CNI Industry and foresight vision in security: Security by design is crucial for CIP

Pierluigi Paganini June 06, 2015

During the Infosecurity Europe 2015 security experts talk about a foresight vision about the Critical National Infrastructure industry (CNI).

During the Infosecurity Europe 2015 –number one Information Security event, celebrated in London on 3rd June 2015, it was a special occasion to talk about a foresight vision about the Critical National Infrastructure industry (CNI). In this context, CNI global leaders and experts exposed emergent needs in the sector, such as importance to produce “secure products, from secure suppliers, with secure development lifecycles, towards to guarantee a resilient and safe integration of products and services in the CNI industry.”

ICS-CERT critical infrastructure 2 CNI

Those needs were analyzed and discussed during the forum by Peter Gibbons, National Rail head of cyber security. Industry Standards are vital to guarantee a safe provision of “secure products in a secure way.” Moreover, integration of technology is crucial between customers and CNI’s suppliers. Therefore,

Moreover, integration of technology is crucial between customers and CNI’s suppliers. Therefore, definition of requirements and provisions in the CIP field are mandatory to build a culture of prevention and resilience. There is no justification to spend millions on security products without any idea about the requirements and needs for critical infrastructure.

“A combination of situational awareness and compliance could be the best approach to industrial control system security”

When organizations are looking to define scenarios on Cyber Risk, the main problem is the Critical Infrastructure that is commonly targeted by cyber attacks, destroying data and normal function of the equipments. Today’s challenge in CNI industry is oriented to secure “Product Development Key”. Several problems are facing organizations with legacy systems because the lack of resilience strategies to guarantee a gradual upgrade of systems.

The participation of Raj Samani, Cloud Security Alliance CIO and Intel Security European chief technology officer during the Infosecurity Europe 2015, was an extremely good opportunity to emphasize on a foresight vision of CNI industry. From one side, automation represents an opportunity to impel productivity and resilient processes in different industries, such as Oil and Gas, Manufacturing, Logistics, Financials, Nuclear, Retail, Telecommunication, others. Nonetheless, Samani expressed that Cyber Risk is persistent and that is why, organizations must continue addressing and recognizing it.

In addition, Peter Gibbons emphasized on a convergence between legacy systems and new trends of information security services in the CNI industry. There is a good reason to think that legacy systems need a convergence during a continuous process of automation and next generations of IT systems for the CNI industry.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment