critical infrastructure

May 25, 2021
By Kimberly Underwood
Operating for just about 7 months, the Analysis and Resilience Center for Systemic Risk, or ARC, has a unique role in helping to protect industry-owned assets that have implications to national security if attacked by cybermauraders. Credit: Shutterstock/xtock

Stood up last October—the Analysis and Resilience Center for Systemic Risk (ARC), a nonprofit, Arlington-Virginia-based organization—helps to protect the nation’s infrastructure by assessing the endemic cybersecurity risks to the critical energy, financial and other private sectors. A 2013 executive order identified some assets—on which the U.S. government relies but reside in the private sector—that if compromised by cyber attack could have a catastrophic impact on national security.

January 27, 2021
Posted by Kimberly Underwood
As part of its cybersecurity and critical infrastructure protection role, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, or CISA, recently conducted a virtual exercise with Major League Baseball's Cactus League. Credit: Shutterstock/Debby Wong

This week, the cybersecurity arm of the U.S. Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, known as CISA, held a virtual exercise and preparedness event with Major League Baseball’s (MLB's) Cactus League. The event aimed to boost physical security and cybersecurity at training, practices and games this spring in Arizona, CISA reported.

June 24, 2020
By Kimberly Underwood
Air Force intelligence leader warns U.S. industry of growing risk from China's goal of intellectual property theft to undercut U.S. national security. Pictured, a F-35A Lighting II waits to taxi on the runway at Hill Air Force Base, Utah on May 20. Credit: U.S. Air Force photo by R. Nial Bradshaw.

U.S. adversaries are trying to take control of cyberspace as a medium, resulting in implications to our freedom of maneuver and access in cyberspace, says Brig. Gen. Gregory Gagnon, USAF, director of Intelligence (A2), Headquarters Air Combat Command (ACC), Joint Base Langley-Eustis. Increasing cyberspace activity is coming from China, Russia, Iran and North Korea.

“We are seeing it not just in volume, but we are seeing an expansion in the ways that they use cyberspace, whether it is to steal information, whether it is to directly influence our citizens or whether it is to disrupt critical infrastructure,” Gen. Gagnon reports. The general spoke at the AFCEA Tidewater chapter’s recent monthly virtual luncheon.

June 1, 2020
By Bryan C. Ward and Ryan D. Burrow
Hollis Roush, a Coast Guard Cadet intern at the Massachusetts Institute of Technology Lincoln Laboratories (MITLL), demonstrates a prototype representative industrial control system. Credit: Glen Cooper, MIT Lincoln Laboratory

Multiple decades of research have focused on building more secure and resilient systems by incorporating defensive techniques into computer systems. Such techniques range from enforcement-based defenses that apply some invariant to the execution of code on a machine to randomization-based defenses that enhance a system’s resiliency to attacks by creating uncertainty, diversity or dynamism in the internals of the system. Such defenses have evolved to address increasingly sophisticated attacks that bypass previous defensive technologies and minimize security-related overheads.

May 22, 2020
 

Leland Stanford Junior University, Stanford, California, was awarded a $30,114,182 cost reimbursement contract for a research project to study the securing of our national internet infrastructure using measurement, control, and verification for closed-loop control of networks, also known as the Pronto project. The Pronto project will research the creation and deployment of a network, to include 5G, under verifiable closed-loop control as an exemplar for others in government, industry, and education to replicate. Work will be performed in Stanford, California (17%); Menlo Park, California (68%); Ithaca, New York (8%); and Princeton, New Jersey (7%), with an expected completion date of May 2023.

March 23, 2020
 
Sandia National Laboratories’ Saturn accelerator, viewed through an artistic lens, tests countermeasures used to protect electronics against X-ray radiation from nuclear weapons. Laboratory officials have announced two new initiatives, one to protect the electrical grid, and another to help maintain a nuclear edge. Photo by Randy Montoya

To deter attempts to disable U.S. electrical utilities and to defend nuclear weapon systems from evolving technological threats, Sandia National Laboratories has begun two multiyear initiatives to strengthen U.S. responses.

November 18, 2019
By George I. Seffers
The data captured from lightning strikes around the world may help to secure the U.S. electrical grid from cyber attacks. Credit: Vasin Lee/Shutterstock

Monitoring global lightning strikes could help detect cyber attacks on the U.S. electrical grid, according to Georgia Institute of Technology researchers who have a patent pending to do just that.

