Paul Cornish, David Livingstone, Dave Clemente & Claire Yorke, Cyber Security and the UK's Critical National Infrastructure (Chatham House Report) (Sept. 2011) (full-text).
This report set forth the following recommendations:
- Government cannot provide all the answers and guarantee national cyber security in all respects for all stakeholders. As a result, critical national infrastructure enterprises should seek to take on greater responsibilities and instill greater awareness across their organizations.
- All organizations should look in more depth at their dependencies and vulnerabilities. Awareness and understanding of cyberspace should be "normalised" and incorporated and embedded into standard management and business practices within and across government and the public and private sectors.
- Cyber terminology should be clear and language proportionate to the threat. It should also encourage a clear distinction to be made between IT mishaps and genuine cyber attacks.
- Research and investment in cyber security are essential to meeting and responding to the threat in a timely fashion. However, cyber security/protection should not be the preserve of IT departments but of senior executive boards, strategists and business leaders and it should be incorporated into all levels of an organization.