Services Industries Cloud Cybersecurity Digital EngineeringNXT HOLMES Geographies

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Service Offerings

Data, Analytics & AI
Applications
Digital Operations and Platform
Consulting
Infrastructure Services

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything

Client Themes

As a service
Big Data
Blockchain
Cyber Security & Enterprise Risk
DevOps
Enterprise Ops Transformation
Industry 4.0
Open Source
Product Lifecycle Management
Software Defined Everything
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
Aerospace & Defense
Automotive
Banking
Capital Markets
Communications
Consumer Electronics
Consumer Packaged Goods
Education
Engineering, Construction & Operations
Healthcare
Insurance
Medical Devices
Natural Resources
New Age Markets
New Age & Media
Network & Edge Providers
Oil & Gas
Pharmaceutical & Life Sciences
Platforms & Software Products
Industrial & Process Manufacturing
Professional Services
Public sector
Retail
Semiconductors
Travel & Transportation
Utilities
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
America
country usa
United States
country canada
Canada
country brazil
Brazil ( English  |   Portuguese )
country maxico
Mexico ( English  |  Spanish )
country latam
Latam
Continental Europe
country benelux
Benelux
country nordic
Nordic
country france
France
country dach
Dach ( English  |  Deutsch )
Africa
United Kingdom & Ireland
Asia - Pacific
country
Asean
country
Korea
country
China
country
Australia
country
Japan ( English  |  Japanese )
country
Taiwan
India & Middle East
country India
India
country
Middle East
Global Site
< Saritha Auti

How Safe is Safe Enough?

Services
Industries
Cloud
Cybersecurity
Digital
EngineeringNXT
HOLMES
Geographies
Contact Us
About Wipro
Careers
Locations
Leadership
Investors
Innovation
News and Events
Insights
Analyst speak
Products & Platforms
Partner Ecosystem
Sustainability

May | 2014

There is growing unrest among companies regarding the safety of their sensitive data. Importance of securing sensitive data increases multifold when a company is part of the Critical Infrastructure (CI). Few points to ponder about existing security measures and the architecture are - how to classify which data is sensitive? What to secure and what level of security is "appropriate" to secure the critical infrastructure without spending millions of dollars protecting "not so critical" infrastructure?

Governments across the world are waking up and taking notice of Critical Infrastructure Protection (CIP) as one of the highest priorities. With growing threats and attacks targeted at Critical infrastructure companies, there is an impending need for countries to develop a national critical infrastructure strategy which will provide a comprehensive and collaborative approach to enhance the resiliency of critical infrastructure. This common approach will enable stakeholders to respond collectively to risks and concentrate on safeguarding the most vulnerable areas of CI.

It is recommended that the government and the private sector should collaborate to protect a nation’s critical infrastructure. This collaboration calls for the development of trusted partnerships to build regulatory requirements, governance processes, and resilience frameworks jointly based on existing mandates and responsibilities. The figure below explains what the strategy should help achieve.

How Safe is Safe Enough?

Similar to IT Infrastructure, CI has its share of vulnerabilities in a much higher magnitude of impact which is difficult to address due to the proprietary nature of the hardware/OS, multi-vendor environment, legacy devices, and lack of documentation. There is the all-important human factor which influences the Cyber Security posture of a CI primarily through lack of awareness, and difficulties in understanding the paradigm shift of considering security as a business requirement rather than a non-functional requirement.

There are several security governance and operations issues which are attracting adversaries to exploit the CI, such as unpatched devices, 2-way communications on an air-gap network, no baseline security configurations, lack of monitoring and correlation etc. CIs should streamline their operations, categorize assets, define a risk score and outline an acceptable security posture to handle security threats, risks and vulnerabilities in such a way that there is no deviation.

The CI solution platform should address the issues mapping the solution to sector-specific value chain, applying global regulatory requirements and defining points of vulnerability to address known and unknown threat vectors. Cyber security for critical infrastructure should be broadly developed as per the roadmap shown in the illustration below.

How Safe is Safe Enough?

The implications of a CI collapse are huge and need to be looked at from a long-term perspective. Close synergies between the government and the private sector need to be present to develop a comprehensive and robust strategy for thwarting off impending threats from politically motivated groups, cyber criminals and other such rogues. Steps should be taken to ensure CIP across all layers of CI Architecture, with components addressing business and operational processes, applications, data, communication, network and perimeter for IT and Operations Technology Network.

What are your views? Do write in.

About the Author

Saritha Auti has over 17 years of experience in Enterprise Security & Architecture, spanning a wide gamut across product development, application security, systems integration, Enterprise Architecture and security architecture consulting. She heads Enterprise Security Architecture and Industrial Security Practice for Wipro with specific focus on Critical Infrastructure Security. She has devised several security solutions and architecture strategy for Oil & Gas, Telecom, Financial Sectors, Utilities, Defense, and has lead Security Architecture transformation programs.
X