Natural disasters, from floods and bushfires through to earthquakes and hurricanes constantly remind us that critical infrastructure can fall over.
But what if those vulnerabilities were intentionally targeted?
Traditionally, we are used to dealing with unintentional outages of these services, such as those caused by a natural disaster. However, critical infrastructure may also be viewed as a "soft target" by those who wish to inflict major disruptions. And this is not a new threat: in 2003 the case against the first person to be found guilty of planning for a terrorist attack in Australia included plans to bomb part of the national electricity supply system1.
Failure in one area of infrastructure can also create outages in others – in a domino effect. For example, in March 2009, a power outage in the Sydney city centre forced the closure of both the Sydney Harbour Tunnel and the Eastern Distributor toll roads disrupting traffic during peak hour2.
According to Alexis Kwasinski, an assistant professor of electrical engineering at the University of Texas, power outages were the the biggest problem in disasters such Hurricane Sandy as they have ripple effects on other utilities, particularly telecommunications3. Street lights, mobile phone towers, curbside telecom cabinets are all dependant on grid power. This highlights the potential impact if such essential services were to be targeted by terrorism attacks, and underscores the need for government and commercial organisations to cooperate on the development and execution of holistic strategies to protect critical infrastructure.
Even more worrying, the increased dependence of critical infrastructure on IT systems, and the interconnectedness of those systems, means that critical infrastructure is increasingly vulnerable to malicious cyber attacks aimed at disrupting a whole city, state or nation.
In fact, the World Economic Forum's Global Risk Report 20124 ranks cyber attacks as the fourth top global risk in terms of likelihood. The report notes that cyber attacks, a massive incident of data fraud or theft, or an incident of massive digital misinformation could all lead to critical systems failure and eventual global governance failure. It says that hyperconnectivity is a reality: with over five billion mobile phones coupled with internet connectivity and cloud-based applications, daily life is more vulnerable to cyber threats and digital disruptions.
The report highlights the vulnerabilities created by this hyperconnectivity: the critical infrastructure that underpins our daily lives increasingly depends on hyperconnected online systems. While significant resources have historically been needed to cause devastating consequences for geopolitical or corporate powers, it is increasingly possible for skilled individuals to do so remotely and anonymously through networked computer systems.
- NSW Government "Secure NSW" case study: The conviction of Faheem Khalid Lodhi of terrorism offences in 2003 - http://www.secure.nsw.gov.au/Legislation/Case-study.aspx
- News.com.au report: "Chaos as blackout hit city's CBD" - www.news.com.au/top-stories/chaos-as-blackout-hit-citys-cbd/story-e6frfkp9-1225699582321
- IEEE Spectrum: Network Damage After Sandy Through The Eyes of A Disaster Forensics Expert - http://spectrum.ieee.org/tech-talk/telecom/security/network-damage-after-sandy
- World Economic Forum Global Risks Report 2012 - http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2012.pdf