The definition of infrastructure in the United States has remained basically unchanged since the New Deal, when the federal government updated roads, railroads, and water supplies before World War II. At the time, communication technology was still in its infancy—radio broadcasting was the FCC’s sole focus—but in the past 25 years, digital communications have developed rapidly and have become the foundation of Americans’ daily lives. Unfortunately, the pandemic has revealed the main weaknesses of our modern communications infrastructure, including problems that the country must resolve before another disaster occurs.
Despite many revolutionary technological advancements, the U.S. government’s understanding of critical infrastructure has not yet developed after the 20th century, which makes many modern communications assets vulnerable to cybercriminals. The United States currently defines 16 critical infrastructure sectors as indispensable parts of the economy, especially considering “communication” and “information technology” as separate sectors. This approach is outdated in understanding today’s digital infrastructure. In the former category, the United States seeks to protect “terrestrial, satellite, and wireless transmission systems”, while the latter generally focuses on the “Internet.”
In the 21st century, especially in an era when national security is constantly threatened by domestic and foreign actors, network security requires a comprehensive, not isolated, understanding of digital communications. Today’s threat actors rarely target satellite dishes, cable lines, or cell phone towers for devastating attacks; nor do they attempt to shut down the entire Internet. Instead, they lock down hospitals and water treatment facilities, force companies or cloud services to go offline, and blackmail future product designs stolen from manufacturers’ servers.
For example, the FBI shockingly arrested a Texas man who allegedly planned a massive bombing of Amazon Web Services (AWS) data centers. Although private data centers may not be traditional “infrastructures,” AWS outages can cause massive Internet outages, causing millions of dollars in losses in a world dominated by e-commerce.
Now, think about the economic and political impact of Twitter, a social media platform. Last year, a teenager used virtual technology and chose the high-profile Twitter account for a Bitcoin scam—a huge, shameless hack that could have worse consequences. Earlier, a hacker used the Associated Press’s Twitter account to falsely claim that the White House had been attacked, triggering panic and plummeting in the stock market. Like AWS, Twitter does not fall under the traditional definition of “infrastructure,” but between these types of attacks and Twitter’s growing role in political communication, its importance to the US economy is undoubtedly immense.
Because our digital infrastructure is not as easy to visualize as the analog physical infrastructure it is replacing, we still have an old-school mentality about the systems on which our economy depends. This pandemic shows painfully that our economy is now heavily dependent on the powerful Internet; our digital infrastructure is the lifeline that enables people to continue their previous lives, facilitating everything from continuing to work and study to ordering food and obtaining toilet paper. all. Isolation and social distancing work largely because the Internet keeps everyone in touch with everything, even if we don’t use the roads, railways, and airports that we have traditionally relied on.
There is no better example than Zoom to illustrate the changing face of digital infrastructure. Overnight, an app became a household name. It supports virtual classrooms, meeting rooms, and even happy hour venues. On-site multi-person video conferencing is indeed the reason why many adults keep their jobs, and most children have been able to go to school in the past year. Is video conferencing technology a critical infrastructure? The bad guys certainly think so, as evidenced by the Zoom violation in which hackers stole 500,000 passwords in the early days of the pandemic and the multiple Zoombombing attacks that have attracted the attention of the FBI, everything from academic speeches to court cases has been destroyed.
AWS, Twitter, and Zoom are just a few examples of how critical digital infrastructure has evolved in recent years, far beyond the government’s previous definition of communications and information technology. Yes, hardware and software are still important, but cloud-based services and platforms are now the foundation of American life and the main target of malicious actors of any size or agenda.
During and shortly after the end of the Cold War, the United States was so worried about the nuclear end of the world and physical invasion that financial threats such as economic disruption and commercial extortion took a back seat. However, in the digital age, we may have less fear of hostile countries than sophisticated cyber thieves. A recent Verizon report noted that nation-state attacks accounted for only 10% of data breaches, and up to 86% of breaches were economically motivated.
Although the headlines focused on the intervention of Russia, Iran, and China in the digital realm, they distracted us from hackers taking the entire organization offline and blindly robbing them, and then developing real problems that threaten key communication channels. A hacker who successfully blackmailed a hospital might next target the digital records of a larger medical system, affecting countless patients before planning a larger future attack.
It’s time to change your mind. Digital infrastructure needs to be understood as a whole not only including basic communication hardware and extensive Internet, but also requires the government to fully support the protection of cloud services and platforms that are vital to Americans’ lives. In addition to providing security funds and technical support to vital organizations, legislators must also zero out hackers’ connections with organized crime and impose harsher penalties on those who attack digital infrastructure.
The Internet is a public resource-our most important infrastructure in the past year, is likely to be the foundation of everything we will build together in the coming decades. Starting now, we must do everything we can to protect the increasingly diverse elements of our digital infrastructure, because only with a comprehensive understanding of modern communications can we be ahead of criminals who destroy them for profit.
Caleb Barlow is the President and CEO of CynergisTek, a cybersecurity company focused on healthcare, working with more than 1,000 healthcare organizations on data security, privacy, and compliance.Before joining CynergisTek, Caleb led IBM… View full resume