Addressing misinformation in critical-infrastructure security

The Francis Scott Key Bridge collapse in Baltimore, Md., in late March sent shockwaves through the country. Almost immediately, there was widespread speculation and conspiracy theories regarding its cause, including fears of a cyberattack. Although investigations ruled out deliberate sabotage, the incident raised public concern about the vulnerability of physical infrastructure. Some members of Congress even called for further investigation into the possibility of malicious code being involved.

The incident rightly drew attention to the potentially devastating impact of cyberattacks on US infrastructure and human safety. However, it also highlighted a broader issue: a general lack of awareness regarding the reality and scale of cyber-risks to critical infrastructure. Beyond this incident, whether it was the result of foul play or not, there is a ticking time bomb of risk to critical infrastructure that is very real and potentially imminent if not addressed. While this physical attack may have brought the possibility of cyberattacks to the public consciousness, there are many more threats that we cannot physically see lurking beneath the surface that are equally damaging.

While physical incidents capture headlines and public attention, silent, invisible attacks on critical infrastructure remain poorly understood. The MITRE breach, for example, was not an attack that caused visible physical damage, but a breach through Ivanti zero-day vulnerabilities. Despite affecting 1,700 entities, it flew under the radar of most Americans. While the breach did not result in visible damage, it led to unauthorized access to sensitive data. This can undermine national security, compromise intelligence operations, and expose confidential information, leading to long-term repercussions just as significant as any physical system attack.

The disconnect between public perception and cyber threats is real, and we cannot let fear paralyze us into inaction. Combating misinformation and raising awareness about cyber-risks facing critical infrastructure is crucial to enhancing our collective resilience against evolving cyber challenges.

Public Perception vs. Reality

Theorizing can distort public understanding of cyber threats, undermine trust in legitimate news sources, and complicate efforts to educate the public and stakeholders about the fundamental nature of cyber threats and the necessary precautions to mitigate them. The public’s reaction to the Francis Scott Key Bridge collapse demonstrates the collective anxiety about cyber threats to critical infrastructure. This fear was fueled by references to fictional scenarios like the Netflix movie Leave the World Behind, in which a cyberattack on the US disables power grids, the Internet, and telecommunications services, sending the country into an apocalyptic world. With parallels drawn with the recent collapse, this heightens public anxiety and shifts focus away from real-life cyber threats.

However, this is an opportunity for public reckoning, prompting a much-needed focus on improving critical infrastructure security. Physical attacks resulting in immediate and visible damage, such as property destruction or loss of life, will always catch the eyes of US citizens and evoke strong emotional responses. It’s also clear that society tends to attribute physical events to deliberate human actions more readily than cyberattacks, which are commonly perceived as accidental or impartial. This bias can impact the severity and urgency of responding to cyber threats — one of our nation’s greatest challenges today.

To read the complete article, visit Dark Reading.