Protecting Critical Digital Infrastructure: A Multi-Layered Challenge

By Dr. Jonathan Avooske, Vice President of Information Advantage‍

The recent CrowdStrike Incident, an unintended echo of the SolarWinds breach of 2020, are both messy, public reminders of the fragile interconnected nature of our digital infrastructures — and of the disruptive effects on organizations and the everyday people they serve when things break (or are broken).

While one was an accidental process failure and the other a calculated attack by nation-state actors, each event began with rogue code at a single vendor and spread to tens of thousands of customer organizations through trusted update processes. Both incidents shared a devastating impact: widespread disruption and a struggle for recovery that resonated across the globe.

CloudStrike's failure was public in a way that most haven't been, with the shutdown and recovery taking out critical services that global consumers-in-motion depend on for everyday life: airlines, banks, and more. The outage rippled across time zones, affecting services around the world. The randomness of its impact — caused not by malice but by a glitch — is a wake-up call on the importance of preparedness and serves as a minor illustration of the potential havoc a targeted, intentional, widespread supply-chain attack could bring to bear on all of us.

This is especially important when it comes to critical infrastructure, an ongoing pre-positioning target of nation-state actors like China’s Volt Typhoon and the Russian Federation’s Fancy Bear, among many others. Both organizations have been actively compromising thousands of Western devices and networks for routine spying, stealing or changing information, or planting sleeper code — targeting key power and water systems, fuel oil distribution nodes, point of sale systems, communications carriers for voice and data, and so on, ostensibly for maximum destructive impact at some critical moment in the future.

Cybersecurity often conjures images of digital fortresses and firewalls designed to protect valuable data from direct attacks. Blame Hollywood, but as any cybersecurity expert will quickly point out, the real picture is more nuanced and layered in all directions, with more caveats, disclaimers, and far more "whens" than "ifs."

In preparation, security pros have internalized concepts like attack surface, dependencies, and supply chain vulnerabilities for years, decades. These aren't just buzzwords but actionable areas where risks can be identified and mitigated. The attack surface shows all the points where unauthorized access is possible. Dependencies are crucial links that, if broken or altered, could lead to a cascade of failures across connected systems. As we've seen, the supply chain involves every step and stakeholder in the production and distribution process, each with potential vulnerabilities.

Addressing these risks requires a thoughtful strategy that includes hardening digital defenses, detecting bad actors before they strike, detecting successful intrusions and changes as they happen, and having a recovery plan beyond the digital, including manual and physical recovery processes if needed. As well as activating these strategies into ongoing, evolving action.

A series of upcoming posts will discuss these critical areas — attack surface, dependencies, supply chain, and survivability — offering insights and solutions that help organizations protect themselves and, by extension, all of us who rely on their services.

‍Our Approach at FTI

Find, Fix, and Sustain integrates these lessons into solutions tailored for resilient digital infrastructures, safeguarding organizations and their downstream users against accidental disruptions and malicious attacks. Stay tuned to our series for an in-depth exploration of how you can protect your critical infrastructure and ensure continuity in a discontinuous world.

Stay in touch to learn more about how we can assist your organization in strengthening its digital preparedness and positioning for recovery.

For further discussion or more information, please e-mail us at Cyber@FTIdefense.com‍.

About FTI

FTI provides deep data expertise, technology and services that enhance the ability of the DoD, Intelligence Community and other agencies of the Federal Government to make the best decisions possible. Drawing on nearly four decades of innovation, FTI’s extensive portfolio of intellectual property and operational technologies has been augmented by more than $200 million of U.S. government and FTI R&D investment, and FTI's agile solutions can often be mission-ready in a matter of weeks.

Headquartered in Dayton, Ohio, FTI operates in 34 states, works at all levels of classification, and offers seven facilities of varying clearance levels nationwide.