The need for resilience in national infrastructure

November 2018 Government and Parastatal (Industry), Cyber Security, Security Services & Risk Management

The industries and infrastructure on which so much of our daily lives depend are deep in the midst of mass digitisation. Whether it’s processing huge quantities of data or using smart technologies to connect together the grid networks and devices which power our towns and cities, it’s out with paper-filled filing cabinets and legacy systems and in with software-defined and data-driven infrastructure.

While there are a great many benefits to be gleaned from this digital transformation, there is one obvious caveat: with digitisation comes the potential for cyber attackers to undermine and attack our critical national infrastructure.

Kate Mollett
Kate Mollett

An international data-driven vision

The appetite for digitisation is not only industry-wide, it’s international. By 2020, it’s expected that 72% of European consumers will have a smart meter for electricity, while figures from the European Commission’s most recent benchmark indicate these smart meters are registering 3% electricity savings on average. Data availability is fundamental to the success of smart metering with energy providers looking to ‘gamify’ the process of saving energy. According to a 2018 Energy Research & Social Science report, engaging residential energy users through gamification and providing information about consumption levels which they can compare against neighbours and friends is crucial to nudge them towards reducing consumption.

Taking a step back from energy consumption and thinking about its production, data has been described as the new oil – an even more valuable resource for the oil and gas exploration industry than crude itself. Data science experts assert that collecting big data analytics and real-time analysis can improve oil and gas production by 6-8%.

As well as improving product yields, in the world of drilling and completion, data quite literally gives sight to the blind, enabling engineers to better understand the risk of drilling certain wells, as well as improve the accuracy of drilling methods to reduce risk and increase production. Given the sheer volumes of data which oil and gas companies produce on a daily basis, digital transformation is not only necessary but must be rapid and continuous.

The challenge when it comes to digitising grid systems such as electricity, oil, gas and water is that once a network is software-defined it no longer needs to be unplugged at the mains or experience a sudden loss of power for outages to occur. Effectively, there is another way of turning off the lights and that is through a cyber breach. The cyber-attack on German energy firm EnBW last year and Siemens research finding that oil and gas firms are the most hacked serve as significant warnings that national infrastructure providers are primary targets for hackers.

Given the critical nature of power networks, in the era of ransomware and extortion-led hacking, it’s wholly unsurprising that they are subject to cyber-attack. While cybersecurity is of paramount importance, attacks cannot always be stopped at source, which means energy firms need robust recovery processes in place to minimise downtime.

Given that even a minor outage can be catastrophic and costly for these companies, investing in an always-on operational solution is of primary importance. Combined with a data management strategy that takes a holistic view of data across its lifecycle, a dedicated enterprise platform helps businesses reap the benefits of intelligent data management, ensuring that data is always protected, compliant and available.

Mitigating disaster in the clouds

Another industry which, for obvious reasons, has to take every imaginable precaution to protect against minor outages is aviation. Aircraft operate on some of the most highly sophisticated and secure computer systems known to man, but no computerised system is 100% immune from cyber-attack. While we tend to think of incredibly dramatic scenarios such as planes falling from the sky as hackers take control of the cockpit, the more likely security risks facing airlines regard passenger data.

Airlines are increasingly using artificial intelligence (AI) to perform end-to-end passenger identification and check-in procedures. Delta, for example, has invested in automated self-service bag checking kiosks and facial recognition technologies powered by AI as it believes the introduction of these technologies can greatly improve the customer flying experience.

The increasing volumes of aviation and airline data is one thing, but the diversity of this data is a whole different challenge. On one hand, you have the data being emitted from the aircraft, radio systems, baggage handlers, online check-in systems and security kiosks which all must be highly secured, anonymised, filtered and analysed in real-time as well as being stored and archived appropriately. Furthermore, airlines collect huge volumes of personal data from the millions of flyers each year. As well as highly sensitive personal details, this also includes banking and payment information.

Given the diverse array of data at the fingertips of aviation, as well as other private and public transport industries, companies are adopting multi-cloud strategies to guarantee a high level of data availability without compromising on data protection. A multi cloud environment, coupled with a best-in-class Disaster Recovery as a Service (DRaaS) solution, means operators can create user-friendly platforms and customer experiences, with a guaranteed level of service and failover.

If, as many commentators have suggested, data truly is the new oil, powering the digital transformation of everything, then national and international infrastructure providers must treat it as such. In doing so, data will become a hyper-available entity, which is protected by the most secure systems software engineers can build and mined for with increasing accuracy and enthusiasm. As crude oil is one of the most sought after substances by thieves, data has become the score which cyber-criminals aim for. Therefore, data-driven industries and enterprises must ensure that data is secure, protected and compliant, and that intelligent data management platforms are implemented and achieve their most critical business outcomes.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

Read more...
The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Read more...
Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Read more...
Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

Read more...
Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

Read more...
Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Read more...
Inundated with cyberattacks from all directions
August 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology.

Read more...
Addressing risks in the healthcare sector
August 2019, Secnovate, Technews Publishing, ZKTeco , Healthcare (Industry), Security Services & Risk Management
The healthcare sector poses unique challenges and risks. Hospitals, for example, need to have a more-or-less ‘open door’ policy when it comes to people entering the premises and the main reception area.

Read more...
Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Read more...
Cyber tools and solutions
August 2019, Technews Publishing , Editor's Choice, Cyber Security, IT infrastructure, Residential Estate (Industry)
Hi-Tech Security Solutions looks at the various options we have when it comes to protecting yourself from the ever-growing scourge of cybercrime?

Read more...