A Physical Security Imperative: Securing Critical Infrastructure

Attacks on critical infrastructure have doubled in the last year, with events such as the attacks on Ukrainian power companies, Colonial Pipeline and JBS Food, that have brought to light the necessity of critical infrastructure systems and networks to function properly for society to operate.

The impact of recent cyber attacks on power grids in the U.S. has been detrimental and widespread, demonstrating the imperative to protect resources that society relies upon daily. While many of these threats originate as cyber attacks, they quickly have a debilitating impact on physical assets such as electricity, cell towers, transportation, water and even healthcare systems. According to, a report released last year revealed that 89% of electricity, oil and gas, and manufacturing firms experienced cyber attacks impacting production and energy supply in the past 12 months.

Malfunction of one critical infrastructure has the potential to cause a disastrous chain reaction. Critical infrastructure resources may not be the first thing that comes to mind when one thinks of security, but they are often the largest target for those wanting to cause harm. While investments have been made in securing critical infrastructure, there continue to be vulnerabilities from all different types of threats as the landscape continues to expand and evolve.

Dr. Marisa Randazzo recently hosted Lt. Charnele Sanders, Special Projects Manager (Security and Integrity) at Great Lakes Water Authority on Women Who Protect, a series on the Protective Intelligence Podcast, to discuss:

MR: What does critical infrastructure mean and why is the protection of critical infrastructure assets so vital?

CS: People don’t think about it. It’s a part of who we are and what we do every day. I wanted to protect the foundation of who we are. Critical means it’s important – of the utmost importance – and infrastructure is the foundation of living. One way to look at it is, what are the first things you take out of your house if there’s a fire? Critical infrastructure is kind of that. What are the first five things that you need to survive as a human?

You have this infrastructure that is the foundation of who we are as humans and it’s all built on this critical foundation. If you’ve ever tried to build a deck, you first have to dig down then there are different layers before you get to the paver, maybe you need a retainer wall. When we think of critical infrastructure, you have to think of the foundation that allows humans to go throughout life. Those critical infrastructure sectors are water, electrical, and health – those are the top three – along with communication, like our cell towers. That’s what allows us to eat, work and live. So the protection of those things becomes important for Americans and humans in general. If you don’t have those things – take even one out – your quality of life changes drastically. 

We now have presidential directives that say which sectors are the important things that we have to protect as the U.S. in order for Americans to function. That’s something that people don’t think about. I always say ‘I’ve done my job if people don’t worry about flushing the toilet, turning on the faucet, or flipping the light switch.’ If they don’t think about it, that means that all of us in critical infrastructure security have done our jobs. 

MR: People aren’t aware that critical infrastructure assets are active targets for people that want to do us harm. What do you have to say about the active protection that is required behind the scenes?

CS: Citizens take it for granted when they turn on a faucet that water will be there. On a day-to-day level, people don’t realize these things require constant protection. They don’t think about it until something happens. Right now with the pandemic – food, agriculture, transportation – they all play a part in our supply chain. While it wasn’t an act of terrorism, our critical infrastructure was still affected. That’s why we have the laws that we have – to protect us and still get the supplies we need in order to live. It’s something we don’t think about when we go to the grocery store. The things we want and need are most of the time there and we can’t take them for granted. Be grateful it’s there, but be grateful for the people that are protecting it. It gives me appreciation for the things I have without ever having to think about all the stuff that was going on in the background in order to have it.

MR: Financial services is identified as a critical structure, however, some of these things aren’t solely owned by government agencies, they might be owned by private companies. How do you accomplish that networking liaison when you’re not just dealing with a government agency or local authority but dealing with private interests as well?

CS: I try to always remember what my main goal is – why I do what I do – which is to protect people. I have that as my main goal and when I sit down with anyone that I am seeking cooperation or assistance from, I make sure that they know that right from the beginning. At the end of the day, I want everyone to be able to go home and go to sleep at night then wake up the next morning and do it all again. That’s my goal for myself and for anyone who reports to me. No matter what chaos happens during the day, if we can all go home and sleep in our beds then I’ve done my job.

On top of that, I let them know that I’m there to cooperate with them. I’m here to be an assistant, an asset, a resource for you. We could be mixed with something owned by the state or the federal, or it may be owned by the local community, but I am a resource and I always want them to know that. Even going into something, trying to do it before there’s a reason to is huge. Introduce yourself, make the phone call, make the connection before you have to. That way when there’s an emergency, we already know who all the players are and we’re able to just jump in and do the job along with the shared goal of protecting people as a service.

MR: What guidance do you have for women who may be intrigued in this as a career path?

CS: There is a place for women in this field. In law enforcement, intelligence, protection – there is a place for you. Women are needed in this industry. Our minds work differently and being in a male-dominated field of intelligence, when I step into a room a lot of times I’m the only woman. That’s not okay. I am on a mission to change that. We have to have a seat at the table – and by that I mean multiple seats. We need to be a part of the conversation because we add value. If you are thinking about it, find a mentor. Find a strong woman who will tell you exactly what you need to hear. If you’re thinking about making this your career, stop thinking about it and go do it.

Looking to protect your organization from attacks on your critical infrastructure? Watch our on-demand webinar, How Financial Services Can Prepare for and Mitigate Cyber-Physical Attacks Against Critical Infrastructure’ here

The post A Physical Security Imperative: Securing Critical Infrastructure appeared first on Ontic.

*** This is a Security Bloggers Network syndicated blog from Blog Archive - Ontic authored by Taylor Mansfield. Read the original post at:

Secure Coding Practices