Outpaced and Under-Resourced: The Modern Infrastructure Protection Crisis

At 1:26 a.m. on March 26, 2024, a power failure aboard the Dali—a container ship in Baltimore’s Patapsco River—left its crew with less than three minutes to act. The ship struck the Francis Scott Key Bridge, collapsing it into the river and killing six construction workers.

What stopped the death toll from being far higher was information. A two-minute warning reached the bridge in time to halt traffic. Two minutes. That’s the margin between a managed crisis and a catastrophic one.

The teams responsible for protecting critical infrastructure live inside that margin every day. Not always in such dramatic circumstances—but the principle holds whether the incident is a bridge collapse or a broken water main, a blown transformer or a cyber attack on a treatment plant. Accurate information, early enough to act on, is the difference between an incident and a cascade.

The problem is that the systems most teams rely on aren’t built for that margin. 

When One Failure Becomes Many

Critical infrastructure doesn’t fail in isolation. The systems that power our cities, move our people, and deliver our water are deeply interconnected—which means a failure in one place rarely stays in one place.

Consider what happened at Heathrow Airport in March 2025. A fire at a nearby electrical substation cut power to the airport and forced an 18-hour shutdown. The immediate impact—grounded flights, stranded passengers—was severe enough. But the ripple effects spread further. Connecting flights across Europe were disrupted. Freight was delayed. Travellers scrambled for alternative routes by road and rail, putting sudden pressure on networks not designed to absorb the surge. One electrical component failed; a global hub went dark for nearly a day; and the consequences moved well beyond the terminal gates.

Or consider a failure that crosses domain lines entirely: a cyber attack on a water treatment plant. The breach begins in the digital realm—a compromised system, an unauthorized access point. But if it goes undetected long enough, the downstream consequence is physical: contaminated water reaching the public. A cybersecurity incident becomes a public health emergency. The boundaries that separate one team’s domain from another offer no protection against real-world consequences.

This chain—one failure enabling the next—defines modern infrastructure risk. And at every link in that chain, there’s a gap: the gap between when something goes wrong and when the right people know about it.

Siloed Teams, Connected risks

That gap is widest at the boundaries between agencies and teams. Critical infrastructure organizations are typically structured by domain—transportation, utilities, emergency services—with separate command structures, communication channels, and operational pictures. That separation is exacerbated by the fragmented toolsets and technologies that each team is using. There is no single pane of glass view of an event. That made sense when the risks were equally contained. It’s increasingly mismatched to threats that cross domain lines without warning.

When Heathrow lost power, airport operations knew immediately. But how quickly did the teams managing ground transport, rail connections, and regional passenger flow understand what was coming? The cascading effect of a single failure is amplified when the people responsible for adjacent systems are learning about it on a delay—or not at all.

State and non-state threat actors understand this interdependence well. Attacks are increasingly designed to exploit it, targeting one system to destabilize another. In an era of heightened geopolitical instability, the assumption that a cyber threat is a problem for the IT team, or a physical incident is a problem for operations, is precisely the gap that sophisticated threats are designed to find.

The Weight of Too Much Information

When a major incident does occur, operations centers face a different problem: too much incoming data, arriving too fast to process reliably. Monitoring feeds, agency communications, public reports, sensor alerts—all arriving simultaneously, all demanding attention. Identifying what’s accurate, what’s relevant, and what needs to reach which team is its own skill under pressure. Even a short delay in routing the right information to the right people can extend response times and compound the impact.

This challenge is proportional to the scale of what most teams oversee. And it is amplified during major global events like the FIFA World Cup which act as the ultimate stress test for infrastructure and cross-agency coordination. A state transportation department might monitor thousands of miles of roads. A regional utility might manage multiple interconnected grids. These aren’t small tasks and the teams performing them typically do so with limited staff and tools designed for a simpler threat environment. They’re even more stretched during major events when thousands of additional people are using that infrastructure at once. 

The result is a persistent reactive posture—teams that learn about events as they escalate, rather than before.

What Good Looks Like

The two-minute warning before the Key Bridge collapse didn’t happen by accident. It happened because someone with the right information reached the right people quickly enough to act. That’s the model—not a technological aspiration, but an operational one.

For the teams protecting critical infrastructure, the goal is information symmetry– a shared, real-time understanding of what’s happening across systems, not just within them. When a cyber threat emerges against a water facility, the public health response doesn’t wait for formal notification. When a power failure disrupts an airport, the ground transport network is already adjusting before the queues form. When an incident on one part of a transit network creates pressure on another, both are aware before it becomes a crisis.

That kind of common operating picture isn’t built on more data. It’s built on the right data—accurate, timely, and delivered with enough context for teams to act rather than investigate. It means the gaps between siloed agencies stop being the places where localized incidents become cascading failures.

The two-minute warning saved lives on the Key Bridge. For the teams responsible for the systems society depends on every day, building the conditions for that warning—reliably, at scale, across every domain they protect—is the work.