Marrying cyber and physical solutions to strengthen cyber resilience of public infrastructure

In November last year, Costa Rica’s critical systems, which include its tax and customs systems, took a hit from weeks of ransomware attacks that negatively impacted the country’s trade logistics. An estimated 50% of data were stolen by the criminal gang.  

While digitalisation has enabled public systems to become more interconnected, it has also made it more susceptible to cyber attacks.  

Such attacks are increasingly targeting physical infrastructure, including elevators, smoke detectors, fire alarms and critical infrastructures like gas pipelines. Such attacks are also becoming vital elements of warfare, as GovInsider covered previously. 

This cybersecurity risk that such infrastructures face today is further exacerbated by the physical risks posed by geopolitical tensions, the dark web marketplace, inflation and unpredictable weather events disrupting public service delivery.  

Global enterprise communications, networking and cloud solutions provider, Alcatel-Lucent Enterprise (ALE), highlighted in a recent white paper that the emerging risks that public services and infrastructures face in this “polycrisis”, and what governments and cities can do to tackle these risks in a proactive manner. 

Tackling cyber and physical security loopholes 

The paper called on government organisations to consider both cyber and physical perspectives in every step of the way assessing and protecting their assets.

Such assets could include citizen safety and data, public services and transactions, and government buildings and infrastructure.  

These four steps include evaluate, prevent, protect and react.  

Agencies need to evaluate public infrastructures to identify both cyber and physical risks, potential consequences, and different possible points of interventions.  

To prevent cyber attacks, it advised organisations to seek out solutions with built-in security features. Such solutions should support an automated backup and recovery option for audit purposes and contribute to an overall zero-trust architecture.  

On the physical side, organisations should explore video surveillance, access control, asset tracking and other solutions that help increase visibility and make it more difficult for outsiders to access assets. 

To protect against cyber attacks, the paper recommended adopting certified solutions that meet security standards, include native encryption capabilities, and advanced authentication mechanisms. Agencies should also train remote employees on managing external communications and networks.  

When reacting to a security breach, organisations can best benefit from cyber solutions that are supported by incident response teams which can provide advice on recovery procedures and support data restoration. An audit trail should also come in helpful at this point.  

On the physical front, command and control (C2) operations and mission-critical communications would also be critical to halting security breaches.

Innovative GovTech & key considerations 

ALE also spotlighted several technologies used by governments for different purposes that can holistically target both cyber and physical risks. 

When it comes to protecting citizen safety, government officials might use video surveillance solutions to get real-time visibility into emergencies, work management platforms to alert and coordinate responses, and use mass notification systems to alert citizens to act before the crisis. 

For example, ALE has helped Metz Eurometropolis, a metropolis in Metz, France, to ensure continuity of its critical services and communications, quickly made emergency services available, and securely linked users and connected objects across buildings. 

Artificial intelligence (AI) solutions could also be incorporated to coordinate across the aforementioned stages. 

The white paper also highlighted the need for customizable, flexible, and compliant solutions. Contrary to a one-size-fits-all approach, technology providers need to partner with the individual government organisations to identify unique circumstances and risks, help bridge the gap between cyber and physical security, as well as to make the case for budget approvals.  

As for flexibility, technological solutions, like that of ALE’s, can be deployed in either or both on-premises and cloud models, and support open standards to meet complex requirements across solutions and vendors. It is also compliant with global, regional, and industry-specific data security and privacy standards.  

Join ALE at GovWare 2023! Catch them at Booth G18 to find out more.