1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • What the UKs new cyber budget means for industrial organizations

    From TechnologyDaily@1337:1/100 to All on Thu Aug 7 15:15:08 2025
    What the UKs new cyber budget means for industrial organizations in Critical National Infrastructure (CNI)

    Date:
    Thu, 07 Aug 2025 14:14:00 +0000

    Description:
    New UK cyber funding strengthens defenses for critical infrastructure amid rising digital threats.

    FULL STORY ======================================================================

    In June, the UK government announced landmark legislation for cyber and digital defense.

    The proposal, forming part of the Strategic Defence Review, signals a pivotal shift in national priorities, especially for industrial organizations operating within sectors defined as Critical National Infrastructure (CNI, such as energy, water, healthcare, transport and digital infrastructure ).

    As these sectors accelerate digital transformation to meet decarbonization
    and efficiency goals, theyre simultaneously becoming more vulnerable to cyber threats in an increasingly volatile and unpredictable world.

    In this environment, its strategically vital for operators of critical infrastructure to partner with the right organizations that bring the expertise needed to safeguard essential systems. The risks of navigating this landscape alone, without the right support, can lead to serious and far-reaching consequences.

    As Peter Kyle, Secretary of State for Department for Science, Innovation and Technology notes in his forward to the Cyber Security and Resilience Bill policy statement, last year, a cyber attack against a supplier to NHS hospitals in London caused more than 11,000 appointments and procedures to be postponed. In some cases, the patients had to wait months before they could
    be seen.

    Meanwhile, its reported that in 2024, almost two thirds of water and energy providers were affected by cyber attacks. While there are no known cases of the attacks disrupting everyday services in many of these cases, even those involving ransomware , the key target for the attackers is data, not infrastructure its not difficult to imagine the potential consequences of
    one which did.

    Just think about what would happen if a water company couldnt provide water for drinking or bathing to peoples homes. Or if an energy provider found itself in a position where a disruptive cyber attack against its operational technology resulted in power outages across a region, or whole country.

    These may only be theoretical examples of cyber attacks against critical infrastructure and the operational technology (OT) that controls it but it isnt a far-fetched idea at all. Indeed, a 2016 cyber attack against a power station in Ukraine plunged a whole region of the country into darkness during the middle of winter.

    It wouldnt take much for an attacker who breached IT systems to move
    laterally to OT systems. The threat of cyber attacks against critical infrastructure represents a national security risk, because the consequences arent just restricted to computer systems or data, they can impact peoples everyday lives and their basic needs. Obsolete operational technology

    With so much of the critical infrastructure we rely on increasingly connected to cloud services , the sensors and devices on the Internet of Things (IoT) and now, even AI systems, were truly in the digital age. Or so it seems.

    However, the reality is that much CNI we rely on is still based on legacy operational technology, software and operating systems. These systems
    continue to be used because theyre bespoke, designed specifically for the tasks at hand.

    Much of this legacy infrastructure was designed and built without internet connected systems in mind, meaning that all these years later, much of this hardware and software is outdated, bordering on obsolete, and difficult to secure against cyber threats.

    The reason for this is simple: if the hardware or software is no longer supported by the manufacturer, its also no longer receiving security updates.

    Even if security patches are available, its extremely difficult to take critical infrastructure offline to apply them. All of this means that OT, be it potentially patchable, or running on legacy systems which might even be decades old are extremely vulnerable to evolving cyber threats especially if the equipment being used hasnt been properly certified. Securing critical national infrastructure

    The government has warned how the unprecedented threat to CNI poses a risk to UK citizens, which is why it announced its plans to invest over 1 billion to enhance the UKs digital and cyber capabilities.

    Key to securing CNI is ensuring that appropriate processes are in place for assessment and prevention of threats, vulnerabilities and other issues. And when necessary, that rapid support is available to respond to suspected breaches, attacks or other incidents.

    While the governments plans on securing CNI are welcomed, its also important for the organizations responsible for running and maintaining operational technology to ensure they have the plans in place to react while also
    ensuring that the most vital operations remain active.

    Therefore, the governments budget should continue to prioritize spending on securing CNI, both around securing legacy systems and ensuring the assessment and prevention of issues, as well as ensuring that digital transformation programs to modernize the IT behind infrastructure adheres to the concept of Secure By Design at the development stage.

    Its also important to follow secure deployment guidelines and configurations when integrating the technology into real-world operating environments. And moving to Secure By Operations approach for the ongoing maintenance and oversight of assets.

    Secure by Operations becomes critical when technology is evolving at such a rapid pace, and even simple system misconfigurations can lead to cyber incidents. The use of artificial intelligence (AI) has increased the
    potential and speed for both positive and negative consequences. A
    cyberattack on a single stakeholder in the value chain can cause significant operational, financial, or reputational damage to other organizations reliant on the affected operator or their technology.

    Indeed, the National Cyber Security Centre (NCSC) has warned how AI the growing incorporation of AI models and systems across the UKs technology
    base, and particularly within critical national infrastructure, almost certainly presents an increased attack surface for adversaries to exploit.

    But industrial AI can also be used to bolster cybersecurity security, not
    just with automated cyber defenses, but for predictive maintenance of operational technology. Much like how AI can be used to assess the ongoing condition of cyber-physical systems, the predictive capabilities of
    industrial AI can be used to anticipate potential cyber threats before they become a problem.

    For example, with the right information and instructions especially when provided by the right partner AI could anticipate what the vulnerabilities
    or even threat groups are the biggest risk to the infrastructure at that
    time, providing the human defenders with vital information to help ensure systems remain protected from malicious threats. Human cyber defenders

    The human cyber defenders are key here. While AI can help boost
    cybersecurity, humans are still a vital part of the loop. Its people who are responsible for securing systems and its vital for people to work together towards this goal.

    Cybersecurity professionals may be working for competing organizations, but
    in order to properly ensure that CNI is defended against cyber threats, collaboration is key; industry support groups should implement knowledge sharing, best practices such as Secure By Design and Secure By Operations, as well as proactive threat mitigation for critical assets and partnerships.

    As the threat landscape evolves, its also important for the industry to work together. If one provider successfully defends against a cyber attack, that information could help others to do the same. By working together, we can ensure the resilience and security of our critical infrastructure for the future.

    We've featured the best internet security suite.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/what-the-uks-new-cyber-budget-means-for-industri al-organizations-in-critical-national-infrastructure-cni


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)