While the IT systems of critical infrastructure providers face the same level of risk from cyber-attacks as do other enterprises in the private and public sectors, a cyber-attack on critical infrastructure can have much broader and deeper consequences for society and the economy. This puts added pressure on IT decision makers and influences how they design, implement and maintain their cyber-defences. Accepting the fact that the threats are both constant and, in terms of the means and methods, constantly evolving, the key to successful mitigation is the development of a proactive strategy for monitoring and detection. This includes close collaboration with all stakeholders in critical infrastructure operations and the involvement of senior leadership in driving strategy.
These leaders must also embrace an open and collaborative management approach to keep pace with the fast-changing information technology environments in which they operate. Outsourced solution providers are increasingly relied upon by critical infrastructure managers to deliver cost-effective services and to help them stay on top of technology evolutions. Critical infrastructure providers also see the growing importance of independent, Internet-connected sensors and control devices (the ‘Internet of Things’) in helping to manage infrastructure more efficiently and generating more insight into the levels of service they provide. Similarly, the rise of smart cities compels critical infrastructure executives to work with other platforms and service providers to join up their information systems and increase the leverage they all receive from the data and insight they share.
This openness, at first, seems counter-intuitive to good cyber-security practices. Open systems and cross-sector integration increase the points at which a network is exposed to incursion, malware and other cyber-attacks. It also potentially weakens the management response to cyber-threats, as collaboration with multiple service providers can muddy a decision-makers’ view of the chain of command. Yet IT openness will nevertheless be a positive development for their cyber-security efforts. IT solution out-sourcers are often more up-to-date in their cyber-security practices, and are experienced in managing them across infrastructure platforms. IoT sensors massively increase a critical infrastructure provider’s ability to gather external data and monitor cyber-threats proactively. Smart cities allow cross-platform sharing of cyber-security best practices. Ultimately, critical infrastructure leadership that builds its IT capabilities with others increases, rather than diminishes, its cyber-security resilience.
This white paper is part of a series called "Safe Cities Index". Click Here to read the full series.