The opening ceremony of the Pyeongchang Winter Olympics made headlines –
but not just for outstanding performances or vibrant displays. A cyberattack on
the latest Winter Olympics resulted in a 12-hour
disruption, leaving attendees from across the globe unable to retrieve or print purchased
tickets during the momentous event 1]. The outage demonstrates
how disruptive cyberattacks can be – often much worse than a slew of frustrated
guests, especially when involving more critical infrastructure.
In 2014, the Indian government
established the National Critical Information Infrastructure Protection Centre
(NCIIPC) to regulate and protect the nation’s Critical Information
Infrastructures (CIIs). CIIs are defined by the Information
Technology Act of 2000 as vital computer resources that, if incapacitated
or destroyed, will leave a debilitating impact on national security, economy,
public health or safety across both public and private sectors [2].
Although many CIIs are primarily owned and operated by the private
sector, such as banks and commercial facilities, the role of government is
equally important when evaluating how best to protect organizations and industries
from attack. Here are three key areas governments should focus on when
implementing a cybersecurity strategy –
· Take charge with national recommendations
– Securing our critical
infrastructure requires coordinated efforts from various government agencies as
well as the private sector. However, governments should take the lead and issue
standards and best practices on the most effective approach.
For example, last year, the Singapore
Cyber Security Agency held Exercise
Cyber Star with 11 designated Critical Information
Infrastructures (CII) to put the country’s cyber incident management and
emergency response plans to test. This was done through a series of simulated
cybersecurity incidents, planning sessions and workshops [3] and served as a good
platform for the organizations and agencies to assess their cyber-readiness and
knowledge-share on best practices. Assessing the current state of readiness is
the first step to implementing an effective cybersecurity plan.
· Be aware of weak lines between OT and
IT – Operational Technology (OT) is a system that monitors and controls
physical devices and processes, such as how much electricity is generated
through transmission lines. Traditionally, these functions were run on man-operated
equipment. With the growth of Internet of Things (IoT) devices, many OT systems
are now equipped with IP addresses to enable remote access streamline control operations.
This transition means that OT and IT networks are increasingly connected and security
standards must be kept up-to-date to ensure proper barriers between the
networks.
Successful measures include improved
access control and encryption, which helps prevent hackers from gaining access
to IT networks and enables quick control of OT that could result in disruptions
or ransom of essential services like electricity, water and public transport.
· Stay adaptable as IT landscapes evolve
– A recent
study found that 92% of businesses leaders in India
believe that organizations need to adopt a digital-first mindset to drive
growth [4].
As such, we will soon start to witness private and public sector organizations moving
toward digitalised business models that rely on the latest advanced technology
trends. From the growth of IoT to moving into public clouds and artificial
intelligence, IT operations and security must adapt to keep pace with the
newest advancements, all while mitigating risks.
While attacks on critical
infrastructure can have dire consequences, they are akin to attacks that have already
hit other industries and can be managed with existing best practices. New or
improved technologies can also help enhance the protection of critical
infrastructure assets. Voice and video analytics platforms powered by machine
learning, for instance, provide a number of capabilities, including crowd
control, gauging expected motions and identifying objects and individuals
whether stationary or in motion.
Critical infrastructure protection is essential to the security of India.
While daily operations among the private and public sectors continue to differ,
a collective effort is required to securely build India’s digital economy and
achieve the Smart Cities Mission by 2020. Information sharing and collaboration
between the public and private sectors are equally vital to securing the nation’s
critical infrastructure.
[1] Hackers Targeted the Winter Olympics Opening Ceremony to ‘Embarrass’ South Korea, TIME, 13 February 2018
[2] Guidelines
for Protection of Critical Information Structure, National Critical Information
Infrastructure Protection Centre, 16 January 2015
[3] 11
critical information infrastructure sectors tested for first time in national
cybersecurity exercise, Channel NewsAsia, 18 July 2017
[4] 92%
Indian leaders at the forefront of advocating ‘Digital Organizations’ for
business growth – reveals Microsoft Asia Digital Transformation Study,
Microsoft News Center India, 28 March 2017