Malls, power plants, and zoos all count as “critical infrastructure” vulnerable to cyberattack
The definition of “critical infrastructure” depends a lot on who’s defining it. For physicists, it might be two giant lasers set up to test the nature of spacetime. For Donald Trump, it might be the massive ego propping up his presidential campaign. For most Americans, it’s probably just the couch-fridge-toilet trifecta.
But for the U.S. government, it’s practically everything. And that’s a problem, because as we’ve discussed before here at Grist, more and more of this infrastructure is being connected to the internet, which means more and more of it is vulnerable to hacking. And as Wired reports, this has become enough of a problem that last year, President Obama signed an executive order OK-ing economic sanctions on those who “engage in destructive cyberattacks or commercial espionage” from overseas.
So what exactly needs protecting in the eyes of Uncle Sam? More like what doesn’t need protecting?
According to the Department of Homeland Security website, there are 16 critical infrastructure sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
These sectors are: energy, defense, transportation, food and agriculture, emergency services, communications, water and wastewater, manufacturing, chemical, commercial facilities, dams, finance, healthcare, government facilities, nuclear facilities, and information technology — i.e. pretty much everything, except spacetime lasers, Trump’s ego, and the holy trifecta.
Even Trump’s gaudy hotels count under the commercial facilities category, along with malls, amusement parks, apartment buildings, zoos, museums, casinos, Hollywood studios, and a bunch of other commercial-y things. As Wired reports, even some people within Homeland Security think that these categories can get a little out of hand:
“This strikes me as faintly ludicrous,” Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security, wrote after learning that Sony was considered critical infrastructure. “America will not collapse if Hollywood is dark. If everything is critical, then nothing truly is critical.”
(For what it’s worth, I think that the country might actually collapse if Americans don’t get their steady drip of phoned-in superhero movies and unoriginal plot lines featuring attractive white people. Or at least, that’s what Hollywood seems to suggest with its incessant turnout of such movies.)
But even if we accept that all of this infrastructure is “critical” and in need of protection, then the question becomes: Who’s going to protect it? From Wired:
Since most critical infrastructure is in the hands of the private sector, the government cannot impose itself on these industries or mandate that they take certain security measures. There is an exception to this — the handful of industries that are government regulated, such as the financial, health and nuclear industries. All the government can do for other industries that are not regulated is advise best practices, share threat intelligence with them, and provide forensic and recovery assistance after an attack. The government can also use its intelligence powers to spot attacks that are in the works and ward them off, though the nature and limits to what the government can do in this regard are still murky.
So we obviously have a lot to figure out as we dive headfirst into the age of self-driving cars, automated power plants, and the
Internet of Things Techno Jelly Net. But as long as you keep your couch, fridge, and toilet off the grid, then the only threats facing your critical infrastructure should be mold and inconsiderate roommates — and those you can handle with toxic chemicals or a little passive aggression.