The vulnerable IT society
Not again! Isn't that the feeling, when the effects of the WannaCry incident are still fresh in the memory and yet the next attack is already rearing its ugly head? As usual, the attack relies on computers which have not installed up-to-date security patches, leading to the initial reaction "How hard can it be to update your system?!" However, it's not actually always so simple.
Many IT systems are connected to other systems for which automatic updates can pose a problem. Updating an IT system can consequently result in, for example, a stop in a production line if the effects of the update are not fully and completely understood first. In other words, it's not as easy as it first appears, and especially not when ever more systems and services are connected and integrated with each other. A single system might well be able to repel attacks – but it is critical that we protect the entire ecosystem, including all the various technologies and deliverables.
Take transport services, for example. A lorry has several different systems and even communicates with other lorries and systems while in transit. The information is analysed and processed in a cloud service, and then transmitted to partners. And while this is going on, you or I can follow its movement via an app on our smartphones. For all of this to work, the entire chain has to be particularly robust.
That's why I believe that the success of new regulatory frameworks, such as the forthcoming NIS directive, is a must. The purpose of the directive is, of course, to ensure that the functions critical to our society are robust and able to withstand different types of IT attacks. The introduction of the NIS directive will not solve all of our problems, but it will create better conditions for improving the capabilities of our systems and services to defend themselves against attacks, and will ensure that we are prepared in the event that something does happen. As everybody knows in times like these, it is not those with the highest defensive walls who win, but rather those who are best prepared to deal with various incidents.
Listen to our podcast for further information on the vulnerable society and the NIS directive. (In Swedish)