During the last 12 months, Critical Infrastructure (CI) or Critical National Infrastructure (CNI) around the world (and just recently, The Port of Nagoya, the largest and busiest port in Japan, and The Office of the Attorney General and Ministry of Legal Affairs (AGLA), Trinidad and Tobago) have suffered critical cyber-attacks from cyber-criminals, causing operational services issues (which provide services to society/public and to other entities, etc.), data losses and data breaches – all of which affect the confidentiality, integrity, and availability of systems and services. In a nutshell, trust in such systems, services, and operations is affected for unknown periods, while comprehensive incident management processes and activities are carried out in order to verify and certify trust in such systems, services, and operations.
Systems, operations, and or services that are essential to society and economic development are considered critical infrastructure, and their compromise can have grave consequences for society and the economy. Healthcare and Public Hospitals, Transportation, Education, Electricity Generation, Water Authorities, Government Facilities, Attorney General Offices, Law Enforcement, etc. are all CIs. For a further listing, please visit – https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors
Protecting CI requires governments and non-governmental entities – to collaborate and work together to understand the risks beyond general risks (such as floods, electrical outages (all can be due to a cyber-attack), earthquakes, etc,) and include Cyber Risks in the main risk management program. When such a program does not take cyber risk management into its overall risk management program, cyber-attacks (which can occur literally at any moment) can take advantage of the governing risk management program’s vulnerable nature, thereby hampering the resilience of CI. Perhaps you are wondering how this is possible. The maturity of the program affects the efficiency and effectiveness of risk management controls, especially for cyber-risks. To survive cyber-attacks, CI operators must therefore consider all risks when developing resilience programs, especially cyber-resilience programs.
Additionally, the disruption of CI is a national security issue. As a result, understanding cyber risks and implementing crucial security controls is essential for building resilience. As part of the offensive and defensive nature of the program, these cyber resilience controls are critical to preventing and or reducing the effects of a cyber-attack. Public safety and economic viability are just a few of the effects of cyber-attacks on CI.
For controlling entities to achieve the resilience required, the following will be needed:
- Public awareness of digital risks and the importance of Cybersecurity in the connected world.
- Political commitment with actionable attributes in formalising committees and workshops to effectively and efficiently study the risks cyber posed to CI – A comprehensive Cybersecurity Risk Assessment.
- The creation of national security-aware policies, regulations, laws, and guidelines in designing, planning, implementing, managing, monitoring, and reviewing CI resilience.
- Build highly capable cyber-resilience programs into IT and OT (operational technology) infrastructures.
- Competent human resources in the management and operations of CI
- Incorporate Cybersecurity Advisors/Consultants into boards and senior executive structures to provide cybersecurity advice and awareness, and assist the organization in formulating its business policies and strategies.
It is evident that cybercriminals have solely financial objectives (we cannot deny this) without consideration of the societal, cultural, or economic implications, and that understanding this grave criminal mindset will enable CI operators, governments, and non-governmental organizations to take this risk seriously and to take action as soon as possible before it causes harm and, in some cases, causes harm again.
Barbados Today published article:- https://carisec.global/wp-content/uploads/2023/08/Barbados-Today-July12-2023-Critical-National-Infrastructure-under-Cyber-Attack.pdf