A recent report revealed that a committee of MPs and peers in the UK has criticised the government for its lack of urgency in addressing the cybersecurity skills gap in relation to critical national infrastructure (CNI). According to the report, the shortage in specialist skills and deep technical expertise is one of the greatest challenges faced by the UK’s CNI operators and regulators in relation to cybersecurity.
Edgard Capdevielle, CEO at Nozomi Networks:
“There is huge demand for cyber security professionals across the board, not just within our critical national infrastructure (CNI), with the world’s largest banks, energy companies, and governments all struggling to find people with the right skills set. The challenge is that, in such a competitive marketplace, cash rich entities can afford to offer lucrative packages while those operating with tighter profit margins, such as those in the energy and power sectors, will have to rely on alternative enticements.
“The problem within CNI is not just a lack of skilled individuals but also the complexity of these legacy infrastructures and complex industrial control systems (ICS). When you consider that a standard power plant will typically have an average 50,000 real-time processes, using standard networking tools to monitor, manage, and then troubleshoot is akin to mission impossible. The task of manually analyzing the resulting data would take a single skilled professional months, if not years, assuming it could even be done without errors!
“CNI operators should look to leverage automation provisioned by machine learning and artificial intelligence powered operational cybersecurity solutions, capable of handling those manual processes that can no longer scale, to detect and mitigate attacks, improve and speed security processes while making staff more productive. These automated, real-time defences are likely to respond to potential threats faster, more efficiently and often beyond the capabilities of humans.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.