For the past year or so, infrastructure investment professionals have been taking stock of the ‘winners’ and ‘losers’ of covid-19. One of those winners has been digital infrastructure, as this publication has reported numerous times. Consider that in 2017, just 4 percent of European private capital was being invested in telecoms compared to nearly 25 percent in the first three months of last year, as Sebastián Urbán Muñoz, of Asterion Industrial Partners, told us in a previous interview.
What’s more, alongside the focus on digital infrastructure – which has intensified during the pandemic, with large parts of the global population continuing to work and study remotely – there is also the push towards digitisation across sectors. Or as former director of the Cybersecurity and Infrastructure Security Agency Christopher Krebs put it in his Congressional testimony last week, “our seemingly pathological need to connect everything to the internet”.
Yet, despite all this, the threat of cyber-attacks didn’t even feature in the top 10 macroeconomic factors LPs considered could impact their private markets portfolios in our 2019 and 2020 surveys. It was only in our latest LP Perspectives study, published in February, where cybersecurity moved up four notches to number seven.
Following last week’s hack which led to Colonial Pipeline, the largest refined products pipeline in the US, having to shut down its 5,500-mile-network, perhaps infrastructure investors and asset managers will reconsider.
According to reports, the hack, carried out by a cybercrime group called DarkSide and involving the theft of nearly 100 gigabytes of data, has prompted calls for lawmakers to act. And so they should, adopting measures such as requiring more companies to meet minimum cybersecurity standards as well as requiring them to disclose data breaches – just two of 48 policy recommendations the Ransomware Task Force, a partnership between the Institute for Security and Technology and experts in industry, government and academia, included in its report released at the end of April.
But the government cannot do this alone. While there have been efforts made by both governments and companies, “ransomware attacks have continued to grow almost unabated”, the task force wrote in Combating Ransomware. According to security firm Emsisoft, roughly 2,400 US-based government, healthcare facilities and schools were victims of ransomware in 2020.
And while the fallout from the Colonial Pipeline hack is significant – the pipeline provides around 45 percent of the East Coast’s fuel and key parts of the network remain offline for a sixth day – cyber-attacks on other critical infrastructure could cost lives, not just a spike in gasoline prices.
“The ransomware threat cannot be stopped via piecemeal solutions; it needs the dedicated, coordinated attention of experts, from policymakers to security engineers to industry leaders,” the task force wrote. This is a set of recommendations that Krebs described in his testimony, two days before Colonial Pipeline was hacked, as “a critical step forward”.
If we accept Krebs’ comparison of ransomware attacks to “a global pandemic”, the need for coordinated action between the public and private sector and between countries is painfully clear. The world continues to flail more than a year after the arrival of covid, a pandemic which, according to a WHO-commissioned report released on Wednesday, was preventable. Yet “a lack of global leadership” failed to prevent it.
Members of the Infrastructure Investor Global Passport will be meeting next Wednesday to get forensic on digital infrastructure. Debt, regulation, cyberattacks, over-priced assets and more is up for discussion between speakers from the University of California Board of Regents, Colony Digital, Pantheon Partners and Asterion Industrial Partners, and the members of the Passport community, including many investors from around the globe. To join, click here.