AI-driven security can keep critical infrastructure compliant in the era of NIS2, says Garry Veale, Regional Director at Vectra AI.
In an era of rising international tension and conflict, securing critical national infrastructure must be a key priority for governments. Criminal groups, some of which are which state-backed, are increasingly looking to derail key operations in order to attack crucial supply chains and the wider economy. We just have to look at the Solar Winds supply chain attack and the Colonial Pipeline attack as examples of cyber criminals attempting to compromise national security and impede critical national infrastructure.
Estimates are suggesting that by 2025, 30pc of critical infrastructure organisations will experience a security breach. It is therefore no wonder that the United Kingdom (UK) and the European Union (EU) are now beginning to ramp up cybersecurity frameworks and strategies to improve security standards. Specifically, the EU recently adopted the NIS2 directive, and the UK is in the process of consulting on updated legislative changes to improve cyber resilience. Importantly, in the wake of proposed legislation, organisations must take steps towards compliance now, getting ahead of potential attacks by using Security AI to stop attacks before they become breaches.
Legislation
The NIS (Network and Information Security) Directive was the first EU-wide law on cybersecurity which came into effect in 2016. Its aim was to achieve a higher and more even level of security of network and information systems across the EU. NIS2 is an extension of this, and obliges organisations and entities and to adopt wider measures to improve cyber defences across Europe. This includes strengthening security requirements and measures relating to areas such as incident response, vulnerability disclosures and new risk management procedures. In addition, NIS2 has expended the number of sectors included in the legislation from 8 to 15, to now incorporate industries such as space and public administration.
Regarding the UK, NIS2 will apply to organisations that possess EU citizen data, or those with offices in the EU. Furthermore, as part of the UK’s National Cyber Strategy, the government has recently published a review into the NIS regime. The review found that although the NIS regulations were “largely successful”, there was “room for improvement”. The review provided recommendations such as securing the supply chains operators of essential services (OES) and enabling more scope for regulators to enforce NIS regulations.
With a whole host of legislation on the horizon, there are various measures organisations can implement to ensure they are compliant with NIS2, and more widely safeguard themselves from potential attacks. These include:
Deploying advanced security intelligence – CNI organisations should adopt an AI-driven ‘threat-led’ approach to security. As part of this, focussing on the early detection of attacks is critical. This can be achieved through threat detection and response platforms that use ML-algorithms to enrich cloud and network metadata. Specifically, these AI-based tools can be used to spot when an attacker has gained access to systems and is attempting to move laterally and escalate privileges to reach high-value data. From this, the attacks can be stopped before that data is locked down. The key here is for organisations to assume compromise, as this will place them in a stronger position to detect different types of attacks and prevent them from becoming breaches.
Transforming security operations – Typically, organisations that are involved in CNI will have a Security Operations Centre (SOC) that act as the eyes and ears for all things security. However, many SOCs are built around legacy systems and are no longer fit for purpose. In fact, research has identified that 56pc of security analysts suffer from an inability to capture actionable intelligence. With attackers regularly deploying more advanced methods, it is essential that under-resourced SOCs are transformed and become AI-driven so they can meet demanding challenges. An AI-driven SOC will ultimately provide those in charge of protecting CNI with more efficient risk management and the ability to connect the dots across the network during attacks. As a result, SOCs will be better placed to protect CNI because security leaders will be freed from legacy tools and tech that don’t work in concert or deliver in the current climate.
All systems in harmony – when building new security capabilities for CNI, organisations must consider how the tools work together. This means selecting tools that are highly automated and integrate well with other security solutions, otherwise there’s a greater risk of data silos and security blind spots appearing, putting infrastructure at risk of an attack.
Preparation is key
In today’s cyber landscape, CNI is becoming an increasingly attractive target for criminal cyber gangs. The very real threat of major disruption to areas such as food, water and energy means organisations must have a united and collaborative approach to security. NIS2 and the proposed changes from the UK provide key organisations with a framework and structure to help defend against CNI attacks. However, this is just a starting block, by using AI to improve security intelligence and strengthen SOCs, organisations can get a head start on ensuring they are compliant and operating with dependable threat-led security.
