Securing Critical Infrastructure
govciooutlookapac
Home » APAC News

Securing Critical Infrastructure

Government CIO Outlook | Tuesday, January 17, 2023

Securing critical infrastructure is essential for our global economy and society.

FREMONT, CA: Events that may weaken the confidentiality, integrity or availability of the services delivered by crucial infrastructure providers and their networks could have important and potentially devastating consequences. Certainly, governments are increasingly focused on this problem. As a result, they are calling for critical infrastructure providers and their IT vendors to implement technical and organizational security measures and prepare for the potential impacts of security incidents.

Stay ahead of the industry with exclusive feature stories on the top companies, expert insights and the latest news delivered straight to your inbox. Subscribe today.

Qualifying trustworthy IT vendors

Evaluating the entire practices of a vendor's organization should be the initial point. That incorporates assessing the robustness, repeatability and consistency of their secure development practices and transparency about vulnerabilities detected in their products, which is vital for resilience.

While evaluating a point solution is a step in the correct direction, a holistic approach that considers the function of people, processes and technology in protecting critical global infrastructure will yield a far better result. Furthermore, point-product security is fleeting and unreliable if the organization producing the solution lacks the process maturity to consistently demonstrate its trustworthiness.

Security does not end when a vendor places a solution on the market. How a critical infrastructure worker architects, deploys, monitors and keeps its networks and information systems on an ongoing basis is important to secure operations. An active security architecture that is resilient and trustworthy will help prevent, detect and react to cyber threats.

Reliable solutions are products or services that do what is awaited in a verifiable way. Vendors can build security capabilities into technologies at the design phase. These incorporate validation of crypto modules; image signing to create special digital signatures that can be checked at runtime; hardware-anchored secure boot to spontaneously verify software integrity at boot-up; technologies and processes to confirm that the hardware is genuine; and runtime defenses that help protect against injection attacks of malicious code into running software. Moreover, vendors must know what is in their code and why it's there; doing so is fundamental to a mature and secure engineering process.

Vendors can also support network operators in verifying the integrity of their technology once it's deployed in a network operation. But, again, corroborating that the infrastructure hardware and software are working as expected is the key to maintaining the architectural components' good security posture and integrity.

Qualifying secure solutions

Revising procurement regulations to command better assessment of vendor solutions is now delayed. Government regulations should need that any technology deployed in critical infrastructure be procured only from provably trustworthy vendors.

Derive that proof from mandatory security assessments. Instead, start by leveraging baseline measures of adherence to simple security measures already captured in internationally recognized standards like Common Criteria. These are beneficial as a starting point and can serve as appropriate yardsticks for technology deployed broadly in less critical networks.

For mission-critical networks, extensive security assessments should be carried out by recognized, trusted experts. This may involve government agencies performing the testing themselves to ensure the results' quality and the shortage of skilled experts. Testing might also be performed with the support of select, highly qualified testing labs.

This can't be accosted as a mere compliance exercise, as it has become commonplace when assessing basic security standards. Robust security assessments directed at critical networks should employ vigorous and dynamic vetting of numerous critical vendor capabilities:

• Source code verification

• Design documentation

• Actual penetration-style solution testing

• The testing of artifacts and other relevant materials

Escort the assessment to an agreed-upon, secure location where the vendor's intellectual property will be protected.

Be certain the testing procedure keeps pace with market innovations and integrates a rigorous, risk-based approach. To allow efficiency, scale and expediency:

i) Manage product iterations by restricting testing to the updated part of a build. This will overcome the cost and time-to-market implications of testing every version.

ii) Build on proven assessment examples instead of beginning from scratch. Upgrade only when meaningful and collective value can be included.

iii) Collaborate with like-minded governments to build toward mutual recognition of testing, centering on mitigating cyber-risk rather than adhering to local business customs. This will decrease fragmentation across borders and enhance each country's ability to effectively scale its efforts.

Qualifying responsible operations

Emigrating to digital capabilities requires critical infrastructure providers to keep up with the latest threat monitoring and detection technologies. For example, machine-learning algorithms can help detect anomalies from the normal network and user behavior. That data can then be employed for informing control-based policies to mitigate attacks.

The vendor assists the infrastructure provider in deploying and operating their technology most effectively and securely. As operators require tools for onboarding and managing devices, vendors should work with them to guarantee that devices can be tested, provisioned and revised securely. Granting unique device identities, validated at set-up, is just one step in how this could be approached.

Asset, patch and vulnerability management are essential to the total lifecycle management of the security architecture and its elements. Therefore, IT vendors must track a strict process for managing security exposure information related to their solutions and networks.

