We use cookies to ensure our website operates correctly and to monitor visits to our site. This helps us to improve the way our website works, ensuring that users easily find what they are looking for. To allow us to keep doing this, click 'Accept All Cookies'. Alternatively, you can personalise your cookie settings.

Accept All Cookies Personalise settings


The modern challenges of protecting Critical National Infrastructure


Greig Walker, Principal Cyber Security Architect

In today’s modern world, there is a greater need for organisational interoperability, the ability to collaborate with partners, scale and flex to meet new demands, drive efficiencies and remain competitive. 

The convergence of Information Technology (IT) and Operational Technology (OT) has become more prevalent, resulting in new challenges and considerations, especially given some of the security control constraints exist within OT environments. The emergence of the Internet of Things (IOT) including industrial IOT has meant that the attack surface and threat have increased significantly. This is further complicated by the adoption of cloud technologies as part of everyday business. Whilst the use of cloud offers new ways of working, helping business to achieve more and scale faster, this is not without risk.

As more environments and systems are connected (directly or indirectly) to uncontrolled environments like the internet, how do you protect Critical National Infrastructure (CNI) and those systems that have security challenges? Here, the potentially catastrophic consequences of malicious interference or a significant service failure are profound. With aging infrastructure and disconnected systems being integrated with internet based technology, this produces a unique set of challenges.

Protecting critical systems

When protecting CNI it is essential to know what you’ve got and what you are dealing with. By understand the risks, threats and operational imperatives, this ensure visibility of the right parts of your OT and IT environments and helps to identify the critical assets that are essential for maintaining service continuity. Such awareness will help to establish the level of risk tolerance and to determine the most appropriate level of protection, detection and mitigation.

At QinetiQ, with our breadth and depth of expertise, we understand the challenges that CNI organisations face, recognising in particular the need to consider and respond to not only the cyber security challenge, but also having to ensure that systems remain operationally safe and effective. Our approach considers the business context, intended implementation, connections and the most likely compromise paths, from which we tailor solutions that are appropriate and proportionate to meet your needs. This approach supports governance, risk and compliance activities and ensures alignment with regulating bodies, helping you to secure your past and protect your future.   

Protecting Critical Systems guide

Our new guide, "The Blueprint for protecting critical systems" outlines the five top tips to guarantee the most appropriate Operational Technology security strategy for providers of essential services.

Download here
Blueprint for protecting critical systems