Blogs

The convergence of Information Technology (IT) and Operational Technology (OT) has become more prevalent, resulting in new challenges and considerations, especially given some of the security control constraints exist within OT environments. The emergence of the Internet of Things (IOT) including industrial IOT has meant that the attack surface and threat have increased significantly. This is further complicated by the adoption of cloud technologies as part of everyday business. Whilst the use of cloud offers new ways of working, helping business to achieve more and scale faster, this is not without risk.

As more environments and systems are connected (directly or indirectly) to uncontrolled environments like the internet, how do you protect Critical National Infrastructure (CNI) and those systems that have security challenges? Here, the potentially catastrophic consequences of malicious interference or a significant service failure are profound. With aging infrastructure and disconnected systems being integrated with internet based technology, this produces a unique set of challenges.

When protecting CNI it is essential to know what you’ve got and what you are dealing with. By understand the risks, threats and operational imperatives, this ensure visibility of the right parts of your OT and IT environments and helps to identify the critical assets that are essential for maintaining service continuity. Such awareness will help to establish the level of risk tolerance and to determine the most appropriate level of protection, detection and mitigation.

At QinetiQ, with our breadth and depth of expertise, we understand the challenges that CNI organisations face, recognising in particular the need to consider and respond to not only the cyber security challenge, but also having to ensure that systems remain operationally safe and effective. Our approach considers the business context, intended implementation, connections and the most likely compromise paths, from which we tailor solutions that are appropriate and proportionate to meet your needs. This approach supports governance, risk and compliance activities and ensures alignment with regulating bodies, helping you to secure your past and protect your future.