Following a telecommunications outage that disrupted cell service nationwide, two West Virginia University experts are renewing calls for cooperative efforts to improve overall U.S. cyber resiliency.

Christopher Ramezan, assistant professor, management information systems and cybersecurity, WVU John Chambers College of Business and Economics, and Anurag Srivastava, department chair and professor, Lane Department of Computer Science and Electrical Engineering, WVU Benjamin M. Statler College of Engineering and Mineral Resources, are available to discuss critical infrastructure vulnerabilities and potential threats to national security, economic stability and overall community well-being.

Quotes:

“First, it’s important for people to understand what critical infrastructure is. When most people hear the term critical infrastructure, they typically think of the electrical grid, transportation systems and water treatment facilities. But critical infrastructure is a far more expansive term that can include health care facilities, agriculture, financial services and telecommunication systems, among others. Essentially, critical infrastructure can be seen as the systems, sectors and processes that are vital to the functioning of our modern-day society. The U.S. Cybersecurity Infrastructure and Security Agency has identified 16 critical infrastructure sectors, such as government facilities, critical manufacturing, nuclear industry, information technology, and even commercial facilities such as stadiums, retail centers and parks. 

“When a critical infrastructure sector is impacted by a non-malicious incident, or a malicious cyberattack, there are often widespread disruptions in the day-to-day lives of citizens. Such dependence on critical infrastructure is one of the major reasons why modern warfare tactics are geared around disrupting critical infrastructure. As we’ve seen in Ukraine, one of Russia’s first objectives was to target and establish control over Ukraine’s critical infrastructure in an attempt to cause as much disruption to the country as possible.

“According to the reports so far, it looks like the AT&T outage wasn’t caused by a cyberattack fortunately, rather, it appears to have been an issue caused by a software update or an incorrect implementation of a process which affected the network. However, it does demonstrate how quickly things can get out of hand when critical services like a major telecommunications carrier have an outage. People tend to panic when services we depend on suddenly stop working. The good news is that on many smartphones, especially the newer models, even if there is a major outage and your phone goes into ‘SOS’ mode, you can still call emergency services such as 911 or even your carrier.

“For our nation’s security, we need to place a special emphasis on the security of our national critical infrastructure. The good news is many government agencies such as CISA, the FBI and the U.S. Department of Defense pay very close attention to our nation’s critical infrastructure and respond quite quickly when a major sector is impacted.

“Overall, it is absolutely imperative that cybersecurity professionals in public and private sectors, academics, researchers and the defense community work together to improve the cyber resilience of our nation’s critical infrastructure and industries to help keep our nation and its citizens safe.” — Christopher Ramezan, assistant professor, management information systems and cybersecurity, WVU John Chambers College of Business and Economics

“The impact of this incident echoes past cybersecurity events, such as the Colonial Pipeline ransomware attack, which emphasized the susceptibility of critical infrastructure to malicious interference and interdependencies of infrastructures in our society. This latest outage serves as a stark reminder of the indispensable role played by telecommunications as a lifeline function crucial for national security, economic stability and community well-being.

“Individuals’ heavy reliance on cell phones for essential tasks, including emergency communication and internet access, underscores the vulnerability of modern society to such disruptions.

“Recent cyberattacks targeting pharmacies and health care facilities have heightened concerns about the broader implications of such disruptions. In February, pharmacies and hospitals faced unprecedented challenges due to a sophisticated cyberattack believed to be orchestrated by nation-state threat actors.

“Building on the lessons gleaned from this outage, critical infrastructure organizations are urged to prioritize investments in resilience and risk mitigation strategies. This entails rigorous testing of security protocols, prompt patching of vulnerabilities and the development of robust incident response plans. Moreover, proactive planning for operation in degraded communications environments and the maintenance of critical functionality during outages are imperative for safeguarding against systemic shocks. By fostering a culture of preparedness and collaboration, stakeholders can boost the resilience of critical infrastructure and minimize the societal impact of future disruptions.” — Anurag Srivastava, department chair and professor, Lane Department of Computer Science and Electrical Engineering, WVU Benjamin M. Statler College of Engineering and Mineral Resources