Page 107 - Cyber Defense eMagazine August 2023
P. 107

Could cybersecurity be considered CNI?

            We’ve already touched upon the importance of cybersecurity for CNI, but this begs the question whether
            cybersecurity  could  actually  be  CNI.  The  Center  for  the  Protection  of  Critical  National  Infrastructure
            (CPNI) defines CNI as:

            “National Infrastructure are those facilities, systems, sites, information, people, networks and processes,
            necessary for a country to function and upon which daily life depends.  It also includes some functions,
            sites and organizations  which are not critical to the maintenance  of essential  services, but which need
            protection due to the potential danger to the public (civil nuclear and chemical sites for example).”

            Considering  that  all  of  the  industries  that  would  fall  inside  those  parameters  rely  on  cybersecurity  to
            continue operating, then surely cybersecurity, by definition, should also be considered CNI.

            CNI sectors are considered  critical because  if any failed, a country  could cease to function. Moreover,
            CNI suffers  more  frequent,  diverse,  and sophisticated  cyberattacks  than any  other sector;  this  means
            that should the cybersecurity sector fail, an entire nation’s CNI could fail with it.

            In summary,  it’s clear that the mere prospect of cyber warfare has had a major impact on government
            attitudes towards cybercrime. While, from a security perspective at least, this change is welcome, it does
            mean  that  private  organizations  will  be  increasingly  pressured  to  take  responsibility  for  their
            cybersecurity.  Employing  security  tools,  like  BAS  for  example,  that  provide  deep  insight  into  an
            organization’s  environment  is  more  important  than  ever.  Whether  we  like  it  or  not,  more  stringent
            cybersecurity regulation is on the horizon, and businesses must be prepared.





            About the Author

            Avishai  Avivi  is  the  Chief  Information  Security  Officer  at  SafeBreach,  the
            pioneer in Breach Attack and Simulation (BAS.) Avi brings more than 30 years
            as a senior  information  security  leader with companies  such as Wells Fargo,
            E*Trade, and Experian, where he created and implemented security programs
            with a focus on best practices and control maturity. Avi’s security career started
            with the Israeli Defense Forces Unit 8200 and has included multiple roles and
            domains  across  information  security,  product  R&D,  professional  services,
            customer  support  and  strategic  leadership.  Avi  holds  a  dual  MBA  from  UC
            Berkeley’s  Haas  School  of  Business  and  Columbia  University’s  Business
            School. He is CISSP, CISM, CRISC, CISA, CIPM and CIPT certified and holds
            the  Stanford  University  Strategic  Decision  and  Risk  Management  program
            certification.


            Avi can be reached online at linkedin.com/in/aavivi  and at http://www.safebreach.com







            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               107
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   102   103   104   105   106   107   108   109   110   111   112