The most vulnerable aspect of the U.S. critical infrastructure is the energy sector. Cyber threats are some of the most unpredictable due to constant technological advancement and innovation. Therefore, they are likely to become the first security concern of the priority list of the United States in the following years. It is undeniable that each sector in the nation is experiencing some sort of a shift towards digital operations. However, nowhere the transformation is as stark as in the processes associated with energy production and transmission. Power plants integrate new technology, including Artificial Intelligence (AI), which makes the operations time- and cost-efficient. However, despite the seeming advantages of more efficient asset management, this digital revolution has its downsides. For instance, the infrastructures in the energy sector have been developed years ago, which would make them harder to connect with innovative high-tech equipment. Furthermore, the increased rate of adopting automated control systems at power plants would make them particularly vulnerable to cyber-attacks.
As for the reasons why the energy sector is the most vulnerable part of the country’s critical infrastructure, there are three. First, it is an IP-intensive sector, which implies that even the smallest companies possess intellectual property. This is the main cause for espionage, and cyber-espionage, in particular. The number of potential attackers is substantially growing as well. Some of them include “nation-state actors seeking to cause (…) dislocation, cybercriminals who understand the economic value represented by this sector, and hacktivists” (Bailey et al., 2020, para. 2). Thus, it is apparent that the motives are varied and range from political and economic agendas to individual vendettas of activists.
The second reason is the fact that the energy industry’s attack surface is organizationally complex, yet not centralized in many organizations. Tal (2018) notes that America’s critical infrastructure could benefit a lot from not concentrating its largest portions in close proximity to one another. He adds that the energy sector seems to be the most vulnerable as “43 percent of America’s oil refineries are located along the Texas and Louisiana coasts” (Tal, 2018, para. 9). The third vulnerability stems from the efforts of officials to combine physical and digital infrastructure in the energy sector (Bailey et al., 2020). This leads to interdependency, which results in vulnerabilities related to exploitation, physical damage, and fraud. In addition, it is important to acknowledge the impact the COVID-19 pandemic has had on the energy sector. Energy suppliers are now at a higher risk of cyber-attacks as they have been forced to let go of some of its staff. Unfortunately, cyber-security departments could be under threat as they are often considered non-essential, especially by small and medium enterprises.
In terms of the ways to enhance security, they would include structural and non-structural measures. Structural efforts are the ones that require physical construction. An example is re-construction and the destruction of major physical parts of the transmission channels. This would signify the shift to end interdependency between physical and digital infrastructures in the energy industry. Another structural effort is the diversification of energy streams throughout the country via relocation. This ensures that the major portions of the industry are no longer geographically close. However, the challenge to centralize the process of production, storage, and transmission becomes even more prominent.
Non-structural efforts do not require construction, technology, or novel engineering solutions. Instead, they rely on intelligence, the legal system, awareness, as well as training. Bailey et al. (2020) argue that in order to address the vulnerabilities of the energy sector, it is crucial to take a three-pronged approach. First, companies no matter the size or scale have to make the cyber-security measures a priority and integrate them into the critical decision-making process. This could help organization to gather strategic intelligence, and, thus, to mitigate risks. Second, Bailey et al. (2020) propose “programs to reduce geographic and operational gaps in awareness and communication” as a solution (para. 3). This would develop a much needed culture of security within an organization. The third part of the non-structural approach would include collaborations between the major actors in the sector as a way of addressing the interconnectedness of physical and digital attacks.
The main concern regarding the United States’ borders is centered on the country’s Southwest region and the illegal immigrants from Mexico. National Immigration Forum reports that despite the common misconceptions, the Southwest border has never been more protected. Since 2006, the federal government has invested in building “nearly 700 miles of physical barriers along the 2,000-mile Southwest border, an all-time high” (National Immigration Forum, 2019, para. 1). In addition, advanced technology has been adopted to enhance security. Data demonstrates that the border crossings have decreased substantially to almost record low levels (National Immigration Forum, 2019). Securing the nation’s borders is exceptionally important for ensuring economic prosperity and national sovereignty. It protects the country from criminal activity, contraband, drug smuggling, and other threats to the safety of the public and the nation as a whole. In order to better secure the borders, the federal government must initiate an immigration reform, improve land ports of entry, invest in staff training, and reinforce the adoption of body camera by border security officers.
Bailey, T., Maruyama, A., & Wallance, D. (2020). The energy-sector threat: How to address cybersecurity vulnerabilities. McKinsey. Web.
National Immigration Forum. (2019). Border security along the Southwest border: Fact sheet. Immigration Forum. Web.
Tal, J. (2018). America’s critical infrastructure: Threats, vulnerabilities and solutions. Security InfoWatch. Web.