Cybersecurity Practices for Heavy Industry

86% of our critical infrastructure is in private hands. Is it secure?

by Eric Holdeman / April 13, 2019

Some of us worry about protecting our government systems from cyber-attacks. And, we trust that others are doing similar work for the companies, processes that we all depend upon for our 21st Century economy and society. If you think government is complex, see this article about heavy industries, Critical infrastructure companies and the global cybersecurity threat.

One of the biggest issues in the past has been not thinking about security as you invest in technological solutions. See this paragraph from the linked report.

The overlooked costs of security in digital transformations

Most heavy industrials are undergoing major digital transformations or have recently completed them. When building the business case for these transformations, leaders often overlook the cost of managing the associated security risks. Security is not often a central part of the transformation, and security architects are brought in only after a new digital product or system has been developed. This security-as-afterthought approach increases the cost of digitization, with delays due to last-minute security reviews, new security tools, or increases in the load on existing security tools. For example, instead of building next-generation security stacks in the cloud, most enterprises are still using security tools hosted on premise for their cloud infrastructure, limiting the cloud’s cost advantages.

I poked around the McKinsey website and I think there are many topics there that you might find of interest concerning technology.

Professor David Hill shared the links above.