Building a Safe and Secure IoT for Critical National Infrastructure: Workshop report

PETRAS recently held a workshop to discuss the cyber security of the UK’s critical national infrastructure (CNI), which aspects face particularly troublesome risks and how, as a collective of academia, industry and government we might look to a safer future.

The event was hosted by the Bristol Cyber Security Group, headed by Prof. Awais Rashid, in early February 2018. in attendance were a number of PETRAS academics, with key industrial partners from CNI and high-value manufacturing, along with government agency representatives.

The workshop opened with an introduction to the research group and its facilities by Prof.Rashid, and was followed by a summary of the PETRAS hub legacy initiatives by Alisdair Ritchie, PETRAS Impact Champion.

The discussionion was led by key industry partners highlighting their own viewpoints on cyber security challenges for IoT and CNI. This lead to a broad consensus for the need to drive the cyber security of UK CNI forward.  Two key challenge areas were agreed upon:

Firstly, CNI systems are increasingly complex, evolving and converging to the point where operational technology is inherently reliant upon information technology, and vice versa. The convergence is further complicated by the move towards Industrial Internet of Things (IIoT) and the introduction of cloud-based services underpinning Industry 4.0.   There is a lack of understanding as to the variety and extent of this convergence in UK CNI.

Secondly, cyber-risk in this converged CNI/IIoT environment is not well understood, lacks scope, depth and, more worryingly, lessons learnt are not being documented and shared for the wider CNI community to build upon.

Rather than merely identifying the vulnerability in key hardware and software assets, it was agreed that these challenges are closely coupled and should not be studied in isolation.  Moreover, the insights need to be drawn together through some form of demonstration of best practice for modelling risk and key dependencies in such converged CNI/IIoT systems.

Anyone wanting to provide input to this ongoing research project should contact Dr Barney Craggs.