As we enter a new year, the topic of Critical Infrastructure (CI) is increasingly in the news. Following our recent publication of the THINGUIDE on the subject, this has led me to think even more on what will impact our Australian CI in the future.
5G is both an opportunity and a major risk factor. The connectivity it brings will significantly increase productivity, and by extension the ability to manage CI in real-time. However, the increased connectivity brings additional risk by expanding the ‘attack surface’ of your organisation. AI and machine learning will be used more and more to increase productivity and to manage infrastructure. Many of you will also be aware of the multiple AI-driven commercial cyber security products currently available. We certainly are and are implementing some with our clients. Another major topic for the future is the catch-all term ‘Metaverse’.
In 1995 it was clear that ‘the Internet’ was the ‘next big thing’, although its subsequent shape and impact could barely be conceived. So, it is with the Metaverse. No-one knows what it will become, although the world is not short of theories and visions. Just like the Internet before it, we at CGI believe that there is enough substance, even at this early stage to start participating and exploring achievable outcomes for us and, through that experience, our clients. Our Metaverse presences include one for on-boarding new employees and another for addressing sustainability.
At a personal level, I’m optimistic about the Metaverse, but with a level of pragmatic scepticism. We all need a strong ‘hype filter’ right now. The optimism is because I and my colleagues in CGI can see some current, real, opportunities that directly relate to securing CI. One of these is the concept of ‘Digital Twinning’ or “Near Life Simulation”.
Digital Twinning, Near Life Simulation and CI
A digital twin or near life simulation is a virtual mirror of a real-world-object. For us, two really compelling examples show where this can help with CI. The first is the closely related idea of physically modelling a workspace. Already being trialled, this digital twin allows a company to see how workers interact with machinery, for example, on a shop floor. It allows the modelling of physical risk, without ever getting close to actual physical harm. Beyond that, it allows the modelling of consequences to business continuity of what could then happen.
The second example (and one closest to the heart of a cyber security practice!) is the idea of creating a digital twin or a simulation of the operational technology (OT) present in an organisation. If you read the THINGUIDE, you’ll see the emphasis we place on the importance of OT. It’s all the machinery and devices that have inbuilt electronics. Although complex it’s possible to model these devices and their interactions with one another. It’s not just about cyber threats, it’s about OT availability.
This OT space is the one that we really can’t physically ‘play’ with. It’s where colleagues will say, “’Do not touch my systems.’ ‘Don't interrupt.’ ‘I can’t afford disruption.’” And rightly so. The idea of being able to accurately model these systems and then stand back and see the consequences of failure of a single node which might lead to a cascade failure across an organisation is very attractive. It is, in effect, the concept of the ’Desktop Exercise’ taken to a new level of thoroughness, not guess-driven but data-driven. This, in turn, leads to a greater understanding and ‘risk score’ of the network of devices, people and companies that make up your organisation’s operational and supply networks.
Other possibilities for twinning or simulation include the ability to model physical security using virtual space. Not to mention the potential benefits outside the CI space for simply modelling business efficiency in industries such as pharmaceuticals and healthcare.
At CGI we are opening conversations with existing clients and partners about some of these possibilities, particularly in OT modelling, so if they interest you, please get in touch.
Welcome to the future
No-one knows the future, so we at CGI focus on what we know is coming and will directly affect our clients. But it doesn’t stop us having speculative discussions about ‘What might be’. In fact, that is a part of our job.
We’re always pleased to provide you and your fellow decision makers with advice. You might also find that our sponsored THINGUIDE to Securing Critical Infrastructure provides a terrific business-level synopsis of the subject matter. It is available both online and in print at various CGI events.