The Second Cold War: The Threat to Public Health From Cyber Warfare

INTRODUCTION

The United States is currently in what could be considered a new “Cold War,” in the realm of cybersecurity.[1] Individuals, organizations, and national state actors are testing the limits with much more minor attacks than what they are ultimately capable of, disrupting the lives of many.  Cybersecurity is one of the greatest challenges to the legal field today, exacerbated by lackluster cybersecurity laws and regulations, as well as minimal legal protocols. This new “Cold War” era is demonstrating that critical infrastructure deserves a stronger look from the legal field and government. Weak cyber laws and fragile critical infrastructure is creating a serious risk to public health.  

 This paper will discuss the substantial and imminent threats to public health that the world is facing in cyber warfare between State Actors, organizations, individuals, and other entities. It will  focus on the minor attacks parts of the world have seen that indicate that we are in a second Cold War, and that actors are capable of crippling society—it just has not been done yet. Here, I will discuss cyber incidents that have occurred, including on hospitals and on the Colonial Pipeline, and their impacts on public health. This paper will also discuss the Sustainable Development Goals as a critical indicator of public health. Furthermore, this paper will discuss how one hypothetical catastrophic cyber incident is capable of  significantly impacting every goal, and how it will impact public health. Finally, I will conclude that without a drastic and urgent turn-around in the United States’ attitude toward cybersecurity, the country will face unimaginable damage to public health, that will take years to recover from.

PUBLIC HEALTH & CRITICAL INFRASTRUCTURE

What is public health? Public health is described by the Centers for Disease Control and Protection (CDC) as “the science and art of preventing disease, prolonging life, and promoting health through the organized efforts and informed choices of society, organizations, public and private communities, and individuals.”[2] Public health is an all-encompassing field that covers the more commonly known areas of health care, epidemiology, and pandemics, but also goes far beyond. Public health is ubiquitous in our everyday lives in both obvious and nonobvious ways, with critical infrastructure being the backbone of the entire field.

Critical infrastructure is described by the Cybersecurity and Infrastructure Security Agency (CISA) as “the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.”[3] Critical infrastructure and public health go hand-in-hand, and cybersecurity has a tight grasp on both. Poor management of cybersecurity in the United States and in the world threatens public health a myriad of ways. 

One of the best ways to highlight what public health is and why infrastructure is so important to it is to look at the seventeen Sustainable Development Goals, as seen in Figure 1.[4]

The Sustainable Development Goals are a set of ambitious goals set by the United Nations to create a “social contract” between nations to ultimately achieve a better, healthier society and planet by 2030.[5] Every single goal has a substantial impact on public health. Even though only goal number nine mentions infrastructure, nearly all seventeen goals are substantially impacted by infrastructure, drawing a parallel correlation between critical infrastructure and public health. If infrastructure improves, health disparities will decrease and public health will be far more stable. But if infrastructure remains inadequate, the consequences to public health will be incredible. Infrastructure and cybersecurity directly affects health disparities, which are taken into consideration when discussing overall health and well-being, and are a substantial concern in the overall realm of health equity, a significant measure in public health.[6]

RECENT CYBERATTACKS IN THE UNITED STATES & THEIR IMPACTS ON PUBLIC HEALTH

 A significant majority of cyber-attacks are the result of either known vulnerabilities that are not patched quickly or of actors discovering unknown vulnerabilities in software and conducting “zero-day” attacks.[7] Those vulnerabilities allows hackers to plant viruses, change code, encrypt files, lock up systems, delete or steal data, or completely immobilize networks, among other consequences.[8] These complex attacks often take place in the form of ransomware, phishing, malware, Denial of Service (DoS), and other methods.[9] The consequences of these attacks are a complex juxtaposition of foreseeable and unpredictable, and incredibly disruptive. 

In recent years, cyber-attacks have impacted health care and data privacy within the field. In 2020, ransomware attacks alone in the United States affected more than 600 health care organizations; revealed more than eighteen million patients’ records to attackers; and cost more than twenty-one billion dollars between paying off the attackers, lost business, and more.[10] Further, in 2020, a hospital in Indiana was forced to shut down its entire computer system after a ransomware attack encrypted its files and accessed more than one million patient records, resulting in a ransom payment of four Bitcoin—roughly fifty-five thousand dollars at the time of the attack—to decrypt the files.[11] Additionally, in 2019, a baby died in the NICU of an Alabama hospital because a cyberattack affected the monitors that nurses and doctors relied on to be alerted that something was wrong before the baby was born.[12] Health care is a critical sector of public health and infrastructure, and while laws were implemented to try to secure the health care industry, they have limitations.

