It has been reported that according to the National Audit Office (NAO), the UK government has “failings” in the way it is planning to protect the UK’s critical infrastructure from cyber-attacks.The warning came in a National Audit Office (NAO) assessment of the UK’s national cyber-defence plan. The government is increasingly worried that these essential sectors will be targeted by foreign states seeking to disrupt UK life. Modern life was now “totally dependent” on cyber-security, said one expert.
Andrea Carcano, Co-Founder and Chief Product Office at Nozomi Networks:
“These findings are representative of the challenges organisations are facing with regards to protecting operational technology, not just within CNI. The scale of the challenge should not be underestimated.
The skills shortage in engineering and particularly cyber security within the Operational Technology space plays a significant role in the inability to effectively secure the problem. Organisations must quickly understand what technology they have in their environment and how that ecosystem functions. Once an organisation has this information they can prioritise controls to preserve the availability of essential services.
It is also true that if existing protection mechanisms are inadequate, then in the short-term organisations should ensure they achieve a high level of visibility into their networks in order to identify threats that are active in the network.
The recent NIS directive should begin to help drive organisations to implement continuous improvement programs for cyber security. The key is to ensure organisations correctly interpret their obligations with regards to NIS and are equipped to be effective in controlling security risks.”