min reading time
In the past decade, several cyberattacks targeting critical infrastructures came to light. Cybercriminals are no longer seeking to steal personal information only, like credit card details from private individuals, but attempt to hinder or debilitate the operation of online infrastructures that can cause serious upheaval in real life, and is a matter of national security.
Before digging deeper into this phenomenon and discovering how the EU intends to regulate IT security in this regard, let’s start at the beginning, and explore what critical infrastructures really are.
What are critical infrastructures?
Critical infrastructures are the physical and cyber systems and assets of a country or region that are so fundamental to its fluid operation that their incapacity or destruction would have a devastating impact on our physical or economic security or public health or safety.
These systems are for instance; nuclear facilities, power grids, hospitals, oil and gas facilities, banks or drinking water supplies.
Even though these cyberattacks are less widespread than other malevolent attacks, security professionals are showing concern about the increasing cyber-risks of these infrastructures due to the widespread utilization of IoT devices.
What are the critical factors that make them susceptible to cybercrime?
How the EU regulates IT security?
There have been many attempts from the European Union to put in place IT regulations within its borders. To support cyber resilience, the European Commission presented the new Cybersecurity Strategy in 2020 consisting of 4 pillars, which are designed to bolster the EU’s online safety against cybercriminals.
The 4 pillars of the strategy are:
“The strategy covers the security of essential services such as hospitals, energy grids, railways, and the ever-increasing number of connected objects in our homes, offices, and factories. The strategy aims to build collective capabilities to respond to major cyberattacks. It also outlines plans to work with partners around the world to ensure international security and stability in cyberspace. Moreover, it outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to Member States and the EU.” - The Cybersecurity strategy
The German KRITIS to regulate critical infrastructures
Apart from the EU’s comprehensive attempts to tackle cybercrime, certain countries have taken the matter in their own hands. In 2011, Germany created its own Cyber Security Strategy, called KRITIS, to control the security of its own critical infrastructures. Its objective is to thoroughly protect the networked systems, while not creating obstacles for taking advantage of the opportunities and benefits of the cyberspace.
How can CCLab help your organization comply with regulations?
At CCLab our mission is to make the world a more secure place and to radically decrease the global cost of cybercrime. In case of critical infrastructure, we help organizations comply with the IEC 62443 international standard, which has become the leading cybersecurity standard for plants, facilities and other infrastructures across industries.
IEC 62443 is a set of security standards that provides a thorough and systematic set of cybersecurity recommendations that can be applied to build cybersecurIty that takes into account the infrastructures’ specification, integration, operation, maintenance, and decommissioning. Complying with this standard signifies the robustness, trustworthiness, and coherence of the system and provides an internationally recognized certificate that proves the achieved high level of cybersecurity.
Thanks to our demonstrated experience with critical infrastructure security and certification, our team at CCLab can assist your organization throughout the process, starting from the analysis and conformity assessment until the validation of the certification.
The latest version of the Network Device collaborative Protection Profile (NDcPP) was released in March 2020. NDcPP currently is one of the most popular and extensively used protection profiles among network device vendors and manufacturers to get their product certified.
min reading time