Experts stress public-private collaboration is key to protecting infrastructure

Experts at the London Conference on Cyberspace today argued that collaboration between the public and private sectors is essential to the protection of critical national infrastructure, as much of it is controlled by private organisations.

Matthew Kirk, group external affairs director at Vodafone, explained that the task still lies at least in part with government.

"Although this protection of infrastructure is one of the core responsibilities of government, most of the networks aren't run by government. They're often run by private sector companies," said Kirk.

"So clearly, the relationship between government and the private sector is fundamental."

He argued that a model to enable a trust-based exchange of information between organisations is needed in order to combat the large growth in attacks on networks.

"There's a huge increase in these attacks at the moment. The target can be the network provider, the customer – which could be a company or the government – or the infrastructure itself," he said.

"We need to build trust-based systems allowing exchange of information about threats."

However, he stated that this exchange is potentially hampered by the sensitivity of this information.

"This exchange would involve disclosing information about your vulnerabilities to competitors and customers. For government this could be some of the most sensitive and secret information it holds," added Kirk.

He concluded that collaboration is needed not just nationally, but internationally.

"The networks that underpin this national infrastructure are increasingly international. You can't look at cyber security in a national context any more," he said.

"The databases, domain names and address registries are globally distributed. That creates resilience in the system, but also means that this national approach can't survive. The threat itself is highly international and highly mobile."

Kirk added that initiatives between some European countries are underway to build an understanding in the area of securing this critical infrastructure.

"There are initiatives between UK, Netherlands and Italy to help build a community of trust," he said.

Erik Akerbomm, Dutch national co-ordinator for counter terrorism and security, referenced the recent DigiNotar breach as an example of an attack on the Dutch critical national infrastructure.

"In late August 2011, it became known that [Dutch certificate authority] DigiNotar had become hacked. It was a body that issued digital certificates for government organisations and many law firms in the Netherlands," he explained.

"The reliability of certificates came under serious threat. Government revoked trust in DigiNotar and took over the operation. Every certificate needed to be replaced quickly, and controlled migration was essential."

Akerbomm described the collaboration that was essential to reducing the impact of the breach, and eventually found it to be the work of an Iranian hacker.