Our critical infrastructure is a ticking time bomb
The systems we rely on for survival are ripe for collapse. Here's how to prepare for inevitable meltdowns.
This is part one of a series of guest posts by The Digital Prepper.
At the heart of our modern world is a network of systems so vast, essential, and interconnected that its failure could cripple our nation. This is the story of our critical infrastructure, the growing threats it faces, and the latent crises just waiting to erupt.
Complex and dependent systems are ripe for attack
Vulnerabilities in our critical infrastructure have become increasingly apparent in recent years; they were thrown into a very obvious spotlight by the widespread disruptions caused by the CrowdStrike outage two weeks ago. That software update error crashed over 8 million devices, took down systems like ATMs and airports globally, and incurred billions of dollars in losses. Beyond such examples, we also face the terrifying prospect of our water supplies being poisoned by bad actors or our power grids being hacked by foreign adversaries.
Such systems are the lifeblood of our economy and society, and they are controlled by just a handful of companies with a very dangerous concentration of power. Relying on monopolies or oligopolies for essential services puts us in a precarious situation where a single point of failure — whether it's a deliberate attack, human error, or natural disaster — can have catastrophic consequences.
Remember the Colonial Pipeline shutdown? When the country’s largest pipeline system for refined oil products was the target of a ransomware cyberattack in May 2021, the five-day shutdown that resulted caused fuel shortages across the entire east coast, leaving millions of people without fuel and creating a staggering economic impact.
Hackers and cyberattacks can create severe consequences on a global scale too, as several other major incidents over the past few years demonstrate. The Petya and NotPetya ransomware attacks, which first appeared in 2016, disrupted global supply chains, hitting not only FedEx but also the world’s largest container ship and supply vessel operator, Maersk.
This is increasingly becoming a tool for foreign adversaries. In 2020, Russian intelligence services compromised a routine software update from IT services provider SolarWinds to slip malicious code into software that was then used as a vehicle for a massive cyberattack against America. An estimated 18,000 customers may have downloaded the code, and attackers went on to target around 100 of those customers directly, including several US government agencies.
Most of these attacks were identified because they were on such a large scale. But there are other means of supply chain compromise that can be very effective and draw far less attention. These lower-scale, less obvious strikes can provide cyber attackers with discreet pathways into certain corporate networks.
In February 2016, the North Korean-backed Lazarus Group successfully managed to raid the Central Bank of Bangladesh, with the intention of cleaning out nearly a billion dollars. Stealthily, over almost a year, the attackers managed to loot $81 million from the account before suspicions were raised.
As we’ve seen, bad actors can compromise oil pipelines, water treatment facilities, banks, and even nuclear facilities by adding malicious code, accessing secrets, and potentially gaining access to other source code repositories and environments.
The risks are clear. But what can we do about them? How can we prepare for a future where these disruptions become more frequent, inevitable, and sophisticated?
Thinking as a society, it seems pretty simple what needs to be done:
Diversification is key. We need to foster competition, break up monopolies, and encourage innovation in order to spread out the potential attacks for minimal damage to infrastructure.
Investing in cybersecurity is crucial. We must protect our critical infrastructure systems from cyberattacks with the same level of rigor that we apply (or at least used to apply) to our national defense (although even that is pretty vulnerable).
Finally, building redundancy is essential. We need backup systems and alternative supply chains to mitigate the impact of these disruptions.
While these systemic changes are essential, there are concrete steps that individuals can take to bolster our resilience in the face of critical infrastructure failures.
Start by building your own personal resilience:
Diversify your supply chain: Relying on a single grocery store or pharmacy chain can be risky. Explore local farmers' markets, community-supported agriculture (CSA) programs, and bulk food stores for a more diverse supply chain. Start growing your own food — herbs, vegetables, or fruits. Even a small garden can supplement your food supply. Share or trade with others in your community.
Be prepared, not scared: Assemble a comprehensive emergency kit including non-perishable food, water, medicine and first aid supplies, batteries, and a manual can opener. Regularly review and update your kit. Have multiple ways to communicate, including a battery-powered radio, satellite phone, or ham radio.
Build your skills: Master essential survival skills like basic first aid, fire safety, and food preservation so you’re able to cope if systems are shut down for any length of time. Consider taking courses in areas where you feel you need the most support. Lots of training options are available online if you can’t find anything locally.
Seek greater efficiencies: Explore renewable energy options for your home, such as solar panels or wind turbines. Consider investing in energy-efficient appliances and think about what devices can be unplugged or turned off most of the time. Implement water-saving measures in your home. Learn how to collect and purify rainwater.
Get your financial house in order: Build an emergency fund so you’ll be able to cover essential expenses in case of sudden income loss. Consider diversifying your investments to reduce risk. Get rid of as much debt as you can.
Think about your own digital security: Protect your personal information and devices from cyberattacks that can disrupt essential services. On this subject, we will go into more detail in a future article, so stay tuned.
Finally, don’t forget about your mental preparedness:
Manage your information consumption: Be critical of the information you take in. Do your due diligence and avoid spreading misinformation. Determine what you believe to be reliable sources and focus on them.
Manage your stress: Stress is a normal and even healthy reaction during trying times. But don’t let it overcome you. Find a technique that works to help you relax and use it regularly. Consider things like meditation or deep breathing and practice until they become second nature. You don’t want to be learning these things in the middle of a crisis.
Engage with your community: Strengthen ties with your neighbors. Building a supportive community can be invaluable during a crisis. Lean on friends and family for emotional support and remember to give back as much as you take.
Research has shown that about 89% of electricity, oil & gas, and manufacturing firms have experienced cyber attacks that impact production and energy supply; 40% of them could not block the attack and 48% did not make improvements even after being attacked. So disruptions are a matter of ‘when’, not ‘if’.
Getting all of the above items in order (or at least as many as you can) should be your main priority. While complete self-sufficiency may not be feasible for everyone, taking any steps to increase your independence and preparedness now can significantly enhance your ability to weather future disruptions from the collapse of critical infrastructure. Remember, every small action contributes to a more resilient you.
The Digital Prepper is an IT industry insider who aims to inform people about how to be prepared on a digital and technical level. Follow them on X @TheDigitalPrep or YouTube @TheDigitalPrepper.
The day will come when those that have scoffed at “preppers” will wish they’d listened! We live in a pampered world where no one bothers to wonder where that clean water comes from when they turn on their faucet or how that electricity is produced when they plug in their car. When you grow up in 3rd world countries, as I did, you take very little for granted and you learn at an early age to prepare for hardship. I’m afraid many here in the US are unprepared for the rude awakening they may face in the days to come.
Like in Houston, where some homes were without power and some street lights were out for a week + after the recent hurricane, but the bike paths the city leaders put in with Covid funds were unharmed (and continue to be mostly unused).