In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Sabotage and Critical Infrastructure,” presented by Dyrk Greenhalgh, PSP, Vulnerability Assessment Analyst at UCOR LLC, Karl Perman, CEO at CIP CORPS, Nick Weber, CPP, PSP, PCI, Managing Partner at Archer International, and Scot Walker, PCI, Principal at Walker & Associates. Read on for what they had to say and don’t forget to register for GSX 2023!
Q: How did you become interested in your topic?
SW: I first became interested in the topic of protecting critical infrastructure from sabotage and attack when I worked for the Department of Energy on their Special Response Team, where we protected special nuclear material, and after 9/11 as a criminal investigator on the Joint Terrorism Task Force in Los Angeles, where we investigated pre-operational surveillance and suspected attacks on critical infrastructure.
In my experience, the preservation of critical infrastructure is essential for national security, public safety, economic stability, social order, and cybersecurity. Protecting and securing these systems is crucial for the well-being and prosperity of a nation and its citizens.
In a global sense, this is the first time in modern history that two superpowers like China and Russia have been decoupled from the global economy, making many countries’ critical infrastructure vulnerable to attack. Couple that with shrinking participation by law enforcement in securing critical infrastructure, and we have a recipe for a global disaster. Which is why protecting critical infrastructure from attack and sabotage is a vital challenge for the global security industry to solve in the decade of crisis, the 2020s.
Q: Tell us about your presentation and why should security professionals have this topic on their radar?
KP: Energy critical infrastructure is vital to the generation, transmission, distribution, and use of energy. These systems and assets are essential for the functioning of modern societies and economies and protecting them from damage is critical to ensure their continued operation. This session will feature subject matter experts from three ASIS International Communities; Investigations, Critical Infrastructure and Physical Security. These SMEs will provide insights into risks and mitigations related to sabotage of critical infrastructure.
Security professionals should be concerned with this topic in order to understand the various types of threats to critical infrastructure, including physical attacks, cyber-attacks, natural disasters, and equipment failures as well as protective measures to mitigate these threats.
Q: What advice would you give security professionals interested in this topic?
NW: My advice to security professionals is to understand what they are charged with protecting and how it functions. Without that base of knowledge, it’s impossible to accurately determine risk and apply appropriate controls.
Q: How do you see this issue evolving in the next 2-5 years?
DG: Data from the Office of Cybersecurity, Energy Security, and Emergency Response clearly shows a distinct, upward trend in the number and severity of intentional attacks against critical infrastructure. With additional publicity from attempted and successful attacks–much like copycat attacks for active shooters–those looking to sabotage power infrastructure know several facts: 1) Critical infrastructure is everywhere. 2) Critical infrastructure does not have a large physical security footprint. 3) Critical infrastructure is easy to affect (e.g., vehicles, tools, firearms; ingenuity is not required). 4) Saboteurs may choose the time and place of the attack without a large chance of discovery, and; 5) The results of utility disruptions can be large, long-lasting, costly, and highly publicized.
It is likely that major disruptions to critical infrastructure will become a domestic violent extremists’ method of choice for bringing publicity to their particular ideology. For example, cases of vandalism, physical attacks, and suspicious activity were nearly double in 2022 than what they were in 2020. The number of attacks for 2023 is higher than it was this time last year. For the purposes of foreseeing the potential future of infrastructure attacks, imagine coupling the remote capabilities of nefarious cyber actors with physical characteristics of using kinetic weapons and it doesn’t take a Hollywood script to see that holding a town’s critical infrastructure hostage is not outside the realm of possibility. We’re certainly not there yet, but there are no limitations to the creativity of a committed adversary. Security professionals and policy makers will need to work together to fund, train, and deploy novel approaches to disrupt attempted attacks, and mitigate those that are successful.