UK Critical infrastructure defence

Lat month saw the UK Government start to enlist the private sector to combine cyber defense responses http://www.telegraph.co.uk/technology/8366810/GCHQ-aims-to-protect-critical-private-networks-from-hackers.html

The issue has become more significant recently with the realisation that infrastructure networks beyond the military are terrorist targets and that, with examples like Stuxnet out there, they will be attacked. The potential for harm or disruption is significant.

Anything that helps protect against this increased threat to critical infrastructure is a good thing, but for it to work, and importantly, for it to be accepted, there must be significant oversight to protect individual freedoms and privacy.

A quick first step in protecting critical infrastructure would be increased, and more open, sharing and communication of threats. Security services and commercial organisations should keep each other appraised of increasing risks or known threats and work on early warning systems of potential threats.

But public perception is a concern. The last 10 years has seen the state become more “intrusive” in electronic communications and the public is nervous of that intrusion into their private lives no matter how innocent. So selling this to the public is key.

One aspect to reflect on is that for the system to work, sensors need to be implanted in the private infrastructure networks and one question to ask is “who owns the sensors”? Are they security service owned or are they owned by the private networks themselves? There would probably be more acceptance of commercially owned sensors that provide a known and managed feed to the security services as opposed to the security services having sensors they own and collecting who knows what data.

 

This entry was posted in cyber and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *