Infrastructure protectionReframing Infrastructure Security

Published 2 June 2021

Infrastructure has always been a target in warfare, says Mikhail Chester, an ASU professor of civil and environmental engineering. “Think about military aircraft dropping bombs on bridges or railroad lines,” he says. Chester points to the recent ransomware attack that shut down one of America’s largest fuel pipeline networks. “This kind of problem is growing, and it can’t be solved through remedial repairs to old infrastructure,” Chester said.

Infrastructure has always been a target in warfare, according to Mikhail Chester, an associate professor of civil and environmental engineering at Arizona State University.

Think about military aircraft dropping bombs on bridges or railroad lines. But battles today are not just army versus army. They are society versus society, and this change means we need to change how we think about infrastructure.”

Chester points to the recent ransomware attack that shut down one of America’s largest fuel pipeline networks. The incident sparked surges in the price of gasoline, panic buying and several days of shortages across the southeastern United States.

“This kind of problem is growing, and it can’t be solved through remedial repairs to old infrastructure,” Chester said. “We need to take a step back and ask what a pipeline is in 2021 or in 2100. Yes, it’s a means to move fuel. But it’s also a network of sensors and an information conduit, and that integrated purpose makes it both valuable and vulnerable amid intensifying global competition and conflict.”

Chester and his faculty peers in the Ira A. Fulton Schools of Engineering at ASU believe broader perspectives need to be part of the current debate about improving America’s infrastructure systems. One issue is the way we frame our thinking about security.

“It’s a multidomain factor,” said Brad Allenby, a professor of civil, environmental and sustainable engineering in the School of Sustainable Engineering and the Built Environment, one of the six Fulton Schools. “It’s not a power grid issue, nor a drinking water issue nor an issue for fuel pipelines. It’s a factor everywhere, and that’s the problem. It’s not addressed as it should be because nobody ‘owns’ it.”

Allenby says the time has arrived for the United States to create national cybersecurity requirements for infrastructure development. As part of those requirements, he says any new civil engineering project supported by federal money needs to have a cybersecurity assessment.

Adam Doupé, a Fulton Schools associate professor of computer science and acting director of ASU’s Center for Cybersecurity and Digital Forensics, agrees with Allenby but adds that even a thorough security assessment is only a snapshot in time. Since threats keep evolving, seeking and solving vulnerabilities is not something that can be done once and considered finished.