Lightning strikes roughly 3.5 million times per day on average. Each and every strike creates an electrical path miles tall that emits a very low frequency radio signal. Those signals bounce off the upper atmosphere and can be detected virtually anywhere in the world, explains Morris Cohen, an associate professor in the Georgia Tech School of Electrical and Computer Engineering.

August 27, 2019
Posted by Kimberly Underwood
The one-year old Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security is coordinating the protection of the nation’s critical infrastructure. Credit: Shutterstock/Imfoto

The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, known as CISA, is charged with coordinating the protection of America’s critical infrastructure from cyber as well as physical attacks. Director Christopher Krebs recently released the agency’s top operational priorities. CISA, which was created in November 2018, will initially tackle supply chain risks, election security and industrial control system security, among other measures, according to the document, Cybersecurity and Infrastructure Security Agency: Strategic Intent.

April 1, 2019
By Kimberly Underwood
Given that one of the water sector’s challenges in protecting infrastructure from cyber attacks is cost, research is needed into affordable security measures for control systems. Credit: Daniel Jedzura/Shutterstock

The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities, given local-level water processing operations.

Along with physically securing its critical infrastructure, the water industry has to leverage available tools to protect against cyber attacks, an expert says.

April 1, 2019
By Robert K. Ackerman

The growing interconnection among the elements of the critical infrastructure may hold the key to safeguarding it against an increasingly sophisticated threat picture. Many elements of the critical infrastructure depend on each other, and securing them in a coordinated endeavor holds promise for combatting adversaries who are targeting it on a daily basis.

April 1, 2019
By Robert K. Ackerman

A 2018 exercise developed by the Army Cyber Institute at West Point and hosted by the city of Houston provided participants with a full view of potential critical infrastructure crises while also offering a path to security and resiliency. Known as the Jack Voltaic 2.0 Cyber Research Project, the exercise exposed critical infrastructure issues to 200 participants from 44 organizations.

October 20, 2018
By George I. Seffers
Credit: daniel_diaz_bardillo/Pixabay

Officials with the U.S. Defense Department and Department of Homeland Security recently signed a memorandum of understanding outlining a partnership that will allow the Defense Department to take a greater role in sharing intelligence and proactively defending the nation’s critical infrastructure, including next week’s mid-term election.

The Defense Department’s unique role in assessing foreign threats means that it often has information that could benefit the other departments and agencies, the defense industrial base and others with a role in defending the nation’s critical infrastructure.

October 1, 2018
By Robert K. Ackerman
The Inmarsat-5 satellite provides flexible global coverage from geosynchronous orbit. Inmarsat is one of the commercial systems the Defense Information Systems Agency (DISA) uses to provide global connectivity to U.S. forces overseas.

The Defense Information Systems Agency, or DISA, is applying both traditional and innovative infrastructure protection methods to its worldwide networking for U.S. defense installations. In some cases, conventional methods can hold services together. But in others, especially with cross-border telecommunications, DISA must secure its commercial connectivity without the benefit of the authorities inherent in a host country agency.

New ways of commercial networking widen the threat picture. Variety is the spice of vulnerability as networks evolve with innovative approaches. Having the right information for a network architecture is vital to moving information across global ranges, according to DISA officials.

September 1, 2018
By Lt. Gen. Robert M. Shea, USMC (Ret.)

President Donald Trump’s recent call for a U.S. Space Force that would potentially be on par with the Army, Navy, Marine Corps, Air Force and Coast Guard shows a renewed recognition of the importance of space. This presidential proclamation has been met with varying responses. Regardless of one’s position on the topic, it begs for a discussion that is long overdue. The Commission to Assess U.S. National Security Space Management and Organization, often referred to as the Rumsfeld Commission, put into place more than 17 years ago a solid set of findings and recommendations on national space policy. Some of the recommendations have been adopted, while others have fallen by the wayside for a variety of reasons.

April 9, 2018
Posted by George I. Seffers
The U.S. Department of Energy has released a request for proposals for at least two next-generation exascale supercomputers. Credit: dlohner/Pixabay

U.S. Secretary of Energy Rick Perry today announced a request for proposals potentially worth up to $1.8 billion for the development of at least two new exascale supercomputers, to be deployed at U.S. Department of Energy (DOE) National Laboratories in the 2021-2023 timeframe. Among other benefits, the systems will help nuclear security, a major piece of the nation’s critical infrastructure.

February 1, 2018
By George I. Seffers
Ultimately, lessons learned and technologies developed under the Next Generation Cyber Infrastructure Apex program will benefit other critical infrastructure industries, such as oil and gas.

