TALKING

But beyond this incident, how should countries prepare their critical infrastructure to ensure full resilience? And is there something like full resilience when on one hand infrastructure systems are more highly interdependent and connected, creating a potential domino effect across individual failures and on the other hand hazards and threats are growing?

Let us first start with defining what is critical infrastructure. According to CISA, America’ s cyber defence agency, there are 16 critical infrastructure sectors that are part of a complex, interconnected ecosystem. Any threat to these sectors could have potentially debilitating national security, economic, and public health or safety consequences.

Those sectors with virtual and physical assets that apply at local, national or international levels range from communications to defence, utilities, finance, transport, healthcare, etc and are critical to keep countries up and running since damage on one would have ripple effects on other aspects of people, government and businesses.

Whilst it is understood that nothing can be secured a hundred percent, there are several steps and best practices that governments across the globe should consider in terms of preparedness, response and continuous improvement.

Preparedness

Preparedness means having a good understanding of the risks at hand, ensure a resilient infrastructure and trained personnel whilst planning ahead potential scenarios and how they would play.

Risk assessment

The department of homeland security is a very US concept, however many countries including the UAE have established a national security council that conducts on a regular basis comprehensive risk assessments to identify vulnerabilities and threats to critical infrastructure, including natural disasters, pandemics, cyberattacks, and technological failures.

After the 2011 earthquake and tsunami for instance, Japan enhanced its disaster preparedness measures, focusing on infrastructure resilience, emergency response, and early warning systems that have since been adopted by other countries.

It is also about identifying the weakest points and mitigating inherent risks.

According to the Swiss Cheese Model the protection of critical infrastructure depends on the holes in the different layers not aligning. We can have problems at institutional level, at supervision level, preconditions for unsafe acts and active failures. So in a real case scenario, such as a cyberattack on a power grid for instance, you could have:

• Layer one: SCADA software not updated

• Layer two: security team missing an alarm due to fatigue

• Layer three: operator does not report suspicious behaviour due to escalation issues

• Layer four: phishing email that steals credentials

Implementing the Swiss Cheese model will allow a more comprehensive, system thinking, encourage redundancy and multiple defences, push in identifying possible gaps, and conduct a post mortem to assess each step of intervention.

Resilience by design

Resilience should be integrated into the design and planning stages of infrastructure projects. This includes using durable materials, considering climate and environmental challenges, and following stringent building codes and safety standards.

A strong political will helps as well deploying a consistent policy and regulation that encourage resilience in infrastructure development and operations, ensuring compliance with best of breed standards coming from ICC, NFPA, ASIS, NITS amongst others.

Creating redundancy in critical systems and services to maintain operations during disruptions is key, especially in a day and age where threats do not only come from a hardware failure but could come from injected malwares affecting connected installations. This might involve backup power systems, multiple energy sources, alternative communication systems, back up data centres, and other transportation routes.

Singapore has invested heavily in smart infrastructure and technology, emphasising digital systems ' resilience, including energy, water, and cybersecurity measures. In particular, the City State focus on green tech optimises electricity distribution and predict maintenance requirements through their smart grids

Benedicte Hennebo, Speaker, Mentor, Ambassador Tech and Innovation, WBD

Marco Fornier, Sales Strategist, Speaker, Sales Trainer, The Academy for Sales Excellence

www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 37