The threat of cyber attack has evolved and widened.
The past year has clearly demonstrated that our infrastructure is continuously under attack. This year, the threat will continue to evolve and broaden.
Two years ago, we forecast that governments and infrastructure owners would sharpen their focus on cybersecurity. They have. Standards have improved and most governments have now identified their strategically important assets and started to set clear guidelines for protecting them against the threat of cyberattack. Asset management techniques have also moved into the digital era and security protocols (both physical and virtual) have become more sophisticated.
Yet attacks still happen with alarming frequency. And, as cyber threats evolve beyond simple thuggery to also include misinformation campaigns and political muckraking, they have also become incredibly disruptive. Consider, for example, the impact of global ransomware cyberattack ‘WannaCry’, not only on businesses, private citizens and governments, but also on critical infrastructure (such as the National Healthcare Service in the UK which scrambled to function after it was infected).
At the same time, the expanding digital interconnectedness of our infrastructure is only exacerbating the situation by bringing entire systems (versus single assets) within the reach of hackers. Indeed, in private conversations, security and military officials note growing concerns about the ability for some infrastructure – particularly autonomous vehicles – to be turned into weapons remotely. The tech sector must address such security concerns and governments must ensure that they do.
The physical threat against infrastructure has also widened and evolved this past year. In part, the risk comes from people; terrorist attacks on so-called ‘soft targets’ in places like the US, Canada, the UK, Spain, Sweden, Germany, France and Israel have forced decision-makers and authorities to rethink the way they secure public spaces, mass transit and even pedestrian walkways.
But the threat also comes from nature. Indeed, the past year saw a series of unprecedented, virulent and destructive extreme weather and fire events that threatened lives and created costly, unexpected disruptions and outages around the world – from California to the Caribbean and from Portugal to Bangladesh in 2017.
Over the coming year, we expect infrastructure security and resilience concerns to rise up the agenda. The reality is that governments have been on the back foot for several years and now need to adopt an aggressive stance toward security both in planning and operation.
This year, we expect to see heightened focus on improving the security of existing infrastructure (particularly for pedestrians) and embedding security into new infrastructure. In some cases, models for new infrastructure development may change (it’s easier to secure a small parkette than a sprawling city park). In other cases, investment will flow into new technologies that can be implemented ‘overtop’ of existing assets to improve their security and resilience.
More budget will probably be required. More effort will need to be spent in planning. And new skills will certainly be needed. But, as recent events have demonstrated, increased vigilance and safety is absolutely necessary.