National and International Policy for the Cybersecurity of Critical Infrastructure will compare and contrast approaches to manage Internet of Things (IoT) threats from a policy perspective. The threat against critical infrastructure is recognised to be severe. Even the most cursory threat modelling reveals the growing sophistication of attacks, from increasingly resourced and skilled threat actors with a wide range of motivations. Successful, or partially successful, attacks on steel mills (in Germany), power grids (Ukraine), railway systems (USA), water supply (USA and Australia), as well as the coordinated attacks on Georgia and Estonia have highlighted the seriousness of the issue. This project will consider approaches to protecting Critical Infrastructure in two key verticals: transport and utilities. We will examine policies from key UK stakeholders in the verticals, from smaller companies to multinationals. We will then examine how this aligns with governmental policy, before contrasting this to similar efforts in Europe and further internationally.
- A gap analysis of current UK policy and guidance for protection of transport systems critical infrastructure from cyber attack.
- A gap analysis of current UK policy and guidance for protection of utility systems critical infrastructure from cyber attack.
- A synthesised analysis of attitudes, approaches and policy responses taken to IoT threats on critical infrastructure, internationally.
- Policy recommendations for the cyber protection of UK critical infrastructure in an international context