible threat to human life that could result from such a disruption is just one example of how serious a cyberattack could be on critical infrastructure.
Overcoming the problems of cyberattacks on critical infrastructure
Cyberattacks are problematic for critical infrastructure. Cyberattacks don’t come in physical form so they can’t be monitored for or managed in the same way a physical threat can. Cyberattacks can come from anywhere, at any time and without warning.
The methods and tools used for cyberattacks are always evolving. Hackers can therefore move the goalposts and put organizations that manage critical infrastructure at a significant disadvantage.
A further disadvantage is the use of outdated systems to provide cybersecurity. While hackers are improving their methods and sharpening the tools they use, critical infrastructure organizations might remain prone to security breaches if they don’t update and reinforce their cybersecurity systems.
Another problem is a lack of coordination. Critical infrastructure is managed by organizations in both the public and private sectors. For cybersecurity to be effective at protecting critical infrastructure, there needs to be a collaborative and coordinated effort between the sectors. If sectors don’t coordinate and share information with each other, there’s a greater risk of attack by cybercriminals aiming to find and exploit vulnerabilities in the systems.
What can a cybersecurity specialist do about it?
Alongside the technical skills required, cybersecurity specialists would be wise to promote a stronger relationship between the public and private sectors and encourage the open exchange of information between parties. Cybersecurity professionals should use their hard skills, such as penetration testing, ethical hacking and forensic analysis, in tandem with the leadership skills of those heads in the public and private sectors.
The role of cybersecurity in critical infrastructure protection is complex and often dependent on the devices, networks and systems in place to defend against cyberattacks. In broader terms though, it’s useful to approach the challenges posed by cyberattacks with the following in mind:
Pinpoint possible cyber threats and vulnerabilities
Ensure that you and your team are updated on the latest threats and vulnerabilities. Pinpoint potential weak spots in critical infrastructure.
Develop a risk management plan
Once you have identified the potential threats and vulnerabilities, create a risk management plan to moderate any risks.
Apply cybersecurity measures
Access controls, firewalls and intrusion detection systems help protect critical infrastructure against cyberattacks.
Run regular security checks
Running regular security checks helps strengthen your cybersecurity measures by identifying any gaps in the system.
Build a culture of security
Ensure all employees and stakeholders are aware of the importance of cybersecurity in protecting critical infrastructure. For a cybersecurity program to be effective and for its policies and procedures to be successful, all relevant parties should understand what is required of them and what their roles are in it.
Collaborate and share information
As mentioned above, collaboration and sharing of information between parties, especially different organizations and government agencies working on the same project, can be very useful in strengthening the cybersecurity of critical infrastructure.
How to become a cybersecurity specialist
Given the rise in cyberattacks and the continual emergence and adoption of digital technologies by businesses and organizations, now is a good time to consider a career in cybersecurity.
You might be new to the field with no prior knowledge, or you might be an existing security specialist, network specialist, software developer or systems engineer looking to advance your career in cybersecurity. It is clear that earning a degree and/or certificate give you a great advantage in securing your dream job in cybersecurity.
Take your career prospects to the next level with a master’s degree in cybersecurity
Completing a cyber security master’s program online through a reputable institution such as St. Bonaventure University (SBU) will prepare you for a range of advanced cybersecurity roles. Offered 100% online, SBU’s Master of Science in Cybersecurity can be completed from anywhere.
SBU’s cutting-edge curriculum and highly interactive courses are taught by experienced staff and faculty who are at the forefront of defending against real-world cyberattacks. The faculty’s extensive industry experience puts you at a significant advantage as you will not only develop the specific technical and soft skills needed to excel as a cybersecurity professional but also have access to insider knowledge on the latest technology trends within cybersecurity.
The course’s structure enables students to gain a deep understanding of cybersecurity and places them in pole position to succeed as professionals in the field. The curriculum provides students with the opportunity to gain an in-depth understanding of the following areas:
Foundations of cybersecurity, ethical hacking, penetration testing
Students start at the beginning, learning the fundamentals of cybersecurity, ethical hacking and penetration testing.
In this course, students analyze real-world examples of cyberattacks, including the effects of cyberattacks on businesses and the need for businesses to have a robust cybersecurity platform in place.
Looking at cybercrime and digital evidence, this course equips students with industry tools to perform forensic analysis. It both informs students about the kinds of cybercrimes out there in the world and teaches them how to prevent, detect and respond to them.
Data mining for cybersecurity
This course teaches students the fundamentals of data mining and how to apply various techniques to cybersecurity applications and topics.
Machine learning with applications in cybersecurity
Students extend their knowledge of machine learning and how to apply it to cybersecurity, including cybercrime prevention.
Risk management and system hardening and protection
Students learn the necessary skills to perform cyber risk management for organizations and how to stop potential system breaches once they are spotted.
Another great advantage to St. Bonaventure University’s Online Master of Science in Cybersecurity is the school’s partnerships with some of the best security vendors and educational institutes in the country. SBU’s partners include the Amazon Web Services (AWS) Academy, the EC-Council and the Cisco Academy.
Obtaining a master’s degree online is an excellent option, especially for people seeking flexibility in terms of location or who plan to work while studying. The course is 100% online, so you can log in anywhere. The program length means you could graduate in as little as 18 months and there is no GRE or GMAT required, so you can start the course as soon as you have been accepted.
If that weren’t enough to whet your appetite and you’re wondering what the career prospects are for a cybersecurity professional, it’s fair to say the future is bright. Nearly one in four employers prefer their candidates to hold a master’s degree, and that number is expected to rise as more people enter the field of cybersecurity. It’s also predicted that there will be 3.5 million unfilled cybersecurity positions by 2025. The unemployment rate for professionals in the field dropped to 0% in 2016 and has been at that rate ever since. The rise in cybercrime means there will be more than triple the number of job openings over the next five years.
Cybersecurity is an interesting and developing field of study, and its real-world applications are increasingly important to maintaining the functions that modern societies now depend on. With such an interesting field of study and such great career prospects, it really is a good time to consider a master’s degree in cybersecurity. Plus, the role of cybersecurity in protecting critical infrastructure is continually expanding, and your knowledge and expertise in the field will help to ensure the nation’s prosperity by safeguarding the critical infrastructure sectors that are essential for our society and way of life to function.