Page 107 - Cyber Defense eMagazine August 2023
P. 107
Could cybersecurity be considered CNI?
We’ve already touched upon the importance of cybersecurity for CNI, but this begs the question whether
cybersecurity could actually be CNI. The Center for the Protection of Critical National Infrastructure
(CPNI) defines CNI as:
“National Infrastructure are those facilities, systems, sites, information, people, networks and processes,
necessary for a country to function and upon which daily life depends. It also includes some functions,
sites and organizations which are not critical to the maintenance of essential services, but which need
protection due to the potential danger to the public (civil nuclear and chemical sites for example).”
Considering that all of the industries that would fall inside those parameters rely on cybersecurity to
continue operating, then surely cybersecurity, by definition, should also be considered CNI.
CNI sectors are considered critical because if any failed, a country could cease to function. Moreover,
CNI suffers more frequent, diverse, and sophisticated cyberattacks than any other sector; this means
that should the cybersecurity sector fail, an entire nation’s CNI could fail with it.
In summary, it’s clear that the mere prospect of cyber warfare has had a major impact on government
attitudes towards cybercrime. While, from a security perspective at least, this change is welcome, it does
mean that private organizations will be increasingly pressured to take responsibility for their
cybersecurity. Employing security tools, like BAS for example, that provide deep insight into an
organization’s environment is more important than ever. Whether we like it or not, more stringent
cybersecurity regulation is on the horizon, and businesses must be prepared.
About the Author
Avishai Avivi is the Chief Information Security Officer at SafeBreach, the
pioneer in Breach Attack and Simulation (BAS.) Avi brings more than 30 years
as a senior information security leader with companies such as Wells Fargo,
E*Trade, and Experian, where he created and implemented security programs
with a focus on best practices and control maturity. Avi’s security career started
with the Israeli Defense Forces Unit 8200 and has included multiple roles and
domains across information security, product R&D, professional services,
customer support and strategic leadership. Avi holds a dual MBA from UC
Berkeley’s Haas School of Business and Columbia University’s Business
School. He is CISSP, CISM, CRISC, CISA, CIPM and CIPT certified and holds
the Stanford University Strategic Decision and Risk Management program
certification.
Avi can be reached online at linkedin.com/in/aavivi and at http://www.safebreach.com
Cyber Defense eMagazine – August 2023 Edition 107
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.