The vulnerability of critical infrastructure in the United States post experiences of 9/11 and natural disasters like Hurricane Katrina have generated intense debate amongst the academia, government circles, and the media. This essay examines the vulnerabilities in US critical infrastructure.
The government has a National Infrastructure Protection Plan (NIPP) that lists 18 core areas identified as critical infrastructure, namely: Agriculture and food; defense industrial base; energy; healthcare and public health; national monuments and icons; banking and finance; water; chemical; commercial facilities; critical manufacturing; communications; dams; emergency services; nuclear reactors, materials, and waste; information technology; postal and shipping; transportation systems, and government facilities (DHS, 2009, p. 3). These 18 core areas have 12 different lead agencies in charge, which leads to difficulty in coordination and ‘turf wars.
Critical vulnerabilities of the food and agricultural sector stem from the possibility of Agro-terrorism that can disrupt the nation’s food supply chain, including attempts to introduce poisons in packaged foods and liquids by terrorists (US Food and Drug Administration, 2007) as also bio-terrorism and bio-infestation due to introduction of incompatible foreign origin flora and fauna into the nation’s biosphere. It could also include the deliberate introduction of diseases into animals or plants and thereon into the human food chain (Monke, 2004, p. 1). Since livestock are usually concentrated in specific locations such as a pig farm or a poultry farm, the deliberately introduced disease can quickly infect the entire livestock. Livestock is moved from place to place through modern means of mass transportation; thus, the animal disease can quickly spread to the entire country. The other vulnerability is that foreign pathogens introduced may not be detected by their own medical fraternity, which may not have the wherewithal to tackle an outbreak of foreign disease. Lastly, there are numerically more types of such pathogens that affect plants and animals than humans, and these are easily available outside the country for terrorists to acquire. Vulnerability to the US food and agricultural sector could then stem from the loss of confidence in the populace regarding the safety of the food being produced and also the possibility of other countries then banning US produce from entering their markets.
The defense industrial base is vulnerable to terrorist attacks, defense industrial espionage either through hackers or through an ‘insider job’. The concentration of defense industries in one geographical area is also a vulnerability that can be exploited by an adversary. For example, “Over 31% of U.S. naval shipbuilding and repair capacity is in and around Norfolk, VA” (Parfomak, 2008, p. 5). US electrical grid depends upon network system for control and monitoring. There exists a danger of spies penetrating the US electrical grid network, and “Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet” (Gorman, 2009). Defense Industries dealing with fuels and explosives are especially sensitive targets because any successful attack on these can cause huge explosions that would not only cause primary damage in the vicinity of the plant but can also affect the outlying areas and towns by spewing toxic and corrosive gases, causing thousands of casualties. The vulnerability of such industries stems from the fact that exploding ammunition can trigger secondary or sympathetic detonations, and thus even a single attack can result in horrendous damage.
Healthcare and public health have critical vulnerabilities of reach and inadequate facilities and their equitable geographic distribution. “Approximately 25% of U.S. pharmaceuticals are manufactured in Puerto Rico, primarily in the San Juan metropolitan area” (Parfomak, 2008, p. 5). So should San Juan metropolitan area be put out of action due to human mischief or a natural disaster, America would face a sudden shortage of medicines in the market. Dangers from infectious diseases such as SARS and Avian Flu can spread into the public and from them to infect workers working in critical infrastructure industries (Parfomak, p. 7).
The main vulnerability of National Monuments and Icons (NMI) is that they are like a magnet for terrorists because the terrorists “perceive NMI assets as internationally recognized symbols of American power, culture, and democratic tradition” (DHS, 2007, p. 14). National monuments and icons are difficult to protect against terrorist strikes as these attract visitors and tourists who have to be provided access. Secure access control is a difficult task as the authorities have to balance the stringency of the controls versus the inconvenience caused to genuine visitors. Another vulnerability of icons and monuments is that because they are famous, even an unsuccessful or partially successful attempt would be considered as a success by the terrorists as it would achieve the purpose of symbolism and gather the much-needed media attention. For example, if a small explosive-laden model airplane was to fly into the White House complex and explode, killing no one, the very act would achieve the tremendous psychological and symbolic effect and the attendant media coverage.
