Ensuring the machine doesn’t stop

Andrew Cooke | 06 Jan 2016 | Comments

Why does the interconnectivity of increasingly digitised services make the risk of a meltdown more likely?

In 1909 EM Forster published a short story called ‘The Machine Stops’. It envisaged a world of connected communications, services delivered to consumers’ homes through wires, video conferencing and instant messaging. Most poignantly it described a system of social media with citizens “lecturing” and exchanging their thoughts and views, often sharing opinion and ignoring original thought.

Eventually something causes the machine to start failing and that failure spreads from one service to another until society breaks down and anarchy and death ensue.

But of course ‘The Machine Stops’ is just a story, an apocalyptic view of a fictional society in an imagined version of our planet and it couldn’t happen to us today, could it?

We’ve long recognised critical infrastructure as a set of services that provide the power, water and communications links that underpin our society. Although they have typically been considered to be a series of discrete services provided through different channels, there is now increasing understanding that critical national infrastructure is actually much more joined up.

It is in no small part the digitisation of infrastructure that is increasingly leading critical national infrastructure to become a system of systems; a single interconnected set of services with interdependencies that determine resilience and reliability of each.

This digitisation helps service providers to track and manage their assets more effectively. It can also put customers in control of the services they use, allowing greater choice and flexibility. However, it also puts more and more services online and it means that increasingly power, water and transportation services rely on communications systems for their operating platforms. Furthermore without power other utilities and communications systems can’t operate.

If a key transportation service suffers a security breach then potentially fuel can’t get to a power station or waste be removed. If a water pumping station’s systems are breached then water is not available for either sanitary purposes or for cooling systems for other parts of infrastructure.

All of a sudden Forster’s apocalyptic view become so much more real. But why does the interconnectivity of increasingly digitised services make the risk of a meltdown more likely?

In the first instance the risk is simply that our greater reliance on digital services means a security breach resulting in ‘denial of service’ is so much easier and potentially more probable that an attack on one part of the infrastructure will disrupt supply and therefore affect others.

Also, increasingly operational technology - the process and equipment control systems that run infrastructure - is connected to the broader network of systems. The risks and vulnerabilities to these systems are less widely understood and the equipment is in many cases less proactively managed and protected. The potential for proliferation of infection in the event of a cyber-attack is therefore much greater.

Finally, and crucially, the exchange of data and information between critical infrastructure is much higher as a result of this proliferation. The spread of a ‘Shamoon’ type virus could have devastating consequences and potentially threaten to severely disrupt infrastructure for long periods of time.

At Atkins, we’ve long advocated that organisations should be taking a holistic approach to their organisational security. That begins with ensuring that security measures are directly tied in to organisational objectives and that key performance indicators include security at the top level. The organisational risk management approach then considers all aspects of security in one place. These include physical security, cyber, industrial controls, behaviours and emergency planning and business continuity. This consolidated, top-down, risk management approach allows risks to be considered holistically, thereby creating a resilient organisation.

If we follow this approach through, then it can also be argued that if we consider our national infrastructure to be part of a holistic whole then the same approach should be taken to consider risk at a holistic infrastructure level. In this context our national infrastructure becomes a ‘system of systems’ and creating resilient infrastructure is a matter of dealing with risks to that.

The Centre for the Protection of National Infrastructure (CPNI) already has an important role in bringing together risk at the top level for UK infrastructure. This is recognised in this approach but the suggestion is that potentially now we need to look further ahead as convergence of infrastructure systems continues, service providers cross from one part of infrastructure to another and the risk to the nation continues to be more complex.

Forster’s apocalyptic view of the machine stopping may not be a realistic risk in the short term. However, making sure that we are aware of the risks to infrastructure as a whole and mitigating them from a holistic infrastructure perspective can only lead to a more resilient infrastructure, society and nation state.