Within the next 12 months, a fledgling program at the U.S. Department of Homeland Security will likely begin transitioning cybersecurity technologies to the finance sector in an effort to shore up the nation’s critical infrastructure. Technologies developed under the program ultimately could be made available to other sectors.

February 1, 2018
By Erwin Gianchandani and Meghan Houghton
Much U.S. infrastructure is in disrepair and needs to be replaced. Cities across the nation are embracing smart city connectivity to improve not only electric or water systems but also overall efficiency and quality of life.

The U.S. infrastructure increasingly shows signs of aging, posing a threat to essential services. These conditions put the United States at a crossroads. Governments at all levels, working with the private sector, can either design the infrastructure of the future—one that will intelligently support community services and resident needs for decades to come—or continue to apply just-in-time repairs to the strained system.

February 1, 2018
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The United States cannot adequately secure its entire critical infrastructure. The infrastructure is too broad and complex. Much of it consists of highly vulnerable legacy software running older supervisory control and data acquisition (SCADA) systems. But the nation can take steps to address vulnerabilities in key areas and mitigate losses in others.

February 1, 2018
By Kimberly Underwood
 The European Union Agency for Network and Information Security, or ENISA, plays a collaborative role to bring Europe together to improve cybersecurity.

Europe is taking on several socio-technological initiatives, including developing a digital single market and tackling consumer financial services reform. Add the need to balance privacy concerns and safeguards across 28 member countries of the European Union, and it may seem like a tall order for policy makers to help strengthen information security.

Enter the European Union Agency for Network and Information Security, the European Union’s cybersecurity agency known as ENISA. The agency, founded in 2004, equips the European Union (EU) to prevent, detect and respond to cybersecurity problems.

February 1, 2018
By Kimberly Underwood
The distinctive collegial nature of universities makes them susceptible to cyber attacks, experts say. Credit: Jorge Salcedo/Shutterstock

Although universities can be part of larger cyber attacks as unwitting victims like any other organization or enterprise, the institutions are distinguished by a collegial nature that renders them vulnerable. Academia has a more open atmosphere and a mindset of research and collaboration, making universities an enticing cyber target even for adversaries such as nation-states

February 1, 2018
By George I. Seffers
A new project led by Lawrence Livermore National Laboratory aims to use distributed energy resources, such as customer-generated solar power, to enhance the electrical grid’s ability to recover quickly from blackouts or cascading outages. The work is funded through the U.S. Department of Energy’s Grid Modernization Initiative.

A new project headed by Lawrence Livermore National Laboratory aims to use microgrid resources to boost the electric grid’s ability to bounce back more rapidly from blackouts or cascading outages, such as those following major storms or earthquakes.

In less than three years, researchers will attempt to demonstrate the potential of distributed energy resources, including the energy produced by solar panels on homes, to help restore power to the grid from scratch, an effort commonly known as a black start. The black start process is now done manually using special generators that can provide power to slowly bring other generators back online.

October 12, 2017
 

On September 29, 2017, 3e Technologies International Incorporated, Rockville, Maryland, was awarded a $16,163,099 modification to a previously awarded cost-plus-fixed-fee, firm-fixed-price contract (N00174-16-C-0046) to exercise option year one for continued implementation of a facilities critical infrastructure control and monitoring system interface to the Navy Virtual Perimeter Monitoring System that will allow for monitoring and control of critical facility infrastructure for potential operating hazards or intrusions.

October 1, 2017
By George I. Seffers
A single cyber attack could cripple an entire city, such as New York, which helps fuel the national economy, experts warn.

With the Internet of Things promising—or perhaps threatening—to connect many more millions of devices, experts from industry, government and the military are urging action.

The critical infrastructure covers a lot of territory, including banking and finance, gas and oil, health care, agriculture, water distribution, transportation, communication, law enforcement and emergency services. Many outdated and poorly secured computers, experts say, operate a great deal of that infrastructure. Additionally, commercial or private entities own the vast majority of the infrastructure, meaning that government has little authority to protect it.

September 7, 2017
By George I. Seffers
Rep. Adam Schiff (D-CA) speaks during the Intelligence and National Security Summit.

The U.S. federal government has not yet told state-level election officials whether their election systems were hacked by the Russians.

September 6, 2017
By George I. Seffers
Tom Bossert, assistant to the president for homeland security and counterterrorism, speaks at the 2017 Intelligence and National Security Summit.

A cyber strike may not be the most effective deterrent against adversaries, Tom Bossert, assistant to the president for homeland security and counterterrorism, National Security Council, told the audience at the 2017 Intelligence and National Security Summit in Washington, D.C.

