Assessing critical infrastructure vulnerabilities

Industry experts discuss keys to safeguarding nation's assets at Anixter seminar


ATLANTA, Ga. -- In an age where many of the nation's utilities, communications networks and petrochemical facilities have become the targets of terrorists and cyber hackers, the evolution of critical infrastructure security is as important as ever.

Though terrorism may be the threat most think of when it comes to securing infrastructure, the process of assessing a facility's vulnerabilities go much deeper than that, according to Chris Jensen, national sales director for public safety technologies at Anixter. Jensen, a 25-year veteran of the Phoenix Police Department, spoke at Anixter's Protecting Critical Infrastructure seminar on Thursday in Atlanta.

"Who would have thought 20 or 30 years ago we would have plans in place for an active shooter scenario," he told the audience. "Who would have thought Times Square would become a terror target."

Indeed, the threats faced by critical infrastructure facilities run the gamut and include such things as accidents, vandalism, acts of sabotage by disgruntled employees, workplace violence, hackers, and copper theft. Natural disasters and terrorism both have the potential to have a tremendous impact on the operations of critical infrastructure, but their frequency is much lower than that of the aforementioned threats, according to Jensen.

These threats often times have the potential not only to impact the communities adjacent to where critical infrastructure facilities are located, but also could cause the widespread disruption of everyday life for people across the country. Jensen said that he recently took part in a security assessment for a major oil refinery in which if something were to happen to their pipeline, it could cause major headaches for people in four or five of the top 10 metropolitan areas in the U.S. Despite the fact that many strides have been made in the way security information is gathered and shared, Jensen said that it can still be better.

"There still are some chinks in the system," he said.

Jensen said that petrochemical facilities, utilities and ports are some of the most vulnerable critical infrastructure installations.

"If you take (a petrochemical, utility or port facility) out, it will have a big impact on the country," Jensen explained.

One thing that has stifled cooperation between the government and private businesses, which own 85 percent of critical infrastructure installations, is information sharing. Many businesses have been concerned that sharing information with the government could lead to the revelation of trade secrets and open them up to civil liability and regulatory fines. However, recently enacted rules from the Department of Homeland Security called the Protected Critical Infrastructure Information (PCII) program protects businesses who share information with the government from civil litigation and regulatory issues.

Another step taken by DHS to improve critical infrastructure security is the creation of grant programs. According to Jensen, there are five steps to successfully securing a grant for a security project which include; identifying specific needs and costs; finding the right grant to fund your project; researching information and explaining the need for the grant; writing the narrative to explain how the project will positively effect the community and how not following through will negatively impact it; and, submitting the grant in a timely manner. Among some of the reasons grant requests are denied are because of not following directions, asking for too much and failing to break down costs.

When it comes to emerging security technologies for the critical infrastructure market, Scott Bryan, systems engineer at Anixter, explained the importance of migrating to IP technology.

"It is critical to make yourself aware of what IP can do for you and what analog cannot," he said.

Though he said it would be difficult to ignore analog in the market due to the legacy systems already in place, Bryan said that a move to IP would be advantageous for critical infrastructure facilities in the long run.

This content continues onto the next page...