Article

Critical Infrastructure Threats – The Basics for Businesses

2024-06-13

Reading Time: mins

Imagine a day without access to water, electricity or the internet – unfortunately, these scenarios are becoming increasingly likely. Critical infrastructure, responsible for the smooth functioning of such systems, is becoming the target of progressively sophisticated attacks that can paralyse entire regions and affect the lives of millions of people.

On a day-to-day basis, we often do not realise how many systems maintain our economy, security, and health. We live in a world where technology tightly binds different spheres of our reality. This complex system of interconnected elements provides enormous benefits, but its failure can lead to unpredictable consequences. Protecting the key systems within this structure, known as ‘critical infrastructure’, is therefore of particular importance.

Although cyberattacks that cut off entire cities from energy supplies, hackers disrupting hospitals, or attempts to poison the population by remotely interfering with the chemical composition of water supplies sound like science fiction, they do happen. Critical infrastructure facilities must be protected against such threats. This is why states impose numerous obligations on the companies that are part of these systems.

In this article, we will explain what critical infrastructure (CI) is, why its protection is so important, and discuss some situations that strongly threaten it. Additionally, we will invite those involved in this area to join the stakeholder network and smaller companies to attend a dedicated training course.

What is Critical Infrastructure?

As stated, critical infrastructure is a term used to describe elements of infrastructure systems that are essential to the stable functioning of a country, its economy, national security, and public health. It includes physical facilities as well as information systems and telecommunications networks. Key areas include energy, transport, water and sanitation, health, communications, finance, and national security. In practice, the list is even longer.

Awareness of the threats facing these systems has led the European Union to devote considerable energy and resources to increasing the security and resilience of CI against both physical and cyber threats. One important initiative in this regard is the EU-CIP (European Knowledge Hub and Policy Testbed for Critical Infrastructure Protection), whose overarching ambition is to facilitate evidence-based action planning for decision-makers. To achieve this goal, an innovative, pan-European Knowledge Centre has been launched to foster information sharing and collaboration between all stakeholders. The centre also aims to influence policy-making and improve the state of CI protection and resilience through innovation.

Critical infrastructure stakeholders can already join the Knowledge Centre. For more information, visit eucip.eu.

From Lightning to Chaos

The importance of well-designed critical infrastructure protection strategies can be clearly illustrated by the 24-hour power outage in New York in 1977. At the time, society was already restless due to the poor economic situation, which particularly affected residents of poorer neighbourhoods. The outage had a domino effect, where the malfunction of one CI system (in this case the electricity supply) led to crises in others, plunging the city into chaos in a short period. As a result, 134 shops were looted, 550 police officers were injured, and 4,500 people were arrested. Losses were valued at more than $300 million (equivalent to $1.47 billion in 2022).

In the cited case, critical infrastructure failed due to natural causes – lightning strikes. Nevertheless, the widespread consequences of similar events make systems critical to the security of the state and its citizens a common target for planned attacks. Moreover, modern technologies enable such actions to be carried out fully remotely. An example occurred in Ukraine in December 2015, when the Russian-linked hacking group Sandworm disrupted the power grid, leaving some 225,000 people without electricity for several hours. This was the first known instance of a cyber-attack leading to a power grid shutdown.

From Blackmail to Panic

The attack on the Ukrainian grid was part of a hybrid war, but sometimes financial motivation is enough for such acts to occur. A high-profile case was the blocking of the Colonial Pipeline in May 2021. Hackers from the group DarkSide demanded a ransom to restore the systems of a private company. Colonial Pipeline is a key pipeline for the east coast of the United States, and the fuel transfer outage lasted six days. This resulted in public panic and massive fuel buyouts, exacerbating the crisis. It is worth noting that the attack may have occurred due to negligence in the security procedures of the pipeline owner's computer systems.

The unrest caused by the disruption of critical infrastructure is precisely what encourages attacks, whether they are politically or financially motivated. In politically driven cases, the aim is to destabilise the situation in the country, which is one of hybrid warfare tactics. While in financially motivated cases, the aim is to quickly extort large ransoms. The potential vulnerability of any CI system is well known. For instance, we have already witnessed attacks on hospitals (Düsseldorf, Germany 2020) and water supply network (Florida, USA 2021).

