
Additionally, many critical systems are not designed with security in mind, claims Mark Chaplin, author of a new report on the subject. "The relationship between information systems and critical infrastructure is often overlooked."
"Infosec professionals are rarely involved in the design, planning, implementation and management of infrastructure components such as production lines, support networks and electricity supply - this has to change."
Nigel Brown, head of resilient communications, The Cabinet Office, echoed the sentiment, pointing out that communications technology is not necessarily reliable in an emergency: "The 7/7 London bombings highlighted the need for increased resilience in the communications network. There were rumours that the Government had shut down the mobile network to prevent terrorists exploiting it, but in fact the sheer volume of traffic had caused it to fail. The increasing reliance on mobile technology - convergence - is in fact causing a lack of diversity. If the power grid fails, all 2g and 3g mobile technology will fail within 30-40 minutes..."
The report from the Information Security Forum (ISF), 'Securing Critical Infrastructure', focuses on four different categories of critical infrastructure: operations, telecoms, utilities and buildings. It details the processes that decision makers should go through to ensure that security concerns have been addressed before a major incident, such as identifying the most critical areas, defining which information systems are involved in these areas, performing a risk analysis and finally establishing a framework of controls.