Loureiro-Koechlin, Cecilia and Dennis, Louise and Hunt, Lucy and Weir, Charles (2024) Software Risks for Critical Infrastructure towards 2040: Expert Forecasts - Final Report. [Report]
Full text not available from this repository.Abstract
This report explores the implications of trends in software development and use between now and 2040 on incidents in UK Critical National Infrastructure (CNI), and what might be done now to address problems. From a two round Delphi study and workshop involving 22 experts in future CNI security, it explores and prioritises trends, major risks, and approaches to address those risks. The experts forecast increasing Internet of Things (IoT) sensor and control technology, digital-based control, interconnectivity between systems and decentralisation of services. The particularly concerning risks resulting from all these trends are poor responses to incidents; poor human factor design leading to human errors; and wider scope of problems due to shared elements in the supply chain, increased system interdependence and lack of variety in technology. The experts recommended responding by adding human- and system-centred ‘resilience’ approaches to existing cybersecurity and ‘secure by design’ approaches. Accordingly, we strongly recommend research into sociotechnical cyber resilience best practices to provide UK CNI specialists with the tools they need for the future.