The Health Insurance Portability and Accountability Act (HIPAA) is a federal privacy law that primarily regulates health data.[13] HIPAA contains an express preemption clause that preempts state health privacy laws unless those laws are “more stringent” than HIPAA, making it one of the few overarching federal privacy and cybersecurity laws.[14]HIPAA contains three rules that attempt to strengthen the protection of patients’ protected health information (PHI) and the response to breaches: the Privacy Rule, the Security Rule, and the Breach Notification Rule.[15] The Rules can be summarized as follows:

1. The Privacy Rule discusses appropriate uses and disclosures of protected health information, including who is authorized to view certain information;

2. The Security Rules puts safeguards in place for covered entities (e.g., hospitals, insurance agencies, etc.) and business associates (contractors with access to PHI, unlike a janitor in a hospital, who are required to sign privacy statements before viewing PHI) to “protect the confidentiality, integrity and availability of electronic protected health information” (ePHI); and

3. The Breach Notification Rule requires a chain of communication, depending on who discovers a potential breach, to perform a risk assessment and notify the federal Department of Health and Human Services (HHS), the Office of Civil Rights (OCR), affected patients, and potentially other media if a breach of protected health information occurs.[16]

HIPAA does not consider it a breach if the systems intruded were encrypted. This is incredibly significant because what would be considered “encrypted,” covers a vast range including standard single password protection. It can be assumed that because of HIPAA’s requirements, many of the health centers mentioned above had encrypted databases, yet the attacks occurred regardless and were not required to be reported. 

Compromised passwords have also wreaked havoc on other areas of critical infrastructure that have no legal requirements or procedures like HIPAA attempts to provide for the health care industry. Consider the following scenario: an employee no longer works for an oil company, but his account to access work remotely still exists. That employee uses the same password for that account as he does for others and the password is stolen by cybercriminals, leaked on the dark web, and shortly after, the entire oil pipeline that much of the East and Gulf Coasts relies on is shut down to contain the attack. This creates panic, a fuel shortage, skyrocketing gas prices, and conversation about how unprotected we are from cyber criminals. This is exactly what happened in April 2021 when a ransomware zero-day attack brought down the Colonial Pipeline, the largest fuel pipeline on the East Coast.[17] A compromised password and a lack of multifactor authorization on the company’s VPN account disrupted the lives of millions of citizens from New York City to Houston. However, because a password is a form of encryption, this compromise would not trigger notification of the attack if it was in the health care realm. Yet HIPAA is the best protectant currently in place in the United States and only affects one sector or public health and critical infrastructure. 

STATE & FEDERAL REGULATION CURRENTLY IN PLACE OUTSIDE OF HEALTH CARE

 The United States has fifty states and fifty different individual state laws concerning data privacy and cybersecurity.[18] Meanwhile, federal laws on cybersecurity have not been updated in more than thirty years, long before privacy and cybersecurity concerns from websites like Facebook arose. Moreover, an overwhelming majority of technology-illiterate individuals have been making up state and federal legislatures, as well as the highest federal courts for decades, which has resulted in a lack of urgency in addressing cyber concerns. Congress often discusses public health issues at hearings and other events, especially in since 2019 with adolescent vaping and COVID-19 being of heightened concern. But Congress fails to keep in mind infrastructure as one of the most critical aspects of public health. 

DISCUSSION

Currently, negative impacts on public health from cyber-attacks on critical infrastructure have been minimal in comparison to what could have occurred. For example, stolen PHI, locked computers, and compromised monitors for entire health centers or in large geographical areas can completely cut off access to health care for the average American. Health care professionals and systems, like legal and corporate systems, rely on electronics for communicating, monitoring, operating, securing (ironically), and, ultimately, for running with any kind of efficiency. While the impacts on public health from insufficient health care are clear, how does something like the Colonial Pipeline attack affect public health? 

