Why Information Technology is Important

This essay will reflect on the importance of the Information Technology sector and why it is the most important sector of Critical Infrastructure in the United States. In the following essay there will be references made to articles and documents from government agencies and Information Technology Sector specific experts displaying the interconnected role that Information Technology has with all other sectors and why it is vital that Information Technology be a priority for protecting national security and vital resources. Many cyber-attacks are not catastrophic on their own but can have devastating results when combined with physical attacks. Terrorists can use cyber-attacks to disrupt emergency responses before physically attacking their targets. Information Technology: The Most Important Critical Infrastructure Sector

Introduction

The United States has a vested interest in protecting all sectors of its Critical Infrastructure, with many directly and indirectly impacting each other like dominos closely laid out on a board. The Information Technology Sector sets itself apart from the others due to its essential role in every other Critical Infrastructure Sector. The Information Technology Sector is the most important sector of Critical Infrastructure in the United States due to every other sector’s reliance on information technology for maintenance and protection of electrical grids, protection from security breaches including compromises to secure networks and financial institutions, and the protection of public goods such as water treatment facilities and nuclear plants.

A compromise in the Information Technology Sector can be used by terrorists, criminal enterprises, and rogue hackers to cause catastrophic damage to the aspects of life that citizens rely on for everyday functions such as energy and clean water in their homes, access to banks without fear of fraud or compromises in financial markets, and the ability to live without fear of potential terrorist attacks due to stolen classified documents or sabotaged nuclear plants. In his article “Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats:”, James A. Lewis says that while cyber-attacks are never as dangerous as physical attacks, they are far cheaper to carry out and can be used more frequently (Lewis, 2002).

Electrical and Nuclear

In his 2002 article on cyber-security James A. Lewis noted that predictions from intelligence analysts show that attacks on electrical grids are often a primary target for terrorists in order to disrupt and weaken American infrastructure. Lewis referenced a cyber-security survey that showed that seventy percent of power companies in the United States had suffered what was classified as a “severe attack” in the first half of 2002 alone. While he noted that none were catastrophic or led to major disruptions in life, he did note that a coordinated attack on multiple facilities at once would have the potential to cause severe damage. The danger of cyber-attacks lies in the ability for terrorists to disrupt emergency signals and responses before physically attacking their target. Lewis referenced the 1997 U.S. Cyber Exercise code-named “Eligible Receiver” that showed it was possible for the 911 emergency response system to be temporarily knocked off-line from a flood of coordinated calls that overwhelm the system. While on its own this can be quickly fixed it can be a force-multiplier if a well-timed terrorist attack is carried out while the system is down.

Cyber-terrorists also pose a threat to nuclear facilities within the United States. Page Stoutland, Vice President of Scientific and Technical Affairs for the Nuclear Threat Initiative, wrote in his 2018 article, “Cyberattacks on Nuclear Power Plants: How Worried Should We Be?”, that Russia utilized cyber-terror tactics against the United States’ nuclear power plants, electrical plants, and water treatment facilities from 2015 to 2017 and even infiltrated the business systems of the Wolf Creek Nuclear Facility located in Burlington, Kansas (Stoutland, 2018). A new form of malware, called TRISIS, has also been discovered in the Middle East. TRISIS can target the industrial controllers used for safety in critical applications in nuclear plants (Stoutland, 2018). This poses a huge threat to nuclear plants due to the possibility of terrorists utilizing the malware to override safety procedures and cause plants and the reactors to malfunction.

Water Treatment Plants

Water plants are especially susceptible to terrorist attacks due to the psychological terror that would stem from citizens losing access to clean drinking water. Water facilities, dams, reservoirs, and pipelines are vulnerable to cyber-attacks due to the hacking of computer control systems. While it would normally take an extremely large quantity of explosives to cause catastrophic failure to a large dam in the United States, a cyber-terrorist theoretically could remotely access the computer systems and remove safety protocols or redirect water through different valves. In doing so a terrorist could cause massive flooding in the areas around the dam and cause massive damage to local infrastructure like bridges and nearby towns. One of the first instances of cyber-attacks on water systems occurred in Queensland, Australia in 2000. Police arrested a man for attempting to use a computer and radio transmitter to take control of the Maroochy Shire wastewater system. The man was attempting to hack into the system and release sewage into the areas nearby. If this attack were successful it would have contaminated the local area and struck fear into the population. Attacks on vital resources like water make citizens feel uneasy and skeptical about their government’s ability to protect the freedoms that they consider natural rights.

