Head of cyber security at rail firm says industry standards to create secure products must be developed
Peter Gibbons, head of cyber security at Network rail, has said that national critical infrastructure must ensure partners in its supply chain, and the products they create, are cyber secure or risk being open to cyber attacks.
Speaking at the Infosecurity Europe 2015 conference, Gibbons said: “The area I see most benefit in is in the supply chain. We at Network Rail are very good at asking our suppliers to deliver us a product that does what we want it to do but not what we don’t want it to do, which can often mean they are open to cyber attack.
“We then end up throwing all manner of product over it to make it secure. However this ‘bolt-it-together’ approach does not work.”
Gibbons said that national critical infrastructure must ensure that the companies in its supply chain are cyber secure, otherwise the products they were designing would also be at risk. He added that important to ensuring this would be the creation of “real industry standards on providing secure products in a secure way.”
Gibbons also discussed the importance of making cyber security an integral part of each employees working life. “I have an aspiration that I’d really like to stop talking about cyber security and talk about just security – about protecting an asset,” he said. “We need to stop thinking security and cyber security is a specialism. All workers should do this as part of their day job. We need to help our employees, from drivers to executives, to respond to information they get in their job and see that as a threat that is putting their asset at risk. They can then pull experts in when they need it to help, rather than experts trying to do all the work and look at the massive amounts of data.”
View the original content and more from this author here: http://ift.tt/1BPyKFa
from critical infrastructure alliance http://ift.tt/1BPyLsx
via IFTTT
No comments:
Post a Comment