Shared Responsibility Key to Protecting Critical Infrastructure
Protecting critical infrastructure from cyber-attacks requires adopting a shared responsibility model between vendors, network operators and governments, according to a panel speaking during a recent FT webinar.
The panel, moderated by Alex Irwin-Hunt, global markets editor of fDi Intelligence at FT Group, agreed that a range of parties has different responsibilities in ensuring the integrity of software and hardware products. The process begins with manufacturers “making sure that their product that’s released into the market is a quality one, and that includes reducing vulnerabilities as much as possible,” according to Dr Wendy Ng, cloud security architect lead at OneWeb.
However, this process can never be 100% effective, and vendors still have obligations to release patches for the product once it has gone to market. “Then it becomes a real partnership between the end-user and vendor,” observed Ng.
Colm Murphy, senior cybersecurity advisor, Huawei, reiterated the need for a shared responsibility model and emphasized the role played by service providers in keeping products secure. “They own and operate the networks, they manage the services, and they have to look after things like patching and security configurations.”
Additionally, governments have an important role in setting