What does the weather forecast look like for critical infrastructure? Three factors speed up the development even more. In May 2018, several phenomena collide in the cyber world that can have major consequences. What can we do?
The perfect storm is a meteorological term for a phenomenon that involves several weather systems working together to create extreme conditions with incredible forces, often causing great devastation.
Typically, in modern times, this has been predicted by advanced computer simulations and algorithms that can demonstrate with great detail that this will actually happen and that we as a society must prepare for the worst.
We have seen several cases in the US where people have been chosen to evacuate large areas in good time, prepare social systems for the worst and proactively change structures so that they can “ride out” the storm with the least possible impact on their function. All with the aim of ensuring that the impact is as limited as possible on society.
What does the forecast look like for critical infrastructure?
The “Weather Forecast” for critical infrastructure is that the perfect storm will be triggered in May 2018. Why just then? That’s when several phenomena in the cyber world will collide which can have major consequences. GDPR is the hot topic right now. What is not mentioned so much is the NIS Directive. These two contribute to the legal aspect of the perfect storm.
Add to this another weather system – “media with hunts”. Cybersecurity and information management has never been first page news for so long. It started in Sweden this summer with reporting on the Swedish Transport Agency outsourcing sensitive information to a third party without adequate protection, but news about information security keeps popping up in one report after another.
Only journalists know the reason for this, but my interpretation is that cybersecurity and information management is something that affects everyone in society. This makes it news that sells and influences ordinary people. It is highly likely that this will not change, it will become increasingly commonplace.
The third force is the changing world situation. It is a fact that the amount of cyber attacks, cybercriminals and methods of creating chaos in the information world has dramatically increased in the last 3-5 years.
Like lots of other things in the digital world, everything increases exponentially. The same development curve applies to cybersecurity but in a negative way. Efforts to counter this will require completely different methods, budgets and methods. The question is, who can you trust?
Directive (D) + Media Drive (M) + Cyber Threat (C) = Perfect Storm
What do you do about this?
As a suggestion, you put all the aspects and conditions that apply to your own business on the table. Then you put the bag of money you have to the side. Puts risk, value and effort on what is on the table and starts investing accordingly. If you realize that you do not reach the point you need to be by the date you have identified, then just start prioritizing as in all other projects based on quality, cost and time.