You might also be interested in this article:

Hybrid Threats – Contemporary Forms Of Exerting Political Pressure

 

Hybrid Threats

The increased pressure of cyber-attacks observed today in Europe, especially in its eastern part, including Poland, should alert us to the importance of safeguarding against such incidents. Smaller businesses can also be targeted by hackers aiming to destabilise the region and cause unrest. It is now easier to imagine the serious consequences of disruptions to services such as waste collection, sewage disposal, citizen's identity verification system, mobile telephony, the internet, or cashless payments.

We must be aware that the need for special protection applies to many entities, not only state-owned enterprises and large private companies of a strategic importance. Smaller businesses are also involved in the delivery of critical services and can be targeted as potential weaker links. Care needs to be taken with both a security plan and adequate safeguards, but also with the training of each employee, as sometimes a single human error can undermine the efforts of many. In our system of interconnected elements, a small gap can cause large-scale turbulence.

Is My Organisation Part of the Critical Infrastructure?

It is important to spread the idea that, to some extent, each of us impacts one another’s cyber security, and knowledge of cyber threats should be the basis for using modern technology. However, particular responsibilities fall on institutions categorised as critical infrastructure.

If you work in this area and would like to contribute to European strategic safety, we strongly encourage you to join the stakeholder group within the EU-CIP Knowledge Hub. By doing so, you will be able to influence the development of improved, evidence-based policies for critical infrastructure protection. To learn more, please visit this website: eucip.eu.

Moreover, the Polish Platform for Homeland Security offers a training course for Polish companies that fall into the category of CI, entitled ‘Critical Infrastructure – What an Entrepreneur Needs to Know’. During the training, participants will gain and systematise knowledge of concepts related to CI, facilities subject to mandatory protection, and the necessary plans, documents, and procedures required by law. If you are interested, please visit our training department's website.

Lukasz Kielban
Senior Communication Specialist
PPHS
ul. Slowackiego 17/11, 60-822 Poznan, Poland
ul. Slowackiego 17/11
60-822 Poznan, Poland
Tax ID: 7831618232
REGON No: 300294630
KRS No: 0000251345
Join our Newsletter!
Stay up to date with important news.
Freshmail*
SHIELD4CROWD has received funding from the European Union's Horizon Europe research and innovation programme under grant agreement No 101121171

Dołącz do naszego Newslettera!

Dołącz do PPBW

    Freshmail

    Przemysław Dobrzyński

    Starszy Specjalista ds. Komunikacji

    Dołączyłem do Platformy w listopadzie 2017 roku. Przez długi czas byłem odpowiedzialny za realizację krajowych i europejskich projektów związanych z bezpieczeństwem. W związku z dynamicznym rozwojem PPBW oraz powstaniem Działu Komunikacji, zająłem się promocją i upowszechnianiem rezultatów naszych działań.

    Obecnie koordynuję komunikację projektów finansowanych przez UE z obszaru bezpieczeństwa. Do moich obowiązków należy również zarządzanie kanałami online PPBW oraz wspieranie zespołu w bieżących pracach.

    Posiadam szeroki zakres umiejętności, który pozwala mi realizować różnorodne zadania, takie jak tworzenie treści (teksty, zdjęcia, wideo), planowanie strategii komunikacyjnych i procesów, budowanie społeczności i relacji, a także administrowanie platformami online.

    Join our Newsletter!

    PPHS's Trainings Contact Form

    Freshmail

    Przemyslaw Dobrzynski

    Senior Communication Specialist at the Polish Platform for Homeland Security

    I’ve been working at PPHS since November 2017. For a long time, I was responsible for implementing both international and national security projects. As PPHS developed and the Communication Department was established, I was promoted to a role focused entirely on communication.

    I currently serve as the Communication & Dissemination Manager for EU-funded security projects. My responsibilities also include managing the online channels run by PPHS and supporting the team with ongoing tasks.

    I have a broad set of skills, enabling me to handle a variety of tasks such as content creation (texts, photos, videos), communication and process planning, community and relationship building, as well as managing online platforms.

    Join Our Team

      Consent*
      Freshmail