What are the vulnerabilities of critical US infrastructure, and how could it be protected from cyber-attacks?
DOI:
https://doi.org/10.26821/IJSHRE.12.10.2024.121003Keywords:
Cyber-security, Infrastructure Management, Critical Infrastructure, Internet of things, cybersecurity strategiesAbstract
This study explored six areas of US critical infrastructure and their vulnerabilities. In addition, the type of incidents where these infrastructures could be most vulnerable to attack. These incidents include Cyber-attacks, Natural disasters, and Physical attacks. The problem researched was to understand the critical infrastructure vulnerabilities in the United States. The purpose is to review factors that created these vulnerabilities and find ways to mitigate them. The digitalization of systems appears to have created vulnerabilities to the U.S. critical infrastructure. This study elucidated why critical infrastructure should be protected. In this study, we used a quantitative method approach with a non-parametric test specifically the Kruskal-Walli’s test to analyze various critical infrastructure areas highly vulnerable to an attack. This research is grounded in Evolutionary Theory. The Evolutionary theory argues that cyber threats constantly evolve; thus, cybersecurity mechanisms must continuously adapt to keep pace. The NIST Risk Management Framework “RMF” (NIST SP 800-53) was used to mitigate the risk. The possible impact of cyber-attacks on critical systems cannot be ignored. This study explored key cyber vulnerabilities facing U.S. critical infrastructure, as well as mitigation and remediation strategies. The rapid integration of Internet of Things (IoT) devices into critical infrastructure systems has exacerbated the attack surface. These devices often lack adequate security measures, making them easy targets for cybercriminals looking to infiltrate extensive networks. We compared the vulnerabilities amongst these vital infrastructures based on the nature of the attack. The result showed that the incidence of cyber-attacks was higher than physical and natural disasters. This research could benefit government agencies, critical infrastructure policymakers, and organizations that provide critical services. Also, this research could be adopted in academia to teach students who may have professional initiatives on how to manage critical infrastructure. Further research is needed in this field to understand the gaps in protecting these infrastructures.
References
Allianz Commercial (2016), Cyber-attacks on critical infrastructure. Expert risk article. Retrieved from https://commercial.allianz.com/news-and-insights/expert-risk-articles/cyber-attacks-on-critical-infrastructure.html. https://statescoop.com/new-york-775-million-cyberattacks-critical-infrastructure/
Butsianto, S., Nugraha, U., Anwar, M., Anwar, S., & Judijanto, L. (2024). Cybersecurity on the Internet of Things (IoT) Era: Safeguarding Connected Systems and Data. Global International Journal of Innovative Research, 1(3), 290–297. https://doi.org/10.59613/global.v1i3.39
Buenning, M. (2024). How Human Error Relates to Cybersecurity Risks [IT Editorial Expert Blog]. Retrieved from https://www.ninjaone.com/blog/how-human-error-relates-to-cybersecurity-risks/#:~:text=In%20the%20digital%20age%2C%20the,contribute%20significantly%20to%20cybersecurity%20risks.
Colonial Pipeline Cybersecurity Incident, (2021). Cyber case study: Colonial Pipeline Ransomware Attack. Retrieved from https://insurica.com/blog/colonial-pipeline-ransomware-attack/
Leandros et al (2018). Cyber security of critical infrastructures, 4(1), pg. 42-45. https://doi.org/10.1016/j.icte.2018.02.001.
SolarWinds Cybersecurity Incident, (2020). SolarWinds Cyberattack Demands Significant Federal and Private-Sector Response. Retrieved from https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic.
US Government Accountability Office “GAO” (2024). Cybersecurity for Critical Infrastructure. International Electrotechnical Commission [blog]. Retrieved from https://www.iec.ch/blog/cyber-security-critical-infrastructure-0
Verizon DBIR, (2021). Data Breach Investigations Report. Retrieved from https://www.verizon.com/about/news/verizon-2021-data-breach-investigations-report
Zero Trust Solutions, (2023). Cybersecurity Theory Review. Retrieved from https://www.linkedin.com/pulse/cybersecurity-theory-review-zerotrustsolutions#:~:text=Evolutionary%20Theory%3A%20This%20theory%20argues,to%20the%20evolving%20threat%20landscape.
