Cybersecurity in Critical Infrastructure: A Looming Threat
When it comes to IT security, no one seems to take full responsibility, not even in critical infrastructures. However, this could change.
An outage can endanger lives – yet many hospitals are inadequately protected against cyberattacks.
Photo by: Michael Buholzer / Keystone
The Current State of Cybersecurity in Critical Sectors
Everyone talks about cybersecurity, but no one seems to take it seriously. This perception was reinforced last week when an external audit of IT systems in Swiss hospitals revealed serious deficiencies. Unfortunately, the healthcare sector is not alone in this struggle. Three years ago, the power sector gave itself a poor rating in a self-assessment. Similarly, companies and organizations in other critical sectors continuously battle cyberattacks.
Cyberattacks Pose a Threat to Lives
We have become accustomed to reports of cyberattacks and data breaches. The notion that “everything can be hacked” may have once instilled fear, but now it almost sounds cliché. However, this complacency is dangerous. The risk is too great to allow resignation. Cyberattacks can bankrupt businesses, harm the economy, and, in the worst-case scenario, endanger lives. Ransomware gangs operating globally have emerged as one of the biggest threats to national security in many countries. The escalating tensions between world powers further increase the likelihood of politically motivated cyberattacks.
While the problem is not new, the solution lies in prevention. Simple security measures could thwart or at least significantly impede most current attacks. Particularly in critical infrastructures, which are vital to a country’s functioning, greater efforts are needed.
The Role of Regulation in Enhancing Cybersecurity
Many argue that Switzerland, in comparison to the EU, requires stronger regulations to address cybersecurity challenges. However, mandatory regulations alone are insufficient. Compliance and enforcement are crucial. The challenge with regulation lies in avoiding costly bureaucracy and fostering a new culture of security.
The Importance of External Security Testing
External security assessments can play a significant role in enhancing cybersecurity. They provide insights into the level of protection critical infrastructures have against cyber risks, regardless of the specificity of the requirements. The government should commission external tests and at least publicly summarize the results to bring the issue to the attention of policymakers and relevant industries.
Regular external security assessments can also prompt regulators to fully utilize their cybersecurity competencies. These tests compel industries to clarify responsibilities, addressing the common issue of diffusion of responsibility where everyone expects someone else to take action, resulting in inaction.
External security assessments offer the advantage of not mandating specific actions for critical infrastructures. However, they create an obligation to take steps to protect IT systems. Coupled with result transparency, this approach can cultivate a new culture of security.
Conclusion
Cybersecurity in critical infrastructure remains a pressing concern, with potentially dire consequences. By implementing external security testing and fostering a culture of responsibility and transparency, industries and regulators can work together to mitigate cyber risks and safeguard essential services.
FAQs
1. How can organizations enhance cybersecurity in critical infrastructure?
- Conduct regular external security assessments
- Implement simple security measures
- Foster a culture of responsibility and transparency
2. What role does regulation play in cybersecurity?
Regulation is essential in setting standards and guidelines for cybersecurity. However, compliance and enforcement are equally critical to ensure effective protection against cyber threats.