The main vulnerability that came to the fore in the aftermath of Hurricane Katrina was the poor state of America’s emergency services to cope with natural disasters. This was not surprising considering the fact that emergency services as a critical infrastructure had ranked 7th and 5th under the Clinton and Bush administration, respectively. That too, the focus had remained excessively on terrorism. The other vulnerabilities of critical infrastructure in the aftermath of Hurricane Katrina were also numerous. Nobody had paid attention to the fact that the earth around New Orleans was sinking at a rate of 3 feet every year (Palser, 2006, p. 19) which therefore had required the up-gradation of the city’s levee system. Critical infrastructure such as electricity, telecommunication, backup generators, and evacuation points too required to be elevated above a possible storm surge level. Suitable transportation, namely rubber boats, and dinghies were not available. Mass care such as housing and human services was nonexistent in the aftermath of the disaster. Restoration services were also woefully inadequate. Oil-producing platforms and associated industries in the Gulf of Mexico were geographically concentrated and were put out of action by Katrina, pointing to a need for dispersal of vital assets.
Nuclear reactors and waste products are prone to cyber attacks, physical intrusion, ‘insider jobs’, and the possibility of nuclear waste being smuggled out to construct a ‘dirty bomb’. Out of these, vulnerabilities from cyberattacks are more worrisome as physical security around nuclear plants is usually quite stringent, and waste disposal is regulated by extremely stringent guidelines. Cyber attackers can take control of a reactor and set the nuclear chain reaction of the reactor out of control and explode, releasing radiation into the atmosphere, a sort of a Three Mile Island or Chernobyl accident committed deliberately.
Critical vulnerabilities of the banking and finance sectors lie in their requirement for seamless and uninterrupted communication networks. These require protection from physical disruption due to human actions or from natural disasters as also from cyber attacks carried out by hackers or adversaries to either bring down the network or steal wealth and information. Post current economic depression, another critical vulnerability of the banking and finance sector that has come to light has been the concentration of far too much capital in a few core banks, leading to a domino effect when the core banks fail, pointing to a need for diversification.
The prime vulnerability of the shipping and maritime sector arises from the sheer volume and traffic of shipping that arrives at U.S. ports daily, which makes it physically impossible to scan each and every container entering U.S. ports. Only “5.2% of the containers reaching American ports on ships are screened with X-ray and gamma-ray devices” (Richardson, 2004), which makes the ports vulnerable to a possible dirty bomb being smuggled into the U Sport and being exploded by terrorists. Also, terrorists can be smuggled into the United States by hiding in an undetected shipping container, disembarking stealthily to attack vital installations or soft targets. Vulnerabilities of monitoring and tracking merchant ships stem from the nature of seas being the common heritage of mankind. This means that even if a ship leaves a known destination such as Singapore, it can call port at some Yemeni ports (known to be infested with Al Qaeda) and then arrive at a U.S. port. The International Maritime Organization has made it mandatory for sea-going ships of over 300 tons to be fitted with an Automated Identification System (AIS) so that ships can be tracked automatically through globally designated monitoring posts. However, the system can be switched off manually by the crew, and rogue elements can resort to AIS spoofing that can generate false identities. Vulnerabilities to the shipping and maritime sector have been identified by the US Coastguard as 12 possible attack modes against 50 different types of target for example, “… boat loaded with explosives exploding alongside a docked tank vessel” (Moteff, 2004, p. 7)
A terrorist attack on a mass transportation system such as the subway can result in massive casualties not only due to the explosive device used but because of the stampede that is natural to ensue. So the vulnerability of subway systems lies in the funneling effect of the various exits from the enclosed area as also the design of the vents and the exhausts to channelize out a blast effect of an explosion.
In conclusion, it can be stated that the 18 ‘critical’ infrastructures as declared in the NIPP have many vulnerabilities. Most of these stem from physical disruption and cyber disruption of human origin and natural disasters as also structural weaknesses and geographical concentration of facilities that require greater efforts at mitigation, including seamless interagency coordination between multiple agencies.
Works Cited
DHS. (2009). National Infrastructure Protection Plan.
DHS. (2007). National Monuments & Icons.
Gorman, S. (2009). Electricity Grid in U.S. Penetrated By Spies.
Monke, J. (2004). Agroterrorism: Threats and Preparedness.
Moteff, J. (2004). Risk Management and Critical Infrastructure Protection:Assessing, Integrating, and ManagingThreats, Vulnerabilities and Consequences.
Palser, B. (2006). Hurricane Katrina. Minneapolis: Compass Point Books.
Parfomak, P. (2008). Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options.
Richardson, M. (2004). Growing Vulnerability of Seaports from Terror Attacks. Web.
US Food and Drug Administration. (2007). Federal Efforts to Mitigate Vulnerabilities in the Food Supply Chain.