Fuel pipelines are an invaluable piece of infrastructure in the modern world. Gasoline and diesel vehicles make ninety-seven percent of the market in the United States, and that is unlikely to diminish until infrastructure is more widely supportive of electric vehicles.[19] It is common knowledge that most motor vehicles in the United States consume petroleum-based fossil fuels. Common sense says that without fuel-based vehicles to transport people to work, productivity and economic growth are effectively hindered. Not only is economic growth a Sustainable Development Goal on its own, but it has a direct effect on other goals including access to food if salaries are affected, which lower-class citizens will feel the brunt of and increase health inequity, and ultimately has an impact on sustainable cities and communities. The Colonial Pipeline was only shut down for five days, so while this public health emergency never came to fruition, the panic caused demonstrates that the United States is not prepared for the public health nightmare that cyber-attacks on public health will inevitably cause if no action is taken.

A Comprehensive Look at the Sustainable Development Goals and the Impact of Attacks on Critical Infrastructure

 The Sustainable Development Goals are the best medium for evaluating and understanding the potential harm to public health stemming from poor cybersecurity laws and regulations that streamline attacks. For example, access to food is an important goal. If a cyberattack on manufacturing, transportation, and communication is disrupted—or altogether prevented—the facilitation of transportation of food sources would be hindered and could not only increase illness and decrease productivity and economic mobility, but would also seriously inhibit quality of life. Another goal is to have sufficient access to clean water and sanitization. In high income countries like the United States, water treatment plants are often controlled by electronics. Should an attack shut down these plants, it would affect people, and possibly sources of food, in unimaginable ways, which would have a drastic impact on public health. 

One of the most significant nonobvious threats to public health is the impact that a cyberattack would have on creating and maintaining sustainable cities and communities. This one goal encompasses all the other goals because harming one goal creates a slippery slope that would prevent attainment of many of the other goals. Stability and balance among these goals is crucial. This demonstrates the interconnectedness of public health in our everyday lives, and shows the desperate need to protect and strengthen critical infrastructure and cybersecurity laws. 

To put into perspective what kind of disaster is not only possible, but likely inevitable, consider Ukraine. In 2016, Ukraine’s often aggressive and instigative neighbor, Russia, launched a cyberattack on Ukraine’s power grid, creating a massive blackout that the country is still recovering from five years later.[20] While Ukraine is often a guinea pig to Russia’s games, Ukraine is not the economic and technologic powerhouse that the United States claims to be, yet the United States would likely face a similarly devastating blow because of its outdated infrastructure and software to protect it.

It is extremely well known that Russia can be unpredictable, and its tension with the United States is palpable, with instability dating back decades, including to the first Cold War. It is also well known, especially in recent years, that the United States’ different power grids are weak and extremely vulnerable, just as the Ukraine’s were. In February 2021, cold weather in the typically warm southern state of Texas knocked out the power grid for seventeen days, and it is possible that it could happen again in 2022.[21] Electricity is crucial to the large majority of Americans. Electricity powers our phones, some motor vehicles, homes, offices, schools, doctor’s offices, gyms, and more. From a public health standpoint, what would happen if, hypothetically, Russia—or its similarly tempered competitor, China—decided to launch a cyberattack that knocked out the power grids that light up the East Coast, West Coast, or to the entire country? The public health consequences would be devastating. 

First, hospitals would be without power, and while they have generators, it is unlikely that the generators would be able to (1) keep the hospital powered for more than a few days or a few weeks at the most, and (2) efficiently run all of the technology that hospitals require to keep people healthy and alive. As previously mentioned, a cyberattack that took out the power at a single Alabama hospital resulted in the death of a baby boy in the NICU because the monitors notifying health care providers of his condition before he was born nine months earlier were not working. Monitors are critical since it is impossible for health care professionals to monitor all the patients in a hospital constantly. In addition to monitors, machines including ventilators, x-rays, MRIs, refrigerators for medications and vaccines, and others would not work if the generators were not strong enough or ran out of fuel. Those are crucial tools for diagnosing and treating patients, and without them, the death and disease that would occur would be incomprehensible. Should the power grids of the United States be taken out, the impact to the health care branch of public health would be insurmountable, but it is just the beginning. 

