Engineering news
More than half of senior industry figures have low confidence in the cyber security of critical national infrastructure (CNI) supply chains, while 50% cite people/staff as CNI’s greatest cyber resilience weakness, according to a survey.
The report outlines how the UK might become a more cyber resilient nation. The research findings reflect the views of senior figures across a wide range of CNI, government and defence organisations. These include Airbus Defence & Space, Anglian Water, Department for Culture, Media & Sport, Ministry of Defence, Qinetiq, and the UK Space Agency.
58% of respondents reported low levels of confidence in the cyber resilience of CNI supply chains, with half of those expressing no confidence at all. Although people were confident in the security protecting their own organisation, it was considered to be much more difficult to protect information assets and intellectual property once it entered a wider supply chain.
When asked to rank their top three cyber security concerns, half of respondents identified people/employees as their top concern. This response covered a range of issues including insider threat, user browsing, board-level awareness, and staff understanding of the part they play in helping to protect their organisation.
The second highest concern was network compromise and insufficiently protected legacy systems, including issues around the Internet of Things and cloud-based services, by 25%. This was then followed by concerns around the pervasive growth of organised and state-sponsored cyber-crime by 8%.
Andy Wall, Atkins’ head of cyber security, said: “As well as serving as a confidence barometer, the research results also help paint a picture of the CNI and defence industry’s major cyber security concerns, both today and in the future. Although some of these results are concerning, there are of course some CNI organisations – particularly the civil nuclear industry – who are leading in this area, and there is much that parallel sectors could learn from their example.
“Transparency was also raised as an enduring industry challenge. A lack of clear definitions of risk terms and reliance upon confusing technical language to define the cyber threat is turning off senior leaders. This in turn is preventing them from fully understanding the risks and potential mitigation measures. Hopefully this report will help to overcome some of those barriers.”
When asked to look ahead and cite their top CNI cyber security concerns for the future, 28% suggested it was the rapid advance of technology, especially the Internet of Things and convergence. This was followed by the growth of organised and state-sponsored cyber-crime by 24%, and then a shortage of skills required for the UK’s cyber defence by 20%.
When asked to gauge whether advantage currently lay with the cyber attacker or defender, 70% believed it was with the attacker (compared to 61% in 2015), 13% said it was currently balanced (compared to 17% in 2015) and 17% believed it was with the defender (compared to 22% in 2015).
To download a free copy of the report and research, go to: explore.atkinsglobal.com/cyber