When Security is Hanging by a Thread – The Lonely (but Urgent) Case for Physical Infrastructure Protection

Abstract:
Looking at critical infrastructures (CI) today, one cannot but notice three astounding facts: i) attacks on those infrastructures, while increasing in number and severity, remain largely off the radar screen of the media and of public and professional awareness; ii) these attacks are characterised by a very high degree of simplicity and low degree of sophistication, yet produce far-reaching and high impacts, and iii) the critical infrastructure security debate remains nonetheless monopolised by a pure IT approach. This quite monolithic approach to “security” thus cannot but severely lag behind when it comes to addressing threats to physical infrastructures, developing attack prevention scenarios on the physical layer – the biggest threat to IT is not a bot but a pair of loppers from the DIY next door – or integrating protection and remediation strategies and technologies on equal terms into a decision matrix largely dominated by the “cyber” element. In short – the physical infrastructure, backbone of our society, remains the step child of private and public security concerns – entailing operational, financial and legal risks which tend to increase with each attack or incident. This paper examines the late and timidly rising attention the physical infrastructure receives in today’s debates on critical infrastructure protection concepts and plans, and proposes ways and means to not only optimise infrastructure protection and security but also infrastructure management, using opto-mechanical sensors.