Welcome to the final week of National Cybersecurity Awareness Month! This week’s theme of protecting critical infrastructure is hugely important to our global economy, physical security and even our health and well-being.
We rely on these critical systems to provide electricity in our homes; transportation to work and play, a secure place for our lifesavings, as well as communication systems to stay in touch with people we love. With such a heavy reliance, we must ask ourselves…are we doing enough to protect our global critical infrastructure? Some good progress has been made, through the maturing of industry standards and deployment of commercial off-the-shelf security technologies. But, in order for critical infrastructure to be ready to take on the cyber risks of today (and tomorrow), it will require a holistic strategy.
Security will need to be prioritized above everything, embedded everywhere and integrated throughout the operations of every critical infrastructure provider – across its people, processes and technology.
Start with a Resilient Network
As critical infrastructure providers use more and more new technology in the daily running of their organizations, the more they need to think about embedding security everywhere. Like any cybersecurity strategy, providers must take a risk-based approach to understand where they are most vulnerable and how to address those risks. In nearly every risk-based assessment I’ve seen, the ability to have visibility and control from the network is THE critical risk control point. The network connects the data, programs, applications, web networks, software and hardware within a critical infrastructure provider’s environment so it can deliver goods and services to end customers. It’s impossible to successfully digitize critical infrastructure securely if you don’t trust your network. Any network including devices like routers, switches or access points — as well as cloud infrastructure — can be vulnerable. Addressing this risk requires embedding security technology, processes and policies so the authenticity and integrity of each device can be verified as well as any hardware and/or software running on it. Focusing on creating a trusted, resilient network creates a more resilient mission and a critical point of visibility and control that is unified across operations and IT of critical infrastructure.
Integrate Security Throughout Your Operations
It is clear that no single vendor provides every technology to prevent, detect or respond to the threats of today. It is crucial that security operations add capabilities that increase their ability to respond to security incidents as an essential part of any cybersecurity strategy. However, this strategy of adding bespoke tools to address point problems can quickly break down without an integrated architecture. The digital age requires machine speed. To get to machine speed you must have visibility and control. Gaining visibility and control takes an integrated architecture of solutions that work together, communicate and automate actions to make it easier to address incidents faster (machine speed) and in less complex manner (does not rely on multiple human actions). The digital world moves fast. With critical infrastructure providing essential services to our daily way of life, the speed at which cyber incidents can be detected and thwarted in their environments is vital.
It’s a Multi-Party Responsibility
Securing critical infrastructure on a global scale will require more than just individual organizations, it is a shared responsibility including both the public and private sector. There is much to be gained through innovative partnerships that share best practices, collaborate on threat intelligence, teach how to build and deploy secure solutions and bolster education and training. At Cisco, we’ve gone through a digital transformation as a global enterprise with over 70,000 employees. We operate 176,000 networks around the world and block close to 20 billion internet threats a day. We’ve learned some things along the way about what it takes to protect a global digital enterprise. We see it as our responsibility to partner and share best practices in constructive ways; whether it is working with the National Cyber Security Alliance or joining industry initiatives like the Charter of Trust or actively working to combat cybercrime in partnership with global law enforcement organizations like Interpol.
A cyberattack on critical infrastructure and the technology that keeps it running has the potential for wide-ranging effects. This is why, when it comes to something so valuable to our global society, cybersecurity must be a top priority. When done properly – security above everything, embedded everywhere and integrated throughout the operations of every provider – our global critical infrastructure will be ready for the risks of tomorrow and the providers will be able to grow and innovate armed with the power of digital capabilities.
For critical infrastructure providers and enterprises alike, be sure to join National Cybersecurity Awareness Month activities and conversations happening around the world. And because this conversation needs to continue all year round, the Cisco Trust Center and Cisco Networking Academy offers resources and training to help you with security, trust, data protection, and privacy 365 days a year!
Anthony Grieco leads the Trust Strategy Office and is responsible for ensuring Cisco and its customers embed security, trust, data protection and privacy in to future strategies, products and business models. Under his leadership, Cisco’s Trust Strategy Office builds strong cyber security partnerships with customers, governments, and partners globally to enable business growth and transformation by accelerating the use of trusted technology, development and implementation of secure processes, policies and culture.