Targeting of “Western” Critical National Infrastructure and how we all play a part in its defence.

I have read several opinion pieces that suggest ISIS is planning a cyber-geddon style attack on “the West’s” Critical National Infrastructure (CNI). Given the current nature of warfare and the growth of cyberwar/terrorism this seems like a logical opinion.

From the inaugural FT Cyber Security Summit in June this year:

Countries are having to defend themselves against an increasing number of attacks on their information and communications systems from unfriendly states, terrorists and other foreign adversaries. NATO, for example, in June adopted an “Enhanced Cyber Defence Policy”, outlined
in a public information document circulated by the 28-member intergovernmental military alliance at the conference.
“The policy establishes that cyber defence is part of the Alliance’s core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO’s cooperation with industry,” states the document. Key aspects of the policy were discussed at
the event including the fact, reiterated by a member of the audience, that a digital attack on a member state is now covered by Article 5 of the treaty, the collective defence clause, meaning that NATO can used armed force against the aggressor.

We can all play a part in securing our CNI by securing our own networks and businesses to make them less likely to get used as mules or zombies to deliver this threat to our CNI. Back in 2011, Chatham House issued a report on cyber Terrorism and one of its recommendation back then was,

Training and development of staff in cyber security
measures should be seen as an integral part of risk
mitigation strategies.

This says staff, not IT staff or security staff just staff and this is because ‘cyber’ is a part of everyone’s day with very few exceptions. Behaviour and culture have an impact on CNI security. Through supply chains, we are all connected and through our IP enabled devices both at home and work, these connections become ever more complex and exploitable. Part of the problem as I see it is a bit of a disconnect with security at the top of many of our organisations.E&Y visuals security survey 2012 2

 

This is where culture is driven from and addressing this worrying knowledge gap is vital. Evidence for this lack of understanding comes from businesses themselves.

 

Board Compliance visual

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s