Along with prevention and proactive cyberdefence measures, backup is an increasingly vital layer to protect critical infrastructure systems from the risks of cyberattacks and subsequent disruption, says data management and availability multinational Veeam Middle East and Africa VP Gregg Petersen.
A cyberattack is one of the most significant business threats local organisations face in 2018, and this holds true for critical infrastructure, which is known as national key points in South Africa, he notes.
However, beyond physical protection, and amid the growing number of cyberattacks, critical infrastructure organisations need to be better prepared for the inevitability of such attacks, he emphasises.
“The draft Critical Infrastructure Protection Bill of South Africa – the successor to the National Key Points Act of 1980 – is focused on improving security measures in critical infrastructure organisations, safeguarding the welfare of essential services in the process,” he says.
The aim is to make critical infrastructure more resilient to major disruptions that could be caused by power outages, hardware failures and environmental issues, and to protect it against the risk of targeted attacks.
“Industrial-grade security systems are designed to protect physical assets and entry points, but, as more critical public services become supported by data networks and cloud-hosted assets, bolstering cybersecurity deserves urgent attention.”
Vulnerabilities in critical infrastructure are partly because many of the key computer systems that run critical infrastructure are legacy systems that are not fit for contemporary protection against hackers, he explains.
“As a community, we still do not fully understand the causes of infrastructure breaches. A 2015 Black Hat investigation found that hackers had been penetrating infrastructure systems for at least a decade, with little being known about how they gained access. Therefore, backup becomes increasingly vital,” says Petersen.
An attack could debilitate essential services that are vital to the proper functioning of the economy and society, including power grids, water supplies, transport networks, public health, financial and security services, electricity, gas, agriculture and telecommunications.
However, a data backup system alone is not sufficient. It is vital that critical infrastructure providers embed orchestration and automation as core components of their networks if they are to meet recovery objectives and ensure minimal disruption to business availability or public welfare, he concludes.