Financial Sector

Compromises to the financial sector can range from small-scale attacks on individuals in the form of fraud to large-scale attacks on entire banks or the stock market. With so much of the global economy relying on computer algorithms to process complex financial data, financial institutions are more vulnerable than ever to attacks from cyber-terrorists and criminals. Paul Mee and Til Schuermann, experts in their respective fields of cyber risk practice and financial services practice and contributors to the Harvard Business Review, predicted in their 2018 article that the next financial crisis like the 2007 to 2008 stock market crash will be the result of a sophisticated cyber-attack. Mee and Schuermann noted that cybercrime costs more than $1 trillion globally, over three-times the amount that natural disasters have cost in the record setting year of 2017.

Attacks on financial markets also have long-term psychological impacts on citizens resulting in a lack of confidence in the ability of the financial institutions to protects assets and funds, making citizens and businesses weary of trusting the banks with their money. Mee and Schuermann have even ranked cyber-attacks as the leading threat to the global business world due to the potential for long-term impacts to the market and the potential for a full-scale collapse from a well-coordinated attack. In North Korea there exists the Lazarus Group, nicknamed Hidden Cobra, which aims to sabotage banks, investment funds, ATM networks, the interbank messaging network known as SWIFT, and the Federal Reserve itself. An attack on any one of these institutions and services can cripple the financial market and devastate citizens and businesses that rely on them for access to their money without fear of losing it to hackers and terrorist organizations.

Classified Documents

Classified documents often contain information that is vital to national security and can have catastrophic consequences if the documents fall into the wrong hands. International espionage including the actions by whistleblowers within the government can cause unrest between nations, outrage from citizens, and inflammatory responses from terrorist groups. In 2013, Edward Snowden, an infamous United States whistleblower, stole over 1.5 million classified documents from National Security Agency (NSA) servers. It marked the largest security breach of classified documents in United States history and caused many problems for United States intelligence services.

Another issue is the mistrust in the federal government among the private sector companies that they partner with. The Government Accountability Office (GAO) found that the United States government was doing a less than satisfactory job of protecting classified and/or sensitive information up to the standards of the private sector companies that it partnered with. The GAO found that eighty percent of the public sector companies that the organization interviewed documented that their private sector partners are committed to executing plans and recommendations and providing timely and actionable information. On the other hand, officials from the public sector stated that the private sector companies needed to increase the rate at which they shared sensitive information. The GAO reasoned that many private sector companies are hesitant to share information with the federal government out of fear of the government mishandling the information and allowing it to be made public, which would result in large financial losses (GAO-10-628).

Conclusion

The Information Technology Sector is the most important critical infrastructure in the United States due to how many aspects of everyday life that it protects. Breaches in cyber-security can lead to catastrophic malfunctions in nuclear plants, water plants, electrical grids, financial institutions and markets, as well as leaks containing classified information that can wind up in the possession of terrorist organizations and criminal enterprises. No other critical infrastructure is as vital to the security of the other sectors as the Information Technology Sector.

References

1. Lewis, J. A. (2002, November 01). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats, 1-7. Retrieved February 06, 2019, from https://www.csis.org/analysis/assessing-risks-cyber-terrorism-cyber-war-and-other-cyber-threats
2. Stoutland, P. (2018, March 19). Cyberattacks on Nuclear Power Plants: How Worried Should We Be? Retrieved from https://www.nti.org/analysis/atomic-pulse/cyberattacks-nuclear-power-plants-how-worried-should-we-be/
3. Gleick, P. H. (2006). Water and terrorism. Water Policy, 8(6), 481-503. doi:10.2166/wp.2006.035
4. Mee, P., & Schuermann, T. (2018, September 14). How a Cyber Attack Could Cause the Next Financial Crisis. Retrieved from https://hbr.org/2018/09/how-a-cyber-attack-could-cause-the-next-financial-crisis
5. Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed. (2010, August 16). Retrieved from https://www.gao.gov/products/GAO-10-628
6. Review of the unauthorized disclosures of former National Security Agency contractor Edward Snowden. (2016). Washington?: U.S. Government Publishing Office, 2016. Retrieved from https://login.proxy.lib.fsu.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=cat05720a&AN=fsu.034936056&site=eds-live

Cite this page