FORT WRIGHT, Ky. — The Colonial Pipeline said its system has returned to “normal operations” after a crippling cyberattack forced a six-day shutdown. This week served as a reminder the United States has critical infrastructure that is vulnerable to cyber hacks.

“Unfortunately, it’s a substantial risk, and it’s been true for a long time,” said Dave Hatter, a cybersecurity consultant with InTrust IT. Hatter is passionate about this subject as well because he is the mayor of Fort Wright, Kentucky. He said that Kentucky and all the other states have critical infrastructure that could be targeted.

“Power companies that supply power to Kentucky. You’ve got all kinds of railroads that run through Kentucky. You got shipping up and down the Ohio River and other rivers. I think there’s a strong possibility those systems could be attacked,” he said.

Hatter said industry experts point to a few different factors of what makes infrastructure like power grids, maritime and railroads exploitable targets. A big part of that is that the physical and digital worlds are becoming more and more connected.

"You have systems that were designed originally on probably an entire mechanical basis, manual switches and that sort of thing,” he said. “They’ve become digital over time, a lot of that technology was designed before cybersecurity was a concern."

Hatter said monetary gain is a big motivator for criminals to execute and carry out cyber attacks. President Joe Biden signed an executive order this week designed to strengthen the nation’s cybersecurity defenses following the colonial pipeline hack. Hatter said the private sector and municipalities run into several challenges besides things like older software and systems. The White House is urging companies that are potential targets to harden their defenses and to coordinate with the Department of Homeland Security, but Hatter said implementing training and policies to reduce human error is important.

“There are things you can do. Things your organization can do that don’t cost an enormous amount of money. Some of it is just having policies and making sure people are educated and trained. It’s implementing tools that are readily available out there now at little to no expense,” he said.

Hatter said the Center for Internet Security and the National Institute of Standards and Technology have excellent cybersecurity frameworks that can be helpful for hardening critical infrastructure against cyber threats.