Why It's Critical to Rebuild Infrastructure Securely

When it comes to infrastructure in the United States, opinions may differ on what should be prioritized, but everyone agrees that it's critical to improve the nation's roads, bridges, highways, broadband, and other public services. Before the $1.2 trillion infrastructure bill was signed into law on November 15, there was intense debate on funding and investment areas, but now that the bill has been enacted, we need to turn our attention to security-focused implementation. Infrastructure needs to be built for the digitally driven, hyperconnected world we now live in. Virtually every area in the new infrastructure law has existing cyber dependencies. Addressing and securing these interdependencies will become even more important as areas such as operational technology (OT), the Internet of Things (IoT), 5G, and edge computing technology expand.

When it comes to infrastructure like roads and bridges, cybersecurity may not be the first thing you think about, but digital networked technology is ubiquitous, working behind the scenes. For example:

• Roads and bridges have traffic and stress sensors to improve performance and safety
• Public transportation, rail, and airports incorporate automation and networks to keep everything running smoothly and safely.
• Water, power, and other utilities depend on countless networked control systems. Some of these already have been exploited by threat actors, and many of the small utilities they target are systemically underprepared.
• Broadband services vary in security both at the service provider level and especially at the end user level. As we move towards universal broadband availability, it will vital to ensure that this service meets basic levels of security to ensure that it benefits its intended users rather than becoming a powerful platform for threat actors.

Cybersecurity Is the Key to Success

Key to the success and impact of the infrastructure act will be a focused effort to embed cybersecurity into the heart of every digitally connected project. Building infrastructure is an investment in the foundational sinews of our nation, and security is foundational to this effort. Without security within these systems and at every point of connectivity between them, our infrastructure won't become stronger; it will be more vulnerable.

Leaders must recognize that everything is getting smarter and more interconnected, and that the speed and breadth of this transformation  is increasing. A hyper-connected national infrastructure that encompasses everything from highways to water treatment and the energy grid will soon become the standard, and it will touch the devices that individual citizens rely on to work, learn, and communicate.  Smart cities, highways, energy systems, and communications networks are not coming soon, they are forming daily. The time to update our approach to securing these  networks and infrastructure is now.

The infrastructure law presents an opportunity to improve the safety and security of our nation’s physical and digital infrastructure. Some of the benefit this investment is likely to bring cannot yet be predicted, just as few would have forecast the transformational impact of the 1956 creation of the Interstate highway system on American life.  Doubling down on the value and need for cybersecurity across the range of infrastructure investment activity that will be forthcoming can serve as a vital catalyst and an incentive to improve the strength and security of all networks. Standards need to be dynamic and mutable, capable of being updated as technology and threats evolve. Security should be modular and dynamic, since some of the infrastructure we will embed it in is likely to be with us for a very long time and to be used for currently unimagined purposes. As products and services become available that to secure this infrastructure, these capabilities are likely to become mainstream capabilities for public, private sector, and individual use as well.  

Alarming statistics like an 1100 percent increase in ransomware attacks and trends in ransomware settlements are drawing greater attention and awareness to the escalating threats networks now face. The networks that power the nation's infrastructure simply cannot be allowed to be at risk. With networks both hyperconnected and stretching from the cloud to users, and devices connecting from anywhere, there are more points of access and of vulnerability than ever before.

As the infrastructure act’s investment unfolds over the next five years, the improvements and benefits it brings will be many, but both the public and private sectors must recognize that taking a cybersecurity-centered approach will be critical. The digital nature of our upgraded infrastructure will bring both risk as well as opportunity, and we should ensure that we address both. It is more efficient and economical to do so now as we plan these infrastructure upgrades rather than have to play catch up to the evolving cyber threat.

Jim Richberg is public sector field Chief Information Security Officer (CISO) at Fortinet.