What is Critical National Infrastructure?

Many governments include them on their websites.

Critical national infrastructure is one of those phrases that gets used a great deal, but is not often defined very well. When you look for definitions, you often find they differ greatly, or are rather general. Many governments include them on their websites.

There are a number of assets that are critical to the functioning of our society, like energy, water, health, transport and financial services. In fact, when you start listing them, you start to wonder what isn’t critical national infrastructure rather than what it actually is.

It would be interesting to ask some of the twenty year-olds who are part of the Occupy Movement about what in their view is critical to the functioning of society - is it the same as the government’s definition?

One of the links between differing elements of critical national infrastructure is that they each rely on networks to make them work. So the cyber threat to national infrastructure is a threat that comes across networks, through systems which people use on those networks.

The purpose of such attacks is not always very clear. Sometimes it might be a denial of service attempt or the theft of data, but not all have a malicious purpose. Some are actually intended to expose vulnerabilities in order for those vulnerabilities to be closed (think First State Super). Other attacks come from individuals who simply want to make a name for themselves, they create mischief for mischief’s sake. And, of course, there are organised groups who are financially driven, as well as nation-states who may be inclined towards these practices to steal sensitive or strategic information.

I think the main groups that actually threaten us are those engaging in espionage and criminal behaviour.

When responding to an attack impacting critical infrastructure, it is important to have a regime of compulsory, yet confidential reporting of IT incidents so that the organisation under attack is informed in time and can take action in time. In late August 2011, it became known that DigiNotar, a certification authority established in the Netherlands had been hacked. DigiNotar issues certificates for government and other parties, its delayed response resulted in around 530 fake certificates being lost.

There are several challenges in policy making, including curly issues of data protection and cross border sharing of information. The numbers of challenges probably won’t increase, but in time, the complexity will.

Many of these challenges can be solved by working in a public/private coalition which defines the common interest clearly, for many organisations this will simply be business continuity. Today’s interconnected economy is not just about an organisation’s strength and resilience, it’s about the entire supply chain and the ecosystem in which it operates. This is what true national critical infrastructure protection should be about.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityCritical National Infrastructuregovernment

More about First State

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nigel Phair

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place