Critical infrastructure: Taking a collaborative approach to security
James Thorpe
Share this content
As critical infrastructure sites remain vulnerable to a wide range of threats, how important is collaboration when looking to ensure protection and keep services running?
The process of ensuring that critical infrastructure sites are protected is not simple.
Contrary to many perceptions of security in these environments, it is not as easy as installing a chain link fence and putting up a few ‘Caution: Site Personnel Only’ signs around the perimeter.
Whether you are looking to protect a healthcare facility or power plant, whilst it is important to prepare for every eventuality, it is equally vital that stakeholders invest time into specifying appropriate cyber-physical security measures and take a collaborative approach to securing critical infrastructure.
Article Chapters
ToggleProtecting critical infrastructure
By following government/agency advice, engaging with relevant parties with a deeper knowledge of regional trends and geography and conducting thorough risks assessments, site managers and security teams can gain a strong understanding of current threats and what they need to prepare for.
At a government level, the process of establishing clear communication and an understanding of risks is vital to the ongoing protection of systems and networks.
To help government agencies gain a clearer understanding of the threats posed, many encourage collaboration and knowledge-sharing in an attempt to collect valuable data.
According to an advice document published in the UK by the National Cyber Security Centre in partnership with the National Protective Security Authority: ‘The UK’s Critical National Infrastructure is increasingly interconnected and interdependent, making it harder for government to understand and manage the risk faced by the UK.
‘Government has developed a new methodology to collect this data – the Criticalities Process – and is building a new tool to visualise and interrogate the data produced – the CNI Knowledge Base […] Supporting government in this work means you are helping protect the functions that everyone in the UK relies on every day to live and to work.
‘[…] We can provide you with targeted, practical advice on the most critical technologies and products within the CNI; We will be able to make better-informed risk management decisions, taking into account the cost and benefit of potential policies; We will help equip you with better evidence to catalyse change within your organisations, including at board level.’
Elsewhere, CISA plays a vital role in the US as the national coordinator for critical infrastructure security and resilience.
The agency has developed and implemented multiple different information sharing programs that help promote resources and tools to partners.
CISA claims that ‘these programs include awareness and outreach campaigns like the annual Cybersecurity Awareness Month (CAM) and broader national awareness programs that offer partner toolkits.
Through these programs, CISA develops and shares substantive information with the private sector and with […] governments.’
Not only does a collaborative approach allow sites and projects to incorporate effective preventative measures, but this can help streamline crisis management and disaster responses.
Market growth
- According to research published by Mordor Intelligence, the critical infrastructure protection market is expected to register a CAGR of 7.76% during the forecast period of 2023–2028
- Gartner, Inc. predicts that, by the year 2025, approximately 30% of critical infrastructure organisations will encounter a security breach that will lead to the disruption of a cyber-physical system crucial to their operations or mission
- IMARC Group reports that the global critical infrastructure protection market achieved a size of US$137.8b in 2022