UnDisruptable27: Protecting Critical Infrastructure in Local Communities
In a worst-case scenario, imagine your town without electricity for days on end, a disruption to the local water supply, or a cyberattack on the emergency medical response system and medical facilities, leaving people stranded without access to life-saving care. These are the types of scenarios that UnDisruptable27 seeks to prepare for, focusing on cyberattacks against critical infrastructure in local communities across the United States, particularly in the areas of water and wastewater, emergency medical care and hospital services, food supply chains, and local power supplies.
The initiative is spearheaded by the Institute for Security and Technology, a nonprofit think tank dedicated to bridging the gap between the technology industry and the public sector. Thanks to a $700,000 grant from Craig Newmark Philanthropies, part of the Cyber Civil Defense initiative, UnDisruptable27 kicked off this summer with a pilot program. Led by Josh Corman, Executive in Residence at IST and co-founder of I am The Cavalry and CyberMedSummit, the project aims to make critical infrastructure supporting basic human needs “undisruptable” by 2027.
Craig Newmark emphasizes the importance of preparing for potential threats to infrastructure, stating that everyone relies on infrastructure to live, whether it’s for food, shelter, or warmth. The project’s initial phase involves engaging stakeholders to address concerns and limitations, be they financial, technical, or a combination of both. Similar to the preparations for Y2K, UnDisruptable27 benefits from having a tangible timeline to work towards safeguarding against potential threats.
The call-to-action for UnDisruptable27 was spurred by public hearings where cybersecurity leaders discussed the potential threats posed by state-sponsored actors like China’s Volt Typhoon group. Josh Corman highlights the vulnerabilities of critical infrastructure, describing them as “target-rich and cyber-poor,” indicating a significant attack surface with limited resources for defense against cyber threats.
To address the need for public awareness and engagement, UnDisruptable27 plans to leverage communication strategies and narratives to influence communities to prepare, similar to approaches used for natural disaster preparedness. By meeting with owners and operators of critical infrastructure sectors, as well as municipal leadership and citizens directly, the project aims to educate and raise awareness about potential cyber threats.
The focus on the intersection of water and healthcare in the initial phase of UnDisruptable27 is strategic, as these areas are already in the public eye and are essential for basic human needs. The project also plans to collaborate with the Consortium of Cyber Security Clinics, a network of university-based clinics training students to engage with under-resourced organizations needing cybersecurity assistance.
Sarah Powazek, Program Director of Public Interest Cybersecurity at UC Berkeley, emphasizes the vulnerability of smaller organizations in local communities to cyberattacks. Projects like UnDisruptable27 have the potential to make a significant impact by providing resources and support to under-resourced communities in safeguarding their critical infrastructure.
In conclusion, UnDisruptable27 is a crucial initiative that addresses the growing threats to critical infrastructure in local communities. By engaging stakeholders, raising public awareness, and providing support to under-resourced organizations, the project aims to make basic human needs “undisruptable” in the face of cyber threats by 2027.