Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsInfrastructure:Electric,Gas & Water

5 minutes with Mike Hamilton – The biggest threats to the critical infrastructure

By Maria Henriquez
5 mins with Hamilton
February 24, 2021

Local governments, including counties and municipalities, face unique cybersecurity challenges that can too easily disrupt the delivery of mission-critical services. With continuous threats of ransomware and other malicious attacks to derail day-to-day municipality function, like water infrastructure, waste management and more, the security of these entities is of top national priority. Here, we talk to Mike Hamilton, CISO for government cybersecurity firm, CI Security, about the biggest threats to the U.S. critical infrastructure.

 

Security magazine: What is your background?

Hamilton: I am a high school dropout with 14 years of postsecondary education, ten of which were at the University of Southern California where I earned degrees in Geology, Chemistry, and Oceanography. I transitioned into information security while working as an Ocean Scientist at the Jet Propulsion Laboratory – developing algorithms to measure Carbon uptake by the ocean from space. I started a company in 1995 selling and supporting hand-rolled firewalls for clients in Southern California. That turned into independent contracting and consulting, after which I went to Guardent – a start-up that built one of the first MSSP operations. Guardent was acquired by VeriSign and I became the Managing Consultant. In 2004, I became the CISO of the City of Seattle – a position I held for 7.5 years. During that time, I founded a grant-funded regional monitoring project for local governments in the Puget Sound area and served as the Vice-Chair of the DHS State, Local, Tribal, and Territorial Government Coordinating Council. CI Security started in 2012, while I served for two years as a Policy Adviser for Washington State government. The company is now 80 employees, and the regional monitoring project has become PISCES (Public Infrastructure Security Cyber Education System), which performs no-cost security monitoring for small local governments in return for using data collected from networks as “live fire” analyst training for (currently) five universities.

 

Security magazine: Currently, what are the biggest threats to the U.S. critical infrastructure?

Hamilton: In my view, the biggest threats are the effect of several conditions that are combined. First, the shift to extortion using ransomware, rather than stealing and monetizing records (PII, health, etc.). The second is the commoditization of tools used to perform this crime, including the as-a-service model. Additionally, the fact that many of our most critical organizations – local governments and the health sector in particular – do not have the funding to compete for human or technology resources. The combination of critical services provided, poor resourcing for IT security, and the inability to obtain qualified practitioners makes these organizations very attractive targets for extortionists. Finally, the threat of collateral damage from Nation-State events.

 

Security magazine: Which sectors are most at risk?

Hamilton: Those sectors that cannot withstand any operational outage are those most at risk. This can be due to severe financial loss such as in manufacturing, outage of critical services as in the health sector, or deep pockets for paying ransom. Additionally, it has been reported that threat actors are obtaining information on insurance coverage and the parameters under which extortion demands will be paid, and specifically targeting the customers of those companies with a history of paying out.

 

Security magazine: How can cyberattacks, such as ransomware, easily disrupt the delivery of mission critical services and of critical infrastructure?

Hamilton: By rendering computers inoperable through encrypting the data they process, there is complete disruption of operational continuity. If the infrastructure disrupted provides life-safety, life-sustaining, or quality of life services, the impact is not only potentially loss of life but loss of trust in our ability to continue to reliably provide these services – which will notably be focused on the failure of government.

 

Security magazine: What are ways to improve the cybersecurity of critical infrastructure services?

Hamilton: By focusing on monitoring and detection of aberrational events on the network, on endpoints, and in the cloud it is possible to manage the risk of what is a foreseeable event. Attacks against infrastructure are occurring constantly, and most do not end up disrupting operational continuity. The difference is the ability to detect when an asset has been compromised and quickly mitigate stop further damage. Investing in endpoint products that allow for remote quarantine and investigation and products and services that support detection and response, cybersecurity events may become less profitable for criminals. 

 

Security magazine: Are there specific frameworks or exercises that can improve the cybersecurity of these services?

Hamilton: Conducting tabletop and functional exercises is a standard of practice and should be conducted at least annually, against a scenario that is more than a simple malware incident: Examples include (1) being disrupted by ransomware, (2) being identified as the source of incidents with your customers in a 3rd party attack, etc. Further, the National Incident Management System (NIMS) is a framework around which you can manage incidents, especially those that may involve public communications, and legal and liability issues.

 

KEYWORDS: critical infrastructure cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5 minutes with

    5 minutes with Satya Gupta: The surge of remote work and its impact on critical infrastructure organizations

    See More
  • 5 mins with Brian H

    5 minutes with Brian Harrell - Critical infrastructure protection and the power grid

    See More
  • 5 mins with Prout

    5 minutes with Jeremy Prout - How to protect the workforce against security risks in 2021

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing