Effective protection of critical infrastructures

Aug 12, 2019

Increasing digital networking simultaneously creates both opportunity and risk. While digitalization has spurred entirely new industries, existing companies are now able to reach customers and business partners around the world at any time of the day. In addition to all the possibilities, however, there are a number of threats challenging companies, especially those providing critical infrastructure. In 2017, the "WannaCry" malware caused a worldwide stir and affected numerous hospitals of the National Health Service in Great Britain. More than 26 million records with sensitive data were compromised in the large-scale computer attack and financial losses totaled a whopping 92 million pounds.

Failures particularly affecting critical infrastructures such as energy companies, waterworks, hospitals, telecommunications companies, banks and airports pose major problems for the population of entire countries. The risk of failure, disruption or manipulation is high and may result in sustained supply shortages, significant public safety issues or other serious consequences for the community. A legally compliant, technically secure and economically efficient IT security architecture is therefore indispensable. Certification according to the internationally recognized DIN EN ISO/IEC 27001 IT security standard can help companies fortify critical infrastructures.
Developing and documenting appropriate IT processes help in the correlation of IT security needs to the current risk situation. In order to adapt effective security strategies, responsible company officials must understand their particular internal and external infrastructure requirements. It is their proven knowledge of critical IT core components, services and processes which will enable them to assess, control and protect these elements to avoid potential liability claims.
As with the globally applied ISO 9001:2015 quality management standard, information security management systems (ISMS) according to DIN EN ISO/IEC 27001 are also based on the so-called high-level structure (HLS). Reliable IT security concepts are based on fundamental documents of quality management describing technical and organizational measures as well as assessed protection classes.
The responsibility for reliable and secure IT operations lies with company management. Corporate leaders must pay special attention to the effectiveness of IT security architectures as well as the ongoing implementation of improvement measures to maintain reliable security structures responsive to cyber threats of all kinds. In addition, corporate management should be prepared for any eventualities caused by cyber-attacks by implementing a business continuity management (BCM) according to ISO 22301 . This ensures that the central operational functions of the organization are maintained even after an emergency and that business activities can quickly resume.