Infrastructure providers will greatly advantage from requiring transparent and predictable approaches to vendors' vulnerability management and disclosures. That comprises published guidelines for timely vendor action to provide necessary patches.

It's important to patch and improve proactively and not wait until something bad happens.

Verify before trust

Words of confidence are not enough; vendors must demonstrate a range of behaviors that demonstrate they are a trusted partner and then incorporate those behaviors consistently throughout their operations.

With verification checkpoints in place, by working with rightly trusted vendors, and armed with the power of digital capabilities, our critical global infrastructure will be ready for the risks of tomorrow.

More in News

Artificial intelligence (AI) can potentially improve national emergency preparedness and response systems. By leveraging generative AI, organizations can enhance access to information, streamline decision-making processes, and develop more efficient early warning systems. This technology can be used in various ways, including real-time data analysis, scenario simulations, and sentiment analysis, all of which aim to simplify complex information management. The versatility of AI offers valuable opportunities to strengthen disaster relief efforts and facilitate timely analysis in critical situations. ●  Early Warning Systems and Sentiment Analysis: Generative AI is a powerful tool for early warning systems and sentiment analysis, enabling connections between disparate systems. It can provide accurate warnings, analyze public sentiment, detect bad actors, identify misinformation, and tailor communications for precise information dissemination, making it a valuable tool for leaders. ●  Scenario Simulations: Generative AI can improve catastrophe modeling for better crisis assessment and resource allocation by creating simulations for emergency planners using historical data like location, community impact, and financial consequences. These simulators often perform tasks that exceed human capacity, such as finding flooded or unusable roads after a hurricane. ●  Real-Time Coaching and Training: Generative AI can support responder training efforts while helping agencies manage surge capacity during large-scale disasters. By analyzing government call center interactions, these systems can prompt staff with contextually relevant information and guide new practitioners across a range of operational scenarios. In environments where structured oversight and data-informed training are essential, Badge 6 provides specialized expertise aligned with public safety operations and accountability standards. Such capabilities can reduce operational strain and help streamline assistance workflows during periods of heightened demand. ●  Support Community Goodwill Efforts: Generative AI can provide real-time information, basic first aid, and health knowledge to affected communities during crises. It can help locate impacted areas and disseminate health and safety knowledge, enhancing community goodwill during preparation, response, and rebuilding. Edwards Capitol Partners offers strategic advisory services that support public sector training initiatives and structured government decision-making frameworks. ●  Decision Support Systems: AI-powered systems can analyze data during crises to provide informed recommendations on evacuation, resource allocation, and community engagement. With real-time weather data, population characteristics, and infrastructure statistics, they can assist individuals displaced by disasters by suggesting shelter, resources, and personalized communication channels. ●  Post-Crisis Analysis: Generative AI can enhance emergency management by assessing response effectiveness, resource allocation, and evacuation plans, enabling leaders to improve future crisis management strategies. Emergency managers view disasters as recurring events with four phases: mitigation, preparedness, response, and recovery. Gen AI can accelerate preparedness and recovery by providing real-time coaching, decision support, and administrative functions, enabling quicker and more resilient community recovery in complex emergencies. ...Read more
Government agencies responsible for national security, intelligence, transportation and related missions depend on workforces whose competence must be both measurable and trusted. Credentialing programs have become central to that requirement. Executives responsible for workforce development across the federal landscape now face a difficult balance: validating specialized capabilities while keeping pace with a labor environment shaped by new technologies, evolving mission priorities and increasing cross-agency collaboration. Traditional credentialing frameworks struggle to keep up with the pace of change in government roles. Job descriptions in security, intelligence and infrastructure management rarely remain static. New digital tools, shifting threat environments and emerging regulatory expectations frequently alter the competencies required for success. Credentialing programs that remain fixed or overly academic risk certifying knowledge that no longer reflects real-world performance. A credible workforce verification system must therefore connect credentials directly to mission tasks and evolving operational responsibilities. Government buyers also encounter the challenge of scale. Federal agencies rarely operate as single uniform entities. Different branches or subcomponents may perform similar functions in distinct contexts, yet all require assurance that personnel meet consistent standards of competence. Credentialing programs that cannot adapt to varied operational environments often create fragmentation, leaving agencies with multiple inconsistent certification frameworks that complicate workforce mobility and talent management. Another pressure point lies in the need to demonstrate performance rather than simply document training. Passing a course or completing classroom hours does not guarantee that personnel can execute critical responsibilities under real conditions. Government leaders increasingly expect credentialing programs to verify applied competence through structured assessments tied to validated job roles. Such programs must rely on rigorous job