Looking at the Sustainable Development Goals One-By-One 

As discussed, critical infrastructure and public health encompass more than just the health care field. They affect This section will take the power grid hypothetical above and discuss the impacts it could have on every Sustainable Development Goal, while taking the consequences in tandem with their effects on public health as a whole.[22]

The first goal is no poverty. A power grid failure of massive scale, as in a blackout that affects the United States as a whole, or even individual states and coasts, would likely drastically increase poverty. Americans rely on electricity for a workforce reliant on being digital. Without electricity, those jobs would not be able to happen, employers would not be able to pay their employees, and the loss of paychecks and inevitable stock market crash would put the majority of lower- and middle-income Americans into poverty in a short amount of time. Think about it being like the 2008 recession, when unemployment was high and the stock market was low, but on an exponentially greater scale. Socio-economic status one of the most important public health disparities because poverty leads to increased disease and less quality life years, coupled with poorer access to health care.

Similarly, the second goal is zero hunger. A massive blackout would affect food storage for perishable food items, making them inaccessible to all and increasing the risk of disease and death from food-borne bacteria. It could also prevent the manufacturing and packaging of food products, as well as prevent foods from being cooked, especially for those with few resources. A national blackout lasting more than a couple of weeks would drastically increase hunger and all consequences stemming from it, including preventing the attainment of sustainable communities. 

The third goal is good health and well-being, and besides direct health care, other areas and activities can impact this goal. For example, in a power outage, many machines that a person will find at the gym may not work, and physical fitness is incredibly important to good health and well-being. While a power outage will not keep people from working out all, it does make it more difficult for those without resources at home to get in an effective workout. This would include low-income citizens and disabled citizens who require specialized equipment including treadmills to attain and maintain fitness while adjusting to their bodies’ needs. 

Goal number four is quality education. Without power, schools will not be open, and online resources will be a moot point. Education will be drastically affected, and communities thrive when people have access to quality education. Disparities in education is constantly considered in public health discussions and is one of the biggest factors that has a result on quality of life. On the other hand, goal number five is gender equality. While an attack on critical infrastructure is less likely to have a drastic impact on this goal it is still a critical piece and it would not improve the current rate of gender inequality considering most education on gender inequality comes from sources like the news and social media. 

The sixth goal is clean water and sanitization. Depending on the area, some water treatment plants may be all plant, bacteria, and chemical based, while others are powered by electricity, and some have both features. In February 2021, a water treatment plant in Florida was hacked and the water was poisoned with exponentially higher levels of sodium hydroxide than are used in treatment [23] Unclean water would significantly increase disease and death rates, and could impact certain food manufacturing like Greek yogurt, which currently still requires a great amount of clean water. In response to smaller infrastructural cyberattacks like of the Colonial Pipeline, CISA released Alert AA21-287, which warns that water and wastewater facilities are an extremely vulnerable area of critical infrastructure, and that an attack is nearly imminent.[24] It further suggests that an attack that impacts water treatment would directly affect this goal. 

Critical infrastructure also affects goal number seven, which is affordable and clean energy. Power is a form of energy and it is often expensive and generally not the cleanest. While a massive power outage could result in a movement toward only using clean energy including wind, water, and solar power, clean energy infrastructure does not just appear overnight. It requires construction of the panels or the windmills, and the assembly process often requires electricity, The current legal challenges that the clean energy sector faces also limit the United States from being in a position where the country could rely on having clean energy infrastructure in place before a cyber-attack of this scale occurred.[25]

Goal number eight is decent work and economic growth. This paper has discussed both of those already, but it is important to reiterate that cities and communities cannot be sustainable and healthy without productive work and a stable and growing economy. Goal number nine mentions infrastructure by name, as well as industry and innovation. While a blackout may fuel innovation, industries and infrastructure are not prepared to handle such a devastating impact, especially since infrastructure would be the vector of attack. 

Goal number ten is reduced inequalities. As mentioned, inequalities in wealth would be substantially impacted by a disaster of this nature, generally affecting sustainability and public health. 

Goal number twelve is responsible consumption and production. This goes together with all of the goals involving energy, economy, and infrastructure. If each of those are negatively impacted, it is impossible to have responsible energy consumption, chemical storage and consumption, and more. Similarly, goal number thirteen is climate action. It has been stressed that the globe is facing a climate crisis, in large part due to irresponsible consumption, production, and infrastructure.[26] Climate change has a significant impact on public health. It has been blamed mass freezes in Texas, record-breaking tornados in the upper-Midwest in December, and many other tragedies. People rely on electricity to notify them of likely disasters and to keep their houses warm in a freeze or cool in a heat wave, and a blackout would exacerbate the indirect consequences of climate change that people feel. 

