Shared Responsibility Key to Protecting Critical Infrastructure

Protecting critical infrastructure from cyber-attacks requires adopting a shared responsibility model between vendors, network operators and governments, according to a panel speaking during a recent FT webinar.

The panel, moderated by Alex Irwin-Hunt, global markets editor of fDi Intelligence at FT Group, agreed that a range of parties has different responsibilities in ensuring the integrity of software and hardware products. The process begins with manufacturers “making sure that their product that’s released into the market is a quality one, and that includes reducing vulnerabilities as much as possible,” according to Dr Wendy Ng, cloud security architect lead at OneWeb.

However, this process can never be 100% effective, and vendors still have obligations to release patches for the product once it has gone to market. “Then it becomes a real partnership between the end-user and vendor,” observed Ng.

Colm Murphy, senior cybersecurity advisor, Huawei, reiterated the need for a shared responsibility model and emphasized the role played by service providers in keeping products secure. “They own and operate the networks, they manage the services, and they have to look after things like patching and security configurations.”

Additionally, governments have an important role in setting the standards and regulations for products and creating a regulatory arm to oversee and enforce these rules. Murphy also believes organizations need standards bodies to “tell us what good looks like.” This should be determined by consensus, involving all stakeholders in a given industry.

..

Support the originator by clicking the read the rest link below.