If a “bad actor” is engaging in increasingly unacceptable behavior, he said, “I think what we’ll have to do is punch him in a way that’s real-world and not cyber-world.” Deterrent actions will be “commensurate with the expense” and also will be done in such a way that it will not “create a long-term escalatory posture.”

January 1, 2017
By George I. Seffers
The U.S. Department of Homeland Security offers free training designed to help protect the nation’s critical infrastructure, including the electrical grid.

The U.S. government is expanding and enhancing training on how to protect the nation’s critical infrastructure from both cyber and physical attacks. 

For more than a decade, the U.S. Department of Homeland Security (DHS) has offered a wide array of free training programs to government and private-sector infrastructure owners and operators. Critical infrastructure provides the essential services that underpin American society and serves as the backbone of the nation’s economy, security and health. It includes defense, transportation, finance, communications and other sectors.

February 1, 2017
By Maj. Gen. Earl D. Matthews, USAF (Ret.)

Now that Donald Trump has become the 45th president of the United States, he will be exposed to the nation’s soft underbelly: cybersecurity. Given rapid advancements in information and communication technologies, continued coupling of the digital domain with the physical world and advanced persistent threats, critical infrastructure protection poses a major challenge for the United States. 

This is where the president should focus his efforts. But is either the Department of Homeland Security or the Defense Department the right agency for cyber protection?

November 28, 2016
By David Young

When we think about critical infrastructure, specifically the sectors the Department of Homeland Security has deemed essential to the wellbeing of the country, rarely does the idea center on public networking assets to support critical infrastructure. But a rapid transformation of network technology and security improved processes so that agencies now can take advantage of combined public and private networking to accomplish information technology goals.

November 17, 2016
By George I. Seffers
Experts debate whether a cyber attack against common information systems or industrial control systems would be more lethal. Photo by Bob Goodwin

U.S. military and civilian experts on protecting critical infrastructure control systems debated whether a cyber attack on common information systems or on industrial control systems would be more deadly in response to an audience question at the AFCEA TechNet Asia-Pacific conference in Honolulu.

November 14, 2016
By David Young

The Department of Homeland Security’s Critical Infrastructure Security and Resilience (CISR) month serves as a reminder to not only understand, but appreciate, the various critical infrastructure sectors that play vital roles in the national and economic security of the United States. As a veteran of the telecom industry, my focus is to support those network infrastructure centers underlying these sectors. How do we improve networking capabilities within these sectors, not only addressing today’s complicated requirements, but allowing for continued innovation?

By David Young

Discussions about the nation’s critical infrastructure usually focus on aging networks, some more than 50 years old. A most stunning fact was highlighted in a recent a Government Accountability Office report, which revealed some Defense Department control systems still use 8-inch floppy disks to store data related to nuclear operations.

October 28, 2016
By Sandra Jontz
Better cybersecurity begins with everyone getting better at assessing risk, said Bob Kolasky (c), deputy assistant secretary for infrastructure protection at the Department of Homeland Security.

Efforts to increasingly digitize networks that run the nation’s critical infrastructure enterprises also are boosting attack surfaces and vulnerabilities in an enduring cybersecurity contest in which hackers target those weaknesses with an elevated furor, experts admonished during a panel discussion on the issue.

October 31, 2016
By David Young

The strongest assembled securities available today can’t fully safeguard the nation’s critical infrastructure assets. But the good news is that these vulnerabilities are front and center on official radars and primed for increased attention. For starters, the Department of Homeland Security (DHS) has designated November as Critical Infrastructure Security and Resilience (CISR) month.

August 3, 2016
By George I. Seffers
A TechNet Augusta panel discusses critical infrastructure protection.

AFCEA TechNet Augusta 2016
The SIGNAL Magazine Online Show Daily, Day 2

Quote of the Day:
“There isn’t a warfighting function that isn’t impacted by cyber, so securing, operating and defending the Army portion of the DODIN is a core warfighting capability.” —Ronald Pontius, deputy to the commanding general, U.S. Army Cyber Command and Second Army

On day two of the AFCEA TechNet Augusta conference, cyber experts from across the military and industry openly and bluntly discussed the challenges of cybersecurity.

August 3, 2016
By George I. Seffers
Corrupting GPS data can disrupt the power grid, says one expert at the AFCEA TechNet Augusta conference.

When a hacker talks about a novel way to disrupt the power grid, people listen. At least that was the case on day two of the AFCEA TechNet Augusta conference taking place in Augusta, Georgia.