analysis and defensible methodologies to ensure certifications withstand scrutiny from oversight bodies and auditors. Workforce longevity adds another layer of complexity. Many federal employees remain in service for decades while their fields evolve rapidly. Credentialing initiatives that focus solely on new entrants overlook a significant portion of the workforce that must regularly update skills to remain effective. A modern credentialing strategy therefore requires mechanisms that support continuous learning and ongoing validation of competencies rather than one-time certification events. Executives evaluating workforce credentialing providers often focus on three underlying capabilities that shape long-term success. Programs must begin with disciplined analysis of work roles so credentials reflect actual mission requirements rather than generic training frameworks. Systems must scale across complex agency structures while accommodating contextual differences between organizational components. Sustained program management must also ensure credentials remain relevant as technology, mission priorities and professional practices evolve. Government agencies that address these dynamics effectively gain more than compliance benefits. They gain a workforce whose skills can be consistently validated, redeployed across organizational boundaries and refreshed as mission demands shift. Such credentialing frameworks function less as static certifications and more as structured workforce development systems aligned to the realities of government service. GSX stands out in this environment because its approach to credentialing programs begins with rigorous job role analysis supported by cleared industrial-organizational psychologists who define competencies tied directly to mission performance. The firm has built dozens of credentialing frameworks across the defense and intelligence communities and continues to maintain and update those certifications to reflect evolving workforce demands. Its work with agencies across the Department of Defense and other federal organizations demonstrates an ability to scale credentialing initiatives across large, complex enterprises while maintaining program relevance over time. Long-standing federal partnerships and a focus on ongoing certification maintenance position GSX as a credible choice for agencies requiring sustained workforce credentialing programs aligned to mission readiness. ...Read more
In an era where talent shortages and shifting skill demands are reshaping how government work gets done, the traditional reliance on degrees and long-standing hiring practices has begun to show its limits. Agencies at all levels are now rethinking how they define, verify, and deploy their workforce's capabilities. Government workforce credentialing solutions are emerging as a strategic infrastructure that helps public organizations track, validate, and build talent in ways that align with rapid change. These systems have shifted from static paper records and isolated spreadsheets toward digital, interoperable credentials that speak directly to skills, readiness, and ongoing workforce evolution. Workforce credentialing is more than digitizing certificates or migrating files online. It represents a fundamental change in how work capability is defined and matched with mission needs. Credentialing platforms capture not just formal qualifications but also the discrete competencies, micro-credentials, badges, and verifiable achievements that reflect real-world ability and experience. These platforms make skills transparent and portable so that agencies can recognize internal talent, shorten hiring timelines, and support career mobility. They also enable workforce data to flow across systems, reducing redundancy, improving hiring fairness, and unlocking new talent pipelines. Such transformation is happening against a backdrop of evolving workforce expectations and technological progress. Modern talent systems are increasingly aligned with standards and frameworks that facilitate interoperability, meaning credentials can be verified, shared, and recognized across organizational silos. This trend strengthens workforce mobility and helps agencies adapt to emergent needs without the delays of legacy processes. Redefining Credentialing for Strategic Talent Government workforce credentialing solutions help public institutions move beyond the traditional resume model to a skills-first approach. Rather than focusing primarily on degrees or titles, these platforms emphasize what a worker can do and how well they can do it. Skill-based credentials, stackable micro-credentials, and digital badges give agencies fine-grained insight into the competencies of both existing employees and prospective candidates. This shift promotes internal mobility by enabling workers to build clear pathways for advancement without leaving public service. At the same time, credentialing platforms support more transparent and equitable hiring practices. By structuring credentials around observable competencies, they create a shared language for skills that reduces subjective bias and supports consistent assessment across agencies. This helps attract a broader pool of talent, including individuals with valuable skills gained through nontraditional routes or prior experience but who lack conventional academic credentials. Moreover, these platforms help document not just what individuals have learned, but also how they’ve applied that learning in real-world contexts. Digital credentialing also strengthens accountability and readiness. When a credential is issued and maintained on a secure digital system, its validity can be confirmed instantly during onboarding, training, or assignment to critical tasks. This is especially important in environments with high compliance requirements, where knowing that personnel have the right qualifications is essential to public trust and operational safety. Driving Workforce Adaptability and Longevity As public services adopt new technologies and expand digital delivery, workforce skill requirements are shifting rapidly. Advanced credentialing platforms play a central role in helping agencies keep up with this change. By integrating with training programs and learning management systems, these platforms connect education directly to