A country’s critical infrastructure is a lot like the neighbourhood street cleaner – you notice when they’re not working. But critical infrastructure can be more vulnerable than you think.

Governments used to protect critical infrastructure from cyber attacks by keeping their operations on a separate network from the wider internet, but they are becoming increasingly connected. Sensor tech allows them to remotely monitor pipe leaks and water levels, “expose critical infrastructure to a high risk of manipulation,” according to a report by Interpol.

We can’t turn back the clock, so what can be done? We look into how we can protect our water and power utilities, transportation, healthcare, and governments.

Three steps to secure critical infrastructure

There are three steps to secure critical infrastructure. The first is regulatory.

Nations can introduce strict measures to ensure critical infrastructure has good cybersecurity measures in place. In France, for instance, it is mandatory for critical infrastructure companies to share all relevant data and details should they come under a cyber attack. They also have to actively develop cybersecurity awareness amongst employees.

Singapore, meanwhile, has set up a hub to share information on critical infrastructure threats and help agencies learn from one another.

Second, countries can work through international channels. Finland believes the most effective way to tackle threats to both social cohesion and critical infrastructure is through international collaboration. The country’s Ambassador for Countering Hybrid Threats focuses on building international cooperation and unity and encouraging countries to share best practices, he told GovInsider in an interview.

Johanna Weaver, Special Adviser to the Australian Ambassador for Cyber Affairs, is working with the United Nations to provide clear and practical guidance to nations on cybersecurity. As state-sponsored attacks are on the rise, she sees an urgent need to set international standards. “We’re seeing an increasing call to promote responsible behavior by countries and companies in this space,” she told GovInsider.

Third, and perhaps most importantly, critical infrastructure companies can strengthen each of their networks to guard against cyber attacks. What access does any account have to the entire organisation? How can critical infrastructure limit the damage of attack by limiting the scope of any access?

“The greatest risk comes from an inability to contain attackers from affecting or accessing critical data and assets – not from the initial attacker infiltration, which is nearly impossible to stop,” explained IT security company CyberArk’s Global Advanced Threat Landscape 2019 Report.

One way to protect these special user accounts, known as privileged accounts, is by having an effective privileged access management tool. CyberArk’s service allows companies to monitor, control and cut off access to their services and data. They can pick up on anomalous behaviour within the network, and quickly shut down compromised devices’ access during a cyber attack.

Our increasingly interconnected world can pose danger to critical infrastructure. Regulation and international discussion can help agencies learn from breaches that have happened, but it’s crucial to first tighten up network security to stop attackers in their tracks.