Become a TechRadar Insider
From our energy infrastructure, through to the systems responsible for our telecommunications, transport and utilities, a core set of services are essential to keeping our society running.
World events have rightly put Britain’s defense capabilities under renewed attention, but our national sovereignty is maintained just as much by the cyber resiliency of these critical systems as much as it is by nuclear deterrents, submarines and physical military hardware.
Operational Technology (OT) systems control power generation, transmission, distribution and gas transport safely and reliably. The increasing digitization and connection of these systems is seeing cyber risk emerge, whether it’s from the exploitation of unpatched vulnerabilities, phishing, or malware attacks.
CTO at Thales UK.
Launched by nation-state groups, or criminal elements employed as proxies, they are among the most significant threats to the industry, as they hope to trigger knock-on effects and cause severe disruption to everyday life.
A combination of internal gaps in strategy, cybersecurity capabilities, and outdated technology, is leaving our energy grid vulnerable. Once compromised, the intention with many of these actors is to persist and maintain a presence within these systems, learning and capturing as much information as they can over time without being detected.
Automation is on their side, lowering the barrier to entry in getting attacks off the ground for opportunistic and commercially-motivated groups, as well as enabling further adaptation and evolution of malware. There are also risks with AI as it becomes embedded into enterprises.
Thales’ recent Data Threat Report, for example, found 61% of organizations globally rank AI as their top data security threat, as these automated systems are increasingly granted broad access to enterprise data.
Operational simulation to validate cyber resilience
The scale and frequency of these risks underscore the importance of planning and simulating responses in as much detail as possible, and to this end, digital twins have become an increasingly popular tool in many industrial sectors.
Linking to data gathered from a target environment, it allows for the creation of a perfect digital representation of a real object or process.
It’s here that cyber risk must be considered alongside engineering and operational risk, with governance frameworks that make sure cybersecurity supports wider safety and operational security.
As part of the validation, leaders also need to ensure that personnel can respond safely and effectively during incidents.
By working in a sandboxed environment, security teams responsible for critical energy networks can model attacks from ransomware outbreaks to insider attacks without risking downtime or data loss.
Ongoing testing and validation ensure security controls remain effective as systems evolve, because networks are continuously evolving. New assets are deployed, systems are upgraded, and operational requirements change - meanwhile resilience must be continuously maintained.
Going a level further, the operators of power grids, rail networks and water suppliers are often managing their digital and physical assets independently.
If we can integrate these various digital twins together, decision makers can suddenly see a shared, simulated and real-time model of the entire system, allowing for impact analysis should a problem emerge.
A unified national response to cyberattacks
Adequately addressing cyber risk to critical infrastructure also requires a cultural shift in how these organizations deal with and react to the data about the attacks they face.
With priority given to confidentiality and secrecy, it means this is often hoarded and kept within a given organization, meaning each sector is left to deal with problems in isolation.
Threat actors know this and are keen to exploit it – after all, threats do not respect organizational boundaries. They’re moving at machine speed, while defense often moves at the speed of bureaucracy.
Whether it was successful or not, each unreported attack is a missed opportunity to refine security strategies, share knowledge, and enhance the overall resilience of the sector. Critical national infrastructure operators and suppliers must collaborate closely to identify and close these security blind spots.
From information silos to networked intelligence
Building and sharing more of these capabilities across sectors puts us in a position where if a new malware signature is detected by one utility company, everyone else, from transport to defense and energy, can be immunized against that threat within milliseconds.
Mandated incident reporting, as the UK Government proposes for high-risk sectors and essential infrastructure, is a welcome move in the right direction.
Ofgem, the UK’s energy regulator, meanwhile, has strengthened its expectations around cyber resilience, shifting its emphasis from compliance to demonstrable operational capability and preparedness.
At CYBER UK this year, we talked a lot about how no single sector can meet this challenge in isolation. Critical infrastructure, public services, and private enterprises alike are all connected by digital ecosystems – and associated cyber risks.
Building shared resiliency into critical infrastructure is an imperative for our wider national sovereignty and security. It will take structural changes, from proactive security measures through to cultural shifts, to ensure our cyber expertise is up to the task of meeting what lies ahead.
We've featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit