In the last decade, organizations that maintain critical infrastructure have moved toward a security-by-design model, embedding security into the physical design of their networks. Carefully considering each piece of a system is important in this model, informing which assets must be secured, which data flows are most critical and what network behaviors are accepted.
Redundancies and safeguards also must be considered during this process to increase network reliability and resiliency.
It is important to understand how system changes will impact regulatory compliance as the program progresses. All industries have regulations to follow; meeting those requirements is one vital step on the way to future success.
Whether the planning phase uncovers the need for new security measures or updated software and hardware for the entire system, the build phase relies on adaptable execution. Geopolitical, regulatory and administrative changes will influence the process, making flexibility key.
Keeping organization leaders informed during the planning phase minimizes the impact of changes during the build phase. Because of the program’s broad impact, support groups — such as IT, security, engineering and operations staff — should receive continued communication and training.
The most significant piece of the run phase relies on attitude changes within the organization. Existing technology debt creates a gap in staff knowledge, meaning operators must be trained to use the new systems. Maintaining system relevancy requires constant updating; staff will need a mindset of change to avoid further technology debt. A shift in operations and maintenance cost is necessary to achieve this, likely changing the expenditure model of the organization.
In the last decade, organizations that maintain critical infrastructure have moved toward a security-by-design model, embedding security into the physical design of their networks. Carefully considering each piece of a system is important in this model, informing which assets must be secured, which data flows are most critical and what network behaviors are accepted.
Redundancies and safeguards also must be considered during this process to increase network reliability and resiliency.
It is important to understand how system changes will impact regulatory compliance as the program progresses. All industries have regulations to follow; meeting those requirements is one vital step on the way to future success.
Whether the planning phase uncovers the need for new security measures or updated software and hardware for the entire system, the build phase relies on adaptable execution. Geopolitical, regulatory and administrative changes will influence the process, making flexibility key.
Keeping organization leaders informed during the planning phase minimizes the impact of changes during the build phase. Because of the program’s broad impact, support groups — such as IT, security, engineering and operations staff — should receive continued communication and training.
The most significant piece of the run phase relies on attitude changes within the organization. Existing technology debt creates a gap in staff knowledge, meaning operators must be trained to use the new systems. Maintaining system relevancy requires constant updating; staff will need a mindset of change to avoid further technology debt. A shift in operations and maintenance cost is necessary to achieve this, likely changing the expenditure model of the organization.
