A holistic approach to reasoning about the security of critical infrastructure systems
By uchennadani, on 13 February 2020
By Dr Uchenna D Ani, Post-Doctoral Research Fellow with the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, UCL STEaPP
Security designs should not consider technical details alone but should capture the bigger picture of the co-interacting participants that provide critical services.
Critical National Infrastructure (CNI) systems need cybersecurity, physical security and personnel security. CNI systems use networks of diverse technologies (hardware and software) to enable the exchange of data and information. Generally, this involves socio-technical systems (STS) – people interacting with the technology and working together as a single system structured to achieve operational objectives.
Integrating the internet and the Internet of Things (IoT) with CNI systems enable greater capabilities for remote, autonomous sensing. Integration supports smarter control, monitoring, predictive maintenance, safety, and security management, but the convergence brings new security risks that demand serious attention. Geoff E, of the UK National Cyber Security Centre (NCSC), highlights the need to consider such systems as a whole rather than the sum of individual components. A holistic perspective is therefore necessary to achieve more all-embracing security.