Why our national sovereignty depends on cyber resilience | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

Why our national sovereignty depends on cyber resilience

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

From our energy infrastructure, through to the systems responsible for our telecommunications, transport and utilities, a core set of services are essential to keeping our society running.

World events have rightly put Britain’s defense capabilities under renewed attention, but our national sovereignty is maintained just as much by the cyber resiliency of these critical systems as much as it is by nuclear deterrents, submarines and physical military hardware.

Operational Technology (OT) systems control power generation, transmission, distribution and gas transport safely and reliably. The increasing digitization and connection of these systems is seeing cyber risk emerge, whether it’s from the exploitation of unpatched vulnerabilities, phishing, or malware attacks.

Regulatory whiplash: Why cyber resilience is now a governance imperative

When confidence becomes a risk: The gap between cyber resilience readiness and reality

AI powers innovation – but it’s also powering the next wave of cyber attacks

Launched by nation-state groups, or criminal elements employed as proxies, they are among the most significant threats to the industry, as they hope to trigger knock-on effects and cause severe disruption to everyday life.

A combination of internal gaps in strategy, cybersecurity capabilities, and outdated technology, is leaving our energy grid vulnerable. Once compromised, the intention with many of these actors is to persist and maintain a presence within these systems, learning and capturing as much information as they can over time without being detected.

Automation is on their side, lowering the barrier to entry in getting attacks off the ground for opportunistic and commercially-motivated groups, as well as enabling further adaptation and evolution of malware. There are also risks with AI as it becomes embedded into enterprises.

Thales’ recent Data Threat Report, for example, found 61% of organizations globally rank AI as their top data security threat, as these automated systems are increasingly granted broad access to enterprise data.

Operational simulation to validate cyber resilience

The scale and frequency of these risks underscore the importance of planning and simulating responses in as much detail as possible, and to this end, digital twins have become an increasingly popular tool in many industrial sectors.

Linking to data gathered from a target environment, it allows for the creation of a perfect digital representation of a real object or process.

It’s here that cyber risk must be considered alongside engineering and operational risk, with governance frameworks that make sure cybersecurity supports wider safety and operational security.

Beyond the spike: building resilient and trusted infrastructure in an era of sustained attacks

Why digital sovereignty is becoming a priority for every industry

As part of the validation, leaders also need to ensure that personnel can respond safely and effectively during incidents.

By working in a sandboxed environment, security teams responsible for critical energy networks can model attacks from ransomware outbreaks to insider attacks without risking downtime or data loss.

Ongoing testing and validation ensure security controls remain effective as systems evolve, because networks are continuously evolving. New assets are deployed, systems are upgraded, and operational requirements change - meanwhile resilience must be continuously maintained.

Going a level further, the operators of power grids, rail networks and water suppliers are often managing their digital and physical assets independently.

If we can integrate these various digital twins together, decision makers can suddenly see a shared, simulated and real-time model of the entire system, allowing for impact analysis should a problem emerge.

Adequately addressing cyber risk to critical infrastructure also requires a cultural shift in how these organizations deal with and react to the data about the attacks they face.

With priority given to confidentiality and secrecy, it means this is often hoarded and kept within a given organization, meaning each sector is left to deal with problems in isolation.

Threat actors know this and are keen to exploit it – after all, threats do not respect organizational boundaries. They’re moving at machine speed, while defense often moves at the speed of bureaucracy.

Whether it was successful or not, each unreported attack is a missed opportunity to refine security strategies, share knowledge, and enhance the overall resilience of the sector. Critical national infrastructure operators and suppliers must collaborate closely to identify and close these security blind spots.

From information silos to networked intelligence

Building and sharing more of these capabilities across sectors puts us in a position where if a new malware signature is detected by one utility company, everyone else, from transport to defense and energy, can be immunized against that threat within milliseconds.

Mandated incident reporting, as the UK Government proposes for high-risk sectors and essential infrastructure, is a welcome move in the right direction.

Ofgem, the UK’s energy regulator, meanwhile, has strengthened its expectations around cyber resilience, shifting its emphasis from compliance to demonstrable operational capability and preparedness.

At CYBER UK this year, we talked a lot about how no single sector can meet this challenge in isolation. Critical infrastructure, public services, and private enterprises alike are all connected by digital ecosystems – and associated cyber risks.

Building shared resiliency into critical infrastructure is an imperative for our wider national sovereignty and security. It will take structural changes, from proactive security measures through to cultural shifts, to ensure our cyber expertise is up to the task of meeting what lies ahead.

This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

You must confirm your public display name before commenting

1 The Lumix L10 looks great, but I can't help thinking this underrated camera is a fantastic alternative — and it's half the price

2‘More intuitive than ever’ — i OS 27’s new AI voice controls could finally make Siri feel smart

3 This smart temperature probe will take all the guesswork out of BBQing — it tells you exactly how long to cook and rest your meat for, for perfectly juicy, charred and tender results

4 Looking for a cheap De'Longhi coffee maker? I'm a trained barista, and these are the 3 best deals I recommend right now

5 Find the Galaxy S26 Ultra too bulky? Samsung could launch a smaller Galaxy S27 Pro next year — and it sounds like the Ultra in all but name

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Key Takeaways

News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Unlock and manage exclusive Techradar member rewards
Unlock instant access to exclusive member features
Get full access to premium articles, exclusive features and a growing list of member rewards