How to Build Resilience into Critical National Infrastructure
It’s no secret that critical national infrastructure is seen as one of the most valuable targets for cyber threat attackers today.
New operational technologies and IoT devices are increasingly positioned as the ideal solution to driving efficiencies and reducing the taxpayer’s burden in key sectors including energy, health and transport but these innovations can come at a cost. As the technical environment that underpins our critical national infrastructure becomes more complex, it also exponentially increases the attack surface for malicious actors to exploit.
Combined with the escalating frequency of politically-motivated cyber-attacks and the popularity of cheap off-the-shelf ransomware kits that give even non-technical users the ability to launch large-scale attacks and the challenge for critical national infrastructure organisations is clear.
“AI can automate complex tasks and provide consistency and precise optimum set points to enable machinery to run in auto-pilot mode, which is essential for achieving lights-out manufacturing on one or more production shifts.” - McKinsey AI in production: A game-changer for manufacturers with heavy assets
Despite these risks, the potential of emerging technologies like AI and machine learning is almost limitless. By automating complex critical national infrastructure operations, these technologies are able to optimise yield rates, sustainability and profit per hour. What sane organisation would turn down the opportunity to predict leaks and failures, improve network stability and bring utilities costs down?
Building resilient processes
Although critical national infrastructure organisations are increasingly aware of the need to secure control systems, proactively patch IoT devices and get a firmer grasp on shadow IT, there is still a danger of the cyber exposure and brand reputational elements of a comprehensive digital risk strategy being overlooked.
So how should organisations in this space build resilience into their cyber security and digital risk processes? First, it’s important to acknowledge that you’re only as secure as your weakest collaborator. With countless examples of major ransomware attacks and data breaches originating from the supply chain in recent years, it’s essential for organisations delivering critical national infrastructure to establish a collaborative business model that enables transparency and shared best practice with all partners and suppliers.
This may require a significant cultural shift as well as technological, as procurement teams move away from adversarial relationships with suppliers designed to drive better value for the taxpayer into a shared risk model that prioritises sharing insights and security standards. Where low-cost supplier bids may have been historically favoured, the lower security standards of cheaper suppliers must be acknowledged, and price-sensitivity adjusted to account for today’s complex threat environment.
For this model of supplier relationship management to succeed, critical national infrastructure organisations will need to work closely with policy makers to ensure their governments will support amending procurement processes to account for the need to secure digital infrastructure.
Finally, progress will need to be closely monitored over time. By establishing a baseline of acceptable digital risk standards and an industry-wide benchmark, it will be easier for organisations to ensure that security standards and best practice processes keep pace with the adaptability of attackers, complex regulatory environments and the scale of the attack surface going forward.
The potential of new technologies to reduce operating costs, improve safety and meet sustainability targets is too significant to ignore. Nonetheless, as we march forward with progress in the critical national infrastructure space, it’s never been more important to ensure our risk policies and security standards evolve at the same pace.
If you’d like to know more about building resilient digital risk processes or securing critical national infrastructure, Darkbeam are presenting at the upcoming AchillesLive event in Oslo on September 18th.