It is often taken for granted, or at least there appears to be a conscious ignorance, that everything from the electricity that charges our smartphones and powers our houses, through to the vast and complex supply chains that stock our countries’ grocery stores, rely almost completely on complex information systems. This infrastructure ensures today’s nations and their citizens have the opportunities to prosper, helping to build a stronger tomorrow.
However, assigning responsibility for critical infrastructure protection is complex and will only grow as smart cities develop. Whilst the government has a role to play in ensuring the supply of essential services, up to 85 percent of critical infrastructure in the United States and 90 percent in Australia for example, is owned or operated by private industry or public/private partnerships. Some industries have strong regulatory frameworks and well-established cyber security practices, but some sectors struggle to maintain basic levels of cyber resilience.
National security, economic prosperity and social well-being rely on the availability, integrity and confidentiality of a range of information and communications technology. This includes desktop computers, the internet, telecommunications, mobile communication devices and other computer systems and networks.
The risk to the national economy from computer intrusion and the spread of malicious code by organised crime has been assessed as high. An increase in the scale, sophistication and perpetration of cyber crime has made it increasingly difficult to identify and defeat. Attacks affecting critical infrastructure that power smart cities, have become regular events and alarmingly effective.
The growing array of state and non-state sponsored actors who are compromising, stealing, changing or destroying information is increasingly blurred, potentially causing critical disruptions to information systems. The distinction between traditional threat actors—hackers, terrorists, organised criminal networks, industrial spies and foreign intelligence services—is also becoming more difficult to differentiate.
A nation’s approach to cyber security is contained within its Cyber Security Strategy. The aim of the strategy is to promote a secure, resilient and trusted electronic operating environment that supports national security and maximises the benefits of the digital economy.
The objectives of a cyber security strategy are that:
The core principles established as best practice to meet these goals include:
National leadership: The scale and complexity of the cyber security challenge requires strong national leadership.
Shared responsibilities: All users, in enjoying the benefits of information and communications technologies, should take reasonable steps to secure their own systems, exercise care in the communication and storage of sensitive information, and have an obligation to respect the information and systems of other users.
Strategic partnerships: In light of these shared responsibilities, a partnership approach to cyber security across all governments, the private sector and the broader local and international community is essential.
Active international engagement: Given the transnational nature of the internet, in which effective cyber security requires coordinated global action, corporates and individuals must adopt an active, multi-layered approach to international engagement on cyber security.
Risk management: Today’s current threat landscape is truly global where all internet-connected systems are potentially vulnerable and where cyber attacks are difficult to detect, there is no such thing as absolute cyber security. It is imperative that we apply a risk-based approach to assessing, prioritising and resourcing cyber security activities backed up by the trusted ability to validate.
Protecting national values: Successful next generation communities and economies must pursue cyber security policies that enhance individual and collective security while preserving fundamental values and freedoms. Maintaining this balance is a continuing challenge for all modern economies seeking to meet the complex cyber security challenges of the future.