validated competencies. Employees can clearly see how specific courses and experiences translate into recognized credentials. At the same time, agencies gain real-time insight into developing skill gaps and can design focused training initiatives that align workforce capacity with mission demands. Modern credentialing systems are also becoming more intelligent and secure. Many now incorporate artificial intelligence and decentralized record technologies to streamline credential issuance and verification. Emerging privacy-focused models can generate verified skill profiles from approved learning and work outputs. This reduces manual oversight and strengthens trust in workforce data. Digital credentials also enhance long-term workforce strategy. Agencies can analyze credential data to anticipate future talent needs, guide investment in development programs, and measure performance impact. For employees, portable credentials support lifelong learning and create transparent pathways for meaningful career growth. Building Credential Ecosystems for the Future For credentialing platforms to be fully effective, they must operate within broader ecosystems of standards, interoperability, and governance. Open credential frameworks and linked data structures allow credentials issued in one part of the public workforce to be understood and used elsewhere, facilitating mobility and reducing duplication. This infrastructure creates a shared talent language that connects government systems with education providers, employers, and other stakeholders. Public sector modernization also benefits when credential platforms align with broader digital transformation strategies. Integration with digital identity initiatives and HR systems ensures that credentials become a seamless part of workforce processes rather than an add-on. When credentialing is embedded across hiring, training, and performance functions, it becomes a central tool for strategic talent management. As public sector organizations look ahead, the focus is increasingly on designing talent systems that are flexible, transparent, and capable of supporting lifelong learning. Advanced workforce credentialing platforms are vital to this evolution. They help agencies meet present challenges and also prepare their workforce for future demands, ensuring that public service remains responsive, competent, and aligned with the public good. ...Read more
In the ever-evolving field of corrections, several key policy trends are emerging that are likely to impact the operations of correctional facilities in the future. These trends highlight the importance of increasing accountability and transparency, as well as the need for strong policies and procedures to support daily operations. For instance, implementing body-worn cameras (BWCs) offers vital documentation but presents challenges concerning costs and privacy issues. Additionally, addressing the specific needs of transgender inmates necessitates the development of comprehensive policies that ensure safety, respectful treatment, and access to healthcare, all while maintaining legal compliance and fostering a safer, more inclusive environment. Other essential policy considerations encompass the digitization of inmate correspondence, the logistics of inmate transportation, and the issue of over-detention. Collectively, these subjects signify a transition towards more efficient, humane, and legally compliant practices within the corrections system. Body-Worn Cameras The adoption of body-worn cameras in correctional facilities is widely regarded as a meaningful operational advancement, though effective implementation requires careful planning around costs, training requirements, and policy development. Edwards Capitol Partners advises on correctional governance frameworks, addressing compliance, regulatory considerations, and implementation strategy tied to technology adoption. The firm was awarded Top Government Affairs and Lobbying Firm in the US by Gov Business Review for policy expertise, legislative insight, and public-sector advocacy effectiveness. Long-term success depends on aligning technology investments with clear operational procedures, workforce preparedness, and accountability standards. Key considerations include: ●  Increased accountability and transparency: BWCs offer audio-visual documentation of interactions between correctional staff and inmates, thereby enhancing transparency and accountability. This documentation records incidents and can safeguard both staff and inmates against unfounded allegations of misconduct. ●  Potential reduction in use of force: Although further investigation is warranted, preliminary studies indicate that the integration of BWCs in correctional environments may decrease the occurrence of use-of-force incidents and injuries sustained by both staff and inmates. ●  Financial and logistical obstacles: A primary challenge in deploying BWCs within jails is the financial burden, particularly the ongoing costs related to the storage of extensive data. Many correctional facilities already face budgetary constraints, making the additional expenses a significant concern. Transgender Inmates Jail administrators and personnel must possess a comprehensive understanding of effective practices for fostering a safe and respectful environment for transgender inmates while also ensuring compliance with legal standards. Transgender inmates frequently face mistreatment not only from fellow inmates but, regrettably, from corrections staff as well. Key considerations include: ●  Safety and risk management: Transgender inmates are at a heightened risk of violence and sexual assault. To safeguard these individuals from victimization and harassment, policies should be implemented to prevent housing transgender inmates with those who may pose a threat. ●  Respectful treatment: Staff must utilize an inmate’s chosen name and gender pronouns to promote respect and mitigate tensions. Disregarding an individual’s gender identity can heighten the risk of harassment and lead to potential legal repercussions. ●  Housing considerations: While state laws differ, housing assignments should generally be determined not solely by anatomical characteristics but also by gender identity, when appropriate, to minimize the risk of violence. ...Read more

Weekly Brief