Goals number fourteen and fifteen are similarly impacted by climate action. Life under water and life on land are critical to the ecosystem, and the changing climate is impacting that. If unsustainable production and consumption of chemicals and waste is now unavailable, it could harm these individual ecosystems. This could potentially increase disease transmission from animals to humans and could lessen the available food supply for humans (and other animals) further exacerbating the public health nightmare.

Goals sixteen and seventeen are the most important when it comes to this hypothetical, and to the cyber “Cold War” in general: peace, justice, and strong institutions; and partnerships for the goals. Strong institutions are fueled by infrastructure, by quality public health, and by every one of the above goals. Partnerships between nations is required to reach these goals, and a Cold War one series of clicks away from making the above hypothetical a reality is the exact opposite. 

Goal eleven is sustainable cities and communities. This goal is mentioned last because it is the gold standard of the Sustainable Development Goals and of public health. Every single goal has an impact on sustainable cities and communities, for better or for worse. Each needs to be balanced and stable for this goal to come to fruition and to thrive. For this reason, it would likely be the last goal achieved. 

The United Nations created the Sustainable Development Goals with the hope to achieve them by 2030. However, without substantial change to the current cybersecurity environment and change toward improving critical infrastructure, increasing tensions between individuals, organizations, and nation state actors are creating the most significant threat to public health yet. This threat goes far beyond disease. It will affect every single aspect of our lives, and it seems as if there will be no way to stop it without tightened cybersecurity laws and regulations and an increased focus on developing critical infrastructure to be able to withstand cyber-attacks. Until then, the future of public health hangs in the balance  

CONCLUSION

The cybersecurity “Cold War” that the world’s developed countries are facing is creating a clear and imminent threat to public health that requires immediate attention. Attention is needed across the board in regulation and physical improvement of critical infrastructure. The Sustainable Development Goals are the backbone of public health, but the spine is nothing without the rest of the body to keep it upright and balanced. Critical infrastructure is the body that fuels and strengthens public health. Insufficient cybersecurity regulations, outdated and overwhelmed infrastructure, and poor responses to current minor attacks leave the United States one click away from an immeasurable public health disaster, and it is running out of time before this cyber “Cold War” goes nuclear.

Carey Sheldon (‘23) is a Juris Doctor candidate at Michigan State University College of Law. She is a Staff Editor on the Michigan State Law Review. She graduated from Nazareth College with a Bachelor of Science in Public Health and a minor in Legal Studies (‘20). Her primary areas of interest are in civil and criminal litigation and privacy.

[1] See John Feffer, The Cyber Cold War is Here, The Nation (May 3, 2021), https://www.thenation.com/article/world/cyber-security-china-russia/.

[2] CDC, https://www.cdc.gov/training/publichealth101/public-health.html (last visited Dec. 17, 2021).

[3] CISA, https://www.cisa.gov/infrastructure-security (last visited Dec. 16, 2021) (emphasis added).

[4] Sustainable Development Goals kick off with start of new year, United Nations, https://www.un.org/sustainabledevelopment/blog/2015/12/sustainable-development-goals-kick-off-with-start-of-new-year/ (Dec. 30, 2015).

[5] See id.

[6] Health equity is attained when “. . . everyone has a fair and just opportunity to be as healthy as possible. This requires removing obstacles to health such as poverty, discrimination, and their consequences, including powerlessness and lack of access to good jobs with fair pay, quality education and housing, safe environments, and health care.” P. Braveman, et al., What is Health Equity?, Robert Wood Johnson Found. (May 1, 2017), https://www.rwjf.org/en/library/research/2017/05/what-is-health-equity-.html.

[7] See Sara Mosqueda, BlackBerry Finally Announces BadAlloc Vulnerability in QNX Device, ASIS Int’l (Aug. 19, 2021), https://www.asisonline.org/security-management-magazine/latest-news/today-in-security/2021/august/blackberry-qnx-badalloc-vulnerability-announcement/ (discussing that BlackBerry was aware of a vulnerability for months before it patched the vulnerability and disclosed it to the public);see also  Clare Stauffer, What is a zero-day exploit? (Sept. 3, 2021), https://us.norton.com/internetsecurity-emerging-threats-how-do-zero-day-vulnerabilities-work.html.