Shawn Wells, chief security strategist, public sector, Red Hat Inc., who was once busted—and then hired—by the NSA for breaking into the networks at Johns Hopkins University, said he recently learned at a Department of Energy cyber conference about a creative technique hackers used to mess with power distribution.

Wells did not specify when the attack took place.

July 1, 2015
By Robert K. Ackerman
Part of the power grid is supported by electrical lines that carry power to customers through rugged terrain. Cybersecurity experts believe supervisory control and data acquisition (SCADA) systems may be the Achilles’ heels that allow malefactors to bring down such critical infrastructure via cyberspace.

A more diverse group of players is generating a growing threat toward all elements of the critical infrastructure through cyberspace. New capabilities have stocked the arsenals of cybermarauders, who now are displaying a greater variety of motives and desired effects as they target governments, power plants, financial services and other vulnerable sites.

But concerns come from not just evolving and future threats. Malware already in place throughout critical infrastructure elements around the world might be the vanguard of massive and physically destructive cyber attacks launched on the say-so of a single leader of a nation-state. Physical damage already has been wrought upon advanced Western industrial targets.

April 30, 2015
By Sandra Jontz
Before and after illustration of Lockheed Martin's GeoMI software to piece together a number of aerial photographs into one image. Without the software, the images fail to line up seamlessly.

Imagery captured from unmanned aerial vehicles (UAVs) can be up to 10 times less expensive than from manned aircraft or satellites, prompting government agencies and private farmers alike to investigate using the economical method to scan miles and miles, from power lines for infrastructure maintenance to railroads for servicing or acres of farmland for precision agriculture.

March 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The topic of critical infrastructure protection has been around for decades. In May 1998, President Bill Clinton issued Presidential Decision Directive (PDD)-63 on the subject of critical infrastructure protection. This represented a decision formally recognizing that key elements of our national infrastructure were critical to national security, the economic vibrancy of the United States and the general well-being of our citizenry. The PDD further highlighted the necessary actions to preserve and ensure the continuity of these critical infrastructures. In the wake of the terrorist attacks of September 11, 2001, President George W.

May 10, 2013
George I. Seffers

 
3e Technologies International Inc., Rockville, Md., is being awarded a $9,861,065 modification to previously awarded contract to design, develop, implement, test, deliver and install a functional and efficient facilities critical infrastructure control and monitoring system to increase infrastructure readiness and optimize critical systems, including energy and other systems. This SBIR Phase III extension effort is to integrate the technologies and concepts established under previous Phase I, II and III tasks with new and more advanced technologies and concepts. The Naval Surface Warfare Center, Indian Head, Md., is the contracting activity. 

September 17, 2012
George I. Seffers

 
3e Technologies International Incorporated, Rockville, Maryland, is being awarded a $9,923,241 contract for the design, development, integration, testing and implementation of critical infrastructure sensor network at government sites for the Naval Surface Warfare Center, Corona Division. Work will be performed in Commander, Naval District Washington. Naval Surface Warfare Center, Port Hueneme Division, Port Hueneme, California, is the contracting activity.  

June 6, 2012
By George Seffers

3e Technologies International Incorporated, Rockville, Maryland, is being awarded a $9,408,612 contract modification to design, develop, implement, test, deliver, and install a functional and efficient facilities critical infrastructure control and monitoring system to increase infrastructure readiness. This requirement is for Facilities Critical Infrastructure Control and Monitoring System to extend current Navy Virtual Perimeter Monitoring System capabilities for Naval District Washington.

May 16, 2012
By George Seffers

Booz Allen Hamilton Incorporated, Herndon, Virginia, is being awarded a $9,861,872 firm-fixed-price contract for the Survivability/Vulnerability Information Analysis Center to perform research and development in order to complete/deliver critical infrastructure facilities assessments to determine infrastructure vulnerability and survivability profile reports, critical infrastructure gap scenarios, and total life cycle management technology analysis reports. Enterprise Sourcing Group, Offutt Air Force Base, Nebraska, is the contracting activity.

September 29, 2011
By George Seffers

Booz Allen Hamilton Incorporated, Herndon, Virginia, is being awarded three  contracts. The first is a $24,966,507 cost-plus-fixed-fee, indefinite-delivery requirements contract to perform research and development in order to complete and deliver the "Emerging Leading-Edge Technological Advancement of Intelligence Surveillance Recon Capabilities Report", "Tactics, Techniques, and Procedures Report" and wargame/exercise lessons learned reports. These deliverables will be used to ultimately increase the situational awareness and survivability of the warfighter by helping them to better identify battlefield threats.