The ramifications of a blackout, like the one recently experienced in Ukraine, are deep reaching. During a blackout, none of the devices connected to the lauded Internet of Things would be able to ‘talk’ to each other.
If a cyber attack on critical infrastructure took control of a country’s power grid, simply nothing would work. No urban facilities, no water, no air conditioning, no elevators, no internet, no mobile network.
This scenario is very real. The world we live in is based upon technologies and ideas which were made 50 years ago. Many of them rely upon an architecture that pre-dates the era of cybercrime. The hackers simply didn’t exist then.
As we increasingly depend on technology as the backbone of our civilisation, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure, but immune. If we don’t adopt a security first approach, we will face a very uncertain future.
>See also: 3 ways cities will become smarter
Kaspersky Lab experts recently revealed that more than 13,000 industrial control systems (ICS) hosts are exposed to the internet, most of which probably belong to large organisations. More than 90% of these ICS hosts have known vulnerabilities that can be exploited remotely, the majority of which are located in the US (around 30%) and Europe (around 14%).
To fully appreciate a connected world, a redesign needs to take place to protect the critical infrastructure at its core. All the while critical infrastructure continues to run over vulnerable platforms, it remains at high risk of being attacked and leading to a blackout.
A ‘security first’ framework, where information security is implemented from the very core, is the best strategy for the future. But with the burgeoning skills gap, the industry is at danger of not being able to fulfill such a future requirement, so needs to do all it can to train up the next generation of cyber security expert.
It is my dream to live in a world of unhackable devices and I think it is now possible. We have the technologies, we have the solutions, we have the ideas and we have the platforms to be able to design a new generation of software that can keep critical infrastructure secure. But we need the cyber security talent to bring it to fruition.