[8] See Clare Stauffer, What is a zero-day exploit? (Sept. 3, 2021), https://us.norton.com/internetsecurity-emerging-threats-how-do-zero-day-vulnerabilities-work.html.

[9] See The 14 Most Common Cyber Attacks, Crowdstrike (Sept. 30, 2021), https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-cyberattacks/.

[10] See Stacy Weiner, The growing threat of ransomware attacks on hospitals, AAMC (July 20, 2021), https://www.aamc.org/news-insights/growing-threat-ransomware-attacks-hospitals.

[11] See Chris Brook, Following Ransomware Attack Indiana Hospital Pays $55K To Unlock Data (Aug. 12, 2020), https://digitalguardian.com/blog/following-ransomware-attack-indiana-hospital-pays-55k-unlock-data

[12] See Jill McKeon, Lawsuit Links Baby Death to AL Healthcare Ransomware Attack (Oct. 1, 2021), https://healthitsecurity.com/news/lawsuit-links-baby-death-to-al-healthcare-ransomware-attack.

[13] See Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. No. 104-191, 110 Stat. 1936 (codified as amended in scattered sections of 18, 26, 29, and 42 U.S.C.).

[14] See OPIS Mgmt. Res., LLC v. Sec’y, Fla. Agency for Health Care Admin., 713 F.3d 1291, 1294 (11th Cir. 2013).

[15] See HIPAA Basics for Providers: Privacy, Security, & Breach Notification Rules, CMS, https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurity.pdf (last visited Dec. 17, 2021).

[16] See id. 

[17] See All Colonial Pipeline attack information comes from: William Turton & Kartikay Mehrotra, Hackers Breached Colonial Pipeline Using Compromised Password (June 4, 2021, 3:58 PM), https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password.

[18] See Jay P. Kesan & Carol M. Hayes, Cybersecurity and Privacy Law in a Nutshell 82–90 (West Acad. Publ’g., 2019).

[19] See Camila Domonoske, Giving up gas-powered cars was a fringe idea. It’s now on its way to reality, Nat’l Pub. Radio (Nov. 21, 2021, 5:00 AM), https://www.npr.org/2021/11/20/1055718914/giving-up-gas-powered-cars-for-electric-vehicles.

[20] See Andy Greenberg, New Clues Show How Russia’s Grid Hackers Aimed For Physical Destruction (Sept. 12, 2019, 11:55 A.M.),  https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/.

[21] See Mitchell Ferman & Jon Schuppe, “People should probably be worried”: Texas hasn’t done enough to prevent another winter blackout, experts say (Nov. 29, 2021, 4:00 A.M.),

https://www.texastribune.org/2021/11/29/texas-power-grid-winter-storm/.

[22] See UN, supra Figure 1.

[23] See Steve Kardon, Florida Water Treatment Plant Hit With Cyber Attack, Industrial Defender (Feb, 9, 2021), https://www.industrialdefender.com/florida-water-treatment-plant-cyber-attack/.

[24] See Jason Jaskolka, Cyberattacks to critical infrastructure threaten our safety and well-being, https://theconversation.com/cyberattacks-to-critical-infrastructure-threaten-our-safety-and-well-being-170191.

[25] See Dave V. Wright & Javier Eduardo Carrasco, Policy Challenges and Opportunities for Renewable Energy, Stan. L. Sch. Blog (Nov. 1, 2015), https://law.stanford.edu/2015/11/01/policy-challenges-opportunities-renewable-energy/.

[26] See New report reveals how infrastructure defines our climate, UN Env’t Programme (Oct. 12, 2021), https://www.unep.org/news-and-stories/press-release/new-report-reveals-how-infrastructure-defines-our-climate.

Any reproduction of the Article, including, but not limited to its publication, posting, or excerption in print, or on the internet, shall give attribution to the Article’s original publication on the online MSLR Forum, using the following method of citation:

“Originally published on Feb. 25, 2022 Mich. St. L. Rev.: MSLR Forum.”