Tech experts discuss government safeguards for critical digital infrastructure

Traditional critical infrastructure is considered to be healthcare, transport networks, power grids and food supply chains.

However, as the coronavirus has forced parts of the US, Korea, Denmark, China, Italy and now the UK into lockdown, digital infrastructure has become increasingly critical and increasingly utilised.

Critical digital infrastructure is now a matter of national and global consideration as more people begin to work remotely.

We asked some experts to explain their understanding of critical digital infrastructure, the role of tech companies in the world’s crucial digital foundations, how the UK government is safeguarding these vital functions, and what could be the potential positives and negatives of these safeguards.

What is considered as critical digital infrastructure?

Jon Abbott, technologies director at Vertiv, gives a useful summary of critical infrastructure and how basic internet access is considered crucial to the functioning of modern society.

“Governments consider Critical National Infrastructure as assets that are essential for a functioning society and economy. Utilities fall under that as a sub-category, and communications such as internet connectivity are largely considered a utility.”

Martin Rudd, CTO, Telesoft Technologies, express how the meaning of the term has begun to change, especially in light of Covid-19’s ability to spread quickly from person to person contact.

“Over the past 6 months, the idea of what critical infrastructure is has been challenged. In particular, the Coronavirus pandemic has shown that whilst there is traditional infrastructure like the NHS, power, finance and transport; there is also the digital critical infrastructure of the cloud providing online daily services of news, shopping and business operations; as well as the critical communications infrastructure of telecoms, fibre and satellite.”

Facilities such as data transference, telecoms and cloud-based technologies are becoming just as recognisable a feature of critical digital infrastructure as tradition elements.

He explains: “It [the pandemic] has shown that in the modern world, infrastructure doesn’t have to be as tangible as power stations – the power of social media can pressurise supply chains of supermarkets and put significant pressure on the ability of governments to govern and organise their country effectively.”

What tech companies are considered to be the custodians of critical infrastructure?

Abbott explains that content services, although not owning large parts of the connective infrastructure, unlike telecoms companies, do in fact function for a critical auxiliary purpose.

“The tech companies that provide a content service, such as FAANGS (Facebook, Apple, Amazon, Netflix, Google, Spottify), do not own the critical infrastructure per-se, they just use it.

“Consider the critical infrastructure as the pipework connecting continents, countries, cities, companies, people and things together. It is the owners of these pipework connections that are considered as the custodians, the operators of fixed and wireless services.

“It can be argued that without the content providers, the pipework itself is useless; and vice versa. There is a symbiotic relationship there. It’s also worth noting that some companies provide both the pipework and the content.”

Abbott makes an interesting point, if critical digital infrastructure didn’t offer anything to users, such as shopping, entertainment, news, etcetera, would it really have the same level of value? On a consumer level, it certainly would not and in current circumstances keeping workers and the public sane might be considered a crucial function.

Companies such as Apple, Google and Amazon own and run important backend software services and cloud technologies, but also provide frontend content and products to consumers, making them both part of critical infrastructure functionality and part of its auxiliary role.

John Cragg, CEO, MYHSM, elaborates on specific sectors that digital infrastructure helps maintain functionality.

“Tech companies operating within sectors such as IT, Communications, Defence, Financial Services, Manufacturing, Healthcare, Food & Agriculture, Chemical or Government Facilities are considered crucial to critical infrastructure. Payments is a part of the critical national (or, rather, global) infrastructure, because if the payments system fails then economic activity comes to a halt, and then everything stops,” he says.

Cragg explains that the payment industry requires digital pathways as a matter of course, particularly cloud services.

“Many financial institutions and most of the new fintechs have switched to using IT infrastructure in the cloud. This means the custodians of critical infrastructure are now generally the major connectivity and data centre hosts, like Equinix, and the major private cloud operators like Microsoft, Google, and Amazon.

“These are larger and more resource-rich operations than the data centres that used to be operated by individual institutions, and more capable of standing up to a crisis like we are facing today – but there is still an opportunity for reducing the risk by the industry getting together and setting up just-in-case back-up facilities.”

How to adopt a state of sustainable cyber resilience

Dirk Schrader, cyber resilience architect at Greenbone Networks, explores how to adopt sustainable cyber resilience to protect critical infrastructure from cyber threats

What measures have the UK and other governments put in place to safeguard critical digital infrastructure during the coronavirus outbreak?

Abbott contextualises government regulations in place that gives operators the power to control traffic flow and make sure networks do not get overwhelmed.

“Governments, through their regulators, are granting the operators the ability to perform some traffic management alterations where needed. Under normal conditions, this would not be acceptable because it essentially gives operators the ability to prioritise traffic to certain users.

“In the context of Covid-19, however, users are being encouraged or forced to work from home. This is placing exceptional levels of traffic to the access side of the networks, both for mobile and fixed broadband connections. To avoid network congestion, the networks can ‘throttle back’ on some categories of traffic, provided the categories are treated equally.”

Cragg gives the financial industry’s perspective in regard to wider government restrictions and school closures.

He praises government provisions that protect families of key financial workers by allowing their children to continue attending school.

Cragg explains: “The definition of a key financial worker is someone who works at a dual-regulated, FCA solo-regulated firm or PSR-regulated firm, or operators of financial market infrastructure, and fulfils a role which is necessary for the firm to continue to provide essential daily financial services to consumers, or to ensure the continued functioning of markets.”

Rudd suggests that changes have to be made to the working structures in place, in order to allow for more efficiency now that remote working and restricted movement is necessary.

“With the move to home and remote working, we’re seeing businesses increasingly move operations into the cloud which is a change unlikely to be reversed. Luckily, the government has for the past few years been moving many operations of critical infrastructure to the secure cloud – for reasons of cost, support for remote working and high availability of services.

“Although this is being tested, it is currently holding up. The impact of both homeworking and cloud is that the network complexity and distribution of workers has shifted and increased massively. The need for network monitoring of data, cyber, quality of service, business operations and planning just jumped up a whole new level.”

Will an increase in remote working lead to more cyber attacks?

Security expert predicts at least a 30-40% increase in cyber attacks during the coronavirus pandemic as remote working increases. Read here

How will these measures help tech companies?

Cragg sees government measure as having given companies the opportunity to troubleshoot and assess operations.

“These initial people-focused government measures will help financial technology companies decide who the essential workers are, and identify the activities, services or operations that if disturbed may cause disruption to the economy.”

Abbott stresses control to broadband usage will keep the ship afloat, even if the service is slightly reduced. Netflix has already announced it will be lowering streaming quality to match with demand.

“A change in traffic management assists on the assumption that a reduced service is better than no service. Using streaming video as an example, content providers are being asked to remove the provision to stream High Definition video as it has a huge impact on the capacity of the network.

“This prevents households and communities fighting for available bandwidth at a local level as a more equal amount of bandwidth is being provided per household. Having operators monitor traffic also means that priority can be given to services supporting key workers or those tasks deemed critical by category,” said Abbott.