How can critical national infrastructure manage its cyber risk?

Critical National Infrastructure (CNI) organisations are key to the operation of our society. They provide fresh water, essential transport services and electricity to allow us to switch the lights on. As a result, the impact of their loss or disruption can be huge.

Andy Wall, Head of Cyber Security, Atkins

These organisations utilise a lot of technology to provide these services, yet many do not necessarily understand what their cyber security risks are. Typically CNI organisations are vulnerable to cyber attack because they tend to look to the long term, building and developing systems that are in place for decades. However, the threat and means of attack will constantly evolve during that period.

IT specialists alone are not the solution to addressing this potential vulnerability. CNI is an engineering operational environment, so pulling together a blend of people who understand the range of engineering, security and IT elements is key.

Critically, the education of your staff will help them to operate your CNI facilities securely, as well as safely. Embedding cyber awareness in your people will ensure that they are better equipped to understand what is happening during an attack, as it happens, and to take appropriate action.

In order to develop an effective cyber security strategy you must first understand the threats your organisation faces; who might try and attack you. You then need to consider what it is that you value most and therefore need to secure. Also, what is the potential impact of the loss of those things? Once those complex questions have been answered, comprehensive risk assessments can then be undertaken and appropriate security controls put in place.

By combining this proven approach with wider industry best practice and guidance, CNI organisations can not only mitigate cyber risk, but also adapt their cyber security strategy to meet the evolving threat.


Download our Cyber Resilient Infrastructure Report here