How a ‘National Security Help Desk’ Could Secure Critical National Infrastructure

Written by

The implications are clear; nation-state actors are set to target critical national infrastructure (CNI) on a scale never previously seen. A recent report warned that 2018 would see many more such attacks across more sectors than ever before, and figures released earlier this year by the government corroborates this.

The reason for the rising threat is that the growing digitization of critical national infrastructure, industry inadvertently creating a way for hostile nations to launch potentially devastating attacks on a shoestring budget -  using ‘hack-for-hire’ groups to hide their responsibility. 

CNI systems are currently undergoing large-scale digitization, adopting Internet of Things (IoT) networks, Artificial Intelligence, robotics and autonomous systems. Much of the UK’s energy infrastructure is currently adopting connected meters that can autonomously report faults and monitor nationwide energy demand in real-time, while Network Rail’s Digital Rail Strategy is transforming the transport network with the introduction of connected tracks, live timetabling and digital signaling. All of this will create smarter, more predictive, personalized, efficient and low-cost services. 

By connecting more of our homes, businesses and essential services into vast IoT networks, it will also create new cross-sector vulnerabilities. For example, a hacker who breaches one sector or part of a network now has the ability to ‘hopscotch’ across to infect other networks and systems. 

The cross-sector nature of the threat to connected CNI networks will require a new kind of cybersecurity. It will require human cyber experts to be widely and instantly available across vast national grids, such as energy and water.

Since an attack on any single nodal point in a network can quickly spread to all the others, these experts will need to be able to ‘teleport’ into any vulnerable devices on a network, from smart traffic lights to smart meters, and patch a vulnerability or prevent an attack.

CNI operators will need to detect and prevent cyber-attacks at any point in their network at the same speed as the attackers. Due to the national security implications of attacks on CNI, and the involvement of nation-state actors in perpetrating them, operators of essential services will also need to be able to call in state intelligence agencies at short notice to help combat live attacks.
A major challenge is the shortage of available cybersecurity personnel. With a projected shortfall of 1.8 million workers by 2022, human resources will be far too thinly stretched to deploy this across internationally-dispersed infrastructures. 

The increasing connectedness of CNI also presents as an opportunity to address this threat by providing a chance for cybersecurity skills and knowledge to spread faster and wider than ever before. 

For example, the real-time exchange of data and the use of remote access to manage and monitor faraway devices offers an opportunity for cybersecurity experts to be digitally omnipresent across entire IoT grids. Organizations such as GCHQ could instantly remote in to safety-critical systems such as train signals or power plants and help combat any attacks that threaten national security.   

Deploying remote access technology as a tool for remote intervention in CNI would also enable employees to receive remote training on real equipment, which would make cybersecurity education and expertise instantly and widely available in real-time across vast networks. Cybersecurity experts could also carry out remote attack simulations, provide guidance and training to ensure those working with CNI know how to detect an attack. 

To achieve this, we will have to fundamentally rethink the concept of the IT helpdesk. Traditionally, this was used to provide remote technical support for employees. We need to see remote access as tool for providing remote security and training across all kinds of devices and systems, from industrial control systems to MRI scanners. 

With this new thinking, companies could establish a secure open platform approach and exchange video, audio, text or images with any safety-critical device, enabling a vast CNI ecosystem that can be safely monitored and controlled remotely. 

The ultimate aim is to use remote access technology to ensure cybersecurity skills and education are remotely and continuously available across a vast array of vital locations and infrastructure. This will prompt the creation of ‘national security help desks’.

In a world where the threat to CNI is growing while there is a global shortage of skilled cybersecurity workers, we need to think of imaginative ways to crowd-source and deploy human resources over vast distances, so we can secure safety-critical systems against attacks that could affect entire nations.

What’s hot